cipfa-audit-IT-03.

qxd
ICQ REF CT REF COMPLIANCE TEST WORKING PAPERS
4.2.3 Ensure that all network devices are on the inventory.

10/10/2002
4.2.4 Determine call-out arrangements for engineers, including agreed times for obtaining service.

4.2.5 Check insurance policies, the risks that they cover and whether networked and departmental
facilities outside the main computer centre are included. Also, compare insurance policies with
leasing agreements to check whether the latter include insurance cover.

16:58
4.3 4.3.1 Ascertain whether any guidance is provided by the IT department on the creation of back-up
copies and the extent to which this is mandatory and followed at remote sites.
4.3.2 Determine the location, date and identity of the latest full back-up copy of the network

Page 405
management software.
4.3.3 Find out what controls are in place to stop unauthorised examination and amendment of
networking protocols and settings.
4.4 4.4.1 Look for evidence that management has considered risks and that back-up procedures and up-to-
date contingency plans exist. There should also be evidence that back-up procedures are adhered
to, that the contingency plans are tested and comprehensive, and that faults are reported,
recorded, and investigated promptly.
4.4.2 Identify alternative routings available across the network and assess whether they are adequate in
the event of one or more lines or connection points failing. Ask whether automatic re-routing in the
event of failure is provided.

CONTROL MATRICES
Page 405