If your organisation employs internal auditors, then as a business continuity manager, make sure you get acquainted – and sooner rather than later! Your auditor colleagues have a responsibility to evaluate and review the level of business continuity, as well as making recommendations for actions. They also have skills and experience to ask important questions about what is being done to prevent adverse conditions bringing operations to a halt. With the help of internal auditors, you can multiply the business continuity message and reinforce awareness top-down across the all departments via departmental/functional heads.
Internal auditors start with the assessment of internal and external factors affecting business continuity. They may not use the same business continuity planning or management methodology as you. However, their role obliges them to be precise and pertinent in their observations and analysis. They will check whether the business continuity plan is up to date; if it covers all critical business areas; if priorities are defined according to risks and potential consequences; and if functional responsibilities have been assigned. They will also check for instance whether the BC plan has been documented in accordance with organisational procedures and policies.
When recovery processes are implemented, their role includes monitoring how well normal operations are re-established. As eyes and ears in different places when you personally can only be in one location, auditor input for improving the business continuity plan can be valuable. After assessment and/or monitoring, auditors should present their report together with any recommendations to senior management. By working closely with your auditor colleagues, you will be able to improve business continuity ahead of time and follow up with departmental heads to make sure that the required action points are indeed implemented.