Discription

Practice Guides are part of The IIA's International Professional Practices Framework. As part of the Recommended category of guidance, compliance is not mandatory, but it is strongly recommended and the guidance is endorsed by The IIA through formal review and approval process. The threats that can potentially impact and/or devastate an organization’s ability to operate and succeed range from natural disasters and accidents to cyber attacks and product contamination. However, despite the real threats that are present every day, almost half of respondents to The IIA’s 2010 GAIN Survey indicated they did not have a Crisis Management Plan in place. A Crisis Management Plan is part of the greater initiative of Business Continuity Management (BCM), an area that demands the attention of internal audit professionals. To educate practitioners on the subject, The IIA has released a new Practice Guide:Business Continuity Management. The guide contains three key areas of focus which include: Definitions of BCM and Crisis Management (CM) Activities that may be performed by Internal Audit before, during and after a crisis Internal Audit’s evaluation of key BCM elements The guide also identifies the key components of BCM and discusses advisory or assurance engagement regarding BCM. To provide readers with additional support, the Practice Guide includes practice aides such as: A Sample Risk Assessment Checklist Sample Work Programs for BCM Assurance or Advisory Engagements A Glossary of Key Terms Standards and reference sources relevant to BCM