Auditing Business Continuity and Disaster Recovery Plans and Programs

Training Duration: 2 days

Training Delivery Method: On-site, instructor-led course; or online, instructor-led course


Experienced IT audit and/or control professionals

What Problem Does This Training Help Solve?

Provides training on how to conduct BC and DR audits

Who Should Attend?

IT audit and assurance professionals interested in learning BC and DR audit

Course Material:

Content-rich manual/course handouts consisting of about 300 foils 

Course Syllabus:

Organizations spend a lot of money on BC and DR plans, but the executive management is still not sure if the plan is going to work when the need arises. Internal Auditors play a vital role in providing assurance on the sufficiency and effectiveness of controls regarding BC and DR. This seminar will train internal auditors on the subject of auditing BC and DR Plans and Programs. The first half day will be devoted to giving introduction about BC/DR for those auditors who do not have this background. The rest of the time will be spent in learning about audit of BC/DR plans and programs.

Topics to be covered:

    • Introduction to BC and DR
    • What is BC and DR
    • Difference between Business Continuity and Disaster Recovery
    • Different standards influencing business continuity (ISO 27002, COBIT, NFPA1600, FFIEC, SAS70, BS25999, BS25777, BCI, DRII, DHS/FEMA FPC 65 COOP Elements)
    • Ten subject areas if DRII/BCI
    • BC Audit Framework
    • BC Audit Scope
    • BC Audit Planning
    • Conducting BC Audit
    • Conducting DR Audit
    • Analysis of Results
    • Reporting Audit findings
    • Post Audit follow-up
    • BC Audit and Capability Maturity Model
    • Various BC and DR Audit Programs and Internal Control Questionnaire