Deborah Ray, CISA (debray@ebicom.net)
Date of program: May 1997

NBC - SYSTEM
CONTINGENCY PLANNING AUDIT
INTERNAL CONTROL QUESTIONNAIRE


GENERAL

1.	Do any committees meet concerning disaster recovery plans?


POLICY

1.	Does the Bank have written policies for disaster recovery?


PLANNING AND MAINTENANCE

1. Who is responsible for developing and maintaining the disaster recovery plan?

2.	Is the disaster recovery plan reviewed regularly?

3.	Has the Bank conducted a risk assessment to measure the potential impact of 
various disasters?

	Are the results documented?


ANNUAL REVIEW

1.	Has the plan been approved by management?

2.	Is the disaster recovery plan presented to the board of directors annually for their 
approval?

	When was it last presented? _______________


DISASTER RECOVERY PLAN

1.	How often is the disaster recovery manual updated?
	____________________________

	When was the disaster recovery manual last updated?
	____________________________




2.	Are copies of the plan stored off-site?

	Where are they stored? _____________________

	____________________________________________

3.	Is there a current inventory of items stored off-site?


CRITICAL FUNCTIONS AND RESOURCES

1.	Is there an inventory of all critical equipment?


BACKUP

1.	Does the Bank have written agreements with vendors for replacement of all 
equipment and devised used?

2.	Excluding data processing, are there provisions for use of backup equipment?


MEDIA INQUIRIES

1.	Does the Bank have a formal policy regarding media inquiries?


TRAINING

1.	Does the Bank provide periodic emergency response training, including 
evacuation procedures, to all employees?


TESTING

1.	Does each location conduct periodic tests of disaster recovery plans, including 
emergency evacuation?

2.	Who is responsible for the actual structuring of the tests? 

	___________________________________________


3.	Who was the plan last tested? ______________

4.	Has notification of personnel been tested?


RESPONSE TO DISASTER

1.	Does the Bank maintain a record to document its response to disasters or other 
emergencies?

	Who maintains the record? __________________




PREPARED BY: ____________________________________

DATE: _______________________

SOURCE: _________________________________________