Business Continuity Management Audit/Assurance Program 

 

Business Continuity Management Audit/Assurance Program  Download (570K; Member Only)
Bookstore Purchase the Book

  Provide feedback on this document
Knowledge Center  Visit the Audit Tools and Techniques Knowledge Center community

IT audit and assurance professionals are expected to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. It may be modified by the IT audit and assurance professional; it is not intended to be a checklist or questionnaire. It is assumed that the IT audit and assurance professional has the necessary subject matter expertise required to conduct the work and is supervised by a professional with the Certified Information Systems Auditor (CISA) designation and/or necessary subject matter expertise to adequately review the work performed.

This audit/assurance program assists the audit and assurance professional in designing and executing a review. The continuity planning audit/assurance review will:

  • Provide management with an evaluation of the enterprise’s preparedness in the event of a major business disruption
  • Identify issues that may limit interim business processing and restoration of same
  • Provide management with an independent assessment of the effectiveness of the business continuity plan and its alignment with subordinate continuity plans

This audit program is not IT-focused. The scope of this audit/assurance program is significantly wider than the IT continuity plan. The review will focus on the enterprise business continuity plan, policies, standards, guidelines, procedures, laws and regulations that address maintaining continuous business services, including:

  • Development, maintenance and testing of the business continuity plan
  • Ability to provide interim business services and the effective and timely restoration of same
  • Risk management and costs related to the business continuity plan