Beruflich Dokumente
Kultur Dokumente
5 potential problems
1. INEFFICIENT USE OF RESOURCE
3 TYPES OF RISKS
a. Risk of management of organization-wide IT resources by end users.
AUDIT TRAIL
provides the linkage between a company’s financial activities (transactions) and the
financial statements that report on those activities.
ADVANTAGE OF DDP
Cost reductions, improved cost control, improved user satisfaction, back up.
COST REDUCTIONS
1. Data can be edited and entered by the end user, thus eliminating the centralized task of data
preparation.
2. Application complexity can be reduced, which in turn reduces systems development and
maintenance cost.
BACK UP FLEXIBILITY
The final argument in favor of DDP is the ability to back up computing facilities to protect against
potential disasters (fires, floods, sabotage, and earthquake)
CONTROLLING THE DDP ENVIRONMENT
Objective:
to present computer center risks and the controls that help to mitigate risk and create a secure
environment.
PHYSICAL LOCATION
Directly affects the risk of destruction to a natural or man made disaster.
CONSTRUCTION
Should be located in a single-story building of solid construction with controlled access.
ACCESS
Should be limited to the operators and other employees who work there.
AIR CONDITIONING
.
FIRE SUPPRESSION
Is the most serious threat to a firm’s computer equipment.
MAJOR FEATURES:
1. Automatic & manual alarms should be placed in strategic location around the installation.
2. There must be an automatic fire extinguishing system that dispenses the appropriate type of suppressant
for the location.
3. Manual fire extinguisher should be placed at strategic locations.
4. The building should be of sound construction to withstand water damage caused by fire suppression
equipment.
5. Fire exist should be clearly marked and illuminated during a fire.
FAULT TOLERANCE
Is the ability of the system to continue operation when part of the system fails because of
hardware failure, application program error, or operation error.
2 examples of fault tolerance
1. Redundant arrays of independent disks (RAID) involves using parallel disks that contain redundant
elements of data applications. If one fails, the lost data are automatically reconstructed from the
redundant components stored on the other disks.
2. UNINTERRUPTIBLE POWER SUPPLIES
AUDIT OBJECTIVES:
is to evaluate the controls governing computer center security.
1. Physical security controls are adequate to reasonably protect the organization
from physical exposure.
TESTS OF RAID
NATURAL FLOOD
TORNATO
SOBATAGE
HUMAN-
DISASTER
MADE
ERROR
POWER OUTAGE
SYSTEM
FAILURE DRIVE FAILURE
O/S CASH/LOCK
TYPES OF DISASTER
IDENTIFY CRITICAL APPLICATIONS
Customer sales & service
Fulfillment of legal obligations
Accounts receivable
Maintenance and collection
Production and distribution decisions
Purchasing functions
Cash disbursements (trade accounts and payroll)