Final IT BCP Audit E cover

icon

32

pages

icon

Slovak

icon

Documents

Écrit par

Publié par

Le téléchargement nécessite un accès à la bibliothèque YouScribe Tout savoir sur nos offres

icon

32

pages

icon

Slovak

icon

Documents

Le téléchargement nécessite un accès à la bibliothèque YouScribe Tout savoir sur nos offres

Information Technology Business Continuity Planning Audit January 2007 Paper ISBN: SG5-14/2007E Cat. No.: 978-0-662-46438-9 PDF ISBN: SG5-14/2007E-PDF Cat. No.: 978-0-662-46439-6 Information Technology Business Continuity Planning Audit January 2007 Project Number: 6720 Audit Team: A/Chief Audit Executive: Barbara McNab A/Director General: Stuart Saint IT Audit Director: Paul LePage IT Audit Manager: Mike Winterburn IT Auditors: Francois-Michel Brière Sandra O’Connor Denis L. Tisseur (Spearhead, Inc.) Table of Contents EXECUTIVE SUMMARY ............................................................................................... i 1.0 INTRODUCTION................................................................................................. 1 1.1 BACKGROUND.............................................................................................. 1 2.0 FINDINGS............................................................................................................. 2 2.1 PLANNING & ORGANIZATION....................................................................... 3 2.1.1 PROTECTED ................................................................................3 2.1.2 Assessment of risk is ...
Voir icon arrow

Publié par

Langue

Slovak

             
Information Technology Business Continuity Planning Audit   January 2007
                          Paper ISBN: Cat. No.:  PDF ISBN: Cat. No.:
 
SG5-14/2007E 978-0-662-46438-9
SG5-14/2007E-PDF 978-0-662-46439-6
        
Information Technology Business Continuity Planning Audit
            Project Number:6720  Audit Team:  A/Chief Audit Executive: A/Director General: IT Audit Director: IT Audit Manager: IT Auditors:         
January 2007
Barbara McNab Stuart Saint Paul LePage Mike Winterburn Francois-Michel Brière Sandra O’Connor Denis L. Tisseur (Spearhead, Inc.)
                                         
 
Table of Contents
 EXECUTIVE SUMMARY ............................................................................................... i 1.0 INTRODUCTION................................................................................................. 1 1.1 BACKGROUND.............................................................................................. 1 2.0 2..........................................................................................................FINDINGS... 2.1 PLANNING& ORGANIZATION....................................................................... 3 2.1.1 PROTECTED                  ................................................................................3 2.1.2 Assessment of risk is being performed .................................................................5 2.2 DELIVERY ANDSUPPORT............................................................................. 8 2.2.1 PROTECTED     .....................................................................8 2.2.2 Operations are being managed ...........................................................................12 2.2.3 PROTECTED............................................................1.3........................ 2.2.4 Compliance with external requirements is achieved...........................................13 Appendix A – Terms of Reference ................................................................................ 15 Appendix B – Management Action Plan....................................................................... 17    
 
Information Technology Business Continuity Planning Audit
PROTECTED
EXECUTIVE SUMMARY According to Public Safety and Emergency Preparedness Canada (PSEPC), “a Business Continuity Plan (BCP) enables critical services or products to be continually delivered to clients. Instead of focusing on resuming a business after critical operations have ceased, or recovering after a disaster, a business continuity plan endeavours to ensure that critical operations continue to be available.”  The audit’s objectives were to review the appropriateness of the department’s IT BCPs by assessing the IT BCPs with emphasis on planning and organization, and delivery and support.        Audit Conclusion:  The audit concluded that most of the departments’ IT environments have appropriate BCPs, however, some risks were noted that should be addressed to ensure continuity of IT services.  Historically, the department’s ITCs have developed, implemented and strengthened controls within the mainframe environment.          Please note that the following recommendations are numbered (e.g. #1, #2) in the chronological order that they appear in this report and have not yet been prioritized by management.  
PROTECTED
Service Canada, Internal Audit Branch
i
Information Technology Business Continuity Planning Audit
                      
Servcie aCanad,I netran lAuidt Branhc  
PROTECTED
Information Technology Business Continuity Planning Audit
                     
PROTECTED
Servcie aCanad,I nterna lAuidt Branhc  
ii
iv
Information Technology Business Continuity Planning Audit
  
Servcie aCanda,I netran luAidt Branch  
Information Technology Business Continuity Planning Audit
1.0 INTRODUCTION 1.1 Background In accordance with Treasury Board Secretariat’s Internal Audit Policy, SDC’s Audits and Evaluation Directorate (AED) created an audit plan which was approved by SDC’s Audit and Evaluation Committee. One of the assurance audits within this plan is the Information Technology (IT) Business Continuity Planning (BCP) Audit.  According to Public Safety and Emergency Preparedness Canada (PSEPC), “a Business Continuity Plan enables critical services or products to be continually delivered to clients. Instead of focusing on resuming a business after critical operations have ceased, or recovering after a disaster, a business continuity plan endeavours to ensure that critical operations continue to be available.”  As stated within the industry standard, Information Systems Audit and Control Association’s (ISACA) periodical “Information Systems Control Journal, Volume 4, 2005”, business continuity management is an ongoing process of risk assessment and management with the purpose of ensuring that the business can continue if risks materialize. These risks could be from external environments such as power failure or from within, such as deliberate or accidental damage to systems. Business continuity is not just concerned with disaster recovery; it addresses anything that could affect the continuity of service (business, administrative and IT functions). BCP provides a balance between acceptable potential losses and acceptable costs.         The audit’s objectives were to provide assurance that the IT BCPs meet an appropriate level of quality by assessing the department’s IT BCPs with emphasis on planning and organization and delivery and support.      
PROTECTED
PROTECTED
Service Canada, Internal Audit Branch
1
Voir icon more
Alternate Text