Pre Course
Pre Course
Pre Course
Classroom)
Pre-course Questionnaire
(Request to attempt all the questions given below and send it back to Tutor within a day)
Name of the Training Participant: Mr. Tavhare Kisan Sopan
Training Dates: 18th, 19th, 24th to 26th May 2024
Role : Lead Auditor.
The Organization you work for currently: EXTECH CERTIFICATIONS AND TECHNOLOGY SERVICES PRIVATE
LIMITED.
1. What is objectivity and impartiality in the context of an Internal audit?
Objectivity refers to the auditor’s ability to make professional judgments without being
influenced by personal interests or biases. It means that an auditor does not take sides in a
dispute and the audit is conducted based on facts. An auditor is expected to maintain an
impartial, open-minded, unbiased, and fair mental attitude, which is a prerequisite for
achieving quality results that add value to the organization.
Threats to auditor impartiality are sources of potential bias that may compromise, or may
reasonably be expected to compromise, an auditor’s objectivity. Therefore, the certification
body should identify, analyze, evaluate, treat, monitor, and document such risks and
demonstrate how threats are eliminated or minimized.
1. Data Protection and Privacy Laws: Organizations must comply with data protection
regulations such as the General Data Protection Regulation (GDPR) in the
European Union or the California Consumer Privacy Act (CCPA) in the United
States. These laws impact how organizations handle personal data during disruptions.
2. Industry-Specific Regulations: Various industries have specific legal requirements
related to business continuity. For example:
Labor Laws: Ensuring employee safety during disruptions is essential. Labor laws
dictate requirements for employee protection, evacuation plans, and remote work
arrangements.
Local and National Laws: Legal requirements can vary by country, state, or region.
Organizations must be aware of local laws related to emergency management,
workplace safety, and continuity planning.
1. Continual Improvement: Organizations must actively seek areas for improvement within their
BCMS. By setting objectives, implementing changes, and monitoring progress, they enhance
the system’s effectiveness and efficiency.
2. Organizational Learning: ISO 22301 encourages learning from disruptions. Organizations
analyze incidents, adapt their strategies, and apply lessons learned to strengthen their BCMS.
1. Planning: Before implementing any changes, organizations should create a detailed plan.
This plan outlines the purpose, scope, impact, resources needed, and potential risks
associated with the change.
2. Risk Assessment: Evaluate the potential impact of the change on your BCMS. Identify
any risks or unintended consequences and develop mitigation strategies.
3. Communication: Inform relevant stakeholders about the planned changes. Transparency
ensures everyone is aware and prepared for the upcoming modifications.
4. Testing: Test the proposed changes in a controlled environment. This helps identify any
issues before full implementation.
5. Documentation: Document the entire process, including the rationale behind the change,
steps taken, and outcomes. This documentation is essential for future reference and audits.
Answer:
A. Determine the necessary competence for personnel performing work affecting the
BCMS.
B. Ensure that personnel are competent based on appropriate education, training, or
experience.
C. Maintain records of education, training, skills, and experience.
10. Do you have any exposure to Business Continuity Planning & Procedures
etc.
Ans:- BCP involves creating strategies to ensure an organization’s critical functions continue
during disruptions. Key steps include risk assessment, impact analysis, plan development, testing,
and maintenance.
A. BCP Team
B. Business Impact Analysis (BIA)
C. Risk Mitigation
D. Business Continuity Strategies
E. Training
Answer: - Yes.
SIGNATURE: