The Role of Internal Audit In Business Continuity Planning
|
|
- Leon Carr
- 7 years ago
- Views:
Transcription
1 The Role of Internal Audit In Business Continuity Planning Dan Bailey, MBCP Page 0
2 Introduction Dan Bailey, MBCP Senior Manager Protiviti Inc. Actively involved in the Information Technology industry since 1984 Actively involved in the Business Continuity industry since 1991 Received CBCP designation in 1999; MBCP designation in 2002 Co-Founder of the Arkansas chapter of the Association of Contingency Planners 2002 President of the North Texas chapter of the Association of Contingency Planners DRI International Certification Commissioner DRI International Vice-Chair of the newly established Education Commission Page 1
3 Agenda Establishing A Framework Internal Audit Adding Value to the BCP Process Information Available to the Internal Auditor Proven Approaches to Conducting a BCP Audit SOX Section 404? Wrap-up and Summary By 2008, we believe more than 50% of the G2000 will have robust and tested BC plans, with the remainder attempting to enhance their capabilities beyond rudimentary BC and disaster recovery through META Group (February 2003) Page 2
4 Section I Establishing A Framework Page 3
5 Business Continuity Management Defined the development of strategies, plans and actions which provide protection or alternative modes of operation for those activities or business processes which, if they were to be interrupted, might otherwise bring about a seriously damaging or potentially fatal loss to the enterprise. BCM = Crisis Management + Business Resumption Planning + IT Disaster Recovery Planning Page 4
6 Components of A Business Continuity Process Business Strategies & Policies Business & Risk Management Processes People & Organizational Structure Management Reports Methodologies Systems & Data Contract Terms and Conditions with Suppliers Customer Service Level Agreements Governance Documentation - Process Accountability - Recurring Activities - Documentation Standards - Strategy Testing - Training & Awareness - Plan Maintenance - Succession plans Emergency Response Crisis Mgmt Crisis Communications Business Resumption Planning IT DR Planning Business Impact Analysis Risk Assessment Business Continuity Strategy Testing Training & Awareness Supplier Risk Mgmt Audit Committee Oversight Executive Mgmt Sponsorship Business Continuity Coordinator Crisis Mgmt Team Business Recovery Coordinators IT DR Coordinators Recovery Teams Internal Audit Oversight Industry / Governmental Oversight Risk Assessment Conclusions (Likelihood and Vulnerability) Business Impact Analysis Conclusions (Recovery Objectives) Strategy Design Options Strategy Cost- Benefit Analysis Strategy Test Results Diagnostic and Benchmarking Conclusions Business Continuity Governance Design and Data Gathering Risk Assessment Business Impact Analysis Strategy Design Plan Documentation Plan Validation Knowledge Transfer / Implementation Documentation Repository Plan Documentation Software Risk Assessment Conclusions Business Impact Analysis Conclusions Backup / Replication Software (IT DR Only) IT Hardware Page 5
7 The Continuity Life Cycle Compliance Monitoring & Auditing Training & Awareness Programs Business Continuity Plan Testing Project Initiation And Management Continuity Life Cycle Solutions Deployment & Plan Documentation Risk Assessment Business Impact Analysis Business Continuity Strategy Design Typical Participants in the Planning Process: Executive Sponsor Steering Committee Business Continuity Coordinator Business Process Owners Information Technology Human Resources Facilities Security EHS Legal Corporate Communications Risk Management Internal Audit? Page 6
8 BCM Capability Maturity Continuum The BCP Maturity Continuum Optimizing Characteristics of Capability Business continuity management is a competitive advantage. Management advertises the existence of the business continuity process internally and externally with customers. Continuity-related service level agreements, associated with uptime, performance and continuity, are utilized to drive efficiencies internally and build strategic relationships with customers. Method of Achievement Comprehensive, organization-wide business continuity strategies are aligned with strategic objectives and customer expectations. BCM operates as a core business function, chartered with clear accountability and responsibility. Regular BCP testing and maintenance occurs. Personnel are well trained regarding their roles and responsibilities. Metrics are collected and managed to ensure continuity-related service level agreements are met. Process Maturity Managed Defined Repeatable In addition to a customer focus and