Crisis Management Audit/Assurance Program 

 

Crisis Management Audit/Assurance Program  Download (Member Only, 1.3M)
Bookstore Purchase the Book

  Provide feedback on this document
Knowledge Center  Visit the Audit Tools and Techniques Knowledge Center community
Knowledge Center  Visit the Incident Management Knowledge Center community

The audit/assurance program is a tool and template to be used as a road map for the completion of a specific assurance process. ISACA has commissioned audit/assurance programs to be developed for use by IT audit and assurance professionals with the requisite knowledge of the subject matter under review, as described in ITAF section 2200—General Standards. The audit/assurance programs are part of ITAF section 4000—IT Assurance Tools and Techniques.

Objective—The crisis management audit/assurance review will:

  • Provide management with an assessment of the plan’s effectiveness addressing scope, completeness, team membership, and state of readiness of the crisis management plan and team
  • Identify internal control and regulatory deficiencies that could affect the enterprise during the implementation of the plan

Scope—The review will focus on:

  • Pre-crisis planning
  • Scope of the plan including the propriety of the crisis scenarios selected, their probability of occurrence, and the appropriateness of the response
  • Plan testing, maintenance, and alignment with business risks

IT audit and assurance professionals are expected to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. It may be modified by the IT audit and assurance professional; it is not intended to be a checklist or questionnaire. It is assumed that the IT audit and assurance professional holds the Certified Information Systems Auditor (CISA) designation, or has the necessary subject matter expertise required to conduct the work and is supervised by a professional with the CISA designation and/or necessary subject matter expertise to adequately review the work performed.