Dec 11, 2012

Job Scheduling and Back-up Controls

Quality Workshop
0

Session dos and don'ts
Cell phones on silent mode/switched off
Please avoid cross-talk
Feel free to ask questions in case of doubt
Laptops would not be required
1

Agenda
2
Introduction
IT Risks and IT Consideration
Job Scheduling Controls
Backup Controls
General Pitfalls
Question and Answers
Introduction
3
Job Scheduling
Scheduling jobs for
Processing Automation
Pool system resources & Multitasking
System throughput & Job waiting
Job schedulers
Tivoli (Linux)
Control-M
Tidal Enterprise Scheduler
Zeke (Mainframe)

Introduction
Backups
Backing up data as part of Business Continuity Plan
Types of Backups
Incremental / Full Backup
Frequency Daily/Weekly/Monthly/Annual
Tape Backup/ Replication or Mirroring
Tape Backups Iron Mountain
Virtual Backup Symantec NetBackup
4
IT Risk - Consideration
IT Considerations IT Risk
Scheduling and monitoring
of processing jobs
Data recorded, processed, and reported may not remain
complete, accurate and valid throughout the update and
storage process. Further, unauthorized changes to
scheduled data transfers between systems could result in
inaccurate processing of financial data. Reliance on systems
or programs that are inaccurately processing data, processing
inaccurate data, or both, could impact management's ability
to effectively utilize data within such systems.
Access to job scheduler
Backup scheduling and
monitoring
Data is not appropriately maintained such that financial data
remains complete, accurate, and valid during the storage
process. Potential loss of data could impact management's
ability to effectively utilize data within such systems.
Offsite storage of backup
media
Restorability of backups
5
Job Scheduling Control
USGENGC1000
Operations are appropriately managed to support the scheduling, execution, monitoring, and continuity of
IT programs and processes for the complete, accurate, and valid processing and recording of financial
transactions.
Control Activities
USGENGC100 Batch and online processing procedures are defined and executed so that jobs and/or transactions are
processed to normal completion or are recovered and reprocessed.
USGENGC101 Automated scheduling tools have been implemented for the authorization and completeness of the flow of
processing. Management approves all changes to the job schedule.
USGENGC102 Processing is monitored by management for successful and timely completion. Exceptions to normal
processing are reviewed by management, and promptly resolved to provide for accurate, complete and authorized
processing.
USGENGC103 Transaction logs are used to track processing through the system and are used to verify the authorization
and integrity of real-time processing performed.
USGENGC109 Access to production processing control language, automated scheduling tools, and executable programs
is defined to restrict the ability to execute, modify, delete, or create to appropriate individuals.
6
Backup Controls
USGENGC1010
Data is appropriately managed to provide reasonable assurance that financial data remains complete,
accurate, and valid throughout the update and storage process.
Control Activities
USGENGC111 Management and users plan and schedule backup and retention of data and erasure and release of media
when retention is no longer required. Management periodically reviews retention and releases records.
USGENGC112 Automated data retention tools have been approved by management and implemented to manage the
backup and retention data plan and schedule.
USGENGC113 All media (tapes, manuals, guides) are properly labeled and timely stored in a secured environmentally
controlled location to minimize risk that data is lost.
USGENGC114 Backups are archived off-site to minimize risk that data is lost.
USGENGC115 Ongoing readability of backup and retained data is tested periodically through restoration or other
methods.
7
Common Pitfalls
Type of control?
Manual v/s Automated v/s Both
Scheduling v/s Monitoring?
Need to check the job schedule prior to the logs
Failed Jobs?
Sampling

8
=
Evidences to be obtained
Job Schedule Screenshot
Job completion
Logs
Notifications
Resolution of failed backup jobs
Incident Tickets
Job re-run
Backup Schedules and policy
Frequency
Incremental/Full


9
Testing example

Sample test sheet and evidences
11
Remember:

If you dont have time
to do it right the first time,
when will you have time to do it over?
12
Question & Answers Session