KnowledgeLeader provides best practice articles, tools, guides, and links to resources on business continuity and disaster recovery. This page contains some examples of the many resources and tools on business continuity and disaster recovery that are available on KnowledgeLeader. Select one of the areas below to view summaries of these resources.
Business Continuity Management Program Assessment
This sample business continuity management audit report helps companies create a second-generation program that builds upon prior reports. This audit report outlines four components of an effective BCM program, including:Corporate Business Continuity, IT Disaster Recovery, Transmission Emergency Response Plan, and Building Emergency Action Team.
Business Continuity Process Questionnaire
Business continuity management is used by organizations to address unplanned service interruptions. This business continuity process questionnaire can help assess an organization’s business continuity planning strategy. It includes questions on tactical alignment, business processes, technology, results management, human capital, stability and reliability. It also focuses on the continuance, recovery, and eventual restoration of critical business functions to their original conditions prior to service interruptions.
Business Continuity Management Audit Program
This extensive business continuity management program covers the following areas: general business continuity management best practices, preliminary steps, scope and objectives, appropriateness of enterprise-wide BCP, oversight and support, business impact analysis, risk management, testing, IT documentation, hardware backup and recovery, software backup and recovery, preparation for data center recovery, inclusion of security procedures, critical outsourced activities, conclusions, as well as final steps.
Business Continuity Management Methodology
Business continuity management (BCM) is best addressed by using a business continuity methodology. The BCM methodology should be based upon business continuity risks related to an organization’s key business processes, which, if they were to be interrupted, might otherwise bring about a seriously damaging or potentially fatal loss to the enterprise. This seven-phased BCM methodology adheres to business continuity best practices and can be tailored to companies of all sizes.
Business Continuity Management Policy
This business continuity policy outlines a set of policies and procedures for formalizing a Business Continuity program, and provides guidelines for developing, maintaining and exercising Business Continuity Plans (BCPs). Such plans will ensure independence of crisis location, crisis duration and availability of any specific person or group of people.
Business Continuity Management Template
Developing a business continuity management (BCM) plan is a best practice that all companies should achieve. This business continuity management template outlines sections to consider when developing a BCM plan. It includes areas to document the business impact analysis, key company contacts, and location of BCM documents.
Business Continuity Management Standards - A Side-by-Side Comparison
An increasing number of regulations and standards apply to Business Continuity Management. After studying and comparing the various BCM guidelines, Protiviti has identified common themes and best practices that will help in the implementation of a successful BCM process. This guide is our list of business continuity standards and associated agencies that advocate each best practice.
Business Continuity Program Charter
This charter establishes the Business Continuity Steering Committee and the Business Continuity Plan Project Team. The Steering Committee is responsible for providing the direction and strategy for the organization's business continuity program.
Business Impact Analysis: Disaster Recovery Plan Checklist
This checklist allows a Disaster Recovery Plan to be rated. Being able to recover critical systems is important to every organization, but to be successful, an enterprise must establish a method to rank applications and systems and to recover them in a timely manner.
COSO/COBIT Disaster Recovery and Business Continuity Control Objective Risk Matrix
This sample matrix aligns high-level control objectives DS4 (ensure continuous service) and DS11 (manage data) of the COBIT Delivery and Support domain and with their associated risks.
Data Management: Data Backup and Storage Policy
The purpose of this data management policy is to specify the procedures to backup and allow for recovery of important data in the event of accidental or intentional corruption, loss, or destruction of the data. For data critical to the ongoing operation of the business, offsite storage will facilitate keeping the business operational in the event of a physical disaster at the original site.
Disaster Recovery Plan Assessment Checklist for IT
This disaster recovery checklist serves as a guide for reviewing a disaster recovery plan. The focus of this review is on information technology continuity, recovery, and restoration.
Disaster Recovery Plan Review
This work program provides a review of a Disaster Recovery Plan, including the creation of the plan, evaluation of the risks covered, their impact on the business, and whether or not the plan provides for appropriate methods to recover from the threats covered by the plan.
