Scribd Logo
Upload

Welcome to Scribd!

  • CM Backup&Recovery

    Uploaded by

    cgarcias76
    30 views14 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    XLS, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as XLS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    30 views14 pages

    CM Backup&Recovery

    Uploaded by

    cgarcias76

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as XLS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 14

    This is the AuditNet Standard Risk Control Audit Matix which incorporates formats used by many audit organizations

    in their documentation working papers. There are format templates for risk control, audit procedures, questionnaires and checklists. There is a blank workpaper and a report summary that can in used by audit organizations. AuditNet has prepared a monograph for guidance on preparing and developing audit work programs, checklists, questionnaires and matrices. The monograph is available to AuditNet subscribers. For more information go to www.auditnet.org

    Control Matrix Area: Backup and Recovery Control # Reporting Unit Process Subprocess Subprocess Owner

    BR-1

    Domestic

    IT General Controls

    Backup & Recovery Support Services Manager

    BR-2

    Domestic

    IT General Controls

    Backup & Recovery Support Services Manager

    BR-3

    Domestic

    IT General Controls

    Backup & Recovery Support Services Manager Backup & Recovery Support Services Manager

    BR-4

    Domestic

    IT General Controls

    Financial Statement Assertion

    Control Objective

    Process Risk

    Existence and Completeness

    Ensure that regular backups of company data are occuring as established policies and procedures require them to be to ensure that complete data is available for restoration purposes if necessary. Ensure that management is regularly monitoring the execution of the backup processes to ensure that the execution is in compliance with updated policies and procedures.

    Company data not available for restoration as complete backups of company data did not occur.

    Existence and Completeness

    Backup of company data is not occuring in accordance with established policies (and not detected due to the lack of management monitoring) and as such necessary company data may not be available in an emergency situation. Backup files are not maintained in a secure, offsite location resulting in stolen, altered, destroyed or lost company data files. Company data not available due to the lack of backup and recovery policies and procedures to provide guidance to ensure that critical company data is backed up regularly.

    Existence and Completeness

    Existence and Completeness

    Ensure that backup files are maintained in a secure, offsite location to ensure that they are available as needed to restore critical company data. Ensure that regular system backup policies and procedures exist to provide guidance to ensure that all critical company data is backed up regularly.

    Gap Description

    Control

    Complete backup of company data occurs regularly with a backup frequency defined for various data types and applications.

    Management regularly monitors the backup schedule, error logs/ exception reports generated during the backup of files, and network traffic during the backup process.

    Backup files are maintained in a secure offsite location. The facilities are secure, environmentally controlled, and well maintained.

    Established policies and procedures exist for systems to be backed up regularly. Documentation exists for the backup schedule of applications and data. The schedule defines the frequency of backups, and the rotation of the tapes. The disaster recovery rating and the business importance of the data determine the frequency.

    Manual or System Control System

    COSO Control Type

    Significant Control

    Yes/No Information and Communication

    Comment

    Manual

    Monitoring

    Manual

    Control Environment

    Manual

    Control Activity

    Test

    Sample Size

    W/P Ref.

    Determine if a complete backup occurs on a regular basis.

    Determine if the backup schedule is adhered to and that error logs / exception reports are monitored during backup process

    Determine that back up files are stored in the secure offsite location.

    Review the policies and procedures related to backups to determine they exist and are maintained.

    Client Name Internal Control Framework Date Completed: Completed By: Reviewed By: Question Yes No* Comments /Description

    To the best of my knowledge, the answers and comments noted above are accu

    Name and Title of Person Completing Form (please print)

    Name and Title of Department Dire

    * For a No answer, cross-reference to either a compensating control or to audit work which has been performed Questionnaire or is to be performed.

    Signature of Person Completing Form

    Signature of Department

    2/18/2014
    Date Form Completed

    Date of Department Directo

    * For a No answer, cross-reference to either a compensating control or to audit work which has been performed Questionnaire or is to be performed.

    Employee Responsible for Task

    s noted above are accurate and reflect the current

    Name and Title of Department Director (please print)

    * For a No answer, cross-reference to either a compensating control or to audit work which has been performed Questionnaire or is to be performed.

    Signature of Department Director

    Date of Department Director's Signature

    * For a No answer, cross-reference to either a compensating control or to audit work which has been performed Questionnaire or is to be performed.

    Finding Ref #

    Control Testing

    Finding

    Management Response & Treatment

    You might also like