KnowledgeLeader provides best practice articles, tools, guides, and links to resources on business continuity and disaster recovery. This page contains some examples of the many resources and tools on business continuity and disaster recovery that are available on KnowledgeLeader. Select one of the areas below to view summaries of these resources.
Business Continuity - IT Process Questionnaire
Business continuity management consists of the processes used by organizations to address unplanned service interruptions. This IT questionnaire can help assess an organization’s business continuity planning strategy. It includes questions on tactical alignment, business processes, technology, results management, human capital, stability and reliability. It also focuses on the continuance, recovery, and eventual restoration of critical business functions to their original conditions prior to service interruptions.
Business Continuity Management Audit Work Program
This extensive business continuity management work program covers the following areas: general BCP, preliminary steps, examination scope and objectives, appropriateness of enterprise-wide BCP, oversight and support, business impact analysis, risk management, testing, IT documentation, hardware backup and recovery, software backup and recovery, preparation for data center recovery, inclusion of security procedures, critical outsourced activities, conclusions, and final steps.
Business Continuity Management Methodology
Business continuity management (BCM) is best addressed by using a proven methodology. The methodology should be based upon the risks related to an organization’s key business processes which, if they were to be interrupted, might otherwise bring about a seriously damaging or potentially fatal loss to the enterprise. This seven-phased BCM methodology adheres to industry best practices and can be tailored to companies of all sizes.
Business Continuity Management Policy
This sample outlines a set of policies and procedures for formalizing a Business Continuity program, and provides guidelines for developing, maintaining and exercising Business Continuity Plans (BCPs). Such plans will ensure independence of crisis location, crisis duration and availability of any specific person or group of people.
Business Continuity Management Report Template - Sample
Developing a business continuity management (BCM) plan is a best practice that all companies should achieve. This template outlines sections to consider when developing a BCM plan. It includes areas to document the business impact analysis, key company contacts, and location of BCM documents.
Business Continuity Management Standards - A Side-by-Side Comparison
An increasing number of regulations and standards apply to Business Continuity Management. After studying and comparing the various BCM guidelines, Protiviti has identified common themes and best practices that will help in the implementation of a successful BCM process. This guide is our list of BCM standards and the associated agencies that advocate each best practice.
Business Continuity Program Charter
This charter establishes the Business Continuity Steering Committee and the Business Continuity Plan Project Team. The Steering Committee is responsible for providing the direction and strategy for the organization's business continuity program.
Business Impact Analysis: Disaster Recovery Plan Checklist
This checklist allows a Disaster Recovery Plan to be rated. Being able to recover critical systems is important to every organization, but to be successful, an enterprise must establish a method to rank applications and systems and to recover them in a timely manner.
COSO/COBIT Disaster Recovery and Business Continuity Control Objective Risk Matrix
This sample matrix aligns high-level control objectives DS4 (ensure continuous service) and DS11 (manage data) of the COBIT Delivery and Support domain and with their associated risks.
Data Management: Data Backup and Storage Policy
The purpose of this policy is to specify the procedures to backup and allow for recovery of important data in the event of accidental or intentional corruption, loss, or destruction of the data. For data critical to the ongoing operation of the business, offsite storage will facilitate keeping the business operational in the event of a physical disaster at the original site.
Disaster Recovery Plan Assessment Checklist for IT
This checklist serves as a guide for reviewing a disaster recovery plan. The focus of this review is on information technology continuity, recovery, and restoration.
Disaster Recovery Plan Review
This work program provides a review of a Disaster Recovery Plan, including the creation of the plan, evaluation of the risks covered, their impact on the business, and whether or not the plan provides for appropriate methods to recover from the threats covered by the plan.
Disaster Recovery Risk Assessment Audit Work Program
This disaster recovery risk assessment work program provides an outline for standard business models. It is not intended to be an all-inclusive list, but a starting point in the risk assessment process. Key areas and related risks considered include environmental, man-made, business, and IT threats.
Emergency Executive Committee Charter
The purpose of the Emergency Executive Committee (EEC) is to oversee the conduct of the corporation in the process of planning and responding to emergency, crisis or catastrophic events, with a direct or potential impact to the corporation’s financial objectives and major corporate plans, strategies and actions. The EEC exercises leadership, integrity, and judgment in directing the corporation to develop the necessary business continuity management (BCM) capabilities.
General IT Controls Review: Disaster Recovery Questionnaire
This questionnaire helps you assess disaster recovery preparation by comparing your plans to best practices.
