Advanced Accounting Information Systems
Advanced Accounting Information Systems
Day 21
Systems Availability and Business Continuity
October 12, 2009
AnnouncementsAnnouncements
– Return quiz 4– Assignment 4– Graduate student papers – disaster
recovery planning, recovery from 9/11, Katrina, etc.
– Midterm on October 23– No class on October 26
ObjectivesObjectives
Understand system availability and business continuity and recognize differences between the two
Comprehend incident response systems and their role in achieving the system availability objective
Explain disaster recovery planning objectives and its design, implementation, and testing requirements
Comprehend the link between business continuity and disaster recovery
Understand the role of backup and recovery in disaster recovery plans
Gray CaseGray Case
What factors contributed to this situation? What internal controls could have reduced
the likelihood that this situation occurred? What computer auditing/monitoring
techniques could the Grays develop to reduce the possibility that a similar situation will occur in the future?
Questions for todayQuestions for today
Identify at least one difference between systems availability and business continuity
Why is disaster recovery planning important?
Is disaster recovery planning cost beneficial?
Power outage example at Northwest AirlinesPower outage example at Northwest Airlines
Problem relates to systems availability Business continuity ‘mere power outage’ morning of July 15 in Eagan MN restored in 45
minutes but operated for a prolonged period of time in a degraded manner
– Over 5 minutes to print boarding ticket
– Automated check-in terminals did not work
– Issued manual boarding passes that could not be scanned at the gate – thus passenger database needed to be updated later
– Manual luggage check in
– Impact – loss of revenue, impact on image, customer dissatisfaction, inconvenience and frustration on the part of the airline employee and travelers, additional costs of manual processing
Two worriesTwo worries
Business continuity
Systems availability
Incident ResponseIncident Response
Incident
Questions as incident is identified (order is important)
Incident response team
Nature of response
Preventive measures
Disaster RecoveryDisaster Recovery
Disaster
Postdisaster phases– Response phase– Resumption phase– Recovery phase– Restoration phase– Timeliness of action– Value of recovery
Disaster Recovery PlanningDisaster Recovery Planning
Components of planning (discuss processes and resources rather than details)
Assessing potential losses: disaster impact analysis Value-based recovery planning
Finding criticality Disaster recovery strategies
Disaster Recovery PlanningDisaster Recovery Planning
Recovery locations – New York Board of Trade – New Orleans business recovery
Disaster recovery teams
Disaster Recovery PlanningDisaster Recovery Planning
Disaster readiness– Walkthroughs– Rehearsals– Compliance (live) testing
Business Continuity PlanningBusiness Continuity Planning
Totality of plans made to recover the business operations following a disaster
Business impact analysis
Business recovery
Assurance ConsiderationsAssurance Considerations
Method– Is top management supportive of maintaining a sound systems availability and
business continuity plan? Are adequate resources devoted to this plan? – How is criticality defined? Is it complete and adequate for changing needs of
business?– Are key systems and business processes carefully identified?
Content– Is source(s) of information used to prepare BCP reliable?– What is the quality of instruments and methods used to gather data?– Does BCP reflect recent changes in business, recent acquisitions, mergers?
Live testing– How often is testing performed?– Who is in charge? Are personnel warned ahead of time?– Are test results documented? Is there a follow-up process that may modify plan
if problems are discovered during testing?
Questions for WednesdayQuestions for Wednesday
Exercises 9 and 11
Top Related