IBCT - ECP-003: Introduction to Effective Business Continuity Auditing
ECP-501 BCM Auditing

ECP-003: Introduction to Effective Business Continuity Auditing

ECP-003: Introduction to Effective Business Continuity Auditing
This 1-day seminar provides an overview of procedures for the review, evaluation and audit of a Business Continuity Management System for business, government and not-for-profit organizations. Through instructor-led discussion, the course examines practical tools and techniques for (1) internal evaluations and gap analysis for management review; and (2) external audit review to determine the effectiveness, adequacy, and quality of an organization’s Business Continuity Program. 




This course is designed for new and experienced BCM practitioners, internal and external auditors, executives, managers, business continuity planners and business unit staff who are involved in or manage business continuity planning functions. It is also highly useful for information technology managers, administrative heads, and others responsible for the effective administration of any size of organization. It is particularly useful for individuals tasked with self-assessing the conformity of their BCMS to the ISO 22301 and related standards, or for consultants responsible for assessing the business continuity programs of their clients, through periodic evaluations, gap analysis, or audits.




1 day 




At the conclusion of this course, participants should know how to: 
  • explain the overall Business Continuity Management lifecycle as it applies to the new International BCM Standard ISO 22301 
  • assess the compliance of the Business Continuity Management System against the requirements of the ISO 22301:2012 standard 
  • identify strengths and weaknesses of a Business Continuity Audit 
  • formulate recommendations to strengthen a Business Continuity Audit 


Course Outline: 


1. Business Continuity Lifecycle Management: 
The new realities of Business Continuity Planning  
Management's roles and responsibilities with respect to Business Continuity  
Establishing and managing a Business Continuity program  
How to evaluate, and maximize, the program's cost-effectiveness  
The difference between Business Continuity and System Availability  
Generally Accepted Business Continuity 'Best Practices'  
Future trends in Business Continuity Management  


2. Testing and Evaluating Business Continuity Plans: 
Desk Checks; Peer Reviews 
Structured Walkthroughs 
Standalone Tests; Integrated Tests 
Operational Tests 
Call Tree Tests 


3. Setting Test and Exercise Objectives: 
Planning and Preparation 
Measuring Success and Performance 
Critical Success Factors
4. Plan Evaluation: 
Reviewing periodic Risk Assessment and Business Impact Analysis 
Identifying significant changes to business units and critical operating processes  
Reviewing current strategies for reducing risk, reducing impact, recovering computer systems, resuming business operations 
BCP GAP Analysis 


5. Auditing the Business Continuity Program 
Audit Initiation and Compliance Maturity Evaluation 
Audit Planning Process and Customization using ISO 22301 
Business Continuity Audit Plan Implementation 
Audit Data Synthesis and Analysis 
Business Continuity Audit Review 
Business Continuity Audit Reporting


NOTE: This course is normally offered as a private in-house 1-day session for up to 25 participants; cost to be determined by the number of participants and location of the course presentation.

Contact Us

Institute for Business Continuity Training
1623 Military Road, Suite 377
Niagara Falls, NY 14304

T: 1-844-408-4358

F: 1-716-313-1750

E: This email address is being protected from spambots. You need JavaScript enabled to view it.