Session dos and don'ts Cell phones on silent mode/switched off Please avoid cross-talk Feel free to ask questions in case of doubt Laptops would not be required 1
Agenda 2 Introduction IT Risks and IT Consideration Job Scheduling Controls Backup Controls General Pitfalls Question and Answers Introduction 3 Job Scheduling Scheduling jobs for Processing Automation Pool system resources & Multitasking System throughput & Job waiting Job schedulers Tivoli (Linux) Control-M Tidal Enterprise Scheduler Zeke (Mainframe)
Introduction Backups Backing up data as part of Business Continuity Plan Types of Backups Incremental / Full Backup Frequency Daily/Weekly/Monthly/Annual Tape Backup/ Replication or Mirroring Tape Backups Iron Mountain Virtual Backup Symantec NetBackup 4 IT Risk - Consideration IT Considerations IT Risk Scheduling and monitoring of processing jobs Data recorded, processed, and reported may not remain complete, accurate and valid throughout the update and storage process. Further, unauthorized changes to scheduled data transfers between systems could result in inaccurate processing of financial data. Reliance on systems or programs that are inaccurately processing data, processing inaccurate data, or both, could impact management's ability to effectively utilize data within such systems. Access to job scheduler Backup scheduling and monitoring Data is not appropriately maintained such that financial data remains complete, accurate, and valid during the storage process. Potential loss of data could impact management's ability to effectively utilize data within such systems. Offsite storage of backup media Restorability of backups 5 Job Scheduling Control USGENGC1000 Operations are appropriately managed to support the scheduling, execution, monitoring, and continuity of IT programs and processes for the complete, accurate, and valid processing and recording of financial transactions. Control Activities USGENGC100 Batch and online processing procedures are defined and executed so that jobs and/or transactions are processed to normal completion or are recovered and reprocessed. USGENGC101 Automated scheduling tools have been implemented for the authorization and completeness of the flow of processing. Management approves all changes to the job schedule. USGENGC102 Processing is monitored by management for successful and timely completion. Exceptions to normal processing are reviewed by management, and promptly resolved to provide for accurate, complete and authorized processing. USGENGC103 Transaction logs are used to track processing through the system and are used to verify the authorization and integrity of real-time processing performed. USGENGC109 Access to production processing control language, automated scheduling tools, and executable programs is defined to restrict the ability to execute, modify, delete, or create to appropriate individuals. 6 Backup Controls USGENGC1010 Data is appropriately managed to provide reasonable assurance that financial data remains complete, accurate, and valid throughout the update and storage process. Control Activities USGENGC111 Management and users plan and schedule backup and retention of data and erasure and release of media when retention is no longer required. Management periodically reviews retention and releases records. USGENGC112 Automated data retention tools have been approved by management and implemented to manage the backup and retention data plan and schedule. USGENGC113 All media (tapes, manuals, guides) are properly labeled and timely stored in a secured environmentally controlled location to minimize risk that data is lost. USGENGC114 Backups are archived off-site to minimize risk that data is lost. USGENGC115 Ongoing readability of backup and retained data is tested periodically through restoration or other methods. 7 Common Pitfalls Type of control? Manual v/s Automated v/s Both Scheduling v/s Monitoring? Need to check the job schedule prior to the logs Failed Jobs? Sampling
8 = Evidences to be obtained Job Schedule Screenshot Job completion Logs Notifications Resolution of failed backup jobs Incident Tickets Job re-run Backup Schedules and policy Frequency Incremental/Full
9 Testing example
Sample test sheet and evidences 11 Remember:
If you dont have time to do it right the first time, when will you have time to do it over? 12 Question & Answers Session