Dr Goh Moh Heng ISACA Networking Presentation Dec 2011 BCM Institute


Published on

Auditing the Business Continuity Management (BCM) Program: Challenges, Preparation and Competency.
The seminar will focus on the following key areas of Business Continuity Management:
- Provide the global trends affecting the audit of business continuity (BC) and disaster recovery (DR) for organizations. - Elaborate the evolving skill sets, requirement and competency of an auditor.
- Understand the key requirements and approaches in reviewing BC and DR initiatives within organization. Maintaining a continued operation in the event of a disruption, whether due to a major disaster or a minor incident, is a fundamental requirement for any organization. Auditors are constantly on the lookout on behalf of management and the audit committee to provide an assessment on the readiness and adequacy of the BC project (if it is in progress) or BCM program (if it is in its maintenance mode). Dr Goh will share with you the trends and international development in the BCM and DR areas. As a seasoned implementer and a frequent reviewer of BCM practices for large organizations, he will share the planning methodology, the roadmap, the fundamental skill set required by auditors and also how one can build his/her competency in this area. Lastly, Dr Goh will summarize with a walkthrough of the audit approach taken by financial and IT auditors and BCM certification auditors
About the speaker:
Dr Goh Moh Heng is the President of Business Continuity Management Institute (BCM Institute) and the Managing Director of GMH Continuity Architects. Beside his extensive experience in implementing business continuity and disaster recovery plans and programs, he is a regular contributor, speaker and season practitioner in auditing practices. Dr Goh's auditing experiences started when he was with PricewaterhouseCoopers whereby he is a qualified Certified Information Systems Auditor (CISA). In Standard Chartered Bank Plc, Dr Goh was responsible for the review and quality assurance of business continuity plans and the BCM efforts for its 52 countries operating within the group. During the last few years, he was instrumental in the development of two major national business continuity management (BCM) and disaster recovery (DR) standards which was published by SPRING Singapore. These standards had permitted both government/ commercial organizations and BCM/DR services providers to be certified with the BCM standards.
In January 2010, the BCM Institute led by Dr Goh had launched on Continuity Certified Auditors (BCCA) and Business Continuity Certified Lead Auditor (BCCLA) courses to be offered within the Asia-Pacific region. The specialization by auditors in the niche area of BCM and DR is regarded as an essential set of skill for auditing BCM using the various international standards and regulatory requirement. Dr Goh had published a book that focuses on the auditing and reviewing of business continuity plans and programs for both internal/external auditors and certification auditors. Dr Goh had successfully assisted more than 12 organizations in achieving their SS540 and BS25999 organizational certification awarded by the major certification bodies. Since September 2010 last year till now, Dr Goh and his GMH consulting team with licensing of BCM personal certification training had assisted 12 organizations to implement their BCM program and achieve with the successful award of BS25999 and SS540 organizational certification.

Published in: Education, Business, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Dr Goh Moh Heng ISACA Networking Presentation Dec 2011 BCM Institute

  1. 1. ISACA Singapore Seminar and Networking Dinner December 20, 2011National Library Board Building Level 5, Possibility Room
  2. 2. Auditing the Business Continuity Management Programme: Challenges, Preparation and Competency Dr Goh Moh Heng President
  3. 3. Dr Goh Moh Heng • President – Business Continuity Management (BCM) Institute – www.bcm-institute.org • Managing Director – GMH Continuity Architects – Asia Pacific BCM Consulting Firm – www.GMHasia.com • Professional BCM Appointments – Technical Advisor for TR19:2005 & SS540:2008 BCM Standard (Management Council and Technical Committee) www.ss540.org – Project Director, Technical Working Group for SS507:2004 • ISO/IEC 24762 Guidelines for BC-DR Serviceshttp://www.bcmpedia.org/wiki/Dr_Goh_Moh_Heng
  4. 4. Dr Goh Moh Heng Prior Appointments • Government of Singapore Investment Corporation (GIC) • Standard Chartered Bank – Global Head for BCM • PriceWaterhouseCoopers • Past Certification Broad Member for DRI International’s Certification Board • Past Executive Director for DRI Asia • Senior Technical Advisor, China Business Continuity Management Forumhttp://www.bcmpedia.org/wiki/Dr_Goh_Moh_Heng
  5. 5. Agenda• Back to Basic• Update on Global BCM Development• Mandate BCM Competency• Audit and Review Key BCM Components• Learn from Recent Disaster
  6. 6. Business ContinuityManagement Fundamentals
  8. 8. Common Planning Methodology http://www.bcmpedia.org/wiki/ BCM_Planning_Process_or_Methodology
  9. 9. Global BCM DevelopmentBCM Standards and Regulations
  10. 10. National Standards for BCM • UK – BS25999 Pt 1 & 2 • Singapore – SS:507:2008 – SS:540:2008 • Australia/ New Zealand – ANZ 5050 – HB Series 221, 292, 293 • US – NFPA 1600: 2011 – ASIS SPC.1-2010 Organizational Resilience
  11. 11. Standards and Guidelines• Regulations and guidelines to organization – Sarbanes-Oxley Act – Basel III Capital Accord – Central Bank’s BCM guidelines – COSO; COBIT; SAS70 – OSHA• New BCM Standards – ISO 22301 • Societal security - Business continuity management systems – ISO 22399 • Societal security - Guideline for incident preparedness and operational continuity management
  12. 12. BCM Planning Methodology andS540 for BCM
  13. 13. BCM Planning Methodology &BS25999
  14. 14. International BCM Standards BS 25999 SS 540 ISO 22301 (2012)NFPA 1600 ANZ 5050
  15. 15. Organizational BCMCompetency
  16. 16. BCM Competency Level http://www.bcm-institute.org/bcmi10/en/education
  17. 17. Auditable Components of BCMProgramme
  18. 18. Audit Requirement for BCM Key Controls: Approved Reports Key: Controls: BCM Competency
  19. 19. Common Language(Online Dictionary) www.bcmpedia.org
  20. 20. Audit Skillset and Upgrading
  21. 21. BCM Audit ProcessCompare with ISO 19011:2002 Audit Planning Initiating the Auditand Preparation Conducting Document Review Preparing for On-site ActivitiesAudit Fieldwork Conducting On-site Activities Audit Review Preparing, Approving, Distributing Audit Report and Reporting Completing the AuditAudit Follow-up Conducting Audit Follow-up
  22. 22. Training Competency for Auditors • Business Continuity • Lead Auditors Management – Course Code: BCM-8540 – BCM Body of Knowledge • Internal Auditor – SS540:2008 (Organization Quality Manager) – Course Code: BCM-8540 • Audit BCM Programme (Walkthrough of a Live Implementation) – Quality Management – Financial – IThttp://www.bcm-institute.org/bcmi10/en/bc-governance-and-compliance
  23. 23. Recent Disasters
  24. 24. Thailand Flooding
  25. 25. Japan Tsunami
  26. 26. Lessons from Recent Disasters• Lack of understanding of what exactly is BCM?• Review of key planning scenario (KPS) – Single site, regional and multiple disasters• Focus on: – Low probability High Impact to – High probability High Impact• Definition of “BCP” – Crisis management – Business continuity – Emergency response• Supply chain considerations• Coordination with public authority• Welfare of staff and family members
  27. 27. BCM Framework Process• Policy Policy – Strong governance – Alignment with business mission – Consistency in communication  0• People – Senior Management People – Key executive assign to the project or programme – Involved by business heads and units – BCM competency• Process – Common methodology for BCM, DR, CM, ER, etc – Integration of plans within organization
  28. 28. BCM Institute ForumBuilding a Community 80% Asian and Middle Eastern BCM and DR Professionals www.bcmi.groupsite.com
  29. 29. Web-based Activities• Exchange of information and experiences
  30. 30. THANK YOUDr Goh Moh HengPresidentMobile: +65 96711022Tel: +65 63231500Email: moh_heng@bcm-institute.org