Understanding the Auditor Interests in BC/DR Plans
Let’s summarize with the points of interest that an IS auditor should look for. We have discussed the basic objectives to be fulfilled by management. It is the auditor’s job to determine how well those objectives have been served. The auditor can use the following points for evaluation:
- Compare the results of the business impact and risk analysis to the various strategies selected for each activity in the overall process timeline. Do the BIA research and work flow based risk assessment support management’s strategy?
- Time delays are an absolute killer of business continuity plans. Has the client done a good job of documenting the RTOs? Are the recovery time objectives well founded and realistic? ...