the desire to minimize financial loss and reputation impairment, management addresses regulatory compliance through the design of solutions with characteristics mandated by industry and governmental organizations. Specific compliance categories include data protection, financial reporting process continuity, strategy testing and plan maintenance processes. Business functions and IT assets supporting the delivery of products and services, as well as customer service, are protected from long-term business interruptions. Customer expectations regarding product and service delivery have been taken into account. Testing and training limitations may result in isolated recovery issues, often taking the form of recovery capacity constraints and missed recovery objectives. Management relies on untested or under-tested continuity-related processes to manage the effects of business interruptions. IT asset recovery is often the most mature aspect of the continuity process, although some organizations emphasize either crisis management or business resumption planning. Employees have limited knowledge regarding their roles during recovery, potentially impacting the likelihood of a successful response effort. Business continuity strategies address core business functions, information technology assets and supply chain relationships. Management fully supports this effort. The organization s business continuity management process, to include crisis management, crisis communications, business resumption planning and IT disaster recovery planning, operates as a single function. The BCM process reflects the current business and technology environment. A formal business continuity strategy has been designed and deployed. A risk assessment has been performed to identify and assess continuity risks. A business impact analysis (BIA) has been performed, but there are no processes to keep it current. Testing is infrequent or fails to address all aspects of the continuity process. Plan maintenance activities have not occurred in over twelve months. Metrics for key BCP tasks require refinement. The organization s business continuity strategy addresses crisis management, business resumption or IT disaster recovery. Continuity processes are designed and developed separately and lack integration. A high-level risk assessment and/or business impact analysis has been performed. Although some continuityrelated processes exist, plan maintenance and testing procedures have not been implemented. Ad Hoc Significant risk of continuity-related impacts are present. Business interruptions, ranging from isolated infrastructure failures through regional events, have the potential to cause serious financial harm and/or reputational impairment. The organization relies on force majeure clauses to minimize contractual violations. BCP goals and expectations were derived without a risk assessment or business impact analysis. Business continuity strategies are characterized as ad hoc; a formal documented plan does not exist. Business continuity accountability and responsibility remain unassigned. Business continuity testing and training and awareness processes have not been designed. The organization lacks confidence in its ability to survive following a business interruption Protiviti Inc.
9 Managing Business Continuity Effectiveness Finance Direct Report to CFO Risk Management / Loss Prevention Executive Council Legal Human Resources Corporate Communications Operations Direct Report to the COO EHS Security Information Technology Internal Audit Page 8
10 Section II Internal Audit Adding Value to the BCP Process Page 9
11 In the Past, The Internal Auditor Asked if a plan was in place Reviewed the (IT Disaster Recovery) plan for currency, if they were truly IT Auditors Asked if tests were performed; didn t review the results Occasionally owned the BCP process! Page 10
12 The Continuity Life Cycle - Revisited Compliance Monitoring & Auditing Training & Awareness Programs Business Continuity Plan Testing Project Initiation And Management Continuity Life Cycle Solutions Deployment & Plan Documentation Risk Assessment Business Impact Analysis Business Continuity Strategy Design Ways In Which the Internal Auditor Can Add Value to the BCP Process: Keeping Management Informed on Progress Toward BCM Development and Implementation The Internal Sales Person Making the Case for Business Continuity Participation in the Risk Assessment and Business Impact Analysis Defining Key Business Functions By Assisting with the BIA Defining Key Controls and Guide Toward a Process, not a Plan Project Management Standards Help Craft Maturity Levels and Definitions Audit the BCP Process Initially and in the Future Page 11
