DISASTER RECOVERY PLAN Hexagon is an online retailer of exotic foods including spices from around the world, canned sauces, and prepackaged breads such as tortillas and naan. The company does 100 percent of its business over the Internet to consumers and through private networks with retail trading partners. Recently, Hexagon moved its sales and business headquarters functions into a warehouse on the outskirts of San Francisco. Prior to the move, the company engaged the services of an architect to redesign the facility to be modern yet in keeping with the original character of the building. While remodeling the warehouse, the architects retained the wooden-shingled exterior and the exposed wooden beams throughout the interior. The data processing center, which contained the servers and networked terminals, was situated in a large open area with high ceilings and skylights. The center was made accessible to the rest of the staff to be consistent with the firm’s philosophy of removing barriers and encouraging a team approach to problem solving. Before occupying the new facility, city inspectors declared the building to be compliant with all relevant building codes. In a recent compliance audit, Hexagon’s auditors advised the company’s management to develop a disaster recovery plan. Toward this end, the company entered into a mutual aid agreement with several other firms in the area that had similar technology systems. These firms all agreed verbally to provide emergency assistance to each other in the event of disasters or emergencies. In addition, Hexagon implemented a data backup system in which all files are copied daily to tapes and disks and each week the backup storage devices are taken to an offsite facility where they are secured. The operator’s manual with instructions on how to restore the system is stored in the main data processing area along with a list of names and phone numbers of key IT professionals to contact in case of an emergency. Required a. Describe the internal control weaknesses present at Hexagon. b. List the components that should be included in a disaster recovery plan for a company like Hexagon. c. What factors, other than those included in the plan itself, should a company consider when formulating a disaster recovery plan?

BuyFind

Accounting Information Systems

10th Edition
Hall + 1 other
Publisher: Cengage Learning,
ISBN: 9781337619202
BuyFind

Accounting Information Systems

10th Edition
Hall + 1 other
Publisher: Cengage Learning,
ISBN: 9781337619202

Solutions

Chapter
Section
Chapter 14, Problem 7P
Textbook Problem

DISASTER RECOVERY PLAN

Hexagon is an online retailer of exotic foods including spices from around the world, canned sauces, and prepackaged breads such as tortillas and naan. The company does 100 percent of its business over the Internet to consumers and through private networks with retail trading partners. Recently, Hexagon moved its sales and business headquarters functions into a warehouse on the outskirts of San Francisco. Prior to the move, the company engaged the services of an architect to redesign the facility to be modern yet in keeping with the original character of the building. While remodeling the warehouse, the architects retained the wooden-shingled exterior and the exposed wooden beams throughout the interior. The data processing center, which contained the servers and networked terminals, was situated in a large open area with high ceilings and skylights. The center was made accessible to the rest of the staff to be consistent with the firm’s philosophy of removing barriers and encouraging a team approach to problem solving. Before occupying the new facility, city inspectors declared the building to be compliant with all relevant building codes.

In a recent compliance audit, Hexagon’s auditors advised the company’s management to develop a disaster recovery plan. Toward this end, the company entered into a mutual aid agreement with several other firms in the area that had similar technology systems. These firms all agreed verbally to provide emergency assistance to each other in the event of disasters or emergencies. In addition, Hexagon implemented a data backup system in which all files are copied daily to tapes and disks and each week the backup storage devices are taken to an offsite facility where they are secured.

The operator’s manual with instructions on how to restore the system is stored in the main data processing area along with a list of names and phone numbers of key IT professionals to contact in case of an emergency.

Required

  1. a. Describe the internal control weaknesses present at Hexagon.
  2. b. List the components that should be included in a disaster recovery plan for a company like Hexagon.
  3. c. What factors, other than those included in the plan itself, should a company consider when formulating a disaster recovery plan?

Expert Solution

Want to see the full answer?

Check out a sample textbook solution.

Want to see this answer and more?

Experts are waiting 24/7 to provide step-by-step solutions in as fast as 30 minutes!*

*Response times vary by subject and question complexity. Median response time is 34 minutes and may be longer for new subjects.

