Tying Bonuses to BC Plan Goals
If an auditor determines that some license was taken in reporting of status on previous audits, it should be included as a data point in the current audit. Generally, keeping within the scope of the audit parameters, an auditor can identify non-conformance as factual, regardless of previous attempts to smooth over data or report more readiness and adherence to requirements than was actually present.
If personal or management performance goals include business continuity plan conformance to standards and bonuses are paid out on meeting such goals, then the situation can become a bit dicey. Nevertheless, past activity and reporting should not influence the current audit(or) process.
Since plan auditing can be an iterative process consideration should be given to change management including a review of how the performance objectives are ties to the bonus structure. I don’t believe it is the job of the auditor to suggest performance objective changes as this flies in the way of objectivity.
In a recent corporate governance audit prep (the actual audit was performed by internal auditors) which I performed on a global consumer manufacturing business, I found an openness to understanding the process and making improvements. Most lacking was simple documentation of some very good plans, processes and procedures. Human resources played an important role in managing the audit preparation and setting the tone of expectations.
Business Continuity Management, Organizational Resilience, Training and Exercises | blogadmin February 6, 2011