Disaster Recovery Risk Assessment Audit Work Program
This disaster recovery risk assessment template provides an outline for standard business models. It is not intended to be an all-inclusive list, but a starting point in the risk assessment process. Key areas and related risks considered include environmental, man-made, business, and IT threats.
Emergency Executive Committee Charter
The purpose of the Emergency Executive Committee (EEC) is to oversee the conduct of the corporation in the process of planning and responding to emergency, crisis or catastrophic events, with a direct or potential impact to the corporation’s financial objectives and major corporate plans, strategies and actions. The EEC exercises leadership, integrity, and judgment in directing the corporation to develop the necessary business continuity management capabilities.
General IT Controls Review: Disaster Recovery Questionnaire
This disaster recovery questionnaire helps you assess disaster recovery preparation by comparing your disaster recovery plans to disaster recovery best practices.
Global Technology Audit Guide (GTAG) 10: Business Continuity Management
The objective of this Global Technology Audit Guide is to provide insight into what business continuity management means to an organization, how to build a business case, and identify common risks and BCM requirements. It can assist CAEs and other internal auditors in understanding, analyzing, and monitoring their organization's business continuity processes. This BCM guide will also help the CAE communicate business continuity risk awareness and support management in its development and maintenance of a business continuity program.
Risk, Controls, and Responsibilities for Disaster Recovery and Business Continuity - Sample
This sample Disaster Recovery and BCM guide outlines the risks, control objectives, manual controls, IT controls, and responsibilities related to creating, maintaining and executing disaster recovery and business continuity plans within an organization.
Treasury and Cash Management Audit Program (Sample 2)
This cash management process work program lays out audit procedures for treasury and cash management. This cash management audit program covers: cash disbursements, cash receipts, timely identification and resolution of exceptions, bank account analysis, investing/borrowing, capital management, foreign exchange exposure management, cash flow forecasting, IT assessment and derivatives.
Audit Planning Memo - Sample
This audit planning memo provides a template for documenting the overall audit approach. Topics addressed include: risk indicators, regulatory requirements, scope of audit work, internal control evaluation, and operation and functional structure.
Effective Disaster Recovery Programs Are All Alike
A successful disaster recovery program includes a set of specific, carefully constructed capabilities. This article outlines business continuity best practices that can be adopted for a successful disaster recovery program.
Risk Assessment and Business Impact Analysis (BIA)
This section of Protiviti's Business Continuity Management Guide discusses the risk assessment and business impact analysis process. Topics covered include: What are the most common approaches to executing an internal audit risk assessment? What are the most common approaches to executing a BIA? And, are there ways around completing a formal BIA and risk assessment?
An Overview of the Regulatory Landscape
This section of Protiviti's Business Continuity Management Guide provides an overview of the regulatory landscape. Topics covered include: What is COBIT? Is it focused solely on information technology disaster recovery planning? Does HIPAA include a requirement to implement BCM processes? And, why is the FFIEC regulation called “the BCP Gold Standard?”
Industry-Specific Questions for BCM Programs – Healthcare
This section of Protiviti's Business Continuity Management Guide focuses on BCM programs in the healthcare industry. Topics covered include: How do healthcare organizations consider technology downtime (especially unscheduled or extended downtime) in their business continuity programs? How would system outages prevent operations from continuing to deliver medical care following emergencies? And, does the organization rely on automated information systems to the extent that operations would cease during a long-term outage?
Compliance Monitoring and Auditing
This section of Protiviti's Business Continuity Management Guide focuses on compliance monitoring and auditing. Topics covered include: How do organizations mature their business continuity programs? How often should the business continuity program be audited? And, what is the optimal role for internal audit in BCP?
The Business Continuity Basics
This section of Protiviti's Business Continuity Management Guide focuses on the basic concepts surrounding business continuity management. Topics covered include: What is business continuity management (BCM)? Is there a best approach to business continuity planning (BCP)? What is ITIL, specifically IT Service Continuity Management? And, what is the relationship between business continuity and enterprise-wide risk management?
Building an Internal Audit Function at Cadence Design Systems
Cadence Design Systems, Inc. is the world's leading electronic design automation technologies and engineering services company. In this profile, John Springer, director of internal audit and compliance at Cadence, discusses how the internal audit group was formed in response to the emergence of Sarbanes-Oxley regulations, and how it was internal audit’s role to program Sarbanes-Oxley compliance processes throughout the business. Springer also describes the cultural shift within the organization around accepting and understanding the presence of an internal audit function.
Failure to Manage Post-Disaster Liability Risk May Cost You
As the first decade of the 21st century has demonstrated in stark terms, the need for robust disaster recovery and business continuity plans in the face of increasingly costly disasters, whether natural or manmade, has never been greater. However, even the most carefully crafted business continuity plans may be missing a vital component: the risk of disaster-related liability actions brought on by affected parties. This article discusses how failure to plan for these events imposes great risk to the organization, and how internal audit can help manage these risks.
Business Continuity Management Guide
Some of the most significant operational challenges in the history of business continuity occurred in late 2004 and 2005 - hurricanes, tsunami, terrorism, and pandemic influenza (bird flu). This revised Business Continuity Management Guide from Protiviti addresses some of the key lessons learned from these events for business continuity programs, and also includes industry-specific questions for business continuity management programs for manufacturing, retail, healthcare and telecommunications.
Exception Management Explained
The growing need for “exception management” capabilities among organizations of all sizes stems from a steady flow of new regulatory compliance and risk management requirements in recent years. These requirements force process owners to incorporate more rigorous compliance and risk-monitoring into their activities. This need, combined with the evolution of business analysis requirements, has given rise to continuous auditing and continuous monitoring, particularly at companies committed to getting the most valuable bang for their internal audit buck.
BS25999.COM is a resource for information, links, news, events, resources and discussion for those seeking information and guidance on BS 25999 specifically, also business continuity and emergency management in general.
BS 25999-1:2006 Business continuity management Part 1: Code of practice
BS 25999-1:2006 is a code of practice that takes the form of guidance and recommendations. It establishes the process, principles and terminology of business continuity management (BCM), providing a basis for understanding, developing and implementing business continuity within an organization and to provide confidence in business-to-business and business-to-customer dealings. BS 25999-1:2006 replaces PAS 56:2003, which has now been withdrawn. BS 25999-2:2007 will specify the process for achieving certification that business continuity capability is appropriate to the size and complexity of an organization.
Business Continuity Institute
This web site contains a wealth of information and resources for the both the business continuity novice and expert as well as allowing members the opportunity to communicate and network with each other.
Contingency Planning and Management (CPM)
The mission of Contingency Planning and Management is to be the central resource for technology, products, services, information, and management strategies that support business continuity to safeguard the physical, informational, and communication assets of a business; ensure the safety of employees and the public; and protect the financial well-being of the company.
Continuity Central provides a constantly updated one-stop resource of business continuity information. Continuity Central provides structured listings of news, articles, white papers and links to enable you to quickly and easily find the information that you are looking for.
Disaster Recovery Institute International
The Disaster Recovery Institute administers a global certification program for qualified business continuity and disaster recovery planners. See also the Disaster Recovery Institute Canada.
Disaster Recovery Journal (DRJ) Sample Disaster Recovery Plans and Outlines
The DRJ was the first publication dedicated to the field of disaster recovery and business continuity. DRJ provides links to a few sample plans, outlines, and other plan writing resources to help get the DR Planning process rolling.
Disaster Resource Guide
The Disaster Recovery Guide's mission is to consolidate and communicate thousands of resources into an annual reference that can be useful on a daily basis.
READY Business outlines commonsense measures to help business owners and managers prepare for an emergency. The website is published by the U.S. Department of Homeland Security and provides practical steps and easy-to-use templates, along with links to resources providing more detailed business continuity and disaster preparedness information. It is a good starting point for small- to mid-sized businesses.