Queensland flood: The economic impact
Queensland flood: The economic impact
Flood in Queensland and some Australian parts have caused a huge negative impact on the Australian economy. Many commercial properties and greater Queensland areas were damaged due to the floods. This affected many business areas and data loss due to water logging in offices. ABC Company, which offers data storage and hosting services to help organizations, moved their offices to an area along the Brisbane River before the occurrence of the floods. However, after the recent flood in Brisbane, ABC Company’s offices and data storage facilities were under water for about one week. The clients’ data was destroyed because of the company’s control weaknesses such as housing data in an area that is vulnerable to flooding, and lack of disaster recovery plan.
There are diverse control weaknesses present at ABC Company that made it possible for a disastrous loss of data to occur during the Brisbane flood. First, housing data storage facilities in a remodelled warehouse along the Brisbane River may have led to the loss of data. This was one of the mistakes that management made by locating the data storage facilities along the riverside. This is because buildings that are constructed along the river basins are prone to floods. Additionally, positioning of the hardware in a large open area with high ceilings and skylight contributed to data loss.
Secondly, lack of a written disaster recovery plan also made it possible for data loss to occur. Making a pre-disaster plan is vital in a company. This is because it enables a company become ready to face any organizational crisis before destruction. ABC Company’s management team did not plan well, neither did they have a written disaster recovery plan before constructing along the Brisbane River. This is because they had not assessed the area to see if it was vulnerable to flooding. Disaster recovery plan should have been carried out first to determine if the area is prone to disasters like floods, earthquakes and landslides.
Thirdly, lack of complete system documentation reserved outside the data storage vicinity was a factor. The data and backup copies of information could have been retained in a different area from the main data storage area. Storing all the data in one place is not advisable in an organization. Studies indicate that since some of the organizational crises are unavoidable, it is vital for a company to store data backups in secure environments. Indeed, storing of the information in the same room is an indication that the company is poorly managed and lacks adequate security for the information it claims to store.
Lastly, ABC Company failed to develop strategies for protecting the availability, integrity and confidentiality of data. Thus, information resource managers and computer security officials would have been needed to establish computer security strategies that ensure data is protected against any damage and manipulation. Poor data storage is one of the risks that expose data information technology systems to malicious and non-malicious attacks.
The following components should have been included in the disaster recovery plan at ABC Company in order to ensure that computer recovery is done within 72 hours. First, tape backups and information programs should have been stored in an off-site area, which would have been accessed faster during an emergency. The management team at ABC Company should have kept additional copies of the information. They should be kept separately from the data storage department. This would have enabled them retrieve the information later.
Secondly, the company should have organized the disaster recovery team. This team should have been included in the disaster recovery plan and each member given his or her specific task. In addition, they should have developed an organizational chart indicating procedures needed to be followed during disaster management. The company should also have matched the personnel team depending on their skills and functions and assign duties and responsibilities to them. The organization of a disaster recovery team enables the company to work together as a team towards achieving disaster management goals. Moreover, they help to solve disaster problems quickly since everyone has his or her own role to play in an organization.
Another component is developing of a written disaster plan, which should have been included in the disaster plan of the ABC Company. The written plan should have been reviewed and approved by the senior manager, the management data storage team, and the internal and external auditors of the company. This component is vital because it enables the organization to identify critical issues and provide solutions to disaster issues. Lastly, backup data files and data restoration programs should have been included in the recovery plan. The method of retrieving and restoring the lost information should have been identified and critical applications processed. After that, subsequent data reconstruction to be entered in the system in the last period saved should have been included in the recovery plan.
The factors other than those included in the plan itself that a company should consider when formulating a disaster recovery plan are diverse. First, keeping up to date operational documentations of all systems and ensuring that they are easily accessible for use in case of any organizational crisis is crucial. Updating of information and making sure, it is readily available for use is a basic requirement. This is because updated systems enable the management team get ready at any time of the crisis. Thus, a company needs to implement information updates and ensure they are included in the disaster recovery plan. This will enable disaster planners to evaluate fundamental techniques of restoring the lost data in case of any crisis in an organization.
