In order to achieve change, your organisation must take risks. But it needs to take the right risks. An evidence-based security management and duty of care audit from Open Briefing will:
- Map your current security management system
- Identify the gaps in your system in intent and implementation
- Develop an action plan to address weaknesses in the system
- Help you meet your duty of care obligations
At the start of our work together, we will work with you to design an audit framework that includes the elements of security management and duty of care that your organisation wants to improve upon across four themes:
- Governance and accountability
- Policies and procedures
- Response and learning
Audit frameworks usually include our eight core modules and up to three of the five optional modules, though further modules can be included at extra cost if required. Within each of these modules sits between two and four components, each of which consists of a standard and several indicators of that standard being achieved. We have developed these standards and indicators from legal precedents and community good practice.
During the audit, we will gather evidence from several sources, including:
- Document review of your existing policies, handbooks, grant contracts, etc.
- Workshops with risk owners and risk managers
- Interviews with key stakeholders, including donors and those who are risk exposed
- Online survey of all staff and consultants
We will assess whether your organisation is meeting each standard in both intent and implementation, i.e. we will assess what is written down in policies and other documents and assess what staff are actually doing in practice.
At the end of the audit, we will provide a detailed findings report and gap analysis for your board and senior management team. This will include an executive summary and audit dashboards for sharing more widely. The project lead will also present our key findings and recommendations to your senior management team and board.
We will clearly explain in non-technical language our recommendations across governance and accountability, resourcing, policies and procedures, and response and learning. We will include summaries of the key threats and opportunities that your organisation face with regards security management and duty of care as well as recognise those areas where the organisation is doing well. We will also include your draft risk appetite statement for board approval or revision. Finally, we will include an outline security risk management framework to be developed with you in the next stage of our engagement, if desired.Security management and duty of care audits for charities and other NGOs from a non-profit providerClick To Tweet
A security audit will usually take several weeks to complete, but it will vary depending on the size and complexity of your organisation. Please contact us to discuss your needs.
“Yes, they are skilled, competent and help you think in new ways; but expertise alone isn’t what creates change. Open Briefing built positive and engaging relationships between our staff, our leadership and themselves. We felt comfortable in engaging, asking questions, making mistakes and figuring things out together. We want this experience for every organisation. Thank you, Open Briefing!” Privacy International