INDEX  

Charter
Goals and Objectives
Why Me? (FAQs)
Common Audit Issues 
Self-Assessment Tools 
Reporting Fraud,
Waste, or Abuse
 
Student Internships 
 
Other Useful Sites
Staff
Internal Audit Home 
  

Longwood University 
Internal Audit 
201 High Street 
Farmville, VA  23909 
Phone: (434)395-2283 
Fax: (434)395-2229
 

 
Internal Audit

 

Information Systems

 

Backup and Operations Continuation Plan

1. Are backups of data performed regularly?

  • Ideal Answer: YES. Full backups should be routinely performed based upon the data volume and the difficulty of data reconstruction. In general, nightly backup minimizes the risk of data loss. This routine control will prevent any loss of data if a temporary interruption should occur.

2. Are backups of departmentally authored programs performed?

  • Ideal Answer: YES. Non-commercial program backups should also be periodically performed.

3. If backups are being performed, then

A. Do you have written backup procedures for programs and/or data?

    • Ideal Answer: YES. These routine backup procedures should be documented and easily accessible to employees in the event of a temporary interruption or staffing changes.

B. Is a copy of backup media maintained offsite for programs and/or data?

    • Ideal Answer: YES. An offsite (secondary) location must be used for backup media storage. In the event of a fire, natural disaster, vandalism or a theft at the primary business location, this will prevent loss of both on-line and backup data.

C. Are backup copies, which are maintained offsite and at the primary office, protected against unauthorized access?

    • Ideal Answer: YES. As with data stored at the primary office location, offsite backups should be protected against unauthorized users.

D. Has the use of backup files been tested?

    • Ideal Answer: YES. Backup files aren't worth maintaining if they can not restore the original data. Testing the backup files will ensure backup file integrity should the primary files get destroyed.

4. Do you have an operations continuation plan?

  • Ideal Answer: YES. All computer operations must have a continuation plan. This plan should be in writing so it is available to staff in the event of an emergency. In addition, training in the execution of the plan should be included and practiced.

Virus Protection

5. Do you have a memory resident virus protection program on your computers and are they periodically updated?

  • Ideal Answer: YES. All computers must have a memory resident virus protection program loaded and updated on a periodic basis. These programs help prevent your computer from getting infected with a destructive computer virus.

Software

6. Does your division/department have a software use policy for users? A software use policy is one in which the users are informed that they are only to use authorized software installed on their workstation. This policy includes a statement on what to do if the user has software (demos, trial versions, freeware, shareware, etc.) that they want to use on their workstation.

  • Ideal Answer: YES. All divisions/departments must have a software use policy, to provide guidance to users in areas of appropriate use, computer responsibility, foreign software, security, etc.

7. Protection of software copyrights:

A. Is a software inventory maintained and periodically updated?

    • Ideal Answer: YES. A periodic software inventory is vital in identifying any unauthorized or missing software. Maintenance of this inventory is essential in documenting authorized software additions, upgrades, or deletions.

B. Is there an established procedure to ensure compliance with licensing agreements?

    • Ideal Answer: YES. A control must be in place to ensure no unauthorized licensing agreements are entered into without proper approval. The administrator's co-signature on all hardware/software purchases would reduce the risk of unauthorized agreements.

 

Comments about the Internal Audit web pages, please contact Margaret Lindsay

Last updated on December 18, 2006.