This sample audit report focuses on whether an appropriate enterprise-wide governance structure is in place to manage the ongoing development, enhancement and maintenance of a business continuity and disaster recovery program. The assessment includes an organization’s in-scope tier-one systems to determine if they have appropriate IT recovery strategies and plans in place and whether the strategies are aligned with business requirements.
This review found that, while clinical care would continue after a significant disruption (provided the facilities remain intact), organizational impacts from an absence of data, systems and business resumption planning would include:
- Potential degradation in the quality of care due to the inability to access medical records in a timely manner and communicate between departments and other healthcare resources.
- Temporary loss and/or significant delays executing patient billing and collections processes.
- Significant delays in the ability to execute employee payroll.