This may seem like a common sense statement to make, but unfortunately many organisations do not take back ups of their computer data, or if they do, the back up sits next to the computer which means it would also be damaged, destroyed if a fire occurred or could also be stolen if the organisation was broken into.
There are a number of alternatives for how to appropriately store computer backups, but you need to investigate the options thoroughly.
For example, I was reviewing procedures for an educational facility and found that the IT manager was taking backups home. Unfortunately these backups held information on students and could fall into the wrong hands if the manager’s house was broken into.
Another example, if for small organisations such as sporting clubs which may have the treasurer maintain the accounting records from home. The club needs to determine the best option for maintaining the back up of data. This may be to have one or two other members of the board keep regular back ups in their home safes.
For larger organisations, a safe deposit box at a bank is always a good option.
Other options exist. For example, if you already have an offsite storage facility for your paper records, this may also entitle you to safely store your electronic back ups. You should investigate such options with your provider. However other back up facilities such as online back ups, but these should be investigated thoroughly. For example, who else has access to your information if you are using an online back up service?
Back ups are not just a function of disaster recovery. As an organisation, records need to be maintained for a set period of time (eg. Five years), you should ensure you have a back up methodology that allows you to recover records for that period. This does not mean you have to keep every back up. For example, you may want to keep monthly, quarterly or yearly back ups.
But how does this relate to fraud? There are a few issues:
- Back ups can show how, over a period of time, a person has hidden the fraud they have committed;
- Back ups may be the only way to restore records after the fraudster has decided to destroy any evidence they believe may incriminate them;
- Back ups of programs other than the accounting program (eg emails) can provide a lot of useful information to the investigation such as who the perpetrator has had contact with (eg. Discussions with a real estate agent about purchasing property which may be able to be recovