Disaster recovery planning (DRP) and
Business continuity planning (BCP) audits

BDO’s DRP and BCP audits focus on an organisation’s continuity planning to offset the impact of man-made or natural disasters. 

Normally, the objective of a DRP audit is to verify that the DR plan is: 

  • Adequate to ensure resumption of computer systems in a timely manner during adverse circumstances
  • In line with the current business continuation plan (BCP)
  • Reflecting the current business operating environment and needs.

 

A typical scope could include an assessment of: 

  • Disaster prevention controls (e.g. server room physical access and environmental controls)
  • Back-up and recovery procedures and training
  • Off-site storage and rotation practices
  • DR plan covering, among other things, a review of:
    • Cost effectiveness
    • DR risk assessment, including ability to cater for different disasters
    • Critical business processes and applications
    • Level of tolerance
    • Recovery time objective (RTO)
    • Recovery point objective (RPO)
    • Alternate processing plans
    • Initiation of the business continuity effort
    • Third party or offsite DR sites
    • Contact lists
    • Offsite copies of the DRP
    • Assigned responsibilities and responsible parties
    • Movement to recovery site plans
    • Recovery processes
    • Facility reconstruction plans
    • Rendezvous points
    • Telecommunications
    • DR testing and results
    • DRP training
    • DRP updates
    • DRP approval by appropriate parties. 

BDO has the qualifications and required experience in DRP auditing. Key to our success is our business-focused approach for DRP audits: we ascertain whether an organisation’s DRP aligns itself with the BCP which, in turn, should be aligned with the business strategy of the organisation. Any DRP should be business driven, hence our focus from a business perspective.  

BDO can also be contracted in an advisory role to advise on or to develop DRP and BCP plans.


Contact us