Knowledge & Skill Expectations For Business Continuity Auditors

According to Annex A.6, auditors that intend to examine security,
resilience, emergency, or continuity management systems:

  • Need to have the associated knowledge and skills, and

  • Be able to apply security, resilience, emergency, and continuity management methods, techniques, processes, and practices.

They must have the knowledge and skills needed to examine security,
resilience, emergency, and continuity management systems and to
generate appropriate audit findings and reach valid conclusions.

The following examples illustrate the kind of knowledge and
skill that these auditors need to have. They should:

1. Understand related management processes.

1.1. Understand crisis management processes.

1.2. Understand security management processes.

1.3. Understand resilience management processes.

1.4. Understand preparedness management processes.

1.5. Understand response management processes.

1.6. Understand emergency management processes.

1.7. Understand mitigation management processes.

1.8. Understand continuity management processes.

1.9. Understand recovery management processes.

2. Understand related management technologies.

2.1. Understand crisis management technologies.

2.2. Understand security management technologies.

2.3. Understand resilience management technologies.

2.4. Understand preparedness management technologies.

2.5. Understand response management technologies.

2.6. Understand emergency management technologies.

2.7. Understand mitigation management technologies.

2.8. Understand continuity management technologies.

2.9. Understand recovery management technologies.

3. Understand related management sciences.

3.1. Understand crisis management research.

3.2. Understand security management research.

3.3. Understand resilience management research.

3.4. Understand preparedness management research.

3.5. Understand response management research.

3.6. Understand emergency management research.

3.7. Understand mitigation management research.

3.8. Understand continuity management research.

3.9. Understand recovery management research.

4. Understand related management methods.

4.1. Understand crisis management methods.

4.2. Understand security management methods.

4.3. Understand resilience management methods.

4.4. Understand preparedness management methods.

4.5. Understand response management methods.

4.6. Understand emergency management methods.

4.7. Understand mitigation management methods.

4.8. Understand continuity management methods.

4.9. Understand recovery management methods.

5. Understand how to manage disruptive risk.

5.1. Understand how to anticipate disruptive events.

5.2. Understand how to avoid disruptive events.

5.3. Understand how to prevent disruptive events.

5.4. Understand how to protect against disruptive events.

5.5. Understand how to mitigate disruptive events.

5.6. Understand how to respond to disruptive events.

5.7. Understand how to recover from disruptive events.

6. Understand risk assessment methods.

6.1. Understand asset identification and valuation.

6.2. Understand risk identification, analysis, and evaluation.

7. Understand impact analysis methods.

7.1. Understand how to analyze impacts on people.

7.2. Understand how to analyze impacts on assets.

7.2.1. Understand impacts on physical assets.

7.2.2. Understand impacts on intangible assets.

7.3. Understand how to analyze impacts on the environment.

8. Understand risk treatment methods and measures.

9. Understand security management methods and practices.

9.1. Understand information security management.

9.1.1. Understand how to protect sensitive information.

9.1.2. Understand how to ensure integrity of information.

9.1.3. Understand how to prevent loss of information.

9.1.4. Understand how to deter theft of information.

9.2. Understand personal security management.

9.2.1. Understand how to protect personnel.

9.2.2. Understand how to deter bad behavior.

9.2.3. Understand how to prevent harmful results.

9.3. Understand physical security management.

9.3.1. Understand how to protect physical assets.

9.3.2. Understand how to prevent physical losses.

9.3.3. Understand how to deter physical access.

10. Understand intelligence gathering methodologies.

10.1. Understand performance monitoring methodologies.

10.2. Understand performance measuring methodologies.

11. Understand performance reporting methods.

11.1. Understand reporting of exercises.

11.2. Understand reporting of testing activities.

Please note that these are only "examples". No attempt has
been made to provide an exhaustive list of knowledge and
skill expectations. You're free to add your own.

Praxiom Research


Quality Management Auditing Knowledge and Skills

Records Management Auditing Knowledge and Skills

Environmental Management Auditing Knowledge and Skill

Occupational Health and Safety Auditing Knowledge and Skill

Information Security Management Auditing Knowledge and Skill

Transportation Safety Management Auditing Knowledge and Skill


Introduction to Auditing Standard

Plain English Auditing Definitions

Brief Overview of Auditing Standard

ISO 19011 Translated into Plain English

How to Plan and Perform Management Audits

How to Audit Security Management Audit Programs

How to Audit Continuity Management Audit Programs

How to Audit Emergency Management Audit Programs

Home Page

Our Libraries

A to Z Index


How to Order

Our Products

Our Prices


Praxiom Research Group Limited  780-461-4514

 Updated on December 19, 2015. First published on May 24, 2012.

Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
 material as often as you wish, free of charge. And as long as you keep intact
 all copyright notices, you are also welcome to print or make one copy of this
 page for your own personal, noncommercial, home use. But, you are not
 legally authorized to print or produce additional copies or to copy and paste
 any of our material onto another web site or to republish it in any way.

Copyright 2012 - 2015 by Praxiom Research Group Limited. All Rights Reserved.