Exploring Corrective Controls

                 Attend and participate in project and steering committee activities.
                 Assist in evaluating the organization’s proposed approach.

             TOPIC 6: SUMMARY

            Learning Objectives

            These learning objectives were covered in this course.

                 Recognize operational resilience and business resiliency as the primary building blocks
                   needed to successfully recover from an event.
                 Distinguish key business recovery concepts, including business impact analysis, business
                   continuity, disaster recovery, and incident response.
                 Describe the phases in developing business continuity plans (BCPs), disaster recovery plans
                   (DRPs), incident response plans (IRPs), and incident response playbooks.
                 Discuss backup processing concepts.
                 Explore consulting and assessment activities as they relate to internal audit.

            Additional Resources

            Additional resources for further reading include The IIA Global Technology Audit Guide: “Information
            Technology Risk and Controls 2nd Edition.”

            Summary

            Corrective controls are what stands between an organization’s ultimate success or failure.
            Organizations that lack comprehensive continuity planning are less likely to survive a critical system
            failure, cyberattack, pandemic, or natural disaster. Having a solid suite of corrective controls,
            including backup and restore, business continuity, disaster recovery, and incident response greatly
            increase the ability to survive, and aide in meeting the expectations of key internal and external
            stakeholders.



























            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.