Audit Testing?
Is anyone testing due to an audit? If so, what did you test, how did you test and did the work fulfill audit requirements?
Tags: audit, Testing
This entry was posted
on Tuesday, March 17th, 2009 at 9:53 am and is filed under Testing.
You can follow any responses to this entry through the RSS 2.0 feed.
You can skip to the end and leave a response. Pinging is currently not allowed.
I’m currently working with a credit union in Massachusetts that’s planning a disaster recovery test to fulfill an audit. Their last audit revealed no disaster recovery test since the credit union changed core processors 18 months prior. The auditor stipulated that the credit union has six months to plan and execute a recovery exercise that includes establishing alternate connectivity to the core processor and remote data center, and recovering all on-site servers that store information related to financial transactions.
We’re currently guiding the IT team through the test planning process step by step. We are also working closely with the credit union’s core processor and data center in order to engineer and test VPN connections and phone solutions prior to the actual test exercise, which is scheduled for September at our test center in Atlanta.
When the test team convenes for the disaster recovery “dress rehearsal,” they will start with recovering critical systems and servers from back-up media. Later, they will restore phone and Internet connections via satellite and reestablish connectivity with the core processor and data center.
By going through the testing process, the credit union has access to all the support needed to fulfill audit requirements and recover after potential interruptions. Have you had similar experiences with auditors? Do you have questions/comments on “best practices” in terms of testing compliance?