This is my first post to the list and thank in advance for the help.
Q1 - Can anybody give me a definition for an IT general controls review (audit)?
(My audit director is struggling with a the level of detail involved with a 'general controls review' verses a normal and more extensive detailed review of the same areas: IE - SOPS, computer system operations, logical security, physical security, DR (or BCP), etc.)
Help!!!
Q2 - In performing this general controls review, I've looked at business continuity planning for a division running distributed systems (well over 100+ servers, no mainframes, mid-frames, etc.). The audit manager is asking "why don't they have Disaster Recovery TEST of their systems"?
My reply was it's nearly impossible, and certainly cost prohibitive, to perform a hot site - test of this complex network. (key words being distributed systems....)
So here is the question: Other than a 'talk-through/walk-through is there any other way to practically 'test' a DR plan for a distributed network? (the thought of buying servers simply for the use in a DR test is not viable...)
once again - HELP!!!
Thanks for the support
Tim
Timothy P. O'Brien
Senior IT Auditor
Ball Corporation
(303)-460-3756
[EMAIL PROTECTED]
