aditi lanka, security services, vip bodyguard services, sri lanka
aditi lanka, security services, vip bodyguard services, sri lanka
Picture of Aditi lanka

Aditi lanka

Aditi Securing Your Future

Development Of Company Security And Risk Audit CheckList

This checklist is developed by executing a thorough survey where the sources are available in different companies in the world. Thus, also the information is gathered from the research articles published by universities, and the research is carried out by military officers from various countries in the world. The security and risk audit checklist has been developed according to the protocols published by the Ministry of Defence Sri Lanka.

The document is designed as an all-in-one measure to assist security & risk audit teams with their work. The measures are written for persons who will be conducting the security & risk audits in ADITI CORPS. By the request of clients ADITI will conduct the audit to assess the security & risk of each company and as a result company itself has an opportunity to protect its business and as well as their employees.

 

The Security & Risk Audit Checklist Will Focus On The Following Area

  • Safety and Security of Site and Building Exterior
  • Access Control
  • Safety and Security of Building Interior
  • Type and Extent of Monitoring and Surveillance
  • Communication and Information Security
  • Development of Emergency Operations Plans
  • Company Environment and Culture (including development and enforcement of policies)

 

Recommendations Before Beginning the Audit

  • ADITI recommended conducting the audit from a three (03) member team according to the square feet of the building and it is not recommended and advised that single individual conduct the audit.
  • Team members:
    • Member 1 (Expertise) – Engineering Controls / Security Control Plan
    • Member 2 (Expertise) – Administrative control / Other measures
    • Member 3 – The company can provide additional members as directed by their management
  • Advice the company should conduct a safety and security audit annually, which will update the management and the employees about their working environment.
  • At the end of the safety and security audit, a written document is to be handover to management.
  • After completing the audit ADITI will analyze the company’s security and risk.
  • The briefing must conduct by the audit team for the company management if required to the employees.
  • At the briefing, ADITI will present the assessment report of the security & risk of the company with flaws, gaps of the security concerns, and the new methods to implement.

 

Implementation of the Audit

Part One
The audit team should schedule an on-site visit with the management of the company. In most cases, the on-site visit can be completed in one day. If the company is very large, Part One activities may take longer than one day.

Two or three of the audit team members should be adequate to manage the activities of Part One. Fewer than two members will not provide a comprehensive and objective assessment, and more than three members may disrupt the Company’s normal activities.

The specific activities during Part One include:

  • Entrance/ Exit – Interview with Management of the company.
  • Visual assessment of the buildings.
  • Observation of management & employees about their safety.

 

Part Two
Part Two activities can be conducted at the company or another location. During Part Two, the entire audit team will meet to review the documents provided by the company and the results of Part One’s audit activities.

  1. The specific activities during Part Two include:
    • Examination of company’s information and documents including:
    • Company EOP (Emergency Operation Plan plus building map)
    • Employee Code of Conduct and incident data recorded
    • Other company policies and procedures.
  2. A draft report submits to the management with findings and recommendations.

The final report to the board will be completed by the team of experts from ADITI combining the findings of Part One & Part Two.

 

Documents Needed to Be Reviewed

  • Company Emergency Operations Plan
  • Floor Plan of the building (see details below)
  • Site Plan of the building (see details below)
  • Phone locations and numbers
  • Emergency contact numbers including home
  • Aerial Photograph (not a must)
  • Employee Code of Conduct
  • Employee IDs and ID policy
  • Visitor Procedures
  • Observations from Management & employees

 

Site Plans (Each Floor):

  • Access points (location and number)
  • Fenced areas (type of fence)
  • Portables (labeled and numbered)
  • Evacuation areas
  • Incident command center
  • Media staging center
  • Public Safety Equipment staging area
  • Bus evacuation area
  • Exterior corridors labeled
  • Inner perimeter areas defined and labeled
  • Location of outbuildings (labeled and numbered)
  • Location of pipes, tanks, gas lines, etc.

 

Floor Plans:

  • All corridors and offices(cubicles) are clearly identified and labeled (on plan and doorways)
  • All-access doors to adjoining rooms identified
  • All special offices, rooftops & balconies labeled
  • All stores, book rooms, lounge areas, and workrooms are identified, labeled, and numbered
  • Location of central power control access panel identified
  • Location of emergency evacuation kits
  • Location of all roof access points identified
  • Location of internal alarm panels and type listed
  • Internal/External video camera locations identified
  • Video camera monitoring sites labeled
  • Location of cable TV access control
  • Location of audio monitoring systems (PA system)
  • Location of fire sprinkler controls
  • Location of connection to the external water source for the fire department
  • Location of company phones (all numbers listed)
  • Building evacuation routes identified
  • Location of all fire extinguisher boxes (floor plans can be located inside for access)
  • Location of all Automated External Defibrillators (AED)

 

Format for Final Report

With the information collected from the company Security and Risk Audit as well as the documents reviewed, the team will prepare a written draft report of the audit findings. Once the draft is completed, the report should be submitted to the Management of the Company. The report should include both plus points and recommendations.

  • Demographics.
    • The report should begin with the demographic information that was covered in the company characteristics section of the audit (p. 13).

  • Results of entrance/exit meeting interviews.
    • Summarize the concerns of management, employees that were expressed at the entrance /exit meetings.

  • Document review.
    • The report should then cover the document review with specific information about what documents were available in the company and the usefulness of these documents.

  • Safety audit components.
    • The report should contain each section from the audit, mentioning specific areas of concern.

  • Recommendations.
    • Finally, the report should summarize the findings with a list of plus points and recommendations.

The audit team will need to prioritize the needs of the company while making recommendations for improving the safety of the company. Cost/benefit analysis will be considered when deciding what recommendations to make.

 

Submitting the Final Report

ADITI should submit the security & risk audit final report to the management of the company during the financial year in which the audit was conducted (along with any actions the company has taken to mitigate any negative findings). Furthermore, this will enable the management to get immediate action on urgent matters according to the risk assessment and allocate funds for further improvements.

 

Conducting Interviews With Management Entry / Exit

 

 

Part One will include informal interviews with company management and randomly selected staff.
The purpose of this interview is to establish a proper security system and to identify the weaknesses of the current system. And also, to have a clear idea about the context in which the company operates, verify the perceived level of safety among various users, and gather responses for company security & risk audit.

The following are some suggested questions to guide the entry/exit interviews.

  1. What are the most important safety needs in your company?
  2. What safety activities does your company do best?
  3. What safety areas are most important for training and staff development?
  4. What are the biggest barriers to improved company safety measures?
  5. What other comments do you have regarding employees’ safety?
  6. What factors do you think to include in the overall safety of a building, employees?

Information from the entry/exit interviews will be analyzed as part of the document review, which will take place later in the audit process. During that time, the audit team will review the documents listed above to discover how well the company is prepared to deal with everyday safety concerns as well as emergencies.

 

Submitting the Final Report

 

List of Questions and Answers for Company Security and Risk Audit

DEMOGRAPHICS

Directions: Answer the following questions regarding the company.

  1. COMPANY CHARACTERISTICS AND SURROUNDING ENVIRONMENT

  • How many employees are in the company?
  • What percentage of employees are in the following categories?
    • Language proficiency _ %
    • Disabled employees _ %
    • What is the company’s average daily attendance?
  • Absenteeism for a month?

2. SURROUNDING ENVIRONMENT:

It may not be possible to change the existing adjoining land utilization patterns. However, the audit should address the influences (both positive and negative) of the surrounding environment and the resulting issues related to safe company planning. The location of the company needs to be carefully analyzed.

  • Adjoining land/adjoining a business city/main road/residential area/near industrial area/near public transport hubs/ near a gas pipeline/near a flood plain

This audit report is a confidential document, which is not subject to open records requests. Management of the company may discuss sensitive audit data in a closed session, thus protecting that information from open