Join Michael Lester for an in-depth discussion in this video Developing and implementing the plan, part of CISA Cert Prep: 2 Information Technology Governance and Management for IS Auditors.
- [Narrator] Alright, so let's talk about…developing and implementing the actual…business continuity plan,…the plan document itself.…Well, first of all,…we did a lot of work in the business impact analysis,…that's where most of the work is done.…And the results of that impact analysis…contain things like all of our identified critical functions…and the resources that those functions depend on,…the magical MTD, the maximum tolerable down time,…for each of those functions and resources.…We've identified the threats and vulnerabilities…to those functions and resources.…
We've calculated the risk…or the impact that the company would endure…for each of the threats that we have outlined in our scope,…and we've come up with some…protection and recovery solutions.…Now, we take that, we document it,…and we present it to management for approval.…If they sign-off, then, it's going to go in our plan.…So we take the results,…and that's we use to create the actual BCP document,…the business continuity plan document.…So we've gone through all of this work,…
Instructor Michael Lester starts out with a description of IT governance and the role of IT policies, processes, and standards, providing examples of many of the most common types. He reviews three key areas for auditing: risk management, business continuity, and disaster recovery planning. He also explains how an IT department and its auditing team should be organized. At each stage, he explains how the auditor would address these topics in a typical audit environment.
- IT governance
- Policies, processes, and standards
- Risk management
- IT organization
- Business continuity
- Disaster recovery