13 Section III Information Available to the Internal Auditor Page 12
14 Guidance from the IIA Practice Advisory : Internal Audit s Role in the Business Continuity Process Business Continuity Management Auditors should evaluate business continuity readiness Internal audit should assess the organization's business continuity process on a regular basis provide preparedness summary to senior management Internal auditors can play a role in the organization s planning, to include the risk assessment Internal audit activity can help with an assessment of an organization's internal and external environment Evaluate the BCP/DRP during formulation Internal auditors have a thorough understanding of the business, the individual functions and interdependent relationships Page 13
15 Guidance from the IIA (cont.) Practice Advisory : Internal Audit s Role in the Business Continuity Process Business Continuity Management Review the proposed business continuity and disaster recovery plans for design, completeness, and overall adequacy During that recovery period: Internal audit should monitor the effectiveness of the recovery and control of operations Recommend improvements to the BCP Internal audit can also provide support during the recovery activities internal auditors can assist in identifying the lessons learned from the disaster and the recovery operations Periodically audit the organization's BCPs/DRPs Adequacy to ensure the timely resumption of operations and processes after adverse circumstances Reflects the current business operating environment Page 14
16 Guidance from the IIA (cont.) Practice Advisory : Internal Audit s Role in the Business Continuity Process Business Continuity Management During the audit, Internal Audit should consider: Are all plans up to date? Are all critical business functions and systems covered? Are the plans based on the risks and potential consequences of business interruptions? Are the plans fully documented? Have functional responsibilities been assigned? Is the organization capable of and prepared to implement the plans? Are the plans tested and revised based on the results? Are the plans stored properly and safely? Is the storage location known? Are the locations of alternate facilities (backup sites) known to employees? Do the plans call for coordination with local emergency services? Page 15
17 Regulations and Standards Regulatory Requirements Sarbanes Oxley (Governance) FEMA FERC JCAHO HIPAA GLBA FFIEC (Updated) OSHA SEC NYSE / NASD State Insurance Departments USA PATRIOT Act IRS Australian/New Zealand Standard AS/NZS 4360:1999 California 1386 BASEL II Public Utility Commissions FCC Standards and Guidelines COBIT FFIEC NIST ISO 9000 & 14000, QS 9000 ISO NFPA 1600 DRI International BCI PAS 56 ITIL Homeland Security COSO Page 16
18 Section IV Proven Approaches to Conducting a BCP Audit Page 17
19 Why Conduct a BCP Audit? Business Continuity Management Provide Management Assurance Identify Control Gaps Regulatory Compliance Identify Actions to Enhance Maturity Ensure Business Process Owners are Accountable for Their Plans and Testing Page 18
20 A Proven Practice BCP Audit Approach Work in a Collaborative Manner (Advise/Teach) Understand the History of BCP, Management Objectives and the Level of Maturity Up Front Understand the Scope of Business Continuity Approach From a Process Perspective, as Opposed to a Documentation Review Look for and assess key success factors such as repeatability, extensibility and maintainability Focus on the Entire BCM Life-cycle, Ranging from Standards Assessments Through Plan Testing Brainstorm Ideas for Improvement Engage the Business Continuity Coordinator Page 19
21 Executing A Process Oriented BCP Audit A Comprehensive Business Continuity Management Process Includes: Crisis Management Crisis Communications Business Resumption Planning IT Disaster Recovery Planning Evaluate the Following: Standards, Policies and Procedures Relationships with External Agencies and Authorities Training and Awareness Materials Budgetary Documentation Documented plans Recovery Location / Hot-site Contracts Test Results Service Level Agreements Regulatory Requirements Supply Chain / Vendors Network Page 20
22 The Assessment Approach The Approach Confirm Assessment Expectations / Collect Business Requirements Evaluate the Business Continuity Process Process Management Risk Assessment and Business Impact Analysis Define Recovery Strategies and Business Continuity Procedures Training and Awareness, Plan Testing Process, Auditing and Plan Maintenance Collect Benchmarking Data to Reinforce Findings Validate, Present and Report Page 21
