Professional Documents
Culture Documents
Business Continuity Planning and Disaster Recovery Planning - Part 5 PDF
Business Continuity Planning and Disaster Recovery Planning - Part 5 PDF
PAPER-6 PART-5 OF 5
CA A.RAFEQ, FCA
Learning Objectives
2
PART-5
4.18 Summary
4.17 Audit of the Disaster
Recovery/Business Resumption Plan
4
Objective
of BCP
audit
BCP
Auditor is
expected IS
to identify processing
residual
risks
BCP audit
Availability
5
Planning
process
Recovery
strategies Impact
analysis
Auditable
7
Identify residual risks, which are not identified and provide recommendations to
mitigate them
Assess plan of action for each type of expected contingency and its adequacy in
meeting contingency requirements
Auditing BCP
Evaluate
Understand and Ensure plan readability of
evaluate business maintenance is in business continuity
continuity strategy place manuals and
procedures
Evaluate ability of
Evaluate plans for IS and user
accuracy and personnel to
adequacy respond
effectively
Verify that basic elements of a well-developed plan are evident and review:
Interview
Currency of personnel for
Effectiveness of appropriateness
documents documents and
completeness
Review BCP test results
Verify that the backup facilities are adequate based on projected needs
(telecommunications, utilities, etc.). Will the site be secure?
Does the disaster recovery/ business resumption plan consider the failure
of electrical power, natural gas, toxic chemical containers, and pipes?
Does the plan consider the disruption of transportation systems? This could affect the
ability of employees to report to work or return home. It could also affect the ability of
vendors to provide the goods needed in the recovery effort.
Sample list of BCP Audit steps
28
Information Technology
Part-1 Part-2
(BCP)
35
Topics Covered
Part-3 Part-4
Part-5
4.17 Audit of the DR/BR Plan
4.18 Summary 36
Chapter Summary
37
Business Continuity
Management
Business
Continuity
Planning
BCP
Implementation
Back up and
DR
Auditing BCP
38
Thank you!