Title
Review of GRU Information Technology Disaster Recovery (B)
Explanation
In accordance with our Annual Audit Plan, the City Auditor's Office has completed a Review of GRU Information Technology (IT) Disaster Recovery. The primary objective of our audit was to evaluate the adequacy of GRU policies, procedures and plans related to information technology disaster recovery and data backup. During our review, we interviewed key personnel, reviewed procedures manuals, inspected the data center and evaluated management controls.
Based on the results of our review, we believe the GRU IT Disaster Recovery process has strong internal controls in place and uses sound approaches to help ensure that GRU will be able to recover data and resume operations timely in the event of a disaster. We do have three recommendations regarding classroom or functional exercises, improved documentation regarding visitor activity in data centers and timely completion of incomplete Data Recovery Plan elements which we believe will help to strengthen management controls in this area.
We request that the Committee recommend the City Commission accept our report and the General Manager's response. Also, in accordance with City Commission Resolution 970187, Section 10, Responsibilities for Follow-up on Audits, we request that the Committee recommend the City Commission instruct the City Auditor to conduct a follow-up review on recommendations made and report the results to the Audit, Finance and Legislative Committee.
Recommendation
The City Commission: 1) Accept the City Auditor's report and the response from the General Manager for Utilities; and 2) instruct the City Auditor to conduct a follow-up review on recommendations made and report the results to the Audit, Finance and Legislative Committee.