Thread Options
#619597 - 09/28/06 08:15 PM internal audit role in disaster recovery plan
txgal, CRCM Offline
Junior Member
Joined: Jul 2006
Posts: 44
Texas
In documenting the adequacy of our disaster recovery plan testing, can anyone tell me what needs to be included in the report by the internal auditor? We recently performed tabletop testing. I want to make sure it will pass the FDIC examiners. Thanks!!!

Return to Top
Audit
#619598 - 10/16/06 02:45 PM Re: internal audit role in disaster recovery plan
Cornfed Turtle Offline
Diamond Poster
Joined: Mar 2006
Posts: 1,323
"...Somewhere in Middle Americ...
I was really hoping you would have some response to this as our AC just asked me to review ours.

We outsource our IT audit and the plan is covered in that audit. (I know.....I know.....it's not just an IT issue.) So far, our regulators have been happy with that.

Their one suggestion was the tabletop discussions and we have done those this year.

I recently commented on them (I thought our tabletops weren't good enough) and now the committee wants me to review the plan. AH! I, too, am interested in what to do - - - other than state the obvious.

The outsourcers looked for a risk assessment, a list of possible biz continuity interruptions with rankings of probability and impact, a backup plan for our network, a list of vendors, a committee that runs the backup plan with phone numbers and layouts of our offices.

Doesn't sound like much of an audit, does it? I am looking into some materials now and will PM you if I come across anything good.

Return to Top
#619599 - 10/26/06 08:23 PM Re: internal audit role in disaster recovery plan
rowdy Offline
Junior Member
Joined: May 2004
Posts: 28
Home of the Buckeyes!
What the heck is a "tabletop discussion"???
_________________________
I like living in my own little world--they know me there.

Return to Top
#619600 - 10/27/06 02:42 PM Re: internal audit role in disaster recovery plan
Cornfed Turtle Offline
Diamond Poster
Joined: Mar 2006
Posts: 1,323
"...Somewhere in Middle Americ...
During a committee meeting of the Board, I inform them of an event that "just happened" and they go into action - - around the table.

I interject every now and then to get them to think of something big they are missing or to lead the discussion. The "tabletop" is documented in our board minutes as training.

We've tried a variety of events.....a branch burning, a bomb threat in one of the cities where we have a land-locked downtown branch, the loan admin area calling in "rich" after a lotto night, a plane crash taking out our COO, CFO and BSA officer, finding out the last three months of home equities in a region didn't ROR corrrectly, the press is on the phone about our credit card portfolio being stolen, our financial analyst's laptop is missing during a vital SEC period......it's fun!

The key is that they aren't prepared for the type of disaster that's coming.....I try to get them the type of info they would get by the source they would get it from. And then they take it from there.

Return to Top

Moderator:  Andy_Z