Join Michael Lester for an in-depth discussion in this video Business impact analysis, part of CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors.
- Okay, now let's talk about the most important part of the…business continuity planning process,…the Business Impact Analysis, the BIA.…This is the real work that gets…done in your business continuity planning.…So, step one in the business continuity planning BIA is…identify the company's critical business functions.…We talked about that earlier, that's what it's all about.…Keeping those critical business functions alive…at all costs is the name of the game…when it comes to business continuity planning.…The BIA, the first step is to identify which of the…functions in your organization are the actual critical ones.…
So, you ask yourself a question like this.…You look at your functions, you draw them all out,…and you say well, if all of these functions here…rely on this other function at the top,…then you've found the critical business function.…If the five or six other things rely on one,…that's a pretty critical function.…Now, what you can ask yourself to determine whether a…function is a critical function are some…
Instructor Michael Lester starts out with a description of IT governance and the role of IT policies, processes, and standards, providing examples of many of the most common types. He reviews three key areas for auditing: risk management, business continuity, and disaster recovery planning. He also explains how an IT department and its auditing team should be organized. At each stage, he explains how the auditor would address these topics in a typical audit environment.
- IT governance
- Policies, processes, and standards
- Risk management
- IT organization
- Business continuity
- Disaster recovery