Programme in preparation

Auditing Resilience and Business Continuity Plan (BCP)


Nowadays and exacerbated by the current crisis, leading organizations are taking BCP requirement as a strategic advantage. Namely, investments in operational resiliency are assisting organizations to become more responsive to client needs as well as improving operational reliability, quality, efficiency and ability to cope with external events. Internal audit plays an important role to provide assurance on the resilience of the company and highlight improvements to implement or propose mitigating solutions to deficiencies.

As organizations face increasingly complex business and operational environments, functions such as business continuity keep evolving. Today, successful resilience and business continuity programs (BCPs) both address the technical issues involved and strive to support the organization’s efforts to improve and sustain an adequate level of operational resiliency. Operational resiliency efforts tackle operational risk by identifying potential operational problems and improving the processes and systems used.

Target Group

Internal auditors (all levels), compliance officers, business controllers, senior & middle level management officers.

Location & Duration

Distance learning in 5 online sessions of 3.5 hours each via virtual classroom





Detailed programme Explode

The 10 phases of a BCP to audit – Best practices including case studies

1. Initiation

  • BCP and operational risks
  • Get a sponsor, authority, scope, and funding.

2. Risk analysis

  • Document and prioritize current risks. Risks include natural disasters and man-made events.

3. Business impact analysis

  • Develop a low-level business process blueprint; determine what is needed to sustain the business.

4. Create strategy

  • Use the risk analysis and business impact analysis to formulate a possible strategy based on facts and assumptions in evidence.

5. Emergency response

  • Integrate the planned strategy with the first responder by using the Incident Command System (ICS).

6. Plan creation

  • Create and organize the plan, including personnel assignments and detailed procedures.

7. Training and awareness

  • Teach individuals the necessary roles and skills to perform the required functions of the BC/DR plan. Educate the organization about the plan’s existence and anticipated areas of coverage.

8. Maintain and test

  • Nothing is out of date faster than a big book of plans. People have to practice their roles to gain proficiency, and a change control system will be needed to improve the documentation. It is impossible to keep plans current without structured exercises to improve skills and identify deficiencies.

9. Communications

  • Clients, investors, partners, employees, and stakeholders need to be kept informed and feel comfortable with the information they receive. Internal and external messages need to be properly vetted to portray the intended message; a schedule of communications and scripted messages needs to be developed in advance. Poor communications can be more damaging than the actual disaster itself. Plans need to include an uninterruptible communication system.

10. Integrate with other organizations

  • No organization can exist by itself. A good plan will integrate with plans of business partners, suppliers, clients, and government agencies. You may need to rely on them, or they may need to rely on us during critical functions. Often a prime contractor will incorporate the plans of a subcontractor into their own.

11. COVID responses and lessons learned

Join us on  Follow us on LinkedIn Follow us on Twitter