Developing and Implementing a Business Continuity Audit Program
OVERVIEW Continuity management of information technology service processes should minimize adverse effects caused by disastrous and unpredictable events while focusing on sustaining core business processes. Specifically, major management tasks should include defining requirements and strategies for information technology continuity, setting measures and continuity plans for information technology services, managing continuity procedures as well as managing continuity and recovery in an emergency. Service continuity controls ensure that when unexpected events occur imperative operations continue without interruption or are promptly resumed, and critical as well as sensitive data remain protected. A well-planned, properly structured audit program is essential to evaluate risk management practices, control systems, and compliance with policies concerning information technology-related risks at institutions of every size and complexity. Effective audit programs are risk-focused, p...