Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.


Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

Auditing Business Continuity Efforts, Part II

Dan Swanson | March 6, 2007

In last month’s column, I introduced the task of auditing business-continuity plans and disaster-recovery programs by providing an overview of what an effective program consists of, what the typical internal auditor’s roles in BCP and DR are, and what the key audit-scoping issues are. We’re going to complete the discussion this month by providing further guidance regarding audit-planning efforts, audit-fieldwork activities, and the reporting of results and improvement efforts.

Audit-Planning Phase

Having defined the scope, the audit team needs to plan the audit within the constraints of available resources from the audit department and from the business as a whole. Resourcing decisions are largely risk-based, taking account of factors such as the program management’s experience, the level of management involvement in the...

Read this single article for $49, or click the subscribe button below to review subscription options.

Enjoy unlimited access to thousands of articles, browse five years of digital magazines, qualify for reduced admission to events, and more.