Chapter 14 Solutions

Accounting Information Systems
Ch. 14 - What are the three primary IT functions that must...Ch. 14 - What exposures does data consolidation in an IT...Ch. 14 - Differentiate between general and application...Ch. 14 - What are the primary reasons for separating...Ch. 14 - What problems may occur as a result of combining...Ch. 14 - Why is poor-quality systems documentation a...Ch. 14 - What is the role of a corporate computer services...Ch. 14 - What are the five control implications of...Ch. 14 - List the control features that directly contribute...Ch. 14 - What is fault tolerance?Ch. 14 - What is RAID?Ch. 14 - What is the purpose of an audit?Ch. 14 - Discuss the concept of independence within the...Ch. 14 - What is the meaning of the term attest service?Ch. 14 - What are assurance services?Ch. 14 - What are the conceptual phases of an audit? How do...Ch. 14 - Distinguish between internal and external...Ch. 14 - What are the four primary elements described in...Ch. 14 - Explain the concept of materiality.Ch. 14 - What tasks do auditors perform during audit...Ch. 14 - Distinguish between tests of controls and...Ch. 14 - What is audit risk?Ch. 14 - Distinguish between errors and irregularities....Ch. 14 - Distinguish between inherent risk and control...Ch. 14 - What is the relationship between tests of controls...Ch. 14 - List the four general control areas.Ch. 14 - What types of documents would an auditor review in...Ch. 14 - What are some tests of physical security controls?Ch. 14 - What are the often-cited benefits of IT...Ch. 14 - Define commodity IT asset.Ch. 14 - Define specific asset.Ch. 14 - List five risks associated with IT outsourcing.Ch. 14 - Discuss the key features of Section 302 of SOX.Ch. 14 - Discuss the key features of Section 404 of SOX.Ch. 14 - Section 404 requires management to make a...Ch. 14 - Explain how general controls impact transaction...Ch. 14 - Prior to SOX, external auditors were required to...Ch. 14 - Does a qualified opinion on internal controls over...Ch. 14 - The PCAOB Standard No. 5 specifically requires...Ch. 14 - What fraud detection responsibilities (if any)...Ch. 14 - Explain at least three forms of computer fraud.Ch. 14 - A bank in California has 13 branches spread...Ch. 14 - Compare and contrast the following disaster...Ch. 14 - Who should determine and prioritize the critical...Ch. 14 - Discuss the differences between the attest...Ch. 14 - Define the management assertions of existence or...Ch. 14 - An organizations internal audit department is...Ch. 14 - Discuss why any distinction between IT auditing...Ch. 14 - Discuss how the process of obtaining audit...Ch. 14 - Some internal controls can be tested objectively....Ch. 14 - Give a specific example, other than the one in the...Ch. 14 - Discuss the subjective nature of auditing computer...Ch. 14 - Explain the outsourcing risk of failure to...Ch. 14 - Explain vendor exploitation.Ch. 14 - Explain why reduced security is an outsourcing...Ch. 14 - Explain how IT outsourcing can lead to loss of...Ch. 14 - Explain the role of Statement on Standards for...Ch. 14 - How do SSAE 16 Type 1 and Type 2 differ?Ch. 14 - How are the carve-out and inclusive methods of...Ch. 14 - Which of the following is NOT a task performed in...Ch. 14 - Which of the following is the best example of an...Ch. 14 - Which of the following statements is true? a. Both...Ch. 14 - Which of the following is NOT a control concern in...Ch. 14 - Which of the following disaster recovery...Ch. 14 - Which of the following is NOT a potential threat...Ch. 14 - Which of the following is NOT requirement of...Ch. 14 - Which of the following is NOT a requirement in...Ch. 14 - Which of the following is associated with the...Ch. 14 - Which of the following is not true about the SSAE...Ch. 14 - PHASES OF AN AUDIT: COMPENSATING GENERAL CONTROLS...Ch. 14 - DATA CENTER SECURITY The auditors of a financial...Ch. 14 - DISTRIBUTED PROCESSING SYSTEM The internal audit...Ch. 14 - DISASTER RECOVERY PLANNING CONTROVERSY The...Ch. 14 - SEPARATION OF DUTIES Transferring people from job...Ch. 14 - DISASTER RECOVERY SERVICE PROVIDERS Explain the...Ch. 14 - DISASTER RECOVERY PLAN Hexagon is an online...Ch. 14 - INTERNAL CONTROL AND DISTRIBUTED SYSTEMS The ABC...Ch. 14 - INTERNAL CONTROL RESPONSIBILITY FOR OUTSOURCED IT...Ch. 14 - COMPETING SCHOOLS OF THOUGHT REGARDING OUTSOURCING...Ch. 14 - DISTRIBUTED DATA PROCESSING Explain why an...Ch. 14 - Last year Johnson Industrials entered into a...Ch. 14 - Evergreen Corp has recently hired a CIO with...

Additional Business Textbook Solutions

Find more solutions based on key concepts
How are inflation and unemployment related in the short run?

Brief Principles of Macroeconomics (MindTap Course List)

Should an economic model describe reality exactly?

Essentials of Economics (MindTap Course List)

What is target costing? Describe how costs are reduced so that the target cost can be met.

Managerial Accounting: The Cornerstone of Business Decision-Making

PRESENT AND FUTURE VALUES Of A CASH FLOW STREAM An investment will pay 100 at the end of each of the next 3 sta...

Fundamentals of Financial Management, Concise Edition (with Thomson ONE - Business School Edition, 1 term (6 months) Printed Access Card) (MindTap Course List)

Explain how to calculate a predetermined overhead rate.

College Accounting, Chapters 1-27 (New in Accounting from Heintz and Parry)