Information Technology Reference
In-Depth Information
tions. Management needs assurance that IT systems are able to deliver required services
and that data and information is protected. IT should also add value to the enterprise in
terms of growth, efficiency, and profitability.
Before we consider auditing disaster recovery, we need to understand what IT risk exists
in the enterprise. A risk profile or register would be a good source of information on what
risks the enterprise is facing and what mitigation has been put in place. In the absence of
a current risk profile, the IS auditor might request the enterprise to carry out a risk assess-
ment in order to have a good understanding of the risk exposure. In some cases, the IS aud-
itor might carry out a snap IT risk assessment in order to have a general understanding of
the risk environment assuming the client is agreeable to taking up the extra cost of the IS
auditor performing a risk assessment.
A corporate risk policy should include an IT risk section where issues relating to disaster
recovery are addressed. In today's business environment where many enterprises are de-
pendent on IT, it is accepted that IT risk will always exist in the business and will change
or take new shapes as the business grows or interacts with new business partners and intro-
duce new products.
Enterprises interested in competing aggressively both on the local and international mar-
kets will be faced with the decision of adopting emerging technologies, which in many
cases may not have been fully tested. The risk the enterprise might take is to use emerging
technologies in order to have a competitive edge. Such technologies may fail and have a
negative effect on the business or might succeed and bring in the much-needed revenues.
The enterprise has to make a careful assessment before taking the risk of adopting new
technologies or not.
Disruptive technologies are technologies which might introduce a new and cost-effective
way of doing business. For example, electricity distribution companies all over the world
supply electricity to factories and residential areas using copper cables. These factories and
houses are connected to distribution hubs which are also connected to electricity generat-
ors. Scientists are currently researching on a new way of distributing electricity, such as
using wireless devices. If the scientists have their way and they invent the technology for
distributing electricity using wireless devices, this might prove to be disruptive on the busi-
ness of electricity distribution. New companies might enter the industry and start distribut-
ing power more efficiently and cheaply using wireless technologies.
A carefully conducted IT risk assessment would identify various risks facing the enterprise,
such as risk to the IT infrastructure, data, and information. It is important that the enterprise
has a full understanding of the risk appetite as determined by the board and senior manage-
ment. This information would help the risk team when designing and developing a disaster
recovery plan.
Search WWH ::
Custom Search