Documente Academic
Documente Profesional
Documente Cultură
Accountants routinely examine the physical environment of the computer center as part of their annual
audit. The objective of this section is to present computer center risk and the controls that help to
mitigate risk and create a secure environment. The following are areas of potential exposure that can
impact the quality of information, accounting records, transaction processing, and the effectiveness of
other more conventional internal controls.
Physical Location
The physical location of the computer center directly affects the risk of destruction to a natural or man-
made disaster. To the extent possible, the computer center should be away from human-made and
natural hazard, such as a processing plants, gas and water mains, airports, high-crime areas, flood plains,
and geological faults. The center should be away from normal traffic, such as the top floor of a building
or in a separate, self-contained building. Locating a computer in the basement building increases its risk
to floods.
Construction
Ideally, a computer center should be located in a single-story building of solid construction with
controlled access (discussed next). Utility (power and telephone) lines should be underground. The
building windows should not open and an air filtration system should be in place that is capable of
extracting pollens, dust and dust mites.
Access
Access to the computer center should be limited to the operators and other employees who work there.
Physical controls, such as locked doors, should be employed to limit access to the center. Access should
be controlled by a keypad or swipe card, though fire exits with alarms are necessary. To achieve a higher
level of security, sccess should be monitored by closed-circuit cameras and video recording systems.
Computer centers should also use sign-in logs for programmers and analysts who need access to correct
program errors. The computer center should maintain accurate records of all such traffic.
Air conditioning
computer function best in an air-conditioned envirement, and providing adequate air conditioning is
often a requirement of the vendor's warranty. Computers operate best in a temperature range of 70 to
75 degrees Farenheit and a relative humidity of 50 percent. Logic errors can occurs in computer
hardware when temperature depart significantly from this optimal range. Also, the risk of circuit
damage from static electricity is increased when humidity drops. In contrast, high humidity can cause
molds to grow and paper products (such as source documents) to swell and jam equipment.
Fire Suppression
Fire is the most serious threat to a firm's computer equipment. Many companies that suffer computer
center fires go out of bussiness because of the loss of critical records, such as account receivable. The
implementation of an effective fire suppression system requires consultation with specialists. However,
some of the major features of such a system include the following :
1. Automatic and manual alarms should be placed in strategic locations around the installation.
These alarms should be connected to permanently staffed fire-fighting stations.
2. There must be an automatic fire extinguishing system that dispenses the appropriate type of
suppressant for the location. For example, spraying water and certain chemicals on a computer
can do as much damage as the fire.
3. Manual fire extinguishers should be placed at strategic location.
4. The building should be of sound construction to withstand water damage caused by fire
suppression equipment.
5. Fire exits should be clearly marked and illuminated during a fire.
Fault Tollerance
Fault tolerance is the ability of the system to continue operation when part of the system fails because
of hardware failure, application program error, or operator error. Implementing fault tolerance control
ensures that no single point of potential system failure exists. Total failure can occur only if multiple
component fail. Two examples of fault tolerance technologies are disscused next.
Audit Objectives
The auditor’s objective is to evaluate the controls governing computer center security. Specially, the
auditor must verify that :
Physical security controls are adequate to reasonably protect the organization from physical
exposure
Insurance coverage on equipment is adequate to compensate the organization for destruction
of, or damage to, its computer center.
Audit Procedures
Disasters such as earthquakes, floods, sabotage, and even power failures can be catastrophic to an
organization’s computer center and information systems. There are three ctegories of disaster that can
rob an organization of its IT resources, such as natural disasters, human-made disasters, and system
failure. Natural disaster such as hurricanes, wide-spread flooding, and earthquakes are the most
potentially devastating of the three from a societal perspective because they can simultaneously impact
many organizations within the affected geographic area. Human-made disasters, such as sabotage or
errors, can be just destructive to an individual organization, but tend to be limited in their scope of
impact. System failures such as power outages or a hard-drive failure are generally less severe, but are
the most likely to occur.
All of these disasters can deprive an organization of its data processing facilities, halt those bussiness
functions that are performed or aided by computers, and impair the organization’s ability to deliver its
products or services. In other words, the company loses its ability to do bussiness. The more dependent
an aorganization is on technology, the more susceptible it is to these types of risks. For bussiness such as
Amazon.com or eBay, the loss of even a few hours of computer processing capability can be
catastrophic.
Disasters of the sort outlined above usually cannot be prevented or evaded. Once stricken, the victim
firm’s survival will be determined by how well and how quickly it reacts. Therefore, with careful
contigency planning, the full impact of a disaster can be absorbed and the organization can recover. To
survive such an event, companies develop recovery procedures and formalize them into a disaster
recovery plan (DRP). This is a comprehensive statement of all actions to be taken before, during, and
after any type of disaster. Although the details of each plan are unique to the needs of the organization,
all workable plans possess four common features :
The remainder of this section is devoted to a discussion of the essential elements of an effective DRP.