23 Industry Benchmarking Data Nothing Reinforces a Recommendation Like Benchmarking Data Same Industry Same Size Company We maintain information in the following areas: BCM Process Description and Scope Who Owns the BCM Process Budgetary Data Number of Personnel Addressing Business Continuity Recovery Objectives (Business and IT) Benchmarking Data Is Available Through Third-party Specialists, Vendors and Informal Contacts (Like This Session) Page 22
24 Participants in the BCP Audit Business Continuity Management In addition to a review of documentation, we recommend discussions with Business Continuity Management owners, as well as the Business Process owners whom they support (In order to better understand their expectations) Page 23
25 Presenting the Findings Business Continuity Management Reinforce Scope and Focus Focus on Process Maturity Highlight Strengths and Weaknesses Tie Findings to Business Impact, to Include Regulatory Compliance Provide Action Items and Recommend Points of Contact for Each Offer to Track Completion of Each Finding / Action Item Next Steps What Will Next Year s Audit Focus On? Page 24
26 Section V Sarbanes Oxley? Page 25
27 Internal Audit and SOX Section 404? Furthermore, management s plans that could potentially affect financial reporting in future periods are not controls. For example, a company s business continuity or contingency planning has no effect on the company s current abilities to initiate, authorize, record, process, or report financial data. Therefore, a company s business continuity or contingency planning is not part of internal control over financial reporting. PCAOB Release No , March 9, 2004 Section 404 had become a driver for conducting some audits Standard may change audit priority Business continuity will remain a key business issue regardless of Section 404 scope Page 26
28 Section V Presentation Summary Page 27
29 Wrap-up and Summary Business Continuity Management Establishing A Framework What is Business Continuity? Components of a Business Continuity Process The Business Continuity Life Cycle The BCP Maturity Continuum Internal Audit Adding Value to the BCP Process In the Past Today: Revisiting the Continuity Life Cycle Information Available to the Internal Auditor Regulations and Standards Proven Approaches to Conducting a BCP Audit Why Conduct An Audit? Proven Practice Audit Approaches Executing A Process Oriented BCP Audit Participants in the BCP Audit Industry Benchmarking Presenting Findings Wrap-up and Summary Page 28
30 Questions & Answers Page 29
31 Contact Information Dan Bailey, MBCP Protiviti Inc. Senior Manager National Leadership Team - Business Continuity Management Services dan.bailey@protiviti.com (office) (mobile) Page 30
The Business Continuity Maturity Continuum
The Business Continuity Maturity Continuum Nick Benvenuto & Brian Zawada Protiviti Inc. 2004 Protiviti Inc. EOE Agenda Terminology Risk Management Infrastructure Discussion A Proposed Continuity Maturity
More informationBusiness Continuity Management 101. Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009
Business Continuity Management 101 Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009 1 Who is MHA Consulting Who We Are What We Do Leading boutique consulting firm since 1998 Provider of consulting
More informationMHA Consulting. Business Continuity Management 101
0 MHA Consulting Business Continuity Management 101 Presented by: Michael Herrera Brandon Magestro MHA Consulting Agenda MHA Consulting Introduction Business Continuity Management (BCM) Defined 2013 Trends
More informationBusiness Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013
Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013 Chitra Gopalakrishnan Director KPMG LLP Agenda Introduction Business Continuity / Disaster
More informationRegulatory Requirements for Disaster Recovery/Business Continuity Programs
Regulatory Requirements for Disaster Recovery/Business Continuity Programs Al Berman Business Continuity Planning Practice Post 9/11 Surge in Business Continuity Regulations and Standards Post 9-11 20
More informationGuide to Business Continuity Management
Guide to Business Continuity Management Frequently Asked Questions Third Edition Contents Introduction.... v Business Continuity Basics...1 1. What is business continuity management (BCM)?...1 2. BCM seems
More informationThis article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners.
Auditing the Business Continuity Process Dr. Eric Schmidt, Principal, Transitional Data Services, Inc. Business continuity audits are rapidly becoming one of the most urgent issues throughout the international
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationIs Business Continuity Certification Right for Your Organization?
