Page 571 - ITGC_Audit Guides
P. 571
Assessment Objective: Executive Management Support and Sponsorship
Maturity Evaluation
Characteristics of Capability Method of Achievement
Optimizing BCM capabilities are improved contin- BCM strategies are aligned with strategic
uously and systematically. Senior objectives and customer expectations.
management utilizes BCM capabilities Senior management ensures that BCM
to drive other efficiencies internally and planning operates as a core business func-
build strategic relationships externally. tion, chartered with clear accountability
and responsibility.
Managed Senior management has defined key Senior management is committed to
metrics, in line with regulatory require- manage the quality of BCM program
ments and industry guidelines. These execution. Metrics are collected and
metrics are used to measure the effec- managed to ensure the quality of BCM
tiveness and quality of BCM capabilities. strategies and plans. BC-related objec-
Management participates in testing and tives are noted in performance goals.
training activities, and reviews exceptions
to internal policy and test results.
Defined A BCM steering committee is estab- Senior management is fully involved in
PROCESS MATURITY decision-maker regarding BCM strategies specific frameworks to ensure integra-
lished, and it is led by a member of the BCM decision-making through a steering
non-IT senior management team. The committee function. In addition to the
steering committee is the ultimate BCM policy, the organization has defined
and solutions. A dedicated BCM budget tion of business resumption, CM, and
and required resources are allocated to IT disaster recovery capabilities, as well
as appropriate maintenance, testing, and
ensure the effectiveness of BCM capabili-
ties, and BCM disciplines are integrated training processes.
to provide an overall BCM solution for
the organization.
Repeatable
Senior management supports the BCM Senior management is aware of the need
program; however, limited involvement for BCM capabilities. A BCM policy has
in process execution persists. Although been created, and BCM efforts are driven
coordination of CM, BC, and IT disaster based on the results of a BIA (formal or
recovery are assigned to middle manage- informal).
ment, overall coordination of BCM is
ad-hoc or missing. Failure events are recog-
nized and corrected after they occur.
Initial Senior management sponsorship of BCM These efforts are led by middle manage-
efforts is informal or absent. At this stage, ment and executed without proper funding
BCM capabilities rely on individual efforts and sufficient resources. Consequently,
and “heroics,” and mostly focus on IT any existing continuity capabilities are
systems backup and restoration, and ER defined as tactical measures.
such as building evacuation procedures.
24
