Audits are a must in an organization’s security program. They help management find flaws, concerns, and weaknesses through the implementation of audits but also efficiently improve the current program while identifying best practices. A simplified version of Six Sigma’s project methodologies can create generate great success in a security program audit. The DMAIC process utilizes a qualitative approach through its acronym.
Define what is being audited
Measure the internal and external requirements against standards of practice
Improve current program by proposing prevention and problem solving theories
Control audit by reasserting managerial responsibility.
That being said, the SIPOC process is a better fit for auditing service-based programs like training and uniformed guard services, by analyzing:
Audits are only effective when deficiencies are corrected, with senior management and team all understanding the recommendations for improvement. Audits need to be regularly used to monitor progress and track down change within a security program.
Security Audit Secrets
Security Management (06/01/12) Vol. 56, No. 6, P. 94 West, M. David; Reynolds, Devin G.