Skip to content

Audit

We offer auditing in two different areas:

  1. Anti-Corruption (ISO 37001)
  2. Information Security Management System ISMS (ISO/IEC 27001)

Anti-Corruption Auditing (ISO 37001)

This is a very important element of anti-corruption compliance; typically the audit will touch upon the following areas of your business and operations:

  • Is there commitment from senior management and a clearly articulated policy against corruption?
  • Is there a code of conduct and compliance policies and procedures in place?
  • What sort of oversight, autonomy and resources are available?
  • Is risk assessment (in doing business) in place?
  • Are training programmes and is continual advice available?
  • What sort of incentives and disciplinary measures are in existence?
  • Third-party due diligence and payment oversight
  • Is confidential reporting and are internal investigation processes in place?
  • Is there a culture of continuous improvement by periodic testing and review

ISMS Auditing (ISO/IEC 27001)

Concerning ISMS auditing one of the challenges with ISO/IEC 27001 is that part of this ISO standard demands that regular audits take place (clause 9.2) and that these are performed using resources, which are separate and independant from the team / organisation, which designed the policies and guidelines (clause 9.2a) in the first place and that the policies and guidelines adhere to the standard (9.2b).

The ISO 27001 standard also demands that a periodic audit plan is in place (clause 9.2c).

The obsticle you may have is that you may not have (impartial) auditing resources at hand who are skilled and competent in ISO 27001, especially if your are a smaller to medium sized organisation.

Enfina-Security is able to supply you with accredited auditors, who are experts in the field of ISMS and Risk Management.

Auditing photo

Using our accredited auditing professionals; our experts in ISMS and in Anti-Bribery will review how you are performing; they will document and provide comprehensive feedback on the results.

You can then use the audit results in your development and improvement activities surrounding your security needs and in securing your anti-corruption compliance.

Together with you we can create the right package and auditing format to suit you:

  • One off audits
  • or periodic auditing services (e.g. fulfilliing ISO 27001 clause 9.2c)

 

Interested? Please feel free to contact us using the contact page.

Your Enfina-Security Team