GTAG10 - The Institute of Internal Auditors

GTAG 10 - Business Continuity Management
This GTAG focuses on how business continuity management (BCM) is designed to enable business leaders to manage the level of risk the organization could encounter in the case of a natural or man-made disruptive event that affects the extended operability of the organization.

The guide includes:

Disaster recovery planning for continuity of critical information technology infrastructure, and
Business application systems.

Chief audit executives CAEs have been challenged to educate corporate executives on the risks, controls, costs, and benefits of adopting a BCM program. Although it is true that recent disasters around the world have motivated some corporate leaders to give attention to BCM programs, the implementation of such programs is far from universal. The key challenge is engaging corporate executives to make BCM a priority.

Although most executives are likely to agree that BCM is a good idea, many will struggle to find the budget necessary to fund the program as well as an executive sponsor that has the time to ensure its success. Business Continuity Management will help the CAE communicate business continuity risk awareness and support management in its development and maintenance of a BCM program.

Table of Contents
1. Executive Summary
2. Introduction
2.1 BCM Definition
2.2 Crisis Management Planning
2.3 Disaster Recovery of IT
3. Building a Business Case
4. Business Risks
4.1 Common Disaster Scenarios
4.2 Common Disaster Impacts
5. BCM Requirements
5.1 Management Suppor
5.2 Risk Assessment and Risk Mitigation.
5.3 Business Impact Analysis
5.4 Business Recovery and Continuity Strategy
5.5 Disaster Recovery for IT
5.6 Awareness and Training
5.7 Maintenance of the BCM Program
5.8 Exercise of the Business Continuity
5.9 Crisis Communications
5.10 Coordination with External Agencies
6. Emergency Response
7. Crisis Management
8. Conclusion/Summary
9. Appendix
9.1 Sample BCP Audit Guide
9.2 BCM Standards and Guidelines
9.3 BCM Capability Maturity Model

Authors:
David Everest, Key Bank : : Roy E. Garber, Safe Auto Insurance Company
Michael Keating, Navigant Consulting : : Brian Peterson, Chevron Corporation

Download this guide (PDF, 1MB).
Purchase a printed version.
Download form for permission to translate to another language (PDF, 20KB).

Quick Search Advanced Search Site Map IIA Popular Pages About the Profession New Fraud Guidance Virtual Seminars CIA Preparation GTAG Series		Home / Professional Guidance / Information Technology / GTAG / GTAG10 GTAG 10 - Business Continuity Management This GTAG focuses on how business continuity management (BCM) is designed to enable business leaders to manage the level of risk the organization could encounter in the case of a natural or man-made disruptive event that affects the extended operability of the organization. The guide includes: Disaster recovery planning for continuity of critical information technology infrastructure, and Business application systems. Chief audit executives CAEs have been challenged to educate corporate executives on the risks, controls, costs, and benefits of adopting a BCM program. Although it is true that recent disasters around the world have motivated some corporate leaders to give attention to BCM programs, the implementation of such programs is far from universal. The key challenge is engaging corporate executives to make BCM a priority. Although most executives are likely to agree that BCM is a good idea, many will struggle to find the budget necessary to fund the program as well as an executive sponsor that has the time to ensure its success. Business Continuity Management will help the CAE communicate business continuity risk awareness and support management in its development and maintenance of a BCM program. Table of Contents 1. Executive Summary 2. Introduction 2.1 BCM Definition 2.2 Crisis Management Planning 2.3 Disaster Recovery of IT 3. Building a Business Case 4. Business Risks 4.1 Common Disaster Scenarios 4.2 Common Disaster Impacts 5. BCM Requirements 5.1 Management Suppor 5.2 Risk Assessment and Risk Mitigation. 5.3 Business Impact Analysis 5.4 Business Recovery and Continuity Strategy 5.5 Disaster Recovery for IT 5.6 Awareness and Training 5.7 Maintenance of the BCM Program 5.8 Exercise of the Business Continuity 5.9 Crisis Communications 5.10 Coordination with External Agencies 6. Emergency Response 7. Crisis Management 8. Conclusion/Summary 9. Appendix 9.1 Sample BCP Audit Guide 9.2 BCM Standards and Guidelines 9.3 BCM Capability Maturity Model Authors: David Everest, Key Bank : : Roy E. Garber, Safe Auto Insurance Company Michael Keating, Navigant Consulting : : Brian Peterson, Chevron Corporation Download this guide (PDF, 1MB). Purchase a printed version. Download form for permission to translate to another language (PDF, 20KB).		Global Technology Audit Guides (GTAG^®) Guide 1 Guide 2 Guide 3 Guide 4 Guide 5 Guide 6 Guide 7 Guide 8 Guide 9 Guide 10 Guide 11 IT Resources Review some of the latest IT Resources available for IT auditing. GAIT Project Learn more about the ongoing IT auditing guidance project known as the Guide to the Assessment of ITGeneral Controls Scope Based on Risk (GAIT). Information Technology