Global Technology Audit Guide (GTAG) 10: Business Continuity Management
The objective of this GTAG is to provide insight into what BCM means to an organization, how to build a business case, and identify common risks and requirements. It can assist CAEs and other internal auditors in understanding, analyzing, and monitoring their organization's BCM processes. This guide will also help the CAE communicate business continuity risk awareness and support management in its development and maintenance of a BCM program.
Risk, Controls, and Responsibilities for Disaster Recovery and Business Continuity - Sample
This guide outlines the risks, control objectives, manual controls, IT controls, and responsibilities related to creating, maintaining and executing disaster recovery and business continuity plans within an organization.
Treasury and Cash Management Audit Program (Sample 2)
This work program lays out audit procedures for treasury and cash management. Specific areas of review include: cash disbursements, cash receipts, timely identification and resolution of exceptions, bank account analysis, investing/borrowing, capital management, foreign exchange exposure management, cash flow forecasting, IT assessment and derivatives.
Audit Planning Memo - Sample
This sample provides a template for documenting the overall audit approach. Topics addressed include: risk indicators, regulatory requirements, scope of audit work, internal control evaluation, and operation and functional structure.
Risk Assessment and Business Impact Analysis (BIA)
This section of Protiviti's "Guide to Business Continuity Management Basics – Frequently Asked Questions" discusses the risk assessment and business impact analysis (BIA) process. Topics covered include: What are the most common approaches to executing a risk assessment? What are the most common approaches to executing a BIA? And, are there ways around completing a formal BIA and risk assessment?
An Overview of the Regulatory Landscape
This section of Protiviti's "Guide to Business Continuity Management Basics – Frequently Asked Questions" provides an overview of the regulatory landscape. Topics covered include: What is COBIT? Is it focused solely on information technology disaster recovery planning? Does HIPAA include a requirement to implement BCM processes? And, why is the FFIEC regulation called “the BCP Gold Standard?”
Industry-Specific Questions for BCM Programs – Healthcare
This section of Protiviti's "Guide to Business Continuity Management Basics – Frequently Asked Questions" focuses on BCM programs in the healthcare industry. Topics covered include: How do healthcare organizations consider technology downtime (especially unscheduled or extended downtime) in their business continuity programs? How would system outages prevent operations from continuing to deliver medical care following emergencies? And, does the organization rely on automated information systems to the extent that operations would cease during a long-term outage?
Compliance Monitoring and Auditing
This section of Protiviti's "Guide to Business Continuity Management Basics – Frequently Asked Questions" focuses on compliance monitoring and auditing. Topics covered include: How do organizations mature their business continuity programs? How often should the business continuity program be audited? And, what is the optimal role for internal audit in BCP?
The Business Continuity Basics
This section of Protiviti's "Guide to Business Continuity Management – Frequently Asked Questions" focuses on the basic concepts surrounding business continuity management. Topics covered include: What is business continuity management (BCM)? Is there a best approach to business continuity planning (BCP)? What is ITIL, specifically IT Service Continuity Management? And, what is the relationship between business continuity and enterprise-wide risk management?
Building an internal audit function at Cadence Design Systems
Cadence Design Systems, Inc. is the world's leading electronic design automation technologies and engineering services company. In this profile, John Springer, director of internal audit and compliance at Cadence, discusses how the internal audit group was formed in response to the emergence of Sarbanes-Oxley regulations, and how it was internal audit’s role to program Sarbanes-Oxley compliance processes throughout the business. Springer also describes the cultural shift within the organization around accepting and understanding the presence of an internal audit function.
Failure to manage post-disaster liability risk may cost you
As the first decade of the 21st century has demonstrated in stark terms, the need for robust recovery and business continuity plans in the face of increasingly costly disasters, whether natural or manmade, has never been greater. However, even the most carefully crafted continuity plans may be missing a vital component: the risk of disaster-related liability actions brought on by affected parties. This article discusses how failure to plan for these events imposes great risk to the organization, and how internal audit can help manage these risks.
From Expense to Asset: A Reexamination of BCM Plans and Their Value
Each year, organizations spend considerable amounts of money developing business continuity management (BCM) plans, on the assumption that they need to prepare for a wide range of disasters. In this article, Protiviti’s Aaron Miller poses the following questions: Should organizations perceive their BCM plan as an asset rather than an expense? Does an effective BCM plan provide long-term value to the organization? If and when the plan is used, does having a well-prepared plan help the organization generate income and save money?
Guide to Business Continuity Management
Some of the most significant operational challenges in the history of BCM occurred in late 2004 and 2005 - hurricanes, tsunami, terrorism, and pandemic influenza (bird flu). This revised Second Edition FAQ Guide from Protiviti addresses some of the key lessons learned from these events for business continuity programs, and also includes industry-specific questions for BCM programs for manufacturing, retail, healthcare and telecommunications.
Internal Audit's Role Grows with Business Continuity
As organizations become more complex, global in reach and under the eye of regulators, shareholders and lawmakers, internal auditors need to make sure they play a big role in business continuity management (BCM). Because of the focus on controls and enterprise risk management that internal auditors have, they are well positioned to assess risk, identify the impacts of downtime and comment on key attributes of a business continuity approach.
Why Tomorrow Is Too Late to Think about Business Continuity
Business owners and executives juggle a number of projects each day that draw on their time and resources. As a result, they tend to defer business continuity into the "solve tomorrow" column until right before (or right after) an incident. This is a critical, sometimes disastrous mistake. Read this article to learn why designing and implementing a functional continuity plan is a multi-month process, and that executives must dedicate the time to ensure business survivability.
Trends in IT Internal Auditing: Greater Use of Automation, ‘Rebalancing’ Focus Away from Sarbanes-Oxley and Toward Broader Risk Management
Protiviti conducts a series of annual surveys among internal audit executives and professionals to identify key trends impacting organizations worldwide. Recent results from these studies include a number of notable trends in IT auditing. These trends focus on ISO 27000, computer-assisted audit techniques (CAATs), and IT audits not related to Sarbanes-Oxley compliance.
Exception Management Explained
The growing need for “exception management” capabilities among organizations of all sizes stems from a steady flow of new regulatory compliance and risk management requirements in recent years. These requirements force process owners to incorporate more rigorous compliance and risk-monitoring into their activities. This need, combined with the evolution of business analysis requirements, has given rise to continuous auditing and continuous monitoring, particularly at companies committed to getting the most valuable bang for their internal audit buck.
BS 25999
BS25999.COM is a resource for information, links, news, events, resources and discussion for those seeking information and guidance on BS 25999 specifically, also business continuity and emergency management in general.
BS 25999-1:2006 Business continuity management Part 1: Code of practice
BS 25999-1:2006 is a code of practice that takes the form of guidance and recommendations. It establishes the process, principles and terminology of business continuity management (BCM), providing a basis for understanding, developing and implementing business continuity within an organization and to provide confidence in business-to-business and business-to-customer dealings. BS 25999-1:2006 replaces PAS 56:2003, which has now been withdrawn. BS 25999-2:2007 will specify the process for achieving certification that business continuity capability is appropriate to the size and complexity of an organization.
Business Continuity Institute
This web site contains a wealth of information and resources for the both the business continuity novice and expert as well as allowing members the opportunity to communicate and network with each other.
Contingency Planning and Management (CPM)
The mission of Contingency Planning and Management is to be the central resource for technology, products, services, information, and management strategies that support business continuity to safeguard the physical, informational, and communication assets of a business; ensure the safety of employees and the public; and protect the financial well-being of the company.
Continuity Central
Continuity Central provides a constantly updated one-stop resource of business continuity information. Continuity Central provides structured listings of news, articles, white papers and links to enable you to quickly and easily find the information that you are looking for.
Disaster Recovery Institute International
The Disaster Recovery Institute administers a global certification program for qualified business continuity and disaster recovery planners. See also the
Disaster Recovery Institute Canada.
Disaster Recovery Journal (DRJ) Sample Disaster Recovery Plans and Outlines
The DRJ was the first publication dedicated to the field of disaster recovery and business continuity. DRJ provides links to a few sample plans, outlines, and other plan writing resources to help get the DR Planning process rolling.
Disaster Resource Guide
The Disaster Recovery Guide's mission is to consolidate and communicate thousands of resources into an annual reference that can be useful on a daily basis.
READY Business
READY Business outlines commonsense measures to help business owners and managers prepare for an emergency. The website is published by the U.S. Department of Homeland Security and provides practical steps and easy-to-use templates, along with links to resources providing more detailed business continuity and disaster preparedness information. It is a good starting point for small- to mid-sized businesses.
>> Sign up now for a
30-day free trial or an
annual subscription.
Find out more about our
subscription prices and group discounts.
If you have any questions please
contact us.