Scribd Logo
Upload

Welcome to Scribd!

  • Assignment 2 Comp

    Uploaded by

    amy indran
    50 views4 pages
    The document is a memorandum from Aba to the Audit Partner in preparation for an audit of the Bank of Vancouver. It outlines potential issues with the bank's Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) programs as well as its Cybersecurity programs. For BCP/DRP, the memo identifies ensuring clearly defined roles and responsibilities, conducting a business impact analysis to identify critical functions, implementing preventative controls, developing recovery strategies, contingency planning, and testing as key areas of focus. For Cybersecurity, the memo recommends ensuring proper access management, rapid vulnerability identification, data safeguarding, employee awareness training, security in system designs, and SOC report reviews.

    Original Description:

    computerized auditing

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document is a memorandum from Aba to the Audit Partner in preparation for an audit of the Bank of Vancouver. It outlines potential issues with the bank's Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) programs as well as its Cybersecurity programs. For BCP/DRP, the memo identifies ensuring clearly defined roles and responsibilities, conducting a business impact analysis to identify critical functions, implementing preventative controls, developing recovery strategies, contingency planning, and testing as key areas of focus. For Cybersecurity, the memo recommends ensuring proper access management, rapid vulnerability identification, data safeguarding, employee awareness training, security in system designs, and SOC report reviews.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    50 views4 pages

    Assignment 2 Comp

    Uploaded by

    amy indran
    The document is a memorandum from Aba to the Audit Partner in preparation for an audit of the Bank of Vancouver. It outlines potential issues with the bank's Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) programs as well as its Cybersecurity programs. For BCP/DRP, the memo identifies ensuring clearly defined roles and responsibilities, conducting a business impact analysis to identify critical functions, implementing preventative controls, developing recovery strategies, contingency planning, and testing as key areas of focus. For Cybersecurity, the memo recommends ensuring proper access management, rapid vulnerability identification, data safeguarding, employee awareness training, security in system designs, and SOC report reviews.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 4

    Assignment 2

    Course Code: IAF 610 N1A


    Professor: Paul Tam
    By: Amy (Hannah) Indran
    Student Number: 035-695-154
    Date: March 26, 2020
    Memorandum

    Date: March 26, 2020


    To: Audit Partner
    From: Aba, Bcc
    Subject: Bank of Vancouver Audit
    In preparation for the Bank of Vancouver audit, I have compiled a memo outlining the essentials
    of the potential issues of the Business Continuity Planning (BCP)/ Disaster Recovery Planning
    (DRP) and Cybersecurity programs in Bank of Vancouver.
    Since the services of BCP/DRP and Cybersecurity are part of IT services that performed by out
    side third party careful consideration is given on review of service legal agreement (SLA). This
    would help us to define the boundaries of the sourcing functions and services that the service
    provider delivers and identifies the service standards that the service provider following. Also,
    since the business has many locations and financial data involved, it is more vulnerable to
    Cyberattacks. We need to ensure Cyber attacks are detected and managed, security
    configurations are constantly applied, and timely threat intelligence supports effective cyber
    incident management.

    BCP/DRP
    The organization is dependent on resources, personnel and tasks performed daily to be healthy
    and profitable. Organization must have a plan to deal with unforeseen events that could cause
    disruption of these resources, causing great damage to the business. Regarding BCP, the
    organization should have plan in place to ensure that a business can function in the event of
    disruption of normal data processing operations. In DRP, the goal is to minimize the effects of a
    disaster and take necessary steps to ensure that the resources, personnel and business processes
    are able resume operation in a timely manner. The following key areas are identified as highly
    risky areas for audit purpose.
    Management Support and Roles and Responsibilities of Members
    We need to ensure members’ roles and responsibilities are clearly defined and appropriate
    policies and procedures are in place to meet the objectives with management support.
    Business Impact Analysis
    We need to ensure critical business functions are identified, appropriate data gathering
    techniques is selected, risky resources and their potential impacts are evaluated and documented.
    Preventive Controls
    We should focus on review of control related process to ensure policies, procedures, and
    activities that are part of a control framework, and are designed to ensure that risk is contained
    within the risk tolerances established by the risk management process. Also, this evaluation
    would help us to design the nature and timing of audit procedure to make the overall audit cost
    effective.
    Recovery Strategies
    Developing recovery strategies is vital for business survival. We need to ensure that policies and
    procedures are in place in response to disaster recovery in the following areas:
     Business Process Recovery.
     Facility Recovery
     Supply and Technology Recovery
     User Environment Recovery
     Data Recovery
    Develop the Contingency Plan
    Our audit plan should include the review to ensure the organization document the results of
    business impact analysis findings and recovery strategies in the development of the contingency
    written plan.
    Testing, Awareness, and Training
    We also need to consider the need for testing and ensure testing, monitoring and documentation
    process are handled appropriately for continuous improvement process.

    Cybersecurity Programs
    Since the organization deal with high volume of financial data, Cybersecurity is vital for
    business activities.
    We need to ensure proper control system in place in the following areas:
     Access to assets and systems is effectively managed and limited to authorized users and
    usage.
     Vulnerabilities are rapidly identified, and appropriate mitigations are identified.
     Data is appropriately categorized and safeguarded.
     Employees’ received appropriate cyber security awareness.
     Cyber security services are updated, and security is built-in to systems designs.
    We also need to review the SOC report received from the vendor for accuracy and validity. Also,
    in the procurement process, proper review needs to be conducted to ensure they are in line with
    organizations plan and budget and the items are purchased in accordance with applicable
    standards with the approval of the authorized person.
    If you have further questions or concerns, please let me know and I will do what I can do to
    clarify the issues.

    You might also like