Information Technology Reference
In-Depth Information
A key requirement in the event of a disaster is the ability to contact employees and others
to inform them of the disaster and what action they should take. The MessageOne service
from Dell offers e-mail continuity and storage services. It also offers an emergency warning
and crisis communication service. In the event of a disaster, the system will send e-mail, fax,
pager, and recorded SMS (Short Message Service, the communications protocol used to
exchange short text messages via mobile phone) messages to specified users telling them what
action to take.
6
Companies such as Iron Mountain
provide a secure, off-site
environment for records storage. In
the event of a disaster, vital data can
be recovered.
(Source: Geostock/Getty Images.)
Transaction Processing System Audit
The Sarbanes-Oxley Act, enacted as a result of several major accounting scandals, requires
public companies to implement procedures to ensure their audit committees can document
financial data, validate earnings reports, and verify the accuracy of information. The Financial
Services Modernization Act (Gramm-Leach-Bliley) requires systems security for financial
service providers, including specific standards to protect customer privacy. The Health In-
surance Portability and Accountability Act (HIPAA) defines regulations covering healthcare
providers to ensure that their patient data is adequately protected. Many organizations con-
duct ongoing
transaction processing system audits
to prevent the kind of accounting
irregularities or loss of data privacy that can put their firm in violation of these acts and erase
investor confidence. The audit can be performed by the firm's own internal audit group, or
an outside auditor might be hired to provide a higher degree of objectivity. A transaction
processing system audit attempts to answer four basic questions:
•
Does the system meet the business need for which it was implemented?
•
What procedures and controls have been established?
•
Are these procedures and controls being used properly?
•
Are the information systems and procedures producing accurate and honest reports?
A typical audit also examines the distribution of output documents and reports, determines
if only appropriate people can execute key system functions (e.g., approve the payment of an
invoice), assesses the training and education associated with existing and new systems, and
determines the effort required to perform various tasks and to resolve problems in the system.
General areas of improvement are also identified and reported during the audit.
transaction processing system
audit
A check of a firm's TPS systems to
prevent accounting irregularities
and/or loss of data privacy.
