Previous Table of Contents Next


Based on discussions with the information systems manager, the backup strategy has been summarized below:

Daily:
  All changed objects in the production libraries (programs and data)
  All changed objects
  All production objects
  All objects
Weekly:
  All changed objects in the production libraries (programs and data)
  All changed objects
  All production objects
  All objects
Monthly:
  All changed objects in the production libraries (programs and data)
  All changed objects
  All production objects
  All objects
Quarterly:
  All changed objects in the production libraries (programs and data)
  All changed objects
  All production objects
  All objects
Annually:
  All changed objects in the production libraries (programs and data)
  All changed objects
  All production objects
  All objects

To test the information above, I judgmentally selected a total of ____items, half from the backup records and half from the backups to make a comparison of what they believe they have in backups and what they actually have in backups. The items tested and the test results are summarized in the following table.

     

     
     
     
     
     
     

Based on the procedures performed and results obtained, my opinion is that____________________.

DISASTER RECOVERY PLAN: EVALUATION AND TESTING E-3

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

I have reviewed the disaster recovery plan that is included in the carryforward workpapers. Based on that review I noted the following:

  Item 1
  Item 2
  Item 3
  Item 4
  Item 5

RECOVERY STRATEGY: EVALUATION AND TESTING E-4

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____


Note:  Correct the statements below as needed.

I asked the information systems manager for a summary of his/her recovery strategy, which has been summarized in the paragraphs below.

1.  Backups are taken such that there should be no more than one business day’s worth of information lost in the event of a problem.
2.  A physical security system has been installed and is maintained for the data center to prevent or reduce the actual data center damage in the event of a disaster.
3.  A disaster recovery plan has been developed to support the objective of fully restoring processing capabilities after no more than a 24-hour outage.

Based on the procedures performed and results obtained, my opinion is that _______________.

WORKPAPER TITLE E-5

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

WORKPAPER TITLE E-6

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

OTHER PROCEDURES E-99

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

SUMMARY MEMO—BACKUP, RECOVERY, AND ..... E-Memo

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____


Note:  Correct the statements below as needed.

OBJECTIVES

The objectives in this area were to:

  Evaluate the current backup strategy for effectiveness and compliance
  Evaluate the current recovery strategy for effectiveness and compliance
  Evaluate the disaster recovery plan for adequacy

CONCLUSION

Based on the work done in this area, my opinion is that:

  The current backup strategy should meet the needs for the business
  The backup strategy as described is functioning
  The recovery plan appears complete and reasonable
  The disaster recovery plan is sufficient for their needs

FINDINGS

The conclusion(s) above were made considering the following specific findings:

  
  
  

PROCEDURES

To satisfy the audit program, the following procedures were done.

  The completeness of the backups taken was tested
  The disaster recovery plan was reviewed

Submitted to file,

__Auditor__

__Title___

WORKPAPER INDEX - DATA CENTER OPERATIONS F-Index

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

F-Memo Summary memo for operations
F-Point Audit point(s) for operations (duplicates listing at the beginning of the working papers)
F-1 Review of questionnaire responses
F-2 Evaluation of the operations run book
F-3
F-4
F-5
F-6
F-7
F-8
F-9
F-99 Other procedures

REVIEW OF QUESTIONNAIRE RESPONSES - OPERATIONS F-1.1

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

I have reviewed the responses to the questionnaire section dealing with data center operations. A copy of that section follows this working paper as 1.2. All of the items requiring further discussion, investigation, or other follow-up are described below, and referenced by the letter (and audit point reference where appropriate) shown in the left column.

Reference Audit Point Description
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 


Previous Table of Contents Next