Endorsed by The Business Continuity Institute. - Contains a comprehensive, detailed business continuity audit plan - Includes sample audit report and work papers - An ideal resource for consultants or auditors, as well as internal business continuity planners! - International in scope - includes country-specific guidelines. This book presents a general methodology and a framework for auditing Business Continuity Management (BCM). The main purpose is to provide a single work of reference for auditors, managers working in business continuity and consultants. BCM is a complex field. It covers business issues and technology with a perspective on the entire enterprise. The business continuity manager, and the auditor, require a diversified set of skills and extensive knowledge to assess business continuity as a question of business survival. There has been a lot of confusion about the terms "business continuity," "disaster recovery," "IT security" and many other words attempting to describe the continuation of critical business processes under adverse circumstances. However, for the auditor these terms refer to one and the same notion: businesses should take adequate precautions to ensure that no going concern issues arise from crises or disasters. Some companies decide to take a cautious stance with regard to continuing their operations come what may: they prefer to "err on the safe side" and rely on preventative measures. Other firms, perhaps in an industry where "speed to market" and competitive pressure require a faster pace, may prefer to reduce investments on prevention, while putting in place a robust crisis and disaster management mechanism. Both types of corporations nevertheless pursue the overall goal of business continuity, by either avoiding risks or disasters (if they can), or by making sure they can deal with these events. In a sense, BCM means "reading the future" or trying to safeguard an organization against unforeseen events. Management is still forced to address precisely this issue, by carefully evaluating their options and then making an entrepreneurial decision about the acceptable level of remaining risk. To the auditor, it is important to understand how this decision has been reached and whether it can be justified from a financial, operational and managerial point of view. Neither the overly cautious nor the reckless manager will succeed in today's market - the BCM auditor should provide a sounding board and an objective business partnership to the management of the company being reviewed. BCM audit is therefore an important element of ensuring corporate survival. The audit result incorporates issues of compliance, highlights weaknesses and provides reasonable recommendations to management, whose experience may be enhanced and improved by the auditor's objective input from other corporations or industries. It is not to be confused with the much narrower field of IT audit. This book has been deliberately restricted to business continuity rather than IT continuity to highlight the all-important differences between the two. The contents have been arranged around the Business Continuity Institute (BCI) / Disaster Recovery Institute International (DRII) Professional Practices for business continuity as well as other standards such as CobIT or ISO / IEC 17799. Some elements may look familiar to the experienced auditor who may still benefit from using this book as a reference manual or as an instructive tool for groups of auditors. This is intentional, as BCM and related audit questions should "fit in" with tools and models that are recognized and proven in the field.
Rolf von Roessing is head of eSecurity Services and head of BCM for Austria, Croatia, Slovakia, Slovenia for Ernst & Young Vienna. He has extensive experience in business continuity management, information security and traditional security. He has worked with Ernst & Young in several European and global offices, including specialist assignments such as Y2K subject matter expert and active participation in several global core teams for business continuity. His current position includes BCM and security-related responsibilities, and he heads these service lines for Austria and several other countries.
Rolf is a board member of the Business Continuity Institute (BCI) and holds an MBCI certification. He is an active participant of the Institute's education committee, working towards integration of BCM best practices and tertiary education programs. These developments include the consolidation and publication of BCM knowledge, academic and research work.
In Austria, Rolf has contributed to several standardization and codification initiatives, notably the ISO 17799 introduction as a common standard throughout the country. He frequently supervises security-related certification examinations and has presented various lectures and training courses on business continuity management in a European context.
Rolf holds postgraduate degrees in Britain, France and Germany, as well as the CISA (Certified Information Systems Auditor) and CISSP (Certified Information Systems Security Professional) professional certifications. "Auditing Business Continuity: Global Best Practices" is his first major book, following a solid background of academic publications and professional papers.
