Internal Control Homework

...

3. Risk: air-conditioning and fire suppression; Test of the fire detection system: the auditor should establish that fire detection and suppression equipment, both manual and automatic, are in place and tested regularly. Evidence: system should detect smoke, heat and combustible fumes by reviewing official marshal records of tests.

4. Risk: RAID; Test of RAID: systems that employ RAID provide a graphical mapping of their redundant disk storage. Evidence: level of RAID is adequate given the business risk associated with disk failure.

5. Risk: Uninterruptible Power Supplies; Test of uninterruptible power supply: the computer center should perform periodic tests of the backup power supply. Evidence: it has sufficient capacity to run the computer and air-conditioning.

6. Risk: Insurance Coverage; Test for insurance coverage: auditors should annually review the organization’s insurance coverage on its computer hardware, software and physical facility. Evidence: all new acquisitions are listed on the policy and that obsolete equipment and software have been deleted.

I asked for 2, you did 6 – why? Last year I asked for 6…..

I don’t know why I did all 6… so regretful

- The text refers to cold and hot sites. Note: there is a range of options in between as described in the text. Identify a few key features a site can have to help an organization more quickly restart data processing activities if a major site is taken out of action. You can just go by the ones in the text if you like.

EMPTY SHELL(COLD SITE): When a disaster incurs, the shell is ready and available to receive whatever hardware the temporary user needs to run essential systems.

RECOVERY OPERATIONS CENTER(HOT SITE): When a disaster incurs, a subscriber of ROC service can occupy the premises and resume processing critical applications within a few hours.

Read the question. What, precisely, does it ask for? Is you answer a list of features?

Why did you mention hot and cold sites? Does that help answer the question that was asked?

Live equipment, live data

- Explain why a current inventory of critical applications is the first step in creating a disaster recovery plan.

Because computer applications that support business functions are directly critical. And the application priorities may change over time, decisions must be reassessed regularly. So to update current inventory of critical applications seems quite important.

Yes, but the question is “why” is it important. How will it be used in developing the plan?

If you don’t know which systems are critical, you can’t plan for a fast restart.

- Choose one thing from the chapter for which there was no question and say something informative about it.

I now have a better understanding of centralized data processing. By applying a centralized database, people can share the files and access to the resources on the basis of need instead of sending to each other, which makes work more efficient. Additionally, companies can largely avoid paper work. As technology develops, I believe the cost of database and maintenance fees would go down and there are more effective ways to control the risks.