I was really hoping you would have some response to this as our AC just asked me to review ours.
We outsource our IT audit and the plan is covered in that audit. (I know.....I know.....it's not just an IT issue.) So far, our regulators have been happy with that.
Their one suggestion was the tabletop discussions and we have done those this year.
I recently commented on them (I thought our tabletops weren't good enough) and now the committee wants me to review the plan. AH! I, too, am interested in what to do - - - other than state the obvious.
The outsourcers looked for a risk assessment, a list of possible biz continuity interruptions with rankings of probability and impact, a backup plan for our network, a list of vendors, a committee that runs the backup plan with phone numbers and layouts of our offices.
Doesn't sound like much of an audit, does it? I am looking into some materials now and will PM you if I come across anything good.