Join Michael Lester for an in-depth discussion in this video Auditing business continuity and disaster recovery, part of CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors.
- [Instructor] So we've talked all about business…continuity planning and analysis.…Now let's talk about how we actually audit…your business continuity within an organization.…Well, first of all,…let's take a look at the process itself.…Is there a business continuity planning process in place?…If there is, does it follow a particular standard…and how well are we conforming to that standard?…Are the goals for business continuity defined…and approved by management?…Has management said yes, we have a policy,…a business continuity planning policy,…and here are our actual goals that we expect,…and here are our directives,…and signed off on that policy document?…If so, that's something we want to know.…
Are the roles and responsibilities…within business continuity defined?…Not only for the higher ups, the business unit leaders,…but for people, everyday people working.…What are your responsibilities…as an employee, et cetera, et cetera?…Is testing being performed in this process?…Are we testing our business continuity plan?…
Instructor Michael Lester starts out with a description of IT governance and the role of IT policies, processes, and standards, providing examples of many of the most common types. He reviews three key areas for auditing: risk management, business continuity, and disaster recovery planning. He also explains how an IT department and its auditing team should be organized. At each stage, he explains how the auditor would address these topics in a typical audit environment.
- IT governance
- Policies, processes, and standards
- Risk management
- IT organization
- Business continuity
- Disaster recovery