While dry runs are indispensable for testing a disaster recovery plan, by their nature they are not comprehensive because they do not exercise every contingency in the plan. A disaster recovery audit, by contrast, attempts to check all the contingencies. An audit does not have the training value of a disaster recovery exercise, but it should provide a broader check of the plan's workability and value. This is particularly important when you have a Storage Area Network (SAN) in the picture, because you want to make sure the SAN is properly backed up and secured.

Disaster recovery audits can be done either internally or by outside consultants. A number of companies, such as Janco Associates now offer disaster recovery auditing program and several companies, such as, the IT Productivity Center, now offer software and checklists that can be customized for an organization is important. Customization is important because every enterprise is different and there is no one-size-fits-all approach to creating or auditing a disaster recovery plan. There are also books on the subject, such as Janco Associates Disaster Recovery / Business Continuity Template."

The IT-Toolkits.com web site also includes an outline of a disaster recovery plan audit at http://www.e-janco.com/DRP_BCP_Audit.html , as well as a number of other security-related checklists.