• 15 Marks

AA – Nov 2023 – L2 – Q5 – Emerging Trends in Auditing

Information system audit steps for a business continuity plan and its importance.

The world-wide COVID-19 pandemic disrupted the operations of Divine Hope Limited, like it did to many other business concerns. Sequel to this, the management of Divine Hope Limited has now commissioned the development of a Contingency or Business Continuity Plan to ensure continuity of operations, even if such a pandemic or similar situation should re-occur.

Required:

a. Explain SIX steps to be taken in the information system audit of a Contingency or Business Continuity Plan.
(9 Marks)

b. Explain why the audit of the Contingency or Business Continuity Plan is very necessary.
(6 Marks)

a. Audit steps in the information system audit of a Contingency or Business Continuity Plan (BCP):

  1. Completeness of Business Plan: Obtain and review a copy of the business plan to determine if it is complete and approved by management.
  2. Audit Plan: Prepare the audit plan outlining the scope, approach, and schedule of the business continuity plan (BCP).
  3. Organisational Chart Review: Review the organisational chart and business process analysis.
  4. Management Knowledge: Enquire from management to ascertain their level of involvement in and knowledge about the plan.
  5. Assumptions: Review the assumptions made to determine if they are reasonable and consistent with the type of business.
  6. Business Impact Analysis: Review the business impact analysis and enquire if the recovery time objectives and recovery point objectives have been identified.
  7. Recovery Strategies: Compare the recovery strategies with the result of the business impact analysis to determine if they align.
  8. Appointment of Emergency Coordinator: Enquire from management to confirm if an emergency coordinator has been appointed and discuss with the emergency coordinator.
  9. Critical Role Personnel: Identify personnel with critical roles to perform in the plan and discuss with them to confirm their levels of awareness and readiness.
  10. Third-Party Links: Identify third-party links and test the viability of their contact.
  11. Backups: Verify the backup tapes with respect to backup logs and labelling of the tapes.
  12. Logs: Verify the maintenance and testing logs for all key equipment, such as power generators, fire control equipment, air conditioners, UPS.
  13. Testing the BCP: Verify if the BCP has been tested.
  14. Review and Update: Confirm that the BCP documentation has been reviewed and updated in recent times.
  15. Evaluation: Evaluate relevant employee preparedness and familiarity with procedures.

b. Reasons why the audit of the Contingency or Business Continuity Plan is necessary:

  1. Uncover any weaknesses or lapses in the plan that might not be revealed during routine operations.
  2. Validate the organisation’s Business Continuity Plan to ensure that all relevant parts are functioning correctly.
  3. Ensure disaster recovery processes meet organisational standards and are capable of managing future disruptions effectively.
Back to all questions

Pick a Form

Professional Tutor Application Form
Academic Tutor Application Form
Student Tutor Application Form