Business Continuity and Risk Management: Essentials of Organizational Resilience
By Kurt J. Engemann PhD, CBCP and Douglas M. Henderson FSA, CBCP
What role does the internal auditor play in an organization’s business continuity and risk management program? According to Mark T. Edmead, CISSP, CISA
Learning about their role in the business continuity management process can help auditors provide recommendations that will enable organizations to be one step ahead of the curve when disaster strikes.
The question of disasters and business continuity are no longer an issue of if but rather when as we have seen by events over the last decade. Disasters, both natural and man-made threaten our organizations so it is imperative that we be prepared. The authors have put together an excellent resource that can used in an educational environment or as a learning tool by auditors. This book begins with coverage of the fundamentals of business continuity management (BCM), how the function should be organized and how to conduct a business impact analysis. There are plenty of examples and questions that you can use in conducting a risk assessment and developing a strategy for BCM. The implementation section of the book covers emergency response, coordinating the key stakeholders and developing the plan. The maintenance section covers testing the plan, which should be done at least annually. The remainder of the book addresses risk modeling and case studies.
Auditors may feel that this area rests within the purview of IT auditors but in my opinion, all auditors should become familiar with the principles, apply them to their own department, as well as schedule this as part of their recurring annual audit plans. As the saying goes: failure to plan is planning to fail! Don’t wait for the disaster to occur because at that point it is already too late!
JK June 2012
I