Does anyone have such audit protocols and is willing to share them (automated or non automated questionaires) - I would like to use them for internal auditing in preparation for certification or accreditation. Should the questionaires not be automated in terms of weightings and or scorings I am willing to automate the spreadsheet and share it.
Sincerely
Beulah
Beulah
You need to be a member of Global Risk Community to add comments!
The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.
For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!
Comments
Fayaz - Thanks very valuable and much appreciated.
If your looking for a service provider in this area, you may want to try the following:
Lockforce Consulting
They have developed a number of in-house auditing tools and protocols to quickly and effectively audit pre/post developed programs.
Thanks Roule, My only fear is that the 27000 group is IT specific but I will certainly spend sometime on it - gratefull for the link.
Beulah
ISO 31000 is not currently "not intended for the purposes of certification" (i.e. unlike 9001, 14001 etc).
The IIA published a paper last year purporting to address this topic, although well intended it was not very good.
You may wish to look at various "Matrurity Models" for ERM and create your own based on the best of what is out there (most are helpful but not overly good).
I would recommend http://www.symbiant.net/Risk-Suite/?page=risk_software as this system complies with ISO 31000 requirement and has questionnaires too.
Fayaz