• Save
Dr Goh Moh Heng ISACA Networking Presentation Dec 2011 BCM Institute
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Dr Goh Moh Heng ISACA Networking Presentation Dec 2011 BCM Institute

on

  • 2,074 views

Auditing the Business Continuity Management (BCM) Program: Challenges, Preparation and Competency....

Auditing the Business Continuity Management (BCM) Program: Challenges, Preparation and Competency.
The seminar will focus on the following key areas of Business Continuity Management:
- Provide the global trends affecting the audit of business continuity (BC) and disaster recovery (DR) for organizations. - Elaborate the evolving skill sets, requirement and competency of an auditor.
- Understand the key requirements and approaches in reviewing BC and DR initiatives within organization. Maintaining a continued operation in the event of a disruption, whether due to a major disaster or a minor incident, is a fundamental requirement for any organization. Auditors are constantly on the lookout on behalf of management and the audit committee to provide an assessment on the readiness and adequacy of the BC project (if it is in progress) or BCM program (if it is in its maintenance mode). Dr Goh will share with you the trends and international development in the BCM and DR areas. As a seasoned implementer and a frequent reviewer of BCM practices for large organizations, he will share the planning methodology, the roadmap, the fundamental skill set required by auditors and also how one can build his/her competency in this area. Lastly, Dr Goh will summarize with a walkthrough of the audit approach taken by financial and IT auditors and BCM certification auditors
About the speaker:
Dr Goh Moh Heng is the President of Business Continuity Management Institute (BCM Institute) and the Managing Director of GMH Continuity Architects. Beside his extensive experience in implementing business continuity and disaster recovery plans and programs, he is a regular contributor, speaker and season practitioner in auditing practices. Dr Goh's auditing experiences started when he was with PricewaterhouseCoopers whereby he is a qualified Certified Information Systems Auditor (CISA). In Standard Chartered Bank Plc, Dr Goh was responsible for the review and quality assurance of business continuity plans and the BCM efforts for its 52 countries operating within the group. During the last few years, he was instrumental in the development of two major national business continuity management (BCM) and disaster recovery (DR) standards which was published by SPRING Singapore. These standards had permitted both government/ commercial organizations and BCM/DR services providers to be certified with the BCM standards.
In January 2010, the BCM Institute led by Dr Goh had launched on Continuity Certified Auditors (BCCA) and Business Continuity Certified Lead Auditor (BCCLA) courses to be offered within the Asia-Pacific region. The specialization by auditors in the niche area of BCM and DR is regarded as an essential set of skill for auditing BCM using the various international standards and regulatory requirement. Dr Goh had published a book that focuses on the auditing and reviewing of business continuity plans and programs for both internal/external auditors and certification auditors. Dr Goh had successfully assisted more than 12 organizations in achieving their SS540 and BS25999 organizational certification awarded by the major certification bodies. Since September 2010 last year till now, Dr Goh and his GMH consulting team with licensing of BCM personal certification training had assisted 12 organizations to implement their BCM program and achieve with the successful award of BS25999 and SS540 organizational certification.

Statistics

Views

Total Views
2,074
Views on SlideShare
2,033
Embed Views
41

Actions

Likes
0
Downloads
0
Comments
0

3 Embeds 41

http://www.linkedin.com 33
https://www.linkedin.com 7
http://www.slashdocs.com 1

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Dr Goh Moh Heng ISACA Networking Presentation Dec 2011 BCM Institute Presentation Transcript

