Page 176 - Courses
P. 176

Exploring Corrective Controls

             TOPIC 1: INTRODUCTION

            Overview

            Operational resilience has become a primary focus for many organizations and government
            agencies as recent years have tested the completeness and accuracy of organizations’ contingency
            programs and plans. Organizations can no longer rely on a siloed or isolated resilience effort.
            Organizations now understand that their future depends on operational resilience; the combination
            of risk management, emergency management, crisis management, workforce and supply chain
            continuity, disaster recovery, and incident management.

            Natural and man-made disasters ranging from severe storms and fires, to pandemics and cyber-
            attacks have stretched organizations and governments at or past their breaking points. Now more
            than ever, internal auditors need to have a solid understanding of the suite of corrective controls
            that encompass an organization’s business resiliency program. Internal auditors must assess the
            entire process, including the risk assessment and subsequent business impact analysis, through
            business continuity, disaster recovery, incident response planning and testing, and backup and
            recovery strategies.

            Learning Objectives

              Recognize operational resilience and business resiliency as the primary building blocks needed
               to successfully recover from an event.


              Distinguish key business recovery concepts, including business impact analysis, business
               continuity, disaster recovery, and incident response.

              Describe the phases in developing business continuity plans (BCPs), disaster recovery plans
               (DRPs), incident response plans (IRPs), and incident response playbooks.

              Discuss backup processing concepts.


              Explore consulting and assessment activities as they relate to internal audit.

            Common Terminology

            Allowable Interruption Window (AIW) — Amount of time between when an incident occurs and
            when a disaster needs to be declared.

            Back-up — A secondary copy of data or information stored in a different location, preferably on a
            different device or using a different technology (tape or thumb drive).

            Business Continuity Management (BCM) — Oversight consisting of plans, procedures, and
            committees to address alternative methods of conducting business should an event occur that limits
            the organization’s ability to continue with regular business.


            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   171   172   173   174   175   176   177   178   179   180   181