Course Objectives.
1. Have an understanding of the IT Contingency Planning Process and its place within the overall Continuity of Operations Plan and Business Continuity Plan process.
2. Be familiar with the IT contingency planning policies and plans with emphasis on maintenance, training, and exercising the contingency plan.
3. Know the preliminary steps involved in planning for an audit of the agency's comprehensive contingency plan.

Auditing the Contingency Planning Process (ACPP) is a one-day training session designed to provide an introduction to a seven-step contingency process that many government agencies apply in developing and maintaining a viable contingency planning program for their IT systems. IT systems are vulnerable to a variety of disruptions, ranging from mild (e.g., short-term power outage, disk drive failure) to severe (e.g., equipment destruction, fire) from a variety of sources such as natural disasters to terrorists actions. Losing the capability to process, retrieve, and protect electronically maintained information can significantly affect an entity’s ability to accomplish its mission. Consequently, the entity must have in place (1) procedures for protecting information resources and minimizing the risk of unplanned interruptions and (2) a plan to recover critical operations should interruptions occur. Our role as auditors is to evaluate the adequacy of established plans and procedures to ensure continuity of operations for information systems that support the operations and assets of the agency. Using pertinent information from GAO’s Federal Information System Controls Audit Manual (FISCAM) and selected National Institute of Standards and Technology (NIST) Special Publications, the training material covers specific contingency planning recommendations for seven IT platform types from ranging from desktops and portable systems to mainframe systems in addressing the three major course objectives outlined below. The topics presented are designed to give the auditor and audit management a thorough overview of the various factors that must be considered by management in establishing a viable contingency plan and the key audit procedures necessary to evaluate the adequacy of management’s actions.