IT Essentials — Computer Operations

            The audit objective is “Determine whether system capacity is monitored and managed to keep pace
            with business demands.” The associated risk is “System capacity does not meet business demands.”





















            Business Resiliency

            Let’s talk about business resiliency next; specifically, business continuity and disaster recovery. The
            audit objective is “Assess whether the organization has an effective business continuity plan (BCP)
            and disaster recovery plan (DRP).” The risk could be “Business-critical operations are unable to
            continue after a disaster or business interruption.”
































            Incident Management

            I also need to assess incident management. The audit objective for the incident management audit
            is “Determine whether the organization has a process to handle incidents”. I think that the risk
            associated with this step is “Business interruptions and performance issues.”


            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.