7.6. INSURANCE COVERAGE
Insurance should be maintained to cover computer hardware and software at replacement cost and the costs to re-create lost data. Some policies may even cover lost revenues that are directly attributable to computer hardware or software failures. However, coverage for lost revenues may be costly and can be difficult to prove. Most insurance policies specify that coverage applies so long as certain procedures are implemented. For example, the policy may require that the companyimplement daily, weekly, or monthly backup procedures for software and data and that the data should be stored at a secure off-site location. The policy may also specify that all covered equipment must have routine maintenance procedures performed according to manufacturer's specifications. Neither of these conditions should be a problem since the company should already have these procedures in place. Deductibles should be set at reasonable levels so that premiums are not excessive.
The insurance policy should be examined to ensure that it is current and that it covers all computer hardware, software, and data at replacement cost. It should also be confirmed that the amount of coverage is adequate so that the company is not paying for too much or too little insurance. This can be accomplished by examining the procedures used by the insurance manager to determine the amount of coverage necessary and then testing the sources of the information. For example, the insurance manager may receive ...
Get Auditing Information Systems, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
