RISK

Contingency Plan is inadequate should VTH-IS Project fail

IMPACT

Current system is not Y2K compliant. Without an adequate contingency plan, hospital operations would be critically compromised when 1/1/2000 arrives.

EXPECTED CONTROLS

• Formalized contingency plan to enable VTH to function after 12/31/1999. Contingency plan should address how all procedures currently performed on computers will be handled in the event computer data is unreliable on 1/1/2000
  

RISK

Program code in development area not backed up frequently enough

IMPACT

In the event of a disaster the most recent program code could be lost and/or destroyed. Time spent reconstructing code delays project further and increases costs

EXPECTED CONTROLS

• Backup procedures for development area formalized.
• Nightly backups of development servers as well as development workstations
  

RISK

Databases converted from legacy systems to new system does not have integrity

IMPACT

Data that is being converted for the sole purpose of providing reliable information may be corrupted or incomplete in the new system carrying over problems from the legacy system

EXPECTED CONTROLS

• Formalized conversion process with documentation provided
• Controls to verify accuracy of data transferred (i.e. criteria to check to verify accuracy)

RISK

Unauthorized changes in design of new database are being made

IMPACT

Changes made without approval could cause functionality conflicts between modules resulting in user dissatisfaction.

EXPECTED CONTROLS

• Documented change process

RISK

Inadequate disaster recovery plan for VTH

IMPACT

Hospital functionality could be severely impacted for an undetermined amount of time in the event of a disaster

EXPECTED CONTROLS

• Formalized disaster recovery plan indicating actions to take and contacts to call in the event of an emergency
• List of all hardware/applications that need to be replaced in the event of a disaster

RISK

Backup procedures for hospital data and program files are inadequate

IMPACT

Functionality of hospital's computers impacted for undetermined amount of time if backup tapes lack integrity or are unavailable

EXPECTED CONTROLS

• Formalized backup procedures
• Testing process to verify files can be restored if needed
• Off-site storage of tapes to ensure they aren't damaged or unavailable
  

RISK

Unauthorized access to new system and/or data (i.e. someone illegally prescribes drugs using the pharmacy module)

IMPACT

Un/Intentional abuse of the new system by users creating ethical or legal issues

EXPECTED CONTROLS

• Procedures in place to authenticate hospital system users as well as validate actions performed using the new system
  

RISK

Testing process for the new system is inadequate

IMPACT

Critical functionality needed by new system may be overlooked if not tested properly. Causes disruption in operations, costly to correct, and creates user dissatisfaction

EXPECTED CONTROLS

Formal testing plan including:

• Test specifications
• Test Cases
• Testing schedules
• Method to log test results

RISK

Viruses are not prevented from infecting the network and/or laptops. Viruses are not detected or cleaned

IMPACT

Inadequate virus policy/detection procedures put any data on the network at risk as well as any computer or data that connects to the network

EXPECTED CONTROLS

• Consistent virus protection policy to be enforced within the hospital
• Standard virus checking platform for all desktops/laptops

RISK

Physical security of the servers at the VTH is weak

IMPACT

System servers could be affected as the result of a fire or intentional attack by unauthorized person(s) resulting in down time for the hospital. Costly replacement of equipment as well as inefficiency created by interruption would result

EXPECTED CONTROLS

• Secure location for servers with access limited to certain individuals
• Fire detection and suppression systems
• Adequate ventilation and/or cooling units installed

RISK

Change process for the VTH-IS Project is weak, specifically:

• Changes to program code moved into production without authorization
• Changes are moved to production without proper testing
• Multiple versions of code is not managed effectively to prevent

IMPACT

Changes moved into production without proper authorization could result in problems with functionality and users not being aware of additional changes made to application. Additional changes may require additional testing as well

EXPECTED CONTROLS

• Establish a change control process which ensures thatCode changes are accurate
• Only authorized changes are moved into production
• Authorized changes have been tested before moved into production
  

RISK

Prioritization of project has not been re evaluated as end of year comes closer

IMPACT

Modules needed to be in place to assure hospital functionality won't be. More emphasis placed on less critical modules will result in functionality not critical to continuous operation of hospital

EXPECTED CONTROLS

• Development plan with analysis on most critical modules needed
• Selected criteria for prioritizing modules