Biz Brains Systems
Biz Brains Systems
Your virtual CEO and CFO

Internal Audit of Factory Security

Control objectives for Security:


a) To ensure that adequate and appropriate security measures are in place in order to protect assets, persons and business activities; 

(b) To ensure that company property is adequately protected from theft, loss and damage; 

(c) To ensure that risks are appropriately assessed as the basis for providing effective countermeasures; 

(d) To ensure that the costs associated with security measures ae accurately determined, justified and authorised:

(e) To ensure that adequate, trustworthy and appropriately trained security staff are provided  
(f) To ensure that adequate and operational security and fire alarms systems are provided, tested and maintained 
(g) To ensure that staff are aware of their responsibilities in respect of security (i.e. personal and company property); 
(h) To ensure that adequate emergency and evacuation drills are defined and regularly tested for their effectiveness; and
(i) To prevent unauthorised access to company premises and to account for the movement and access of all visitors. 

Issues for review 
2.1 How can management be certain that current security measures relate to and address the potential risks? 
2.2 Are all operational and physical changes adequately assessed for their impact upon the security arrangements (and how is this review process evidenced)? 
2.3 How can management be assured that only staff and suitably authorised visitors gain access to company premises? 
2.4 What security precautions are taken to prevent unauthorised access to either especially sensitive or critical facilities (i.e main computer installation or cash handling areas)? 
2.5 Are staff employed in sensitive areas subject to appropriate pre-employment checks and/or fidelity bonding (where this is justified)?
2.6How can bona fide employees be reliably identified by security personnel and other employees? 
2.7 What measures are in place to identify and trail all keys to company premises? 
2.8 How are building and office keys allocated to employees; and what measures prevent unauthorised staff, past employees, and other persons gaining access to company keys? 
2.9 How can management be assured that all keys and other access devices are recovered from employees leaving the company? 
2.10 How are staff made aware of their responsibilities for security?

2.11 What measures are in place to prevent the unauthorised removal of company property and goods from the premises? 
2.12 What measures are in place to identify and effectively deal with suspicious or unattended packages on company premises? 
2.13 Are reception and security staff aware of the required actin to take in the event of a bomb threat, physical assault on the building, etc.? 
2.14 Are fire and security alarms systems regularly tested on faults reported and dealt with? 
2.15 What security measures are taken out of normal office operational hours (and are they justified)? 
2.16 Are documented procedures in place in the event of a fire, and are all staff and visitors accounted for? 2.17 Are procedures in place to summon the relevant emergency services (fire, police or ambulance)? 
2.18 How can management be sure that existing security and related safety matters fully comply with the prevailing laws, bye-laws and regulations? 
2.19 Have all company premises been assessed by the appropriate external agency and confirmed or certified as being of an appropriate standard (and if not, are all shortcomings adequately dealt with)? 
2.20 Would management be made aware of uneconomic unjustified security measures 
2.21 Are costs associated with security incidents accurately determined and claimed via the insurers whenever appropriate? 
2.22 What specific access arrangements are made for visiting consultants, tradesmen, representatives and contractors and how is their access restricted to the relevant areas)? 
2 23 How is the accuracy of data input from other systems fie staff recruitment) confirmed? 2.24 How is the accuracy of data output to other systems confirmed.

Source: BASC Publication