IT Governance, Risk, and Compliance

Dec 6 2011   8:32PM GMT

Auditing Business Continuity and Disaster Recovery – Part VI



Posted by: Robert Davis
Tags:
BCP
Business Continuity
Certified Information Systems Auditor
Certified Information Technology Professional
Certified Internal Auditor
Certified Internal Controls Auditor
Certified Public Accountant
Crisis Management
Disaster Recovery
DRP
IT Audit

BCP audits normally have an organizational focus. ‘Organizational-based’ BCP audits examine deployed frameworks, managerial issues, and departmental activities. However, if during ‘organizational-based’ planning the IT auditor discovers a BCP framework is not deployed, the audit planner should consider utilizing the COBIT Deliver and Support-Ensure Continuous Service, Manage Service Desk and Incidents, as well as Manage Problems framework domain processes as baselines for setting detail objectives. Partly reflective of the COBIT “Ensure Continuous Service,” “Manage Service Desk and Incidents” and “Manage Problems” processes; BCP availability, compliance, effectiveness and efficiency are the primary information criteria; while confidentiality, integrity, and reliability should be considered secondary information criteria, even when other audit measurement standards are included within the audit ambit.

View Part I of the Auditing Business Continuity and Disaster Recovery series here

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: