BAMB loses vital data in IT system crash

MONKAGEDI GAOTLHOBOGWE
Staff Writer | Friday November 12, 2010 00:00

The entire IT system for the Botswana Agricultural Marketing Board (BAMB), including the back up server, crashed on April 29, 2010, resulting in the loss of all data in the process. The data lost is from the month of September 2009. The annual report for the parastatal says the cause of the crash is still unknown.

As a result of the crash the external audit had been delayed and accounts for the year ending March 2010 were not yet available, says the report.

The internal auditor also reported that she conducted her own audit on the crash mainly to establish adequacies of controls in place.

Her findings revealed that access to the server room was not controlled and too many IT consultants had been engaged to handle the BAMB IT system.The auditor also found that the back up server at Gaborone West branch and the local server were linked, which may have led to a simultaneous crash.

The auditor also found that the power backup system, UPS, was of a shorter lifespan, lasting 1 hour 30 minutes, which meant that in cases of power cuts the UPS was not of much help. According to the report this was not the first time the IT System at BAMB crashed. However the report says the finance manager reported that the IT system had been resuscitated and that data recovery was going well, and estimated that the external audit will be completed ahead of the October board meeting. (Mmegi was not in a position to ascertain whether the external audit is now complete).

To avoid recurrence of a further crash, a more robust system, with five independent disks had been installed to ensure business continuity. The report says an additional server has been acquired and placed outside BAMB headquarters premises. Daily manual backup system had also been introduced in addition to the existing backup system.

Grant Thornton, in their report said BAMB's IT system revealed that the backup procedures were not tested and assessed as being effective and warned that backups might be done but if they are not effective then data can still be lost.

The auditors advised that BAMB test the backup system at least once every six months and see to it that the backups that are being done are effective, by simulating a disaster and restoring the data from the backup using a redundant computer system.

Grant Thornton also noted that access to the computer systems are not logged. There are no audit trails of who attempted to use the systems and how many times they failed/were granted access. This information is important for the organisation to determine unauthorised attempts, etc. there are also no controls to review the logs that could have been generated by the systems.