Escolar Documentos
Profissional Documentos
Cultura Documentos
As an element of the University’s core business functions, Data Center Operations will
be audited every three years using a risk based approach. The IT Data Center Operations
is usually responsible for the management, physical controls, and processing of
production IT systems. The Data Center is also normally responsible for the installation
and maintenance of the operating systems for the computers used to process production
IT systems.
The minimum requirements set forth in the “general overview and risk assessment”
section below must be completed for the audit to qualify for core audit coverage.
Following completion of the general overview and risk assessment, the auditor should
use their professional judgment to select areas for additional focus and audit testing.
The general overview will include interviews of department management and key
personnel; evaluation of policies and procedures associated with business processes and
mission; inventory of compliance requirements; consideration of key operational aspects;
and an assessment of the information systems environment. Prior audits should be
reviewed to determine impact, if any. During the overview, a general understanding of
the management structure, compliance requirements, financial issues, daily and routine
operations, and efficiency and effectiveness of the operation will be obtained (or
updated).
As needed, the general overview will incorporate the use of internal control
questionnaires, process flowcharts, and the examination of how documents are handled
for key processes.
A. The following table summarizes audit objectives and corresponding high-level risks
to be considered during the general overview.
1. Interview the department director and key managers to identify and assess
their philosophy and operating style, regular channels of communication, and
risk assessment processes.
2. Obtain the department’s organization chart, delegations of authority, and
management reports.
3. Interview select staff members to obtain the staff perspective. During all
interviews, solicit input on concerns or areas of risk.
4. Evaluate the adequacy of the organizational structure and reporting processes
to assure the proper accountability of the data center’s operations.
5. If the organizational structure and various reporting processes do not appear
adequate, consider alternative structures or reporting. Comparison to
corresponding departments at other locations, may provide value.
Business Processes
6. For the Data Center, identify the key department activities and controls. Gain
an understanding of the corresponding processes, and positions of
responsibilities. The data center’s responsibilities usually include:
a. Processing controls, including batch, the use of control totals, and
input output controls
b. Security of the data center including physical security and controls,
and environmental controls
c. System software operations, including the controls to separate system
programming from application programming and data base operations
d. Administrative planning and support including capacity planning,
preventative maintenance and insurance.
e. Backup and Recovery processes including routine backups and storage
and recovery planning and testing.
7. For financial systems, such as the recharge system, identify positions with
responsibility for initiating, reviewing, approving, and reconciling financial
Information Systems
A. The following table summarizes audit objectives and corresponding high-level risk
regarding financial network management processes.
A. The following table summarizes audit objectives and corresponding high-level risks
regarding compliance with policies and procedures, and regulatory requirements.
A. The following table summarizes audit objectives and corresponding high-level risks
regarding daily and routine operations processes.