ISACA Introduces New Audit Programs for Business Continuity/Disaster Recovery and Blockchain

SCHAUMBURG, Ill.–()–The COVID-19 pandemic spotlighted the need for robust business continuity plans like never before, and also accelerated technology innovation, as organizations quickly sought new ways of doing business. Global IT association ISACA is helping auditors expand their expertise in those areas by introducing two new audit programs: IT Business Continuity/Disaster Recovery Audit Program and Blockchain Framework Audit Program.

The IT Business Continuity/Disaster Recovery Audit Program provides auditors with guidance in navigating the recovery process should an unplanned event or an emergency occur. The audit program helps auditors assess an enterprise’s disaster preparedness and ability to continue with critical priority operations during a disruption and get back to business as usual afterward. It also addresses emergency readiness assurance, including communications and evacuation. While going through the included testing steps in the program, auditors are encouraged to consider questions including:

  • Have the plans been tested to confirm they can be deployed in the time frame required in an emergency?
  • Is the documentation for business continuity and resiliency planning consistent across the enterprise?
  • Are test results incorporated into continuity planning procedures and standards to foster continuous improvement in backup and recovery strategies?

The Blockchain Framework Audit Program complements ISACA’s recently released Blockchain Framework and Guidance and assists auditors in evaluating the effectiveness of the implemented blockchain controls. While blockchain offers many benefits to enterprises, there is also risk associated with the emerging technology that can be mitigated by implementing proper controls. The program focuses on governance, infrastructure, data management, key management and smart contracts, and it is meant to provide assurance over targeted areas that will lower an organization’s risk posture, including the following types of risks:

  • Gaps in security, including vulnerable source code, weak endpoints and theft/loss of sensitive data
  • Poor implementation or deployment that results in wasted resources and a solution that does not function properly
  • Vendors that cannot scale effectively to support blockchain at the enterprise level

“IT audit professionals have long been committed to keeping pace with the changing landscape of technology and other evolving areas that impact their enterprises, bringing value in the process. This has been especially true during the COVID-19 pandemic, which has illustrated how essential IT business continuity and disaster recovery continue to be,” says Robin Lyons, ISACA IT audit professional practices lead. “ISACA is committed to providing the audit community with the resources and tools they need to stay highly valuable and effective in the midst of these changes.”

Both audit programs outline the control objectives, controls and control types, control classification and frequency, and testing steps to consider across different relevant categories. The IT Business Continuity/Disaster Recovery Audit Program is complimentary to members and can be accessed at https://www.isaca.org/bookstore/audit-control-and-security-essentials/waitbc. The Blockchain Framework Audit Program is $25 for members and $49 for non-members and can be downloaded at https://www.isaca.org/bookstore/audit-control-and-security-essentials/wabfa.

More information on ISACA’s other audit programs and resources can be found at https://www.isaca.org/resources/insights-and-expertise/audit-programs-and-tools.

About ISACA

For more than 50 years, ISACA® (www.isaca.org) has been equipping individuals with knowledge, credentials, education and community to progress their careers and transform their organizations, and enabling enterprises to train and build quality teams. ISACA is a global professional association and learning organization with more than 150,000 members who work in information security, governance, assurance, risk and privacy and has a presence in 188 countries, including more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation.