Page 179 - Courses
P. 179

Exploring Corrective Controls

            Business Continuity Plan Development

            Development of a BCP revolves around a cost/benefit discussion that focuses on the preparedness
            of the organization as it relates to the levels of risk exposure for each business unit. Unfortunately,
            organizations sometimes fail to heed the warning signs, and are ill-prepared for a business
            disruption. This often happens because decision makers do not see value in investing the necessary
            costs for preparation when it does not promote the bottom line and has a low likelihood of
            occurring. Planning for an outage can be compared to selecting insurance coverage, where the
            degree and depth of planning will result in the organization’s capability to recover in a timely
            manner.

            The risk of a disaster occurring varies due to a multitude of external and internal factors. In many
            cases, management sees these risks as inherently low even though the related impact is inherently
            high.

            Disaster Recovery

            Disaster recovery supports restoring operations critical to the resumption of business, including
            regaining access to data (records, files, reports, etc.), hardware, software , communications (email,
            phone, etc.), workspace, and other technologies after a disaster. The focus of disaster recovery is to
            recover networks, operating systems, databases, and applications.

            A well-established and thoroughly tested DRP must be developed in harmony with the BCP after the
            BIA process is completed. Doing so increases the probability of a successful recovery from any
            disaster. DRP establishes the processes needed to rebuild the infrastructure and systems after an
            event.

            The recovery process includes re-establishing communications between systems and facilities, as
            well as restarting critical application program interfaces and services with internal and external
            entities. The DRP describes how the infrastructure is to be recovered, the order in which systems are
            to be restored, and the paths and access to those systems residing in the cloud.

            Integration, Scheduler, Middleware

            Integration describes an automated application program interface (API) between two systems, such
            as transferring updated data from the payroll or accounts payable systems to the general ledger.
            Integration points for a system such as a general ledger would then be all points where data is
            updating the system from other systems.

            A scheduler (also known as a job scheduler or automated scheduler) is software that provides
            unattended execution of programs in the background (i.e. it allows execution of programs at
            designated times). For example, a nightly batch job that runs at midnight logs into each server and
            backs up its data.




            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   174   175   176   177   178   179   180   181   182   183   184