2008-2013 AVALUTION CONSULTING, LLC ALL RIGHTS RESERVED i This white paper analyzes the business case for pursuing organizational business continuity certification, including what it takes to complete
More informationwww.pwc.com Business Resiliency Business Continuity Management - January 14, 2014
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
More informationwww.pwc.com Governance, Risk and Compliance Update & Hot Topics Pittsburgh Chapter IIA December 3, 2012
www.pwc.com Governance, Risk and Compliance Update & Hot Topics Pittsburgh Chapter IIA December 3, 2012 Agenda Introduction Mark Gibbons 12:00 12:05 Governance, Risk and Compliance Overview Mark Gibbons
More informationPAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationRSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief
RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief INTRODUCTION Now more than ever, organizations depend on services, business processes and technologies to generate revenue and meet
More informationBusiness Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting
Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What
More informationBusiness Continuity Planning. Description and Framework. White Paper. Preface. Contents
Comprehensive Consulting Solutions, Inc. Business Savvy. IT Smart. Business Continuity Planning White Paper Published: April 2001 (with revisions) Business Continuity Planning Description and Framework
More informationDISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES
APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1
More informationBusiness Continuity Management Program Maturity Report - SAMPLE -
Business Continuity Management Program Maturity Report - SAMPLE - Prepared by BC Management, Inc. Benchmarking. Plan Ahead. Be Ahead. - Not Actual Data Table of Contents Introduction 4 Reporting History
More informationPAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA
Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationBCM and DRP - RFP Template
BCM and DRP - The Supreme Council of Information & Communication Technology ictqatar PUBLICATION DATE Document Reference This document should be used as an example of the contents of an RFP for business
More informationSolihull Clinical Commissioning Group
Solihull Clinical Commissioning Group Business Continuity Policy Version v1 Ratified by SMT Date ratified 24 February 2014 Name of originator / author CSU Corporate Services Review date Annual Target audience
More informationA Sarbanes-Oxley Roadmap to Business Continuity
A Sarbanes-Oxley Roadmap to Business Continuity NEDRIX Conference June 23, 2004 Dr. Eric Schmidt eschmidt@controlsolutions.com Control Solutions International TECHNOLOGY ADVISORY, ASSURANCE & RISK MANAGEMENT
More informationInstitute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745
ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan
More informationContinuity of operations for critical infrastructure. Disclosure of critical information to the government.
Regulatory compliance is a significant factor influencing the development of your business resilience strategy. Moreover, while Business Continuity or Disaster Recovery regulations may not apply in every
More informationBusiness Continuity Standards A Primer
INTELLIGENT NOTIFICATION Alphabet Soup: Making Sense of BC/DR Standards Part 1: Business Continuity Standards A Primer Why all the attention now? One of the hottest topics in BC/DR these days is standards.
More informationAppendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015. Business Continuity Policy Statement 2015
Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015 Business Continuity Policy Statement 2015 This Policy sets the direction for Business Continuity
More informationCSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM
A WHITE PAPER CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM AUTHORS: Neil A. Smith, MBCP nsmith24@csc.com Sandra Riddell, MBCI sriddel4@csc.com CSC Papers 2013 ABSTRACT The auditors said
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis
More informationWhy Should Companies Take a Closer Look at Business Continuity Planning?
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
More informationBusiness Continuity Management Governance. Frank Higgins Abu Dhabi March 2015
Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationBusiness Continuity for the New Professional. Britt Corra Enterprise BCM Erika Voss Senior BCM
Business Continuity for the New Professional Britt Corra Enterprise BCM Erika Voss Senior BCM New to Business Continuity? Agenda & Experience 3-5 years experience? Seasoned veteran? What is BCM Tool Kit?
More informationAudit Report. Effectiveness of IT Controls at the Global Fund Follow-up report. GF-OIG-15-20b 26 November 2015 Geneva, Switzerland
Audit Report Effectiveness of IT Controls at the Global Fund Follow-up report GF-OIG-15-20b Geneva, Switzerland Table of Contents I. Background and scope... 3 II. Executive Summary... 4 III. Status of
More informationGAP Subject Area 2 Risk Evaluation and Control
BCI Professional Practice Narrative: Determine the events and external surroundings that can adversely affect the organization and its facilities with disruption as well as disaster, the damage such events
More informationPlan Development Getting from Principles to Paper
Plan Development Getting from Principles to Paper March 22, 2015 Table of Contents / Agenda Goals of the workshop Overview of relevant standards Industry standards Government regulations Company standards
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationBuilding A Framework-based Compliance Program. Richard E. Mackey, Jr. Vice President, SystemExperts Corp. dick.mackey@systemexperts.
