Engagement Memo-Audit of IT Disaster Recovery and Business Continuity
We are initiating an audit of Amtrak’s information technology (IT) disaster recovery and business continuity plans and readiness. Our objective is to assess the status and the effectiveness of Amtrak’s IT disaster recovery, resiliency, and business continuity capabilities.
During the audit, we plan to work with IT personnel and other company officials to assess whether Amtrak has identified its high-value assets and critical systems; established processes, policies and procedures to ensure resiliency, recovery and continuity of IT operations in the event of a disaster; and determined whether these efforts conform to leading practices from the private and public sectors. Requests for documents and data will be made as our work progresses. We will also work to minimize the impact of the audit by coordinating interviews with staff in advance.
Our work will be performed in accordance with generally accepted government auditing standards. Our interactions with the company will be consistent with P/I2.1.3, which sets forth the relationship between our office and the company. In particular, section 7.0 of the policy discusses coordination between company officials and our office of audits.