3. There are two types of Audit Behaviors:
Compliance OR Common Sense
• Compliance to Industry Regulation:
– Project focus.
– Remediate audit findings.
• Common Sense in serving the organization:
– Program focus.
– Remediate past issues and mitigate future Issues.
– Recognize when compliance has become a larger
investment that requires a potential return .
• What is the ‘tipping point’ between the two?
3
4. Two Schools: Compliance or Common
Audit for Sense? Audit for
Compliance Common Sense
Pounds of paper. A working
program.
Spend
Over
Time
At some point in the audit process, the spend over time will highlight a “tipping point”
in stakeholder’s perspectives, requiring a set of costly projects to become a trusted
program. 4
5. 20% of effort resulting in 80% results:
• You can replace
this placeholder
text with yours
• You can replace
this placeholder
text with yours
5
6. Title Only – Place Anything On Slide
Impact on senior
management
KEY
DECISION Impact on middle
management
Impact on
frontline
Impact on first
level management
6
7. A multi-year project approach to Business
Continuity will lead to a large investment
and the requirement for common sense.
Year Four
Year One Artifacts that
Artifacts that get you through
get you through an audit and
an audit might not work
in an actual
event
7
9. Title Only – Place Anything On Slide
Your Your
text text
here here
Your Your
text text
here here
Your Your
text Your text here. Your
text
here text here. Your text
here
here. Your text here
9
10. Title Only – Place Anything On Slide
Your conclusion here. More text here and more
text here about the chart
Majority
Growth
Maturity
Introduction Decline
Time
10
11. Title Only – Place Anything On Slide
Your text
Your text
here
10% here
Your text
90% here
Your Your text here. Your
text text here. Your text
here here. Your text here.
11
12. HOW AND WHEN DO YOU
AUDIT A COMMON SENSE
BC/DR PLAN?
12
13. Title Only – Place Anything On Slide
Testing Risk
& Assessment(s)
Training BCP
Program
&
Policy
Remediation Business Impact
& Analysis
Planning
13
14. Title Only – Place Anything On Slide
• The Program and Policy are Strategic
• The Risk Assessments set a reasonable Disaster Halo
• The BIA’s set a standard Impact Horizon
• Remediation and Planning lowers risk
• Testing assures continuous improvement
14
15. Title Only – Place Anything On Slide
Your text here
Your text here
Your text here
Your text here
Your text here
Your text here
15