3 Definitions

 Terms, definitions and books related to audits and business continuity

The beginning of wisdom is the definition of terms. Socrates

Some terms and definitions currently used in this module:

Accident: undesired event causing death or health and environmental damages

Activity: set of tasks to obtain a deliverable

Audit client: everyone requesting an audit

Audit conclusions: outcome of an audit

Audit criteria: everything against which audit evidence is compared

Audit findings: every deviation from audit criteria

Auditee: everyone who is audited

Auditor: everyone who is trained to conduct audits

BCMS: business continuity management system

BCP: business continuity plan

Business continuity: aptitude to fulfill requirements

Business continuity management: method aimed at ensuring that in the event of a crisis, critical functions remain operational or become operational again as quickly as possible (see also resilience)

Business continuity management system (BCMS): set of processes enabling business continuity objectives to be achieved

Business continuity manager: leader to the resilience journey

Business continuity objective: business continuity related, measurable goal that must be achieved

Business impact analysis (BIA): manalysis of the impact of a diruption on the business

Competence: personal skills, knowledge and experiences

Conformity: fulfillment of a specified requirement

Continual improvement: permanent process allowing the improvement of the global performance of the organization

Control: ensure compliance with the specified criteria

Corrective action: action to eliminate the causes of nonconformity or any other undesirable event and to prevent their recurrence

Customer: anyone who receives a product

Document (documented information): any support allowing the treatment of information

Deviation: failure to meet a given threshold

Disruption: incident which results in deviation from the delivery of products and the provision of services

Hazard: situation that could lead to a potential incident

Impact: consequence of an event affecting the objectives

Interested party: person, group or company affected by the impacts from an organization

Nonconformity: non-fulfillment of a specified requirement

Organization: a structure that satisfies a need

Product (or service): every result of a process or activity

Problem: the distance that has to be overcome between real and desired situation

Procedure: set of actions to carry out a process

Record: document providing objective evidence of achieved results

Requirement: explicit or implicit need or expectation

Resilience: ability to resolve a crisis and continue to function as before

Review: survey of a file, product, process so as to verify if pre-set objectives are achieved

Risk: likelihood of occurrence of a threat or an opportunity

Stakeholder: person, group or company that can affect or be affected by an organization

Supplier (external provider): an entity that provides a product

SWOT: Strengths, Weaknesses, Opportunities, Threats. Tool for structuring a risk analysis

Threat: uncertain event that could have a negative impact on the objectives

Top management: group or persons in charge of the organizational control at the highest level

Work environment: set of human and physical factors in which work is carried out

Examples of stakeholders: investors, customers, external providers, employees and social, public or political organizations

In the terminology of anti-bribery management systems, do not confuse the following:

• anomaly, defect, dysfunction, failure, nonconformity, reject and waste
  • an anomaly is a deviation from what is expected
  • defect is the non-fulfillment of a requirement related to an intended use
  • dysfunction is a degraded function that can lead to a failure
  • failure is when a function has become unfit
  • nonconformity is the non-fulfillment of a requirement in production
  • reject is a nonconforming product that will be destroyed
  • waste is when there are added costs but no value
• audit and inspect
  • to audit is to improve the ABMS
  • to inspect is to verify the conformity of a process or product
• audit, auditee and auditor
  • an audit is a process of evaluating and improving the quality management system
  • an auditee is the one who is audited
  • an auditor is the one who conducts the audit
• audit program and plan
  • an audit program is the annual planning of the audits
  • an audit plan is the description of the audit activities
• communicate and inform
  • to communicate is to pass on a message, listen to the reaction and discuss
  • to inform is to give someone meaningful data
• control and optimization
  • control is meeting the objectives
  • optimization is the search for the best possible results
• customer, external provider and subcontractor
  • a customer receives a product
  • an external provider provides a product
  • a subcontractor provides a service or a product on which a specific work is done
• effectiveness and efficiency
  • effectiveness is the level of achievement of planned results
  • efficiency is the ratio between results and resources
• follow-up and review
  • follow-up is the verification of the obtained results of an action
  • review is the analysis of the effectiveness in achieving objectives
• indicator and objective
  • an indicator is the information on the difference between the achieved result and the preset objective
  • an objective is a sought after commitment
• organization and enterprise, society, company
  • organization is the term used in the standard ISO 9001 as the entity between the supplier and the customer
  • an enterprise, society and company are examples of organizations
• organizational chart and process map
  • the organizational chart is the graphic display of departments and their links
  • the process map is the graphic display of processes and their interaction
• procedure, process, product, activity and task
  • a procedure is the description of how we should conform to the rules
  • a process is how we satisfy the customer using people to achieve the objectives
  • a product is the result of a process
  • an activity is a set of tasks
  • a task is a sequence of simple operations

Remark 1: each time you use the term "improvement opportunity" instead of nonconformity, malfunction or failure, the auditee will gain a little more confidence in you.

Remark 2: the use of ISO 19011 and ISO 22301 definitions is recommended. The most important thing is to determine  a common and unequivocal vocabulary for everyone in the company.

Remark 3: the customer can also be the user, the beneficiary, the initiator, the client, the prime contractor, the consumer.
Remark 4: ISO 19011 version 2018 uses the terms procedure ( ), record ( ) and documented information together. We prefer procedure and record.

For other definitions, comments, explanations and interpretations that you don’t find in this module and in annex 06, you can consult: 

• ISO Online Browsing platform (OBP)
• IEC Electropedia

When I think of all the books still left for me to read, I am certain of further happiness. Jules Renard

Books for further reading on internal audits:

•  Denis Provonost, Internal Quality Auditing, ASQ Quality Press, 2000
•  J. P. Russel, The Internal Auditing Pocket Guide, ASQ Quality Press, 2002
•  Dennis Arter and al, How to Audit the Process Based QMS, Quality Press, 2003
•  Spencer Pickett, The Essential Handbook of Internal Auditing, John Wiley & Sons, 2005
•  Karen Welch, The Process Approach Audit Checklist for Manufacturing, ASQ Quality Press, 2005
•  Paul Palmes, Process Driven Comprehensive Auditing, ASQ Quality Press, 2009
•  David Hoyle, John Thompson, ISO 9000 Auditor questions, Transition Support, 2009
•  J. P. Russel, The Process Auditing and Techniques Guide, ASQ Quality Press, 2010
•  Janet Smith, Auditing Beyond Compliance, ASQ Quality Press, 2012
•  Tamuka Maziriri, ISO 22301 Lead Auditor, Independently Published, 2019
•  IT Governance, ISO 22301:2019 and business continuity management - Understand how to plan, implement and enhance a business continuity management system (BCMS), It Governance Publishing, 2021
•  PECB, ISO 22301:2019 Auditing Guide: A simple and practical guide to auditing a Business Continuity Management System (BCMS), PECB, 2021
•  James Crask, Business Continuity Management: A Practical Guide to Organization Resilience and ISO 22301, Kogan Page, 2024 
   

Minute of relaxation. Paganini's violin concert performed with facial expressions.

Top of the page

• Home
• My account
• Site map
• FAQ
• GTU