A business continuity plan audit is a formalized method for evaluating how business continuity processes are being managed. The goal of an audit is to determine whether the plan is effective and in line with the company's objectives.
A business continuity plan audit should define the risks or threats to the success of the plan and test the controls in place to determine whether or not those risks are acceptable. An audit should also quantify the impact of weaknesses of the plan and offer recommendations for business continuity plan improvements.
Business continuity audits benefit from a structured audit framework such as those outlined in the British Standards Institution's BS 25999 or the proposed International Organization of Standardization's ISO 22301. Auditing a business continuity plan and its documentation against an established benchmark ensures that it is consistent with industry practices and controls.