This GTAG focuses on how business continuity management (BCM) is designed to enable business leaders to manage the level of risk the organization could potentially encounter if a natural or man-made disruptive event that affects the extended operability of the organization were to occur. The guide includes disaster recovery planning for continuity of critical information
technology infrastructure and business application systems.
Chief audit executives CAEs have been challenged to educate corporate executives on the risks, controls, costs, and benefits of adopting a BCM program. Although it is true that recent disasters around the world have motivated some corporate leaders to give attention to BCM programs, the implementation of such programs is far from universal. The key challenge is engaging corporate executives to make BCM a priority. Although most executives are likely to agree that BCM is a good idea, many will struggle to find the budget necessary to fund the program as well as an executive sponsor that has the time to ensure its success.
Business Continuity Management will help the CAE communicate business continuity risk awareness and support management in its development and maintenance of a BCM program.
This document is also available in PDF
Prepared by The Institute of Internal Auditors (The IIA), each Global Technology Audit Guide (GTAG) is written in straightforward business language to address a timely issue related to information technology (IT) management, control, and security. The GTAG series serves as a ready resource for chief audit executives on different technology-associated risks and recommended practices.