10 ways to improve Business Continuity Plan Exercise, Audit, and Maintenance – tip 9 Audit

Your organization has now invested valuable time and money developing business continuity plans. As a professional business continuity planner, you know that the next steps – exercising, auditing and maintaining the business continuity plans – are all important to successful resilience in the event of a disaster. In this article, I will provide 10 tips to advance your business continuity plan exercise, audit and maintenance program.


Tip #9 Arrange an Audit

An audit in the private sector can be powerful for obtaining senior management support for business continuity upkeep and improvement. Executives are familiar with the audit process and are likely to see the merit in the recommendations of an auditor. You can also successfully argue that an audit should be presented by the sponsor to the Board of Directors.

Audits can also be high-profile in public sector organizations. Some have mandatory audits. Your department may post the results publicly, or details of any audit may be requested through Access to Information legislation. Certainly any audit could receive media scrutiny. It is vital that you prepare well in advance for the assessment, given its overall importance.

Understanding what the auditors or reviewers are looking for will help the audit run smoothly. It will also help you to enrich the business continuity management program in your organization in the process. Ideally, the plan should be audited by an independent auditor to ensure objectivity. During the engagement process, you should review plan expectations with the auditor and determine what set of standards will be used. Together with the auditor, you should set audit objectives and scope, and assess and select the audit method. The audit process should examine the administrative aspects of the BCM process, the plan’s structure, contents and actions sections, and the plan’s documentation control procedures. An audit should be conducted at least annually.

(For more information on DRI’s professional practices please read Professional Practice Eight – Business Continuity Plan Exercise, Audit, and Maintenance DRII Professional Practices June 1, 2012 Version 1)

‘When planning for war, I have always found plans to be useless, but planning to be invaluable.’ General Eisenhower

Comments are closed.
  • Be Prepared

  • Professionals

  • Categories

%d bloggers like this: