Question
Read the ISO Company, Inc.s Payroll Department narrative below. List the risks the ISO Company is exposed to as a result of the observations. Document
Read the ISO Company, Inc.s Payroll Department narrative below.
- List the risks the ISO Company is exposed to as a result of the observations.
- Document audit recommendations you would communicate to ISO Company, Inc.s management related to the lack of continuity and disaster recovery procedures observed
OBSERVATIONS:
As part of the IT audit of ISO Company, Inc.s Payroll Department, IT auditors uncovered a number of problems with the companys business continuity and disaster recovery plans and practices. While conducting the audit, IT auditors observed that the organizations business continuity and disaster recovery plans, both established 10 years ago, have not been updated to reflect continuity and disaster recovery practices for the current environment. For example, although backup copies were made of the Departments information, upon inspection, IT auditors discovered that those backups were not maintained at the off-site location where they were supposed to be stored. Moreover, when IT auditors asked for documentation supporting the tests performed of the Departments business continuity and disaster recovery plans, they discovered that the Department had never tested the plans. The Department also had not conducted any risk assessment in support of the plans.
The Departments information systems, Payroll System Application (PSA), is open to external attacks since it is interconnected through the network. A collapse of the PSA would bring dire consequences for the Department. In fact, in the event of a crash, switching over to a manual system would not be an option. Manual handling of the companys payroll sensitive, private, and confidential information by staff personnel has resulted in previous loss of such information. Hence, the PSA must operate online at all times. The auditors agree that, based on the above observations, in the event of interruptions due to natural disasters, accidents, equipment failures, and deliberate actions, the Department may not be able to cope with the pressure.
Risk Description Audit Recommendation for Risk Mitigation Risk # 1 2 3 4 5
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Electronic Data Processing Controls And Auditing
Authors: W.Thomas Porter
1st Edition
0534009336, 978-0534009335
