"During their planning cycles, many companies around the world evaluate how prepared they are to handle disasters as well as the effectiveness of their business continuity and disaster recovery plans. As part of this process, internal auditors can help organizations establish effective business continuity management (BCM) programs. To do this, auditors need to understand what is involved in developing a BCM program and the steps they should take to evaluate the effectiveness of existing programs that incorporate necessary business continuity, disaster recovery, and crisis management efforts."
I'd like for you to be able to read what the Institute of Internal Auditors, or more precisely author Mark T Edmead of Control Solutions International, advises IT auditors to look for when reviewing business continuity arrangements. Unfortunately, the IIA article has dropped off the Web in the past few days. Sorry.
Mark's advice is sound but stops well short of the audit-style Internal Controls Questionnaire provided in this month's NoticeBored security awareness module. Still, it validates and summarizes the approach detailed in our ICQ and is an interesting piece.