Read the ISO Company, Inc.'s Payroll Department narrative below.

1- List the risks the ISO Company is exposed to as a result of the observations.
2- Document audit recommendations you would communicate to ISO Company, Inc.'s management related to the lack of continuity and disaster recovery procedures observed
 

OBSERVATIONS:

As part of the IT audit of ISO Company, Inc.'s Payroll Department, IT auditors uncovered a number of problems with the company's business continuity and disaster recovery plans and practices. While conducting the audit, IT auditors observed that the organization's business continuity and disaster recovery plans, both established 10 years ago, have not been updated to reflect continuity and disaster recovery practices for the current environment. For example, although backup copies were made of the Department's information, upon inspection, IT auditors discovered that those backups were not maintained at the off-site location where they were supposed to be stored. Moreover, when IT auditors asked for documentation supporting the tests performed of the Department's business continuity and disaster recovery plans, they discovered that the Department had never tested the plans. The Department also had not conducted any risk assessment in support of the plans.

The Department's information systems, Payroll System Application (PSA), is open to external attacks since it is interconnected through the network. A collapse of the PSA would bring dire consequences for the Department. In fact, in the event of a crash, switching over to a manual system would not be an option. Manual handling of the company's payroll sensitive, private, and confidential information by staff personnel has resulted in previous loss of such information. Hence, the PSA must operate online at all times. The auditors agree that, based on the above observations, in the event of interruptions due to natural disasters, accidents, equipment failures, and deliberate actions, the Department may not be able to cope with the pressure.