IIA Tucson Chapter April 2014 - Institute of Internal Auditors · BSI https: // ... AVP Enterprise...
Transcript of IIA Tucson Chapter April 2014 - Institute of Internal Auditors · BSI https: // ... AVP Enterprise...
Disaster Recovery (DR) Natural catastrophes cause average economic losses
of $60 billion to $100 billion each year, though losses incurred in a single large-scale disaster in a major urban centre can exceed this figure, according to the report. For instance, the March 2011 earthquake off the coast of Japan and subsequent tsunami caused total losses of an estimated $235 billion and is considered the costliest natural disaster in history.
SOURCE: CGMA MAGAZINE 4/4/14 Ten riskiest cities for natural disasters http://www.cgma.org/magazine/news/pages/20149859.aspx?cm_mmc=CGMANL-_-NA-_-NA-_-na&utm_source=cgmanl&utm_medium=04Apr14&utm_term=TopNews&[email protected]&cm_mmc=AICPA-_-Cheetahmail-_-CGMA_S1_AIAPR113-_-APR14
5 5
Black Swans (risks) West Virginia (2014)
▪ http://thedailyshow.cc.com/videos/umqysw/coal-miner-s-water
6 6
Black Swans (risks) Black swan – power grid down
Memo put out by the Federal Energy Regulatory Commission in June warned that if nine key substations were destroyed, along with one transformer manufacturer, the entire United States power grid would be down for at least 18 months, probably longer.
Cost: approximately $8M to build
http://www.marketplace.org/topics/sustainability/us-relies-transformers-and-thats-little-scary by David Weinberg Thursday, March 13, 2014
7 7
Business Continuity Planning Details of the recovery phase of DR ▪ Where do people go to work? ▪ Alternate sites, VPN, COLO
▪ How will they work? ▪ Their day job or can they help others?
▪ For how long?
http://www.youtube.com/watch?v=6UUH7Kt6ybg
9 9
Business Impact Analysis Measures the company operations ▪ People ▪ Processes ▪ System dependencies ▪ Vendor dependencies (link to VM and IT Application Inventory)
Identify what is critical to operations Identify what is critical to revenue generation
10 10
Business Impact Analysis RTO – Recovery Time Objective ▪ The time period in which systems, applications and/or
business functions must be recovered after an outage
RPO – Recovery Point Objective ▪ The data loss tolerance for a business function or
application
Source: Protiviti – Guide to BCM 3rd Edition (2013) http://www.protiviti.com/en-US/Documents/Resource-Guides/Guide-to-BCM-Third-Edition-Protiviti.pdf
11 11
Resources – professional organizations BSI ▪ https://www.bsi.bund.de/EN/Home/home_node.html
DRII ▪ https://drii.org/
ISO - International Organization for Standardization (Business continuity - ISO 22301)
▪ http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref1602
12 12
Resources - consulting firms Protiviti ▪ http://www.protiviti.com/en-US/Pages/Business-
Continuity-Management.aspx
MHA-IT ▪ http://www.mha-it.com/knowledge-center/
Quantivate ▪ http://quantivate.com/
13 13
Resources – guides and certifications Protiviti FAQ (and
certifications – see 42. What are the available certification options?)
IIA Guidance – GTAG 10
14 14
Questions, final thoughts
Jon Bruflat – CPA, CRMA AVP Enterprise Risk Management Vantage West Credit Union [email protected]
15 15