Fred Zajac

4. You’ve used various computer systems in your lifetime, career. System security is complex and often maligned as cumbersome, difficult, beurocratic, etc. Have you seen these problems in your experience? Explain

My experience with computer systems security is switching from a local presence to a remote presence, for some of the reasons y…[Read more]

3. Consider the list of financial and accounting controls. Rank them. Which to you believe is the most important, the least. Why?

It is difficult to rank the importance of each control because they are all important based on what the control is controlling… Hope that isn’t confusing. Anyway, my ranking is based on what a small company, wit…[Read more]

2. What is the relevance of only being able to have one posting period open at a time for real time postings? What does this prevent from happening?

The relevance of only being able to have one posting period open at a time for real-time postings because real-time postings are happening at that moment in time. The posting period open should…[Read more]

1. Do you believe business rely too much on administrators to configure the security protocols in programs like SAP, rather than look for security in the entire network? Explain

I believe business leaders do rely too much on administrators to configure security protocols, rather than practice over all security.

The reason I believe this is…[Read more]

Hackers attacked Dyn’s DNS Services with a DDoS (Distributed Denial-of-Services) attack and shut down internet access to people along the east-coast. People had trouble accessing Twitter, Spotify, Netlix, Amazon and/or Reddit.

Dyn confirmed the attack and has began monitoring and mitigating the DDos attack to their Dyn DNS…[Read more]

Alex,

You are right to say the outsource provider should be an expert in the field. In finance, the experts are the people who work with numbers. Their passion is finance, not technology. The expertise and experiences of the outsource provider, good and bad can be used to your advantage. If they have been around and providing the solution…[Read more]

Outsourcing and SLA audit questions

Here are a few questions I would ask.

What industries do you service?
How long have you been in business (Reputation)?
Where are you located or What office will be associated with our company?
What is the response time?
What are your controls (Physical, system, people, ect.)
Do we get a dedicated…[Read more]

Explain common SLA issues identified by auditors

Even with all of the “T”s crossed and “i’s” dotted, there are still issues associated with an SLA. ISACA points out a few risk drivers with Service Level Agreements.

1. Failure to meet expectations
a. Both you and the service provider may have every intention to meet the obligatio…[Read more]

What are the benefits and risks of out-sourcing? And What controls can be implemented to mitigate the risks associated with outsourcing?

The first thing I would mention is the difference between On-shore outsourcing and off-shore outsourcing. On-shore means the business function is performed in the United States or where the client is…[Read more]

Here is the link to show how companies responded to Hurricane Sandy, a few short years ago.

Check out the end when they talk about mobile trucks and how companies worked out of the trucks.

This conversation was intreging and decided to ask Bob Deliosi, the tour guide from Sungard this question. Here was his response and some stuff on Sungard. He is going to send me a link to the Mobile truck they use for clients’ BCP’s.

Fred, It was my pleasure, all were very interested.
Here is a link to some Sungard AS Youtube stuff.…[Read more]

Loi,

I do think the test should be conducted, but not a thorough test. It is impractical and too expensive. I say this because I use the Merrian Websters definition of Thorough as, “Including every possible part or detail”.

Using this definition, I believe a thorough test shouldn’t be performed.

With that being said, I do believe tests…[Read more]

Ecuador admits it has ‘temporarily restricted’ Assange’s Internet access

The article I selected this week is how the country of Ecuador decided to cut internet access to the leader of Wiki Leaks website, Julian Assage.

There were reports that Sen. John Kerry asked Ecuador foreign ministry to stop Julian Assage from releasing information that…[Read more]

Andres,

Good post. I came to the same conclusion. Communication can not be interrupted for more than 12 hours and the back-up communication system needs to support up to 30 days of operations.

From experience in the Army, they told us our communication system required 100% up-time, at all times. Or, lives are lost. We had several systems…[Read more]

2. Is it practical to conduct a thorough test of a Business Continuity Plan? Why might it not be practical? If it is not practical, what alternative ways can you recommend for testing a BCP?

It isn’t practical to conduct a thorough test because the plan would affect everyone who is utilizing the environment. This would be a huge project that w…[Read more]

1. Are the terms Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) synonyms or are they different? If they are different, what are the differences?

The difference between BCP & DRP is in the name. BCP is a Business Continuity Plan. Continuity means remaining constant or to continue. This means the BCP is a plan to follow when…[Read more]

I believe it depends on the new hire position.

If it is a low level, they don’t need too much business knowledge because they will learn this from attending meetings and watching how the managers interact with business leaders.

If it is higher level positions, I believe it is expected that the IT person have a solid overview of business,…[Read more]

Fangzhou,

Great point about knowledge of business will help them develop IT systems to support the decision making. It might be difficult to see all of the time but the business decision makers are responsible for increasing the value of the company. This is achieved by generating more revenue or reducing the expenses.

If the IT personnel…[Read more]

Paul,

Great point about the regulations. You will see many companies exceed the regulation standard to market the upgrade in standards.

As a shareholder, you always want to hear how you were able to reduce costs by any legal means, even utilizing international laws to your advantage. However, as a customer, you always want to hear about…[Read more]

Annamarie,

I like how you mention other applications in the environment if is integrated with. I would also add other devices the ERP system supports.

In today’s BYOD (Bring Your Own Device), some ERP systems provide apps for iOS and Android devices. The IT department should know how these are integrated with the environment as well.