Developing and Implementing a Business Continuity Audit Program

Duration 90 Mins
Level Basic & Intermediate & Advanced
Webinar ID IQW19J1075

  • Challenges of business continuity planning in today’s volatile threat landscape
  • Key elements of crises management response
  • How a Business Continuity Plan differs from a Disaster Recovery Plan
  • Significant components for developing a Business Continuity Audit Plan
  • Acquiring appropriate business continuity audit evidence
  • Recommendations for analyzing a Business Continuity Plan
  • Communications development before, during, and after a Business Continuity Audit

Overview of the webinar

Business continuity has been generally defined as a comprehensive managed effort to prioritize key business processes identifying significant threats to normal operations that permit planning strategies for ensuring effective and efficient organizational responses to challenges arising during and after a crisis. Consequently, business continuity planning encompasses processes for developing advance responses to service interruptions in such a manner that critical business functions continue at expected levels. Sub-categorically, disaster recovery planning is normally ranked as a key business continuity component referring to technological aspects of advance planning and organizing necessary to minimize potential losses and ensure critical business functionality if catastrophic circumstances materialize. An effective business continuity capability is essential. However, for most organizations, being able to recover IT is fundamental.

Arguably, establishing a robust preparedness capability is one of the best investments an entity can pursue. Nonetheless, auditors should assure (based on a thorough risk assessment) the firm’s resiliency efforts are operationally ready to respond when required. Beneficially, IT audits of business continuity and disaster recovery plans can assist in ensuring the proper attention is given to information assets supporting an enterprise’s operations.

Cost-effective strategies should be designed to prevent, detect and/or mitigate the impact of potential crises. Reducing system vulnerabilities is typically accomplished by delineating then remediating single as well as combined configuration failure points. Various resources that can contribute to the remediation process should be identified as continuity enablement factors. These resources -- including essential personnel (and their roles and responsibilities), information, applications, and infrastructure -- should be documented in a plan demonstrating the commitment to continuity.

Who should attend?

  • Auditors
  • Operations Managers
  • Vendor Managers
  • Disaster Recovery professionals
  • Call centers
  • Business Continuity Team members
  • Information Security personnel
  • Chief Security Officer
  • Risk Managers
  • Chief Information Officer
  • Chief Operations Officer
  • Information Security Managers
  • Technology Managers

Why should you attend?

Considering information systems are generally critical to enhancing productivity, it is imperative deployed information technology (IT) provide availability with service responsiveness meeting user utilization demands, even during crisis situations. Organizational susceptibility as well as IT operational resiliency impact speedy and systematic redress for fulfilling efficiency, effectiveness, availability, and compliance requirements. Furthermore, neither business nor IT resides within static environments. Thus, environmental dynamics can generate changes in altering system activities that require timely response and restoration to ensure continuous service delivery.

Threats to an enterprise’s existence manifest in diverse forms, including disruptions, emergencies, crises or disasters. Anyone of these incidents or events can jeopardize data processing services sustaining mission-critical operations. When business integrated information systems are unavailable, efficiency is diminished, effectiveness is eroded, compliance is hindered, and employees are idled. As a result, entities should regularly examine their business continuity, disaster recovery, as well as back-up plans to ensure adequate operational requirements forecasting regarding service restoration.

Faculty - Dr.Robert E. Davis

Dr. Robert E. Davis, MBA, DBA, CISA, CICA (an invited Golden Key and Delta Mu Delta member) obtained a Bachelor of Business Administration degree in Accounting and Business Law and a Master of Business Administration degree in Management Information Systems from Temple and West Chester University; respectively. In addition, during his twenty years of involvement in education, Robert acquired Postgraduate and Professional Technical licenses in Computer Science and Computer Systems Technology. Robert also obtained the Certified Information Systems Auditor (CISA) certificate — after passing the 1988 Information Systems Audit and Control Association’s rigorous three hundred and fifty multiple-choice questions examination; and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls. Robert was awarded the Doctor of Business Administration degree specializing in Information Systems Management by Walden University. 

Since starting his career as an information systems (IS) auditor, Robert has provided data security consulting and IS auditing services to the United States Securities and Exchange Commission, United States Enrichment Corporation, Raytheon Company, United States Interstate Commerce Commission, Dow Jones & Company and Fidelity/First Fidelity (Wells Fargo) corporations as well as other organizations; in staff through management positions.

For group or any booking support, contact: