Join Michael Lester for an in-depth discussion in this video BCP step-by-step, part of CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors.
- [Instructor] All right, so let's talk about…business continuity planning.…Well it's important to follow,…just as anything else, a process for…doing you business continuity planning.…So we're going to go through an initial sort of plan statement.…Then we're going to do our business impact analysis,…that's a big piece of this.…We'll talk about that.…We're going to identify the controls…that we're going to put in place.…And finally, when all that's said and done,…we'll actually write the business continuity plan.…Then once that's done, we're going to exercise…and test and drill and make sure…that the controls we put in place are sufficient.…
And then we're going to maintain the plan…and make sure we keep it up to date.…That's essentially the process we're going to go through.…So the first piece of that is project initiation.…So step one, review the current business continuity plan…if one exists…and outline the goals for this specific organization.…What are they?…Typically management will say here's what we expect.…
Instructor Michael Lester starts out with a description of IT governance and the role of IT policies, processes, and standards, providing examples of many of the most common types. He reviews three key areas for auditing: risk management, business continuity, and disaster recovery planning. He also explains how an IT department and its auditing team should be organized. At each stage, he explains how the auditor would address these topics in a typical audit environment.
- IT governance
- Policies, processes, and standards
- Risk management
- IT organization
- Business continuity
- Disaster recovery