The purpose of this sample audit work program is to review an organization’s system backup procedures. This includes identifying all applications key to the organization, identifying the responsible person for the back-up procedure, analyzing actual procedures performed, and determining the appropriateness of handling related media.
A key step in this work program is to identify all key applications in use at the company. In this list, include all Sarbanes-Oxley (SOX) related applications as well as any other applications deemed critical to company operations. This document can be used as a general guide to understand and review these processes.