  • 1. ISACA Singapore Seminar and Networking Dinner December 20, 2011National Library Board Building Level 5, Possibility Room
  • 2. Auditing the Business Continuity Management Programme: Challenges, Preparation and Competency Dr Goh Moh Heng President
  • 3. Dr Goh Moh Heng • President – Business Continuity Management (BCM) Institute – www.bcm-institute.org • Managing Director – GMH Continuity Architects – Asia Pacific BCM Consulting Firm – www.GMHasia.com • Professional BCM Appointments – Technical Advisor for TR19:2005 & SS540:2008 BCM Standard (Management Council and Technical Committee) www.ss540.org – Project Director, Technical Working Group for SS507:2004 • ISO/IEC 24762 Guidelines for BC-DR Serviceshttp://www.bcmpedia.org/wiki/Dr_Goh_Moh_Heng
  • 4. Dr Goh Moh Heng Prior Appointments • Government of Singapore Investment Corporation (GIC) • Standard Chartered Bank – Global Head for BCM • PriceWaterhouseCoopers • Past Certification Broad Member for DRI International’s Certification Board • Past Executive Director for DRI Asia • Senior Technical Advisor, China Business Continuity Management Forumhttp://www.bcmpedia.org/wiki/Dr_Goh_Moh_Heng
  • 5. Agenda• Back to Basic• Update on Global BCM Development• Mandate BCM Competency• Audit and Review Key BCM Components• Learn from Recent Disaster
  • 6. Business ContinuityManagement Fundamentals
  • 7. Incidents, Emergencies, IT BUSINESS Events, SECURITY CRISISRECOVERY CONTINUITY Disasters Plan SPECIFIC CRISIS SPECIFICIT DR PLAN BC PLAN SECURITY PLAN MANAGEMENT PLANS PLAN
  • 8. Common Planning Methodology http://www.bcmpedia.org/wiki/ BCM_Planning_Process_or_Methodology
  • 9. Global BCM DevelopmentBCM Standards and Regulations
  • 10. National Standards for BCM • UK – BS25999 Pt 1 & 2 • Singapore – SS:507:2008 – SS:540:2008 • Australia/ New Zealand – ANZ 5050 – HB Series 221, 292, 293 • US – NFPA 1600: 2011 – ASIS SPC.1-2010 Organizational Resilience
  • 11. Standards and Guidelines• Regulations and guidelines to organization – Sarbanes-Oxley Act – Basel III Capital Accord – Central Bank’s BCM guidelines – COSO; COBIT; SAS70 – OSHA• New BCM Standards – ISO 22301 • Societal security - Business continuity management systems – ISO 22399 • Societal security - Guideline for incident preparedness and operational continuity management
  • 12. BCM Planning Methodology andS540 for BCM
  • 13. BCM Planning Methodology &BS25999
  • 14. International BCM Standards BS 25999 SS 540 ISO 22301 (2012)NFPA 1600 ANZ 5050
  • 15. Organizational BCMCompetency
  • 16. BCM Competency Level http://www.bcm-institute.org/bcmi10/en/education
  • 17. Auditable Components of BCMProgramme
  • 18. Audit Requirement for BCM Key Controls: Approved Reports Key: Controls: BCM Competency
  • 19. Common Language(Online Dictionary) www.bcmpedia.org
  • 20. Audit Skillset and Upgrading
  • 21. BCM Audit ProcessCompare with ISO 19011:2002 Audit Planning Initiating the Auditand Preparation Conducting Document Review Preparing for On-site ActivitiesAudit Fieldwork Conducting On-site Activities Audit Review Preparing, Approving, Distributing Audit Report and Reporting Completing the AuditAudit Follow-up Conducting Audit Follow-up
  • 22. Training Competency for Auditors • Business Continuity • Lead Auditors Management – Course Code: BCM-8540 – BCM Body of Knowledge • Internal Auditor – SS540:2008 (Organization Quality Manager) – Course Code: BCM-8540 • Audit BCM Programme (Walkthrough of a Live Implementation) – Quality Management – Financial – IThttp://www.bcm-institute.org/bcmi10/en/bc-governance-and-compliance
  • 23. Recent Disasters
  • 24. Thailand Flooding
  • 25. Japan Tsunami
  • 26. Lessons from Recent Disasters• Lack of understanding of what exactly is BCM?• Review of key planning scenario (KPS) – Single site, regional and multiple disasters• Focus on: – Low probability High Impact to – High probability High Impact• Definition of “BCP” – Crisis management – Business continuity – Emergency response• Supply chain considerations• Coordination with public authority• Welfare of staff and family members
  • 27. BCM Framework Process• Policy Policy – Strong governance – Alignment with business mission – Consistency in communication  0• People – Senior Management People – Key executive assign to the project or programme – Involved by business heads and units – BCM competency• Process – Common methodology for BCM, DR, CM, ER, etc – Integration of plans within organization
  • 28. BCM Institute ForumBuilding a Community 80% Asian and Middle Eastern BCM and DR Professionals www.bcmi.groupsite.com
  • 29. Web-based Activities• Exchange of information and experiences
  • 30. THANK YOUDr Goh Moh HengPresidentMobile: +65 96711022Tel: +65 63231500Email: moh_heng@bcm-institute.org