Auditing Resilience and Business Continuity Plan (BCP)
Nowadays and exacerbated by the current crisis, leading organizations are taking BCP requirement as a strategic advantage.
Namely, investments in operational resiliency are assisting organizations to become more responsive to client needs as well as improving operational reliability, quality, efficiency and ability to cope with external events. Internal audit plays an important role to provide assurance on the resilience of the company and highlight improvements to implement or propose mitigating solutions to deficiencies.
As organizations face increasingly complex business and operational environments, functions such as business continuity keep evolving. Today, successful resilience and business continuity programs (BCPs) both address the technical issues involved and strive to support the organization’s efforts to improve and sustain an adequate level of operational resiliency. Operational resiliency efforts tackle operational risk by identifying potential operational problems and improving the processes and systems used.
At the end of this training participants will able to:
- Master the stakes of a BCP audit methodology.
- Allow anticipatory management of crises and risks.
- Recommend relevant actions to create strategic advantage.
- Add value to the BCP programme.
- Understand the roles of assurance of internal auditors in the BCP plan.
- Understand the different phases of a BCP programme
The 10 phases of a BCP to audit – Best practices including case studies:
1.Initiation BCP and operational risks
Get a sponsor, authority, scope, and funding.
2.Risk analysis Document and prioritize current risks. Risks include natural disasters andman-made events.
3.Business impact analysis Develop a low-level business process blueprint; determine what isneeded to sustain the business.
4.Create strategy Use the risk analysis and business impact analysis to formulate a possiblestrategy based on facts and assumptions in evidence.
5.Emergency response Integrate the planned strategy with the first responder by using theIncident Command System (ICS).
6.Plan creation Create and organize the plan, including personnel assignments and detailedprocedures.
7.Training and awareness Teach individuals the necessary roles and skills to perform therequired functions of the BC/DR plan. Educate the organization about the plan’s existence and anticipated areas of coverage.
8.Maintain and test Nothing is out of date faster than a big book of plans. People have to practicetheir roles to gain proficiency, and a change control system will be needed to improve the documentation. It is impossible to keep plans current without structured exercises to improve skills and identify deficiencies.
9.Communications Clients, investors, partners, employees, and stakeholders need to be keptinformed and feel comfortable with the information they receive. Internal and external messages need to be properly vetted to portray the intended message; a schedule of communications and scripted messages needs to be developed in advance. Poor communications can be more damaging than the actual disaster itself. Plans need to include an uninterruptible communication system.
10.Integrate with other organizations No organization can exist by itself. A good plan will integratewith plans of business partners, suppliers, clients, and government agencies. You may need to rely on them, or they may need to rely on us during critical functions. Often a prime contractor will incorporate the plans of a subcontractor into their own.
11. COVID responses and lessons learned
A qui s'adresse la formation?
Internal auditors (all levels), compliance officers, business controllers, senior & middle level management officers
Preferred: at least 3 years’ experience in Audit and/or business control.
No exam is available for this course.