Analysis of Omega Corporation’s IT infrastructure, particularly with regards to its Production SAP system, has led to the conclusion that the following would be the most affected business processes in the event of an outage.
In terms of cost impact, the following business processes will be the most affected, from the most to the least critical:
- Cash flow management and Treasury Function
- Schedule and billing information management
- Service sales (Related to Schedule & billing information management)
- Payment of accounts payable
- Payroll processing
- Audit and compliance
As shown by the results of a University of Wisconsin study (Hiatt, 2000, p. 6), “the longer a disaster disrupts communications, the more critical the impact” where an estimated 80% of financial institutions stand to lose about $1,000 per hour for every hour of disruption (Hiatt, 2000).
Similarly, customer confidence (clients, employees, and suppliers) can be affected by an outage, with Schedule and billing information management being the most affected in this area.
As such, it is important to have recovery procedures in place to minimize system outage. The technology to enable such procedures should also be implemented. In particular, the following should be the order of priority for recovery procedures, from the highest to the lowest:
- Servers
- Databases
- Web host
- Directory service
- Mail server
In addition, there should be workaround procedures or contingency plans for the critical business processes in the event of a system outage. There should also be contingency plans and backups for the hardware and software systems should an outage occur.
As suggested by Sittig & Ash (2009, p. 130), “robust ad reliable backup systems must be in place, and they should be rigorously tested with periodic ‘downtime drills’ to assure that they function as expected.” With the major role that information systems play in the daily operations of an organization, it’s important to have controls in place where the said controls must be consistent, reasonable, meaningful, timely, cost-effective, usable, operational, complete, simple, reliable, practical, and appropriate (Vallabhaneeni, 2005).
Works Cited
Hiatt, C. J. (2000). A primer for disaster recovery planning in an IT environment. Hershey, PA:
Idea Group, Inc.
Sittig, D. F. & Ash, J. S. (2009). Clinical information systems: Overcoming adverse
consequences. Sudbury. MA: Jones & Bartlett Publishers.
Vallabhaneni, S. R. (2005). Wiley CIA exam review, conducting the internal audit engagement.
Hoboken, NJ: John Wiley & Sons.
