It Audit Checklist Sample' title='It Audit Checklist Sample' />Information Technology Audit Checklist Best Practices. Your best bet would be to visit sites like knowledgeleader and infotech, they have tons of documentation andtemplates with questionnaires. Heres an example. This is the final section of a thirteen part mainframe data center general controls questionnaire. The questionnaire covers the following areas. Organization and Management Computer Operations Physical Security Environmental Controls Program, Data File and Transaction Security Security Administration Applications Systems Development and Maintenance Systems Software Support Vendor Support Data Base Administration Hardware and Software Inventory Management Telecommunications Continuity of Operations. Operations continuity deals with the notion that a business should be able to survive even if a disastrous event occurs. Rigorous planning and commitment of resources is necessary to adequately plan for such an event. Contingency planning is the primary responsibility of senior management as they are entrusted with the safeguarding of both the assets of the company and the viability of the company. Below is a sample configuration audit checklist for FCA and PCA. The Project Managers can use the following checklist as a reference for the readiness of the audit. It Audit Checklist Sample' title='It Audit Checklist Sample' />A handy audit checklist for the BRCIOP Standard Issue 4. Remember. This part of the questionnaire covers the following continuity of operations topics. The Disaster Recovery Plan DRP 2. Critical Applications 3. Backup 3. Testing 3. Insurance 4. The Disaster Recovery Plan DRP. Does the DRP identify a critical recovery time period during which business processing must be resumed before suffering significant or unrecoverable losses Does the DRP include strategies for the following procedures a. Criteria for determining whether the situation is a disaster b. Procedures for declaring a disaster and invoking the plan c. It Audit Checklist Sample' title='It Audit Checklist Sample' />Reacting to a variety of crises d. How Old Is Ricky Bell From New Edition'>How Old Is Ricky Bell From New Edition. Notifying relevant managers in the event of a disaster e. A contact list of home and emergency telephone numbers f. Assessment of damage following a disaster g. Reinstatement of voice and data communications at emergency service levels within a specified time h. Salvaging facilities, records and hardware. Filing of insurance claims j. Relocating emergency operations system, network and user to the original or a new facility and their restoration to normal service levels l. Obtaining the appropriate funds to pay for miscellaneous services Does the DRP classify various levels of disaster, the repercussions of each form of disaster Classifications may include non disaster, disaster, and catastrophe. Does the DRP include a notification directory of key decision making personnel required to initiate and carry out recovery efforts  Does this directory include a. Primary and emergency telephone numbers and addresses for each critical contact person b. Phone numbers and addresses for representatives of equipment and software vendors c. Phone numbers of contacts within companies that have been designated to provide supplies and equipment or services d. Phone numbers of contact persons at alternative processing facilities e. Check Point Endpoint Connect Vpn Client. Phone numbers of insurance company agents f. Phone numbers of contacts at contract personnel services Does the DRP include a formalized schedule for restoring critical systems, mapped out by days of the year Does the DRP identify key IFP and end user personnel, and their relationships and responsibilities with regard to timely recovery Does the DRP identify alternative manual procedures for critical applications Does the DRP include provisions for alternative processing facilities should a lengthy interruption of computer processing occur If alternative processing facilities require use of a third party site, is such relationships supported by a legal contractIs the DRP reviewed and updated on a scheduled basis to reflect continuing recognition of changing requirements Were end users involved in initial development and subsequent updates to the DRP Critical Applications. Have computer applications and systems been ranked or prioritized according to time sensitivity and criticality with regard to their necessity for resumption of business activities following a disaster Typical risk rankings may classify systems as critical, vital, sensitive, noncritical, etc. Backup. 2. Is a current copy of the DRP maintained at a secured, off site location Are all data and software files backed up on a periodic basis and stored at a secured, off site location Do these backups include the following a. Application program source code b. Application master files c. The Sims 3 Into The Future Greece. Application transaction files d. System software e. System logs 4. Have the schedules for backup and off site storage of data and software files been approved by management Are application run books, job stream control instructions, operating system manuals, system and program documentation, special handling instructions, input source documents, and output documents backed up and retained at a secure off site location Are duplicate pieces of sensitive, unique, or hard to obtain computer hardware available at an off site location in the event of a disaster Are telecommunication facilities backed up Is there an adequate stock of all supplies, forms, and documents necessary to the continuation of normal business activities secured at an off site locationIs an inventory maintained of the contents at the off site storage location Is the off site storage facility subject to the same security and environmental controls as the on site information processing facility Testing. Has the DRP been tested in the last year Note Most DRP tests are limited and purposefully fall somewhat short of a full scale test of all operational portions of the organization. Did the last test of the DRP evaluation of performance of the personnel involved in the exercise Did a recent test of the DRP include testing of actual operational activities such as data entry, telephone calls, data processing, handling orders, and movement of personnel, equipment, and suppliers Does the documentation of the last test of the DRP detail observations, problems, strengths, weaknesses, and resolutions Does the review of the last test of the DRP include an evaluation of elapsed time for completion of prescribed tasks, amount of work that was performed at the backup site, and the accuracy of system and data recoveryDo training agendas exist for affected employees, including IPF and end user personnel Insurance.