It Audit

5465 Words Dec 16th, 2012 22 Pages
| Risk & Control Assessment | | Control Matrix – Narratives - Summary |

| Risk & Control Assessment | | Control Matrix – Narratives - Summary |

Bob, Inc

November 14, 2012
Authored by: Sara Colle, Aaron Hughes, Mohammed Kahn, Paul Koller
Bob, Inc

November 14, 2012
Authored by: Sara Colle, Aaron Hughes, Mohammed Kahn, Paul Koller

interoffice memorandum to: Jim Reinhard, ceo from: group 1 subject: risk assessment report date: 11/14/2012 cc: Mr. Reinhard,
We have completed our risk assessment as requested by management. The following report will take you through our completed risk matrix, narratives about the risks and controls, and provide a summary of our findings. The areas covered
…show more content…
2.6. Exercises — Employees should participate in regularly scheduled practice drills of the BCM program and BC plans. Bob Inc.’s IT Management confirmed that full test is done annually including some or all exercises such as: Desk check, orientation or plan walk through, tabletop exercise, communication testing, IT environment walkthrough, alternate site testing, end-to-end testing. 2.7. Maintenance — The BCM capabilities and documentation must be maintained to ensure that they remain effective and aligned with business priorities. Bob Inc.’s IT Management reinforced this component is part of the BCP/DR.
Testing the maturity of each of the above components helps understand the quality of BCP/DR plan. To evaluate maturity, GTAG suggests five levels in order: initial, repeatable, defined, managed, and optimizing. While we realize the importance of the above controls, our location is not in a high risk area for disasters which leads us to consider these non-key controls. If our facilities were in a moderate or high risk area for disasters we would consider these key controls. Absence of these control components will not result in the risk of the organization not meeting a strategic, reporting, operations, or compliance objective.
Physical / Environmental Security Controls 1. RISK – Unauthorized access to data center/storage facility 2.1. Our proposed control is that access to data center is

More about It Audit