Secondly, carrying out of cost or risk analysis and then include it in the recovery plan should be done. This is in order to determine expenses that may be justified to obtain the reason for assuring that the disaster recovery could be accomplished within 72 hours. Some researchers argue that a control that prevents the loss is better than a control that detects the loss of what has already happened. This is because a control that prevents the loss from occurring is effective and it enables a company avoid the associated cost that may arise when a crisis has occurred. Thus, costs and risk evaluation when formulating disaster recovery plans is fundamental in any organization as it enables a company analyse various ways of overcoming the disaster situation.
Lastly, ensuring that the business has an insurance plan should be included in the disaster recovery plan. Insurance plans are essential in the data recovery process because they enable a company be compensated for the loss of their properties. However, insurance cannot compensate for the loss of data, but it can enable a company meet the expenses resulting from the occurrence of disasters. Thus, when formulating a disaster recovery plan, there is need to include the insurance plan. This will enable a company meet its expectations and the demanding needs of its clients after a disaster has occurred.
If I had been engaged to conduct a risk analysis for ABC Company, the following components of the COSO Enterprise Risk Management would have been most useful tin my work. First, I would have used the internal environment component to conduct risk analysis. The internal environment encompasses the organizational tone. It sets the basis on how the risk is viewed and addressed in a company including risk management philosophy, ethical values and integrity in which the company operates. Another component I would have used is objective settings. There should be an objective before identifying the likely events affecting the achievements of ABC. ERM ensures that there is a process of setting objectives and that the chosen objectives align with the organizational mission and are consistent with the risk needs. In addition, identifying the event, especially the internal and external events that affect the objectives of ABC Company, is enabled. They must be distinguished between risks and opportunities and then channelled back to the organizational strategy.
Other components are risk assessment and risk response. These components are mostly used by COSO in order to analyse the likely impacts and determine ways of managing them. Risk responses are selected by the management and then a set of actions are chosen that align with a company’s risk. Lastly, monitoring of risk is done and modifications are made where necessary. Monitoring is accomplished by carrying out management activities and then evaluation programs are carried out where necessary.
In conclusion, the company’s control weaknesses such as housing data in an area that is vulnerable to flooding and lack of an adequate disaster recovery plan contributed to disastrous data loss. Tape backups and information programs, as well as organization of a disaster team should nave been included in the data recovery plan at ABC Company in order to ensure that the computer recovery was done within 72 hours. In addition, keeping up-to-date operational documentations, carrying out cost or risk analysis and ensuring that the business has an insurance plan should have been included in the plan itself when formulating a disaster recovery plan. Additionally, use of enterprise risk management such as risk assessment, risk evaluation, monitoring and setting objectives should have been fundamental to ABC Company.
IBIS World, “Queensland Flood: The Economic Impact”, Special Report January 2011.
Accounting information systems, 11th Ed, Pearson Prentice Hall, Upper Saddle River, 2009.
Maiwald, Eric, and William Sieglein. Security Planning & Disaster Recovery. New York, NY:
Romney, Marshall B., and Paul John Steinbart. Accounting Information Systems. Upper Saddle
River, N.J: Pearson Prentice Hall, 2006.
Schierow, Linda. The Role of Risk Analysis and Risk Management in Environmental
Protection. [Washington, D.C.]: Congressional Research Service, Library of Congress, 2001.
Shenkir, William G., and Paul L. Walker. Enterprise Risk Management. Washington, D.C.: Tax
 This is a plan made before a disaster occurs and it determines how well the same area weathers future hazardous events
 This is a process of making copies that may be used in restoring the original information after data has been lost in an event
 Defined as protection against any unauthorized disclosure
 Data reconstruction is a mixed system of analogue and digital used to construct a smooth analogue signal from a digital input or other sampled data output device
 The Committee Of Sponsoring Organizations of the Treadway Commission