largely;depend;on;how;well;participants
accept;the;importance;of;the;plan,;the
credibility;of;the;plan,;and;the;degree;and
quality;of;the;training;provided.
It;is;essential;to;provide;training;for;all
members;of;the;planning;team;as;well
as;other;key;staff.;The;BCM;auditor
may;examine;the;training;plan,;types;of
training;provided,;training;instructors;and
participants,;content;of;the;training,;and
training;evaluation;and;results.
;BCM Testing;–;The;plan;should;be
thoroughly;tested;and;evaluated;on
a;regular;basis;(at;least;annually).
Procedures;to;test;the;plan;should;be
documented;in;a;test;plan.;Testing;and
exercises;provide;the;assurance;that
all;necessary;steps;are;included;in;the
plan.;The;BCM;auditor;may;examine
the;BCM;policy;statement;for;the;testing
responsibilities;and;requirements.;In
addition,;the;auditor;may;also;review
the;test;plan,;the;participants,;and
the;documentation;resulting;from;the
test;such;as;problem;logs.;Debriefing
documentation;could;also;be;requested.
;BCM Maintenance;–;As;systems
change,;the;BCM;must;be;updated;to
reflect;those;changes.;The;maintenance
procedures;should;allow;for;a;regular
review;of;the;plan;by;key;personnel
within;the;organization.;The;BCM
auditor;may;examine;maintenance
logs,;maintenance;policies;and
procedures,;maintenance;roles;and
responsibilities,;frequency;of;updates,
and;plan;distribution;and;methods.;Some
organizations;include;BCM;as;part;of
their;change;management;and;control
procedures.
responsibilities;have;not;been;clearly
defined.;This;can;result;in;the;BCM
quickly;becoming;outdated.
;There;may;be;a;lack;of;training;and
knowledge;transfer;of;the;BCM.;This
creates;a;significant;reliance;on;a;few
individuals;and;can;result;in;improper
execution;of;the;plan.
;Many;organizations;perform;IT;testing
exercises;but;limited;testing;in;other
areas.;This;also;can;create;problems;if
the;plan;needs;to;be;activated.
;In;some;organizations,;the;IT;professions
develop;the;BIA;and;determine;priorities
without;stakeholder;involvement.
Although;IT;professionals;often;have
a;good;understanding;of;the;business
processes,;a;lack;of;stakeholder
involvement;can;result;in;incorrect;RPOs
and;RTOs.
;Many;organizations;do;not;include;BCM
in;the;change;management;process.
This;can;result;in;the;system;being
implemented;without;a;recovery;strategy.
;Some;organizations;have;developed
good;recovery;strategies;but;have;not
documented;the;procedures;to;support
their;strategies.
Make;sure;to;pull-out
the;“Executive;Guide
to;Business;Continuity”
inside;the;front;cover.
Most Common BCM Weaknesses
Some common weaknesses of business
continuity plans identified as a result of
BCM audits are listed below:
;Often;there;may;be;a;BCM;plan;but;it
may;not;contain;a;BCM;policy;statement.
;Organizations;often;have;multiple;types
of;plans;without;adequate;integration.;For
example;the;emergency;plan;or;the;crisis
management;plan;may;not;be;properly
coordinated;with;the;BCM.;This;can
result;in;confusion;at;the;time;the;plan(s)
need;to;be;activated.
;Some;organizations;have;developed
comprehensive;business;continuity
plans,;but;maintenance;roles;and
Road Map for BCM Audit Success
The following recommendations will
help to ensure the success of the BCM
planner in connection with an audit:
;Understand;the;scope;of;the;audit;and
underlying;standards
;Assure;that;all;BCM;documentation;is
up-to-date
;Assure;that;all;phases;of;the;BCM
development;process;have;been
performed;and;documented
;Assure;that;there;has;been;adequate
training;on;the;BCM;and;supporting
documentation
;Assure;that;the;plan;has;been;exercised
and;debriefing;documentation;has;been
completed
;Work;with;(not;against);the;BCM;auditor
;Obtain;value;from;the;BCM;audit
v
Geoffrey Wold, CISA, CGEIT, CPA,
CMA,;CMC,;CDP,;CSP,;CFSA,;CIRM;is;a
partner;and;the;managing;director;at;LBL
Technology;Partners.;He;provides;a;wide
range;of;business;continuity;management
consulting;services;and;has;written;books;on;business
continuity;and;security;planning.;Wold;has;consulted;on
hundreds of business continuity plans throughout the
nation.