For most organization, short-term survival requires the restoration of those functions that generate cash
flows sufficient to satisfy short-term obligations. For examples, assume that the following functions
affect the cash flow position of a particular firm :
The computer applications that support these business functions directly are critical. Hence, these
applications should be identified and prioritized in the restoration plan.
Application priorities may change over time, and these decisions must be reassessed regularly. Systems
are constanly revised and expanded to reflect changes in user requirements. Similarly, the DRP must be
updated to reflect new developments and identify critical applications. Up-to-date priorities may cause
changes in the nature and extent of second-site backup requirements and specific backup procedures,
which are discussed later.
The task of identifying critical items and prioritizing applications requires the active participation of user
departments, accountants, and auditors. Too often, this task is incorrectly viewed as a technical
computer issue and therefore delegated to IT professionals. Although the technical assistance of IT
professionals will be required, this task is a business decision and should be made by those best
equipped to understand the business problem.
Recovering from a disaster depends on timely corrective action. Delays in performing essential tasks
prolongs the recovery period and diminishes the prospects for successful recovery. To avoid serious
omissions or duplication of effort during implementation of the contigency plan, task responsibility must
be clearly defined and communicated to the personnel involved.
Figur 2.7 presents an organizational chart despicting the composition of a disaster recovery team. The
team members should be experts in their areas and have assigned tasks. Following a disaster, team
members will delegate subtasks to their subordinates. It should be noted that traditional control
concerns do not apply in this setting. The environment created by the disaster may make it necessary to
violate control principles such as segregation of duties, access controls, and supervision.
A necessary ingredient in a DRP is that it provides for duplicate data processing facilities following a
disaster. Among the options available the most common are mutual aid pact; empty shell or cold site;
recovery operations center or hot site; and internally provided backup. Each of these is discussed in the
following sections.
A mutual aid pact is an agreement two or more organizations (with compatible computer facilities) to
aid each other with their data processing needs in the event of disaster. In such an event, the host
company must disrupt its processing schedule to process the critical transactions of the disaster-stricken
company. In effect, the host company itself must go into an emergency operation mode and cut back on
the processing of its lower-priority applications to accommodate the sudden increase in demand for its
IT resources.
The popularity of these reciprocal agreements is driven by economics; they are relatively cost-free to
implement. In fact, mutual aid pacts work better in theory than in practice. In the event of a disaster,
the stricken company has no guarantee that the partner company will live up to its promise of
assistance. To rely on such an arrangement for substantive relief during a disaster requires a level of
faith and untested trust that is uncharacteristic of sophisticated management and its auditors.
Empty Shell
The empty shell or cold site plan is an arrangement wherein the company buys or leases a building that
will serve as a data center. In the event of a disaster, the shell is available and ready to receive whatever
hardware the temporary user needs to run essential systems. This approach, however, has a
fundamental weakness. Recovery depends on the timely availability of the necessary computer
hardware to restore the data processing function. Management must obtain assurances through
contracts with hardware vendors that, in the event of a disaster, the vendor will give the company’s
needs priority. An unanticipated hardware supply problem at this critical juncture could be a fatal blow.
A recovery operations center (ROC) or hot site is a fully equipped backup data center that many
companies share. In addition to hardware and backup facilities, ROC providers offer a range of technical
services to their clients, who pay an annual fee for access rights. In the event of a major disaster, a
subscriber can occupy the premises and, within a few hours, resume processing critical applications.
September 11, 2001, wa a true test of the reliability and effectiveness of the ROC approach. Comdisco, a
major ROC provider, had 47 clients who declared 93 separate disasters on the day of the attack. All 47
companies relocated and worked out of ccomdisco’s recovery centers. At one point, 3000 client
employees were working out of the centers. Thousands of computers were configured for clients’ needs
within the first 24 hours, and systems recovery teams were on-site wherever police permitted access. By
September 25, nearly half of the vlients were able to return to their facilities with a fully functional
system.
Although the Comdisco story illustrates a ROC success, it also points to a potential problem with this
approach. A widespread natural disaster, such as a flood or an earthquake, may destroy the data
processing capabilities of several ROC members located in the same geographic area. All the victim
companies will find themselves vying for access to the same limited facilities. Because some ROC
providers oversell their capacity by a ratio of 20:1, the situation is analogous to a sinking ship that has an
inadequate number of lifeboats.
The period of confusion following a disaster is not an ideal time to negotiate property rights. Therefore,
before entering into a ROC arrangement, management should consider the potential problems of
overcrowding and geographic clustering of the current membership.