​​A Quick Note About Disaster Recovery

Comments Views

Recently, I had a very sobering experience. Last week I asked a group of about 100 internal auditors if, in the last five years, they had done an audit of the organization's disaster recovery plan, or had been involved in a disaster recovery test. 

No one raised their hand.

I repeated and clarified the question. Still, no hands rose. 

I was shocked and sobered.

A few days later I was telling this story. Someone overheard me and decided to ask another group of auditors the same question.   Only one-third of the room raised their hands.

I am three levels of shocked.

 1)      That these auditors hadn't done an audit of the area in the last five years
 2)      That the organizations for which the auditors worked hadn't tested the plan in five years
 3)      (Maybe a worse scenario) That the organizations had performed tests, but hadn't included the auditors.

Am I missing something here? Isn't this the kind of work that is core to audit, to risk, and to the organization? Isn't this one of those no-brainer audit areas?

Or, as I say, am I missing something?

​I look forward to your clarifications.

​The opinions expressed by Internal Auditor's bloggers may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers' employers or the editors of Internal Auditor. The magazine is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.



Comment on this article

comments powered by Disqus
  • Your-Voices-Recruitment-January-2022-Blog-1
    • IT-General-Controls-Certificate-January-2022-Blog-3