Grand Bank Corporation
GBC Case B
1.
1. There should be a sign in sheet for visitors to help track visitors, especially in a case of a problem. 2. The data room should remain locked at all times to prevent unauthorized access to the room. 3. The backdoor should also remain closed and locked to prevent unauthorized access even from non-employees. 4. There should not be anything hanging to block the fire detector or halogen gas register. This could make the equipment faulty and stop them from preventing notification of a fire or gas leak. 5. Improper use and downloading of outside applications could cause a virus or other damage to the proprietary system. 6. Improper or unlabeled disk can result in lost data and difficultly finding the files that are needed in certain situations. Files should be destroyed on time to prevent misuse of the files or junking of the files. 7. Extra keys can cause unauthorized access and loss of control. Excess keys should be destroyed or kept locked away and in control by management at a minimum. 8. An employee of NCCC should be on the premises during the cleaning of the facility to monitor the cleaning staff’s activity and provide security of the data and systems. 9. Back up files should be picked up in a timely manner to prevent backups from being misused and allow a better tracking for more exact company records. 10. Removable media should be tracked and signed out by authorized users only. This will prevent the media from being misused or possibly lost. 11. The off-sight storage should be kept at an adequate temperature in an effort to protect the media at all costs. It needs to also be a fire safe environment. This is the back up location, in case of a disaster and the original files being destroyed the off-site backup will be of no use if the files are not safely stored and maintained. 12. GBC will have difficulty retrieving their files in the case of a disaster without an up-to-date storage system and database. Files could be confused with other companies without proper location techniques. 13. Without proper support from vendors and suppliers of the equipment used by NCCC the effects of an extreme crisis will be tough to deal with. The supplier and vendor should have an agreement and support each other.
2. These issues suggest that GBC has not had significant audits on their controls. It appears that they could have policies but do not enforce them. They needs to form a control team to review their controls, document them and set guidelines for regular reviews of the controls.