That is a strong stance! I teach some BCP Courses and sat on a panel for BCP at this years MIS Exp, and I have to concur with Jim. Project Management takes on far to encompassing of a role: designing the project content, what gets done and what does not - let alone how it gets done. I suggest being the consultant, the sounding board. I take my audit program with me to ensure that control points are addressed and/or risks passed upwards for acceptance. I would fear the point the Plan needs to be used (1) because the back-up structure designed by the auditor failed or (2) the plan is ineffective. The management of the project (in my opinion) needs to lye with the who you would hold responsible when it fails.
Where I absolutely DO think the auditor needs to be involved at the detail level is in the planning of the project - the scope definition. There are few other people in most of our org's that have training in the area of Risk and are as well informed of the our business objectives - more so than some Exec Mgmt Team members! Great topic! Paul Hugenberg III, C.I.S.A. Regional Manager/Information Technology Audit Officer Sky Financial Group 60 East Main Street Salineville, Ohio 43945 (330) 679-2328 ext. 2190 mailto:[EMAIL PROTECTED] -----Original Message----- From: Rychalski, Joseph [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 9:41 AM To: 'Kaplan, Jim'; '[EMAIL PROTECTED]' Subject: RE: Business contingency recovery planning participations First time for everything. I think I actually might disagree with you Jim. Like I said to Jessica, as long as there is an independent auditor assigned to the project, I think the Audit department can absolutely perform the task of project managing the business continuity program. This program is not operational in nature and independence neither improves nor affects the final results. Interesting topic of conversation. Joe This e-mail communication is confidential and is intended only for the individual(s) or entity named above and others who have been specifically authorized to receive it. If you are not the intended recipient, please do not read, copy, use or disclose the contents of this communication to others. Please notify the sender that you have received this email in error by replying to the email or by telephoning (212) 644-2663. Please then delete the email and any copies of it. Development Corporation for Israel is not responsible for any recommendation, solicitation, offer or agreement or any information about any transaction contained in this communication. Please review our website www.israelbonds.com for information regarding current investment opportunities and to download copies of all relevant prospectuses. -----Original Message----- From: Kaplan, Jim [mailto:[EMAIL PROTECTED]] Sent: Monday, November 18, 2002 9:20 AM To: '[EMAIL PROTECTED]' Subject: RE: Business contingency recovery planning participations Jessica, The American Association of State Compensation Insurance Funds web site has an excellent article entitled "The Internal Auditor's Role in Disaster Recovery". According to the article auditors can play a critical role in disaster recovery planning. They can (1) assist with the risk analysis during plan development, (2) critically evaluate the plan after it has been drawn up, and (3) provide assurance that the plan is being kept up to date through regular audits. They would be providing this service in their consultative role. The complete article can be found at: www.aascif.org/public/archive/Spring02/spring02_3.2.14.1.htm IMO the key word above is "assist". I would think that the auditor would be there to advise rather than direct the project as it could impair the internal auditor's independence. Regarding your second question, the AuditNet Audit Work Programs section contains 5 audit programs/ICQs on disaster recovery or business resumption planning. Hope this helps! > [Kaplan, Jim] > -----Original Message----- > From: Jessica Khoo [mailto:[EMAIL PROTECTED]] > Sent: Monday, November 18, 2002 3:03 AM > To: [EMAIL PROTECTED] > Subject: Business contingency recovery planning participations > > Hi, > > Can anyone shed some light regarding the following queries:- > > a. Is there any lack of independence if an internal auditor is being > included as also a member in the planning of the company's business > resumption plan? > > b. Has anyone a comprehensive business contingency audit review > programme to share? Do I also need to include a audit review procedure for > action to be taken during an actual disaster - a procedure to include > before, during and after scenario? > > Thank you very much for your attention. > > Regards > Jessica Khoo > Singapore > *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* To unsubscribe from this list send an email to [EMAIL PROTECTED] and include the message unsubscribe auditprograms-l and your name. *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* To unsubscribe from this list send an email to [EMAIL PROTECTED] and include the message unsubscribe auditprograms-l and your name. *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=* To unsubscribe from this list send an email to [EMAIL PROTECTED] and include the message unsubscribe auditprograms-l and your name.
