Audit of business continuity planning, Environment and Climate Change Canada: Objective, scope and methodology
The objective of the audit was to determine whether ECCC had in place a departmental governance framework and processes for business continuity planning (BCP).
The audit focused on the BCP governance framework and processes that were in place on December 31, 2015. For the assessment of departmental BCP processes, the scope also included a risk-based sample of departmental business continuity plans as of that date.
The audit team expected to find a governance framework and BCP processes that aligned with the government’s BCP requirements (for example, TB’s Operational Security Standard – Business Continuity Planning Program [TB-OSS-BCP Program]).
Given the unique nature, complexities and risks, ECCC’s emergency operations centres and their related standard operating procedures and information technology (IT) continuity planning were excluded from the audit scope.
The audit approach included the following:
- a review of relevant documentation and systems, including policies, standards, frameworks and processes supporting the BCP program
- interviews with senior management and business continuity plan coordinators and owners
- a review of the compliance of the business impact analysis and business continuity plans for ECCC’s critical services and critical support services with the requirements outlined in the TB‑OSS‑BCP Program (see Table 1 for sample)
As mentioned previously, the Audit of BCP was conducted concurrently with the OCG’s Horizontal Audit of BCP. The objectives of the OCG’s audit consisted in determining whether Government-wide and departmental governance frameworks for BCP and departmental BCP processes were in place.
Statement of conformance
The audit was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing.
Report a problem or mistake on this page
- Date modified: