Rather than a point by point response, I'd like to share my 2 cents
on the subject of BCP standards both as an auditor and as a
practitioner.
First of all, I've never met an external auditor I couldn't
bamboozle. I've always worked for small or small-end medium sized
companies. The big accounting firms send out their trainees to
conduct the audit. It's not hard to pass an audit with or without
standards.
Second, each industry and/or country has its own regulatory agencies
and set of rules and laws. They bear scant resemblance to each other
beyond the spelling of BCP. They are not going to give up their turf
any time soon. Some (maybe most) companies are not under BCP
regulations at all.
Third, these are very difficult economic times. Most companies want
to know what they need to do to be in compliance with their
individual regulatory agency (if any). There are industry regulators
that require a BC Plan, but don't know what that is. Question: do
you have a plan? Answer: yes. Next question.
I have had my best success selling a solid mitigation and
preparedness plan including exercises not because a regulator said we
had to or because a standard said we had to, but because it makes
good business sense. Standards may assist the BCP practitioner in
making good choices, but they will never lead to management
commitment. For that, you have to know what you are talking about
and present a solid business case for spending the resources. It has
to make sense.