3 Definitions

 Terms, definitions and books related to audits and business continuity

The beginning of wisdom is the definition of terms. Socrates

Some terms and definitions currently used in this module:

Accident: undesired event causing death or health and environmental damages

Activity: set of tasks to obtain a deliverable

Audit client: everyone requesting an audit

Audit conclusions: outcome of an audit

Audit criteria: everything against which audit evidence is compared

Audit findings: every deviation from audit criteria

Auditee: everyone who is audited

Auditor: everyone who is trained to conduct audits

BCMS: business continuity management system

BCP: business continuity plan

Business continuity: aptitude to fulfill requirements

Business continuity management: method aimed at ensuring that in the event of a crisis, critical functions remain operational or become operational again as quickly as possible (see also resilience)

Business continuity management system (BCMS): set of processes enabling business continuity objectives to be achieved

Business continuity manager: leader to the resilience journey

Business continuity objective: business continuity related, measurable goal that must be achieved

Business impact analysis (BIA): manalysis of the impact of a diruption on the business

Competence: personal skills, knowledge and experiences

Conformity: fulfillment of a specified requirement

Continual improvement: permanent process allowing the improvement of the global performance of the organization

Control: ensure compliance with the specified criteria

Corrective action: action to eliminate the causes of nonconformity or any other undesirable event and to prevent their recurrence

Customer: anyone who receives a product

Document (documented information): any support allowing the treatment of information

Deviation: failure to meet a given threshold

Disruption: incident which results in deviation from the delivery of products and the provision of services

Hazard: situation that could lead to a potential incident

Impact: consequence of an event affecting the objectives

Nonconformity: non-fulfillment of a specified requirement

Organization: a structure that satisfies a need

Product (or service): every result of a process or activity

Problem: the distance that has to be overcome between real and desired situation

Procedure: set of actions to carry out a process

Record: document providing objective evidence of achieved results

Requirement: explicit or implicit need or expectation

Resilience: ability to resolve a crisis and continue to function as before

Review: survey of a file, product, process so as to verify if pre-set objectives are achieved

Risk: likelihood of occurrence of a threat or an opportunity

Stakeholder: person, group or company that can affect or be affected by an organization

Supplier (external provider): an entity that provides a product

SWOT: Strengths, Weaknesses, Opportunities, Threats. Tool for structuring a risk analysis

Threat: uncertain event that could have a negative impact on the objectives

Top management: group or persons in charge of the organizational control at the highest level

Work environment: set of human and physical factors in which work is carried out

Examples of stakeholders: investors, customers, external providers, employees and social, public or political organizations

In the terminology of anti-bribery management systems, do not confuse the following:

• anomaly, defect, dysfunction, failure, nonconformity, reject and waste
  • an anomaly is a deviation from what is expected
  • defect is the non-fulfillment of a requirement related to an intended use
  • dysfunction is a degraded function that can lead to a failure
  • failure is when a function has become unfit
  • nonconformity is the non-fulfillment of a requirement in production
  • reject is a nonconforming product that will be destroyed
  • waste is when there are added costs but no value
• audit and inspect
  • to audit is to improve the ABMS
  • to inspect is to verify the conformity of a process or product
• audit, auditee and auditor
  • an audit is a process of evaluating and improving the quality management system
  • an auditee is the one who is audited
  • an auditor is the one who conducts the audit
• audit program and plan
  • an audit program is the annual planning of the audits
  • an audit plan is the description of the audit activities
• communicate and inform
  • to communicate is to pass on a message, listen to the reaction and discuss
  • to inform is to give someone meaningful data
• control and optimization
  • control is meeting the objectives
  • optimization is the search for the best possible results
• customer, external provider and subcontractor
  • a customer receives a product
  • an external provider provides a product
  • a subcontractor provides a service or a product on which a specific work is done
• effectiveness and efficiency
  • effectiveness is the level of achievement of planned results
  • efficiency is the ratio between results and resources
• follow-up and review
  • follow-up is the verification of the obtained results of an action
  • review is the analysis of the effectiveness in achieving objectives
• indicator and objective
  • an indicator is the information on the difference between the achieved result and the preset objective
  • an objective is a sought after commitment
• organization and enterprise, society, company
  • organization is the term used in the standard ISO 9001 as the entity between the supplier and the customer
  • an enterprise, society and company are examples of organizations
• organizational chart and process map
  • the organizational chart is the graphic display of departments and their links
  • the process map is the graphic display of processes and their interaction
• procedure, process, product, activity and task
  • a procedure is the description of how we should conform to the rules
  • a process is how we satisfy the customer using people to achieve the objectives
  • a product is the result of a process
  • an activity is a set of tasks
  • a task is a sequence of simple operations

Remark 1: each time you use the term "improvement opportunity" instead of nonconformity, malfunction or failure, the auditee will gain a little more confidence in you.

Remark 2: the use of ISO 19011 and ISO 22301 definitions is recommended. The most important thing is to determine  a common and unequivocal vocabulary for everyone in the company.

Remark 3: the customer can also be the user, the beneficiary, the initiator, the client, the prime contractor, the consumer.
Remark 4: ISO 19011 version 2018 uses the terms procedure ( ), record ( ) and documented information together. We prefer the terms document, procedure and record.

For other definitions, comments, explanations and interpretations that you don’t find in this module and in annex 06, you can consult: 

• ISO Online Browsing platform (OBP)
• IEC Electropedia

When I think of all the books still left for me to read, I am certain of further happiness. Jules Renard

Books for further reading on internal audits:

•  Denis Provonost, Internal Quality Auditing, ASQ Quality Press, 2000
•  J. P. Russel, The Internal Auditing Pocket Guide, ASQ Quality Press, 2002
•  Dennis Arter and al, How to Audit the Process Based QMS, Quality Press, 2003
•  Spencer Pickett, The Essential Handbook of Internal Auditing, John Wiley & Sons, 2005
•  Karen Welch, The Process Approach Audit Checklist for Manufacturing, ASQ Quality Press, 2005
•  Paul Palmes, Process Driven Comprehensive Auditing, ASQ Quality Press, 2009
•  David Hoyle, John Thompson, ISO 9000 Auditor questions, Transition Support, 2009
•  J. P. Russel, The Process Auditing and Techniques Guide, ASQ Quality Press, 2010
•  Janet Smith, Auditing Beyond Compliance, ASQ Quality Press, 2012
•  Tamuka Maziriri, ISO 22301 Lead Auditor, Independently Published, 2019
•  IT Governance, ISO 22301:2019 and business continuity management - Understand how to plan, implement and enhance a business continuity management system (BCMS), It Governance Publishing, 2021
•  PECB, ISO 22301:2019 Auditing Guide: A simple and practical guide to auditing a Business Continuity Management System (BCMS), PECB, 2021
•  James Crask, Business Continuity Management: A Practical Guide to Organization Resilience and ISO 22301, Kogan Page, 2024 
   

Minute of relaxation. Paganini's violin concert performed with facial expressions.

Top of the page

• Home
• My account
• Site map
• FAQ
• GTU