Auditing the Business Continuity Process

A view on SOX and the BC Process

In a recent interesting piece by Dr Eric Schmidt of TDS Inc. he explores some of the background of the Sarbanes Oxley and looks at the implications it has for Organisations affected and specifically the impact on Business Continuity Practitioners. He argues persuasively that regulatory initiatives and world events are driving the convergence of business continuity, security and information management under the umbrella of enterprise risk management, sometimes referred to as global assurance.

Consequently, financial and technology auditors must review business continuity, and not just disaster recovery, in much more detail than before. This is a view shared by the Continuity Forum and for those well informed on current thinking. He stresses that High Level Audits are no longer sufficient as they do not address the detailed considerations of BC or the heightened interest in topics such as disaster preparedness, preventative measures, recovery and restoration of the core business.

He cites research confirming the Forums own work that over half of organisations are still way behind schedule in achieving compliance with only 15% having covered over 80% of the compliance issues, making the point strongly that time is running out and many risk non compliance with the Act!

He moves on to highlight that the detail of the Sarbanes-Oxley Act does not mandate that an organisation has to have a plan in place, but that if examined correctly many, if not all of the compliance issues organisations are struggling to master could be achieved through a properly constructed BCM process.

Through convincing argument, Dr Schmidt stresses that the parallels and synergies between the SOX Act (its actual requirements) and BC are clear and that effective internal alignment of the programmes with minor adaptation where necessary, could boost the effectiveness of both. We would welcome your feedback on this piece and if you know of any material that you feel would be of interest to your fellow professionals do let us know through the links below.

Download

End

To find out more about how the Continuity Forum can help your organisation plan for and address a wide variety of Business Resilience and Continuity issues, please contact us directly HERE! or call Russell Price on 020 8993 1599.