Internal audit teams need to understand better the process they are auditing and the rationale for the decisions that they might be evaluating. Auditors need fixed points of reference for comparisons. Standards (in various guises) provide them with a route map to follow. This allows them to check the process, but not really the effectiveness, of the program. Resilience, not process consistency, is the ultimate measure of success. Auditors must understand the business fully. They must also familiarize themselves with the BCM process.”]
Source: https://www.cuinfosecurity.com/blogs/how-to-audit-business-continuity-p-1381