Building A Framework-based Compliance Program Richard E. Mackey, Jr. Vice President, SystemExperts Corp. dick.mackey@systemexperts.com Agenda The compliance process Assembling requirements Useful frameworks
More informationContingency Plan for HIPAA
TEMPLATE SUITE FOR BUSINESS CONTINUITY PLAN FOR SMALL BUSINESS (LESS THAN 50 EMPLOYEES) INCLUDES Total Cost: $549 Business Impact Analysis Enterprise Business Impact Analysis Survey Short (15 pages) Example
More informationBusiness Continuity in Healthcare
Business Continuity in Healthcare Cynthia Simeone, CBCP, PMP Director Business Resilience Catholic Health Initiatives Scott Ream President Virtual Corporation 1 Session Speakers Cynthia Simeone, CBCP,
More informationBusiness Continuity and Disaster Recovery
Business Continuity and Disaster Recovery Trends, Considerations, & Leading Practices November 13, 2014 Presented by: Jon Bronson Los Angeles Trey MacDonald Atlanta Today s Presenters Jon Bronson is a
More informationDisaster Recovery Journal Spring World 2014
Disaster Recovery Journal Spring World 2014 What works: Services and service supply chain business continuity risk management Don Hall, CBCP, Cisco Services Business Continuity Analyst Cisco Systems, Inc.
More informationAppendix 1 - Leicester City Council s Business Continuity Management Strategy and Policy Statement - 2016
Appendix 1 - Leicester City Council s Business Continuity Management Strategy and Policy Statement - 2016 Policy Statement - 2016 This Policy sets the direction for Business Continuity Management at Leicester
More informationBusiness Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
More informationSubject Area 3 Business Impact Analysis
DRJ Professional Practice Narrative: Identify the impacts resulting from the interruption of business processes/functions over time on normal operations and techniques that can be used to quantify and
More informationVendor Risk Management Financial Organizations
Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current
More informationBest in Class Business Continuity Program Benchmark Report
Best in Class Business Continuity Program Benchmark Benchmarking. Plan Ahead. Be Ahead. Customized & Prepared Exclusively for ABC Company February 22, 2010 Table of Contents Introduction ing History 4
More informationfs viewpoint www.pwc.com/fsi
fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a
More informationSubject Area 1 Project Initiation and Management
DRII/BCI Professional Practice Narrative: Establish the need for a Business Continuity Plan (BCP), including obtaining management support and organizing and managing the BCP project to completion. (This
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationRISK MANAGEMENT PROGRAM THAT WORKS FOUR KEYS TO CREATING A VENDOR. HEADQUARTERS 33 Bradford Street Concord, MA 01742 PHONE: 978-451-7655
FOUR KEYS TO CREATING A VENDOR RISK MANAGEMENT PROGRAM THAT WORKS HEADQUARTERS 33 Bradford Street Concord, MA 01742 PHONE: 978-451-7655 FOUR KEYS TO CREATING A VENDOR RISK MANAGEMENT PROGRAM THAT WORKS
More informationWestern Intergovernmental Audit Forum
Western Intergovernmental Audit Forum Business Continuity & Disaster Recovery Planning September 12, 2013 Presented by: City of Phoenix City Auditor Department Aaron Cook, Sr Internal Auditor IT Audit
More informationAuditing Enterprise Business Continuity Management (BCM) Jeffrey M. Dato, MBCP Senior Manager Risk Advisory Services KPMG, LLP
Auditing Enterprise Business Continuity Management (BCM) Jeffrey M. Dato, MBCP Senior Manager Risk Advisory Services KPMG, LLP Agenda Rules of Engagement Definitions and Presentation Premises Business
More informationProposal for Business Continuity Plan and Management Review 6 August 2008
Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.
More informationBy: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015
Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level June 9, 2015 By: Tracy Hall MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company,
More informationPreparing for the Convergence of Risk Management & Business Continuity
Preparing for the Convergence of Risk Management & Business Continuity Disaster Recovery Journal Webinar Series September 5, 2012 2012 Strategic BCP, Inc. All rights reserved. strategicbcp.com 1 Today
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2014 Date October 18, 2014 Status Author Business Continuity Management (BCM) Page 1 of 8 Table of Contents 1. Credit Suisse Business Continuity Statement 3 2.
More informationDESIGNING A BUSINESS CONTINUITY TRAINING PROGRAM TO MAXIMIZE VALUE & MINIMIZE COST
CONTENTS A Brief Introduction... 3 Where is the Value?... 3 How Can We Control Costs?... 5 The Delivery Mechanism... 7 Strategies to Deliver Training and Awareness... 8 Proving Training/Awareness Program
More informationISO 31000 and Risk Management
ISO 31000 and Risk Management August 19, 2010 What is risk? All management is risk management! Risk Management Boot camp Threat + Vulnerability = Risk Risk Controls = Residual Risk Residual Risk Probability
More informationCertified Information Security Manager (CISM)
Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security
More informationAuditing the Unthinkable: Business Continuity and Disaster Recovery. Agenda
Auditing the Unthinkable: Business Continuity and Disaster Recovery The Institute of Internal Auditors Moderator: Paul J. Sobel, CIA, CPA Vice President, Internal Audit Mirant Corporation Agenda Introduction
More informationCourse: Information Security Management in e-governance. Day 1. Session 3: Models and Frameworks for Information Security Management
Course: Information Security Management in e-governance Day 1 Session 3: Models and Frameworks for Information Security Management Agenda Introduction to Enterprise Security framework Overview of security
More informationRoles within ITIL V3. Contents
Roles within ITIL V3 Roles are employed in order to define responsibilities. In particular, they are used to assign Process Owners to the various ITIL V3 processes, and to illustrate responsibilities for
More informationEvaluating and Improving Your Business Continuity Plan
Evaluating and Improving Your Business Continuity Plan As presented to the Northeast Florida IIA Chapter January 23, 2015 Contact Information Karen Weir, MAC, CISA, CBCP Manager kweir@accretivesolutions.com
More informationMeasuring Continuity Planning Program. Performance
Measuring Continuity Planning Program Performance Carl B Jackson Director Crisis Management & Continuity Planning Resource Center (CMCPRC) Measuring Continuity Planning Program Performance Session Agenda
More informationPRIORITIZING CYBERSECURITY
April 2016 PRIORITIZING CYBERSECURITY Five Investor Questions for Portfolio Company Boards Foreword As the frequency and severity of cyber attacks against global businesses continue to escalate, both companies
More informationHow to measure your business resiliency
How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic krzysztof.pulkiewicz@bcmlogic.com
More informationMaintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com
Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance
More informationInformation Technology Auditing for Non-IT Specialist
Information Technology Auditing for Non-IT Specialist IIA Pittsburgh Chapter October 4, 2010 Agenda Introductions What are General Computer Controls? Auditing IT processes controls Understanding and evaluating
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationThe Role of Internal Audit in Risk Governance
The Role of Internal Audit in Risk Governance How Organizations Are Positioning the Internal Audit Function to Support Their Approach to Risk Management Executive summary Risk is inherent in running any
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Business Continuity Management Policy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy
More information2014 NABRICO Conference
Business Continuity Planning 2014 NABRICO Conference September 19, 2014 6 CityPlace Drive, Suite 900 St. Louis, Missouri 63141 314.983.1200 1520 S. Fifth Street, Suite 309 St. Charles, Missouri 63303 636.255.3000
More informationBirmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy
Birmingham CrossCity Clinical Commissioning Group Business Continuity Management Policy Version V1.0 Ratified by Operational Development Group Date ratified 6 th November 2014 Name of originator / author
More informationBCP and DR. P K Patel AGM, MoF
BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management
More informationCOSO 2013 Internal Control Framework
COSO 2013 Internal Control A Guide to Implementation July 24, 2014 Justin Adamson Agenda COSO Background Changes to the Roadmap to Implementation Implementation Considerations & Lessons Learned 2 1 Who/What
More informationShankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.
Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management
More informationRethinking contingency planning for an integrated world
Business Continuity* January 2010 Rethinking contingency planning for an integrated world Highlights: Increased supply chain complexities require broadened scope of contingency planning. Increasing outsourcing
More informationPBSi Business Continuity Planning
Business Continuity Planning Definition Business Continuity planning is a planning process designed to reduce the risk that disruptive failures or events could seriously harm your business. It is designed
More informationBUSINESS CONTINUITY: BEST PRACTICE, 2ND EDITION
BUSINESS CONTINUITY: BEST PRACTICE, 2ND EDITION EXCERPT FROM THE FOREWORD TO THE 2ND EDITION The events of 9/11 have cast a long shadow over the world and led to a vital reappraisal of Enterprise Risk
More informationSubject Area 9 Public Relations and Crisis Coordination
DRII/BCI Professional Practice Narrative: Develop, coordinate, evaluate, and exercise plans to communicate with internal stakeholders (employees, corporate management, etc.) external stakeholders (customers,
More informationClick to edit Master title style
EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity
More informationISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters
When Recognition Matters WHITEPAPER ISO/IEC 27002:2013 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES CODE OF PRACTICE FOR INFORMATION SECURITY CONTROLS www.pecb.com CONTENT 3 4 5 6 6 7 7 7 7 8 8 8 9 9 9
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationIT Compliance 24.09.2007. After Hours Seminar September 2007 Zurich. Improving IT Risk & Compliance Management (RCM)
IT Compliance 24.09. AHS After Hours Seminar Zurich Improving IT Risk & Compliance Management (RCM) Bruno J. Wiederkehr Member of the Board ISACA Switzerland Chapter Agenda 1. Understanding the RCM Requirements
More information2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP
2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level Tracy L. Hall, MBCP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C.
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationDisaster Recovery/Business Continuity
CITY AUDITOR'S OFFICE Disaster Recovery/Business Continuity March 6, 2015 AUDIT REPORT NO. 1511 CITY COUNCIL Mayor W.J. Jim Lane Suzanne Klapp Virginia Korte Kathy Littlefield Vice Mayor Linda Milhaven
More informationThe Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant
THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant Agenda
More informationBusiness Continuity Management Systems. Protecting for tomorrow by building resilience today
Business Continuity Management Systems Protecting for tomorrow by building resilience today Vital statistics 31% 40% of UK businesses have been affected by bad weather related transport problems, power
More informationThe Disaster Recovery Maturity Framework
The Disaster Recovery Maturity Framework A guide for understanding and improving your company s resiliency www.axcient.com Climbing The Recovery Maturity Curve Businesses are critically reliant upon IT
More informationCredit Union Liability with Third-Party Processors
World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with
More informationWith the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS
How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning The world has experienced a great deal of natural and man-made upheaval and destruction in the past few years, including tornadoes,
More informationHow To Improve Your Business
IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends
More informationDriving Operational Risk Management Into the Customer/Product Value Chain
Driving Operational Risk Management Into the Customer/Product Value Chain Eric Staffin, MBCI, CISSP Vice President, Global Head of Product & Infrastructure Risk Management Thomson Reuters, Investment &
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationOC Chapter. Vendor Risk Management. Cover the basics of a good VRM program, standards, frameworks, pitfall and best outcomes.
OC Chapter Vendor Risk Management. Cover the basics of a good VRM program, standards, frameworks, pitfall and best outcomes. 2 Why Assess a Vendor? You don t want to be a Target for hackers via your vendors
More informationProsci change management webinar
Prosci change management webinar Increasing change management maturity and : Prosci and EY 1 Americas 55,800+ people EMEIA 96,700+ people Asia-Pacific 31,700+ people Japan 7,200+ people 150 countries 1,000+
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3
More information14 October 2015 ISACA Curaçao Conference By: Paul Helmich
Governance, Risk & Compliance A practical approach 14 October 2015 ISACA Curaçao Conference By: Paul Helmich Topics today What is GRC? How much of all the GRC literature, tools, etc. do I need to study
More informationIntroduction to Business Continuity Planning
Introduction to Business Continuity Planning Business Continuity and Disaster Resilience Forum May 10, 2012 Rizal Ballroom A, Makati Shangri-la Manila, Philippines Dr Goh Moh Heng President BCM Institute
More informationWhat Should IS Majors Know About Regulatory Compliance?
What Should IS Majors Know About Regulatory Compliance? Working Paper Series 08-12 August 2008 Craig A. VanLengen Professor of Computer Information Systems/Accounting Northern Arizona University The W.
More information