Internal Controls Problem 8-6

Response:

a. The computer security weaknesses present at Gleicken Corporation that made it possible

for a disastrous data loss to occur include:

• housing the data processing facility in a building with exposed wooden beams and

a wooden-shingled exterior rather than one constructed of fire retardant materials.

• absence of a sprinkler (Halon) system and a fire suppression system under a raised

floor and no fire doors.

• an online system with infrequent (weekly) tape backups. Backups, with

checkpoints and restarts, should be performed at least daily. Grandfather and

father backup files should be retained at a secure off-site storage location.

• poor data storage. Data and programs should have been kept in a library separate

from the data processing room, with the library area constructed of fire retardant

materials.

• lack of a written disaster recovery plan with arrangements in place to use an

alternate off-site computer center in the event of a disaster or an extended service

interruption.

• a phone list of DP personnel without assigned responsibilities for specific actions

to be taken when needed.

• lack of complete systems documentation outside the data processing area.

b. The components that should have been in the disaster recovery plan at Gleicken

Corporation in order to ensure computer recovery within 72 hours include:

• development of a written disaster recovery plan, with review and approval by

senior management, data processing management, end-user management, and

internal auditors.

• backup of data and programs stored at an off-site location that will be quickly

accessible in an emergency.

• organization of a disaster recovery team. The company should select the disaster

recovery manager, identify the tasks, segregate personnel into teams, develop an

organizational chart for disaster procedures, match personnel to team skills and...