A bibliography is therefore recommended for an overview of relevant publications. Develop and document emergency management plans, incident response plans, facility management plans and other process-level documents. The second part contains a full audit program that you may use at varying levels of detail to support your audit strategy and plan. Auditing business continuity programs and their associated plans and documentation against a measurable benchmark provides assurance that the program is consistent with established industry practices and controls. After you complete the form you can download theebook Auditing Business Continuity Global Best PracticesBusiness Continuity Management By Rolf von Roessing in the bestformat for your device. Members are drawn from all sectors including Finance, Government, Health, Transport, Retail and Manufacturing.
See the following websites for additional plans, sample policies:. Put simply, these plans show fundamental flaws that would have prevented recovery from taking place within the required timescale. Some elements may look familiar to the experienced auditor who may still benefit from using this book as a reference manual or as an instructive tool for groups of auditors. Published by Rothstein Associates Inc. Chapter learning objectives, case studies and real-life examples, self- examination and discussion questions, forms, checklists, charts and graphs, glossary, index. The business continuity manager, and the auditor, require a diversified set of skills and extensive knowledge to assess business continuity as a question of business survival. Be clear with individual users over their portion of the shared responsibilities.
AuditingBusiness Continuity Global Best Practices Business ContinuityManagement By Rolf von Roessing this is a great books, Ithink the book was very nice and worth to read. To the auditor, it is important to understand how this decision has been reached and whether it can be justified from a financial, operational and managerial point of view. Conduct a risk assessment to identify and understand the threats and vulnerabilities. This email address is already registered. I commend it to all who are serious about the topic. Process Campus units maintaining multiple servers and providing various services should have internal backup capabilities. Unlike an academic publication, the audit report should not require further research on part of the reader, although copyright restrictions may limit the amount of material that the auditor can copy and provide as a matter of courtesy.
This means that those flaws have not been exposed and the plans will almost certainly fail to deliver timely recovery. Auditing Business Continuity Global Best Practices BusinessContinuity Management By Rolf von Roessing is a verypopular book, with the highest ranking sales. Section 2 is a standardized audit program divided into work areas. Several guides to emergency management address backup and recovery. At this critical point in your Business Continuity Management studies and research, you need one definitive, comprehensive professional textbook that will take you to the next step. There are now over 1,200 members of the Institute working in 36 countries across the world.
However, for the auditor these terms refer to one and the same notion: businesses should take adequate precautions to ensure that no going concern issues arise from crises or disasters. The work not only provides a general outline of how to conduct different types of audits but also reinforces their application by providing practical examples and advice to illustrate the step-by-step methodology, including contracts, reports and techniques. Author serves on the British standards committee whose standards U. Rolf provides a comprehensive, pragmatic and deeply practical step-by-step guide to Business Continuity audit. Aligning the activities within your business continuity audit program with these categories and steps will ensure successful completion of the audit process. Even if you are a seasoned audit professional, this chapter may help you in identifying typical problems associated with reviewing a complex process and interacting with a wide range of managerial and technical responders.
That is why I welcome Rolf von Roessing's cogent contribution to this important area. Both types of corporations nevertheless pursue the overall goal of business continuity, by either avoiding risks or disasters if they can , or by making sure they can deal with these events. It is structured in three main sections. Chapter 4 explains how audit reports are structured, written and presented to your stakeholders. Suggested standard wordings for findings and recommendations have also been included.
Depending upon the needs of the unit, daily full backups might be required and should be rotated off-site as well. Shares field-tested tools and hard-won insights about what works and why. It has been endorsed by. I commend it to all who are serious about the topic. The third part contains samples of an audit report and selected work papers to help you put the plan and program into practice. Individual workstation data should be backed up by the user.
It is a gold mine of practical information based on solid principles; an ideal combination of the practice of business continuity — standards, best practices, global perspectives — and the process of business continuity — planning, development, implementation, and maintenance. Some elements may look familiar to the experienced auditor who may still benefit from using this book as a reference manual or as an instructive tool for groups of auditors. You will find useful hints and technical references to give you quick access to typical problems and difficulties that may constitute important audit findings. Selected work papers have been added to provide an indication as to the ways in which you might use the standardized audit program. He frequently supervises security-related certification examinations and has presented various lectures and training courses on business continuity management in a European context.
Around 85% of Business Continuity Plans fail when first tested. It is therefore crucial to businesses that plans are subject to stringent review. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. Hence, technical findings should be explained at an appropriate level of details, using attachments and appendices where necessary. Business continuity and related plans Develop and document process-level plans to recover from identified incidents, ensure that plans have detailed contact lists, support business objectives, contain roles and responsibilities and identify primary and alternate recovery locations. In the table, locate individual audit steps down the left-hand column of your analysis document. It is structured in three main sections.
Management is still forced to address precisely this issue, by carefully evaluating their options and then making an entrepreneurial decision about the acceptable level of remaining risk. The opinions expressed herein are subject to change without notice. Does one of these describe you? You forgot to provide an Email Address. Work area 11 contains detailed audit instructions for some national jurisdictions where different rules may apply. They make implicit assumptions — about the availability of people, assets and access, for instance — without subjecting those assumptions to challenge. If you are a financial auditor, or an internal auditor tasked with reviewing business continuity, this may be a new field to you.