What to do when it all goes wrong. Crisis Management and business continuity June 19, 2012
What to do when it all goes wrong.Crisis Management and business continuity
June 19, 2012
Where do auditors fit in to Business Continuity?
2
There are two types of Audit Behaviors: Compliance OR Common Sense
• Compliance to Industry Regulation:– Project focus.– Remediate audit findings.
• Common Sense in serving the organization:– Program focus.
– Remediate past issues and mitigate future Issues.– Recognize when compliance has become a larger
investment that requires a potential return .
• What is the ‘tipping point’ between the two?
3
At some point in the audit process, the spend over time will highlight a “tipping point” in stakeholder’s perspectives, requiring a set of costly projects to become a trusted
program. 4
Two Schools: Compliance or Common Sense? Audit for
CompliancePounds of paper.
Audit for Common SenseA working program.
SpendOverTime
20% of effort resulting in 80% results:
5
• You can replace this placeholder text with yours
• You can replace this placeholder text with yours
Title Only – Place Anything On Slide
6
Impact on frontline
Impact on senior management
Impact on first level management
Impact on middle management
KEY DECISION
7
A multi-year project approach to Business Continuity will lead to a large investment and the requirement for common sense.
Year OneArtifacts that
get you through an audit
Year FourArtifacts that get you through an audit and might not work in an actual event
WHAT ROLES DO AUDITORS PLAY DURING A CRISIS?
8
Title Only – Place Anything On Slide
9
Your text here. Your text here. Your text here. Your text here
Your text here
Your text here
Your text here
Your text here
Your text here
Your text here
Title Only – Place Anything On Slide
10
Time
Growth
Introduction
Maturity
Decline
Your conclusion here. More text here and more text here about the chart
Majority
Title Only – Place Anything On Slide
11
Your text here. Your text here. Your text here. Your text here.
Your text here
Your text here
10% Your text here
90% Your text here
HOW AND WHEN DO YOU AUDIT A COMMON SENSE BC/DR PLAN?
12
Title Only – Place Anything On Slide
13
Risk Assessment(s)
Testing&
Training
Business ImpactAnalysis
Remediation&
Planning
BCPProgram
&Policy
Title Only – Place Anything On Slide
14
• The Program and Policy are Strategic• The Risk Assessments set a reasonable Disaster Halo• The BIA’s set a standard Impact Horizon• Remediation and Planning lowers risk• Testing assures continuous improvement
Title Only – Place Anything On Slide
15
Your text hereYour text hereYour text here
Your text here
Your text hereYour text here
Your text here
Title Only – Place Anything On Slide
16
Title Only – Place Anything On Slide
17