This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print page

Case Study: Business Continuity Planning

Abstract

An organisation fears its procedures and policies may be poor in relation to the continuation of their operations after a disaster occurs.

Challenge

The scope of our review was to conduct, as part of our risk based internal audit plan, a review of policies and procedures for implementing and maintaining business continuity management at a large organisation.

Approach

Our work consisted of interviews with key staff and a review of the organisation’s documentation. This internal audit assignment focused on the following key issues:

  • Had business continuity management been embraced by the business and IT functions?
  • Was a policy established in this area?
  • Were appropriate procedures and supporting records maintained?
  • Were the services provided by third parties appropriate (if applicable)?
  • Had appropriate testing been carried out?

 

Solution

Our findings were categorised as follows:

  • Four findings highlighted a major control weakness that posed a significant risk of financial loss or operational disruption, these required immediate attention
  • One finding showed a significant control weakness that could have resulted in financial loss or operational disruption. This weakness required immediate attention

Recommendations

  • Business and IT management should carry out a comprehensive business continuity risk assessment in relation to the impact and likelihood of different levels of disaster.
  • We recommended that as part of an organisation-wide initiative, management formulate and document an appropriate  business continuity management strategy based on the output from an initial business impact analysis and risk assessment process.
  • We recommended that management review service contracts with third party suppliers to ensure they adequately included appropriate levels of service.
  • We recommended that IT management evaluate the possibility of extending the terms of the current hardware maintenance agreements to include the provision of replacement hardware in the event of a critical component or other system failure within a defined timeframe.

Material on this website is © 2013 Deloitte Global Services Limited, or a member firm of Deloitte Touche Tohmatsu Limited, or one of their affiliates. See Legal for copyright and other legal information.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/ie/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.

Get connected
Share your comments
More on Deloitte
Learn about our site