Internal Audit Procedure
1 Purpo of this procedure
1.1 To ensure that the contract department continually operates in accordance with the specified policies, procedures and external requirements in meeting company goals and objectives in relation to information curity.
2 Scope
2.1 This procedure includes planning, execution, reporting and follow–up of CMS internal audits and applies to all departments and business units within scope of the organization’s CMS.
合作英语
3 Rôles and responsibilities
3.1 Lead Auditor (VCW, HPY)
报单▪ Prepares an Audit Plan/Notification as a basis for planning the audit and for disminatin
g information about the audit.
▪ Leads the CMS internal audit activities
▪ Co-ordinates the audit schedule with concerned department/ction heads
▪ Plans the audit, prepares the working documents and briefs the audit team.
▪ Consolidates all audit findings and obrvations and prepares internal audit report.
▪ Reports critical non-conformities to the auditee immediately.
▪ Report to the auditee the audit results clearly and without delay.
▪ Conducts the opening and closing meeting.
3.2 Auditee (WWJ, XYX, PDW, HPY, ZMY, GTY,)
▪ Receives, considers and discuss the audit report.
▪ Determines, resources, drives and completes corrective actions as necessary.
▪ 社保和五险一金Is and remains accountable for protecting information asts.
4 Procedure
4.1 General
清蒸鲳鱼的家常做法4.1.1 This audit programme shall be created that contains all scheduled and potential audits for the whole calendar year. This shall include schedule of internal audits, audits of suppliers as appropriate.
4.1.2 Internal audits shall be scheduled twice a year or as the need aris.
4.1.3 Only competent personnel who are truly independent of the subject area shall perform audits.
4.1.4 An Audit Notification Memo is nt to the department/ction to be audited at least three working days in advance of the audit.
4.2 Planning and Preparing the Audit
4.2.1 Bad on the audit programme, the Lead Auditor shall prepare the respective audit plans.
4.2.2 The Audit Plan/Notification shall be prepared by the Lead Auditor, reviewed and approved by the ISMR. It shall be communicated to the auditors and the auditees. It shall be designed to be flexible in order to permit changes bad on the information gathered during the audit. The plan shall include:
▪ Audit objective and scope
▪ Department/Section and responsible individuals in charge.
▪ Audit team members. The number of auditors depends on the audit area size.
▪ Type of management system to be audited
▪ Date, place, time of the audit and distribution date of the audit report
4.3 Pre-audit meeting
4.3.1 One or more pre-audit meetings between the Lead Auditor and auditors shall take place not later than one day prior to the audit proper. Objectives are as follows:
▪ 儿童摄影店To ensure the availability of all the resources needed and other logistics that may be required by the auditor.
▪ The scope of the audit is verified from the Audit Plan
法师4.4 Opening meeting
4.4.1 An opening meeting, where deemed appropriate by the Lead Auditor, shall be held on the day of the audit but before the audit proper. The following may be discusd during the opening meeting:
▪ The purpo and scope of the audit.
▪ Confirmation of the audit plan
▪ Clarification of other matters must be ttled before the audit takes place.
4.5 Audit Execution
4.5.1 The auditors will perform the internal audit using veral checklists:
▪ Internal Audit Checklist/Obrvation Form – contains specific items that are particular to the organizational unit to be audited. The assigned auditors are responsible for generating questions using this form.
▪ Systemic Requirements Checklist
▪ Control Requirements Checklist
4.5.2 Audit findings are collected through interviews, examination of documents and obrvation of activities and conditions in the areas of concern and will be written on the above-mentioned checklists.
4.5.3 Evidence suggesting other non-conformities should be noted if they em significant, even though not covered by the checklist. Other objective evidence and/or ob
rvations that may reflect positively or negatively on the information curity management system shall also be listed on the space provided for on the above-mentioned checklists.
4.6 Audit Reportingxm外汇官网
4.6.1 The auditors shall have a wash-up meeting after the audit. Agenda includes:
▪ Review and analysis of findings
脑筋急转弯大全及答案1000个左右▪ Consolidation of all findings including grouping and tabulation.
▪ Classification of findings.
