State Of Controls In Afri-Wire
1.1 Outline how you intend to respond to the managing director’s comments in your report to the board of directors on the state of controls in Afri-Wire computer operations.
We have recently completed an audit for Afri-Wire company and found that the long tems disater recovery management controls have not been put in place, which cause the company to be at risk.A control structure, which provides assurances of integrity, reliability, and validity, must be designed, developed, and implemented in order to provide perfect service which is intergrated through the network. The following activities need to be implementing in the company and also in the disaster recovery plan regularly : conduct IT service analysis, provide employee training, …show more content…
Managing director argues that for three reasons it is not cost- effective to prepare a long-term disaster recovery plan and to practice recovery protocols on a regular basis:
• First, she believes a plan is useless because, in the event of a major disaster, timely recovery is impossible anyway. She points out that it would take several days for the telephone company to reconfigure all the data communication lines to another site. Even if Afri-Wire had another switch available immediately, it would not operate during this period.
Response:
The most salient indicator of a well-prepared company is the extent of its backup activities because natural disasters can destroy physical computers and supporting infrastructure. The company can use offsite locations for data storage and backup by mease of creating a hot sites that can be created in a different geographical location, with the replication of data so that when a disaster occurs,the backup can be used immediately without delay.(JIBC April 2010, Vol. 15, …show more content…
The COSO framework
It has been identified by the SEC as a good starting ground for Sarbanes compliance. It addresses accounting controls over business operations and the financial reporting process; however, it does not make specific reference to IT controls.
b. COBIT
Which is published by ISACA (the InformationSystems Audit and Control Association), was created to address IT controls not specifically mentioned in the COSO framework. It is going to be a guideline for the entity-level assessment focusing on IT security controls. Primary emphasis of CoBiT is to ensure that information needed by businesses is provided by technology and the required assurance qualities of information are both met. (Sandra Senft &Frederick Gallegos 2012)
c. The Information Technology Infrastructure Library (ITIL)
Is a set of concepts and techniques for managing information technology (IT) infrastructure, development, and operations.It will assist in improving decision making and optimized risk.
d. Sarbanes-Oxley Act is arranged into 11 “Titles”. With regards to compliance, the most important sections within the 11 titles that could be used to support the audit is listed below: (Janet
We have recently completed an audit for Afri-Wire company and found that the long tems disater recovery management controls have not been put in place, which cause the company to be at risk.A control structure, which provides assurances of integrity, reliability, and validity, must be designed, developed, and implemented in order to provide perfect service which is intergrated through the network. The following activities need to be implementing in the company and also in the disaster recovery plan regularly : conduct IT service analysis, provide employee training, …show more content…
Managing director argues that for three reasons it is not cost- effective to prepare a long-term disaster recovery plan and to practice recovery protocols on a regular basis:
• First, she believes a plan is useless because, in the event of a major disaster, timely recovery is impossible anyway. She points out that it would take several days for the telephone company to reconfigure all the data communication lines to another site. Even if Afri-Wire had another switch available immediately, it would not operate during this period.
Response:
The most salient indicator of a well-prepared company is the extent of its backup activities because natural disasters can destroy physical computers and supporting infrastructure. The company can use offsite locations for data storage and backup by mease of creating a hot sites that can be created in a different geographical location, with the replication of data so that when a disaster occurs,the backup can be used immediately without delay.(JIBC April 2010, Vol. 15, …show more content…
The COSO framework
It has been identified by the SEC as a good starting ground for Sarbanes compliance. It addresses accounting controls over business operations and the financial reporting process; however, it does not make specific reference to IT controls.
b. COBIT
Which is published by ISACA (the InformationSystems Audit and Control Association), was created to address IT controls not specifically mentioned in the COSO framework. It is going to be a guideline for the entity-level assessment focusing on IT security controls. Primary emphasis of CoBiT is to ensure that information needed by businesses is provided by technology and the required assurance qualities of information are both met. (Sandra Senft &Frederick Gallegos 2012)
c. The Information Technology Infrastructure Library (ITIL)
Is a set of concepts and techniques for managing information technology (IT) infrastructure, development, and operations.It will assist in improving decision making and optimized risk.
d. Sarbanes-Oxley Act is arranged into 11 “Titles”. With regards to compliance, the most important sections within the 11 titles that could be used to support the audit is listed below: (Janet