<!-- This is the markdown version of https://www.fixinc.io/disciplines/iso-223012019-internal-audit-support-for-cps-230 -->
<!-- Canonical URL: https://www.fixinc.io/disciplines/iso-223012019-internal-audit-support-for-cps-230 -->

# ISO 22301 Internal Audit Support

> Strengthen your audit capability with independent support that ensures CPS 230 compliance. We help internal audit teams test business continuity controls, identify weaknesses, and provide assurance to boards and APRA.

*This content is available in full at: https://www.fixinc.io/disciplines/iso-223012019-internal-audit-support-for-cps-230*

ISO 22301-2019 Internal Audit Support for CPS 230 is a resilience service designed to assist APRA-regulated entities in meeting their compliance obligations. The service provides structured internal audit support aligned with both ISO 22301 and APRA's Prudential Standard CPS 230.

## Service Delivery Process

The service follows a four-step methodology:

1. **Plan**: Agile, first-principles planning ensures a smooth rollout of your refreshed program
2. **Do**: Implementation of ISO 22301-2019 Internal Audit Support rolled out smoothly at your organisation
3. **Check**: Draft internal audit work is validated through structured review processes
4. **Act**: Teams are prepared when internal audit activities are activated in real-life scenarios

## Service Inclusions

Fixinc provides structured internal audit support aligned with ISO 22301 and CPS 230. This includes:

- Audit planning
- Walkthroughs of Business Continuity Plans
- Review of disruption tolerance levels
- Validation of service provider management policies
- Documentation of findings

Outputs include detailed reports suitable for board and regulator review.

## Why Internal Audit Support Matters

CPS 230 requires internal audit functions to periodically review an entity's business continuity framework and provide assurance to the board that it can maintain critical operations through severe disruptions. Without independent audit support, organisations risk:

- Oversight gaps
- Compliance breaches
- Increased regulatory scrutiny

This service ensures a robust, credible audit process.

## Engagement Process

### Initial Consultation

A meeting link will be sent via email from the Advisory team. Choose a convenient time for phone, Teams, Zoom, or in-person discussion. Sessions typically run 30-45 minutes to discuss objectives and answer questions.

### Proposal and Quote

Proposal delivered within 24 hours detailing scope of work. Discussion scheduled for one week later. Final quote provided within 10 minutes of discussion. Proposals not signed within 5 weeks are considered not proceeding.

### Delivery Phases

**Review and Health Check**: All implementations start with a deep review of existing arrangements. Benchmarks are established from best practice and ISO standards.

**Design and Develop**: With involvement from your team as necessary, the internal audit support component of your CPS 230 compliance program is built to the highest quality available.

**Validate**: Where appropriate, new internal audit disciplines are tested and validated. This provides tangible evidence of capability and maturity to stakeholders.

**Maintain**: A plan is built to ensure internal audit support runs annually, maintaining momentum for organisations embedding resilience.

## Frequently Asked Questions

### What is CPS 230 Internal Audit Support?

CPS 230 Internal Audit Support ensures that an APRA-regulated entity's business continuity and operational resilience framework is independently reviewed in line with APRA's Prudential Standard CPS 230. It validates whether plans, tolerance levels, and service provider arrangements are credible and effective.

### Why is Internal Audit important for CPS 230 compliance?

CPS 230 requires internal audit functions to periodically review business continuity planning and provide assurance to boards. Without independent audit, organisations risk blind spots, compliance gaps, and increased regulatory scrutiny from APRA.

### What does CPS 230 Internal Audit Support include?

A CPS 230-aligned internal audit typically reviews:

- Board-approved Business Continuity Plans
- Critical operation registers and tolerance levels
- Service provider management policies
- Testing and scenario exercise results

Findings are structured for both board oversight and regulator review.

### How does CPS 230 Internal Audit Support help boards and executives?

Boards are accountable for ensuring resilience under CPS 230. Internal audit support gives directors confidence that BCPs and resilience frameworks have been independently tested. Fixinc prepares board-ready outputs that demonstrate compliance and resilience maturity.

### How does Fixinc support Internal Audit for CPS 230 and ISO 22301?

Fixinc partners with internal audit teams to design audit scopes, conduct detailed reviews, and validate compliance against CPS 230 and ISO 22301. Documented findings, remediation plans, and assurance reports are provided and tailored to financial services entities.

### How often should CPS 230 Internal Audits be conducted?

Internal audits should be performed on a regular cycle, typically annually or in line with your entity's risk management framework. Fixinc helps schedule and deliver audits that meet APRA's expectations and align with ISO 22301 best practice.

### What are the benefits of using Fixinc for CPS 230 Internal Audit Support?

Fixinc combines regulatory expertise with ISO 22301 knowledge to provide comprehensive internal audit support. This approach ensures organisations are audit-ready, APRA-compliant, and capable of maintaining resilience in severe disruption scenarios.

## Related CPS 230 Compliance Disciplines

- [Business Impact Analysis for CPS 230](https://docs.fixinc.io/disciplines/business-impact-analysis-for-cps-230.md): Meet CPS 230 requirements by identifying critical operations, dependencies, and tolerance levels

- [ISO 22301-Aligned BIA Review for CPS 230](https://docs.fixinc.io/disciplines/iso-22301aligned-bia-review-for-cps-230.md): Review and align existing BIA to APRA requirements on critical operations and tolerance levels

- [ISO 22301 Gap Assessment for CPS 230 Compliance](https://docs.fixinc.io/disciplines/iso-22301-gap-assessment-for-cps-230-compliance.md): Identify where APRA-regulated entities fall short on business continuity and service provider oversight

- [Business Continuity Plan for CPS 230 Compliance](https://docs.fixinc.io/disciplines/business-continuity-plan-for-cps-230-compliance.md): Develop BCPs that protect critical operations and define tolerance levels

- [Business Continuity Training for CPS 230 Compliance](https://docs.fixinc.io/disciplines/business-continuity-training-for-cps-230-compliance.md): Equip teams and executives to meet CPS 230 obligations with tailored training

- [Desktop Scenario Exercises for CPS 230](https://docs.fixinc.io/disciplines/desktop-scenario-exercises-for-cps-230.md): Test ability to maintain critical operations within tolerance levels through practical exercises

- [Business Continuity Program Review and Audit for CPS 230](https://docs.fixinc.io/disciplines/business-continuity-program-review-and-audit-for-cps-230.md): Independent reviews and audits that assess compliance and readiness

---

**View this page online:** https://www.fixinc.io/disciplines/iso-223012019-internal-audit-support-for-cps-230

For program inquiries: [Contact Fixinc](https://www.fixinc.io/contact) | info@fixinc.org | +64 800 349 462