The Institute of Internal Auditors (IIA) has released a new practice guide that shows how internal audit can provide significant assistance in business continuity management.
Increasingly, business continuity management is viewed as an integral part of any successful company. Whether preparing for an act of nature or an act of cyberterrorism, a well-designed crisis management plan can mean the difference between a business bouncing back quickly or shutting its doors forever.
Internal audit functions typically have the skills, qualifications, and in-depth knowledge of the organization to help develop, implement and evaluate the effectiveness of such plans.
“Demands on internal audit are expanding as terrorism, cyberattacks and other factors influence risk and good governance in business,” said IIA President and CEO Richard F. Chambers, CIA, QIAL, CGAP, CCSA, CRMA. “This new guidance, ‘Business Continuity Management,’ outlines how internal audit can help before, during, and after a major crisis.”
The goal of business continuity management is to restore critical operations, manage communications, and minimize financial and other effects of disaster.
According to the new practice guide, a good crisis management plan is like a company insurance policy — it helps to ensure that the organization remains viable and meets stakeholder expectations.
The guide provides a breakdown of how internal audit can help set the ground rules for its participation, provide input and evaluate key elements of the plan, participate in implementing tactics of the plan, and evaluate its results.
Additionally, the guide provides an appendix with a sample work program for business continuity management assurance or advisory engagements.
The practice guide is available for free to IIA members and for purchase by non-members.