The Institute of Internal Auditors has released a new practice guide demonstrating how the internal audit function can help businesses keep running in the event of a cyberattack or a natural disaster.
The practice guide shows how internal auditors can provide assistance in business continuity management. The IIA noted that internal audit functions typically have the skills, qualifications and in-depth knowledge of the organization to help develop, implement and evaluate the effectiveness of such plans.
“Demands on internal audit are expanding as terrorism, cyberattacks and other factors influence risk and good governance in business,” said IIA president and CEO Richard F. Chambers in a statement. “This new guidance, Business Continuity Management,’ outlines how internal audit can help before, during, and after a major crisis.”
The goal of business continuity management is to restore critical operations, manage communications, and minimize financial and other effects of disaster. According to the new practice guide, a good crisis management plan is like a company insurance policy—it helps to ensure that the organization remains viable and meets stakeholder expectations.
The guide provides a breakdown of how internal audit can help set the ground rules for its participation, provide input and evaluate key elements of the plan, participate in implementing tactics of the plan, and evaluate its results. In additionally, the guide includes an appendix with a sample work program for business continuity management assurance or advisory engagements.
The practice guide is available for free to IIA members and for $25 for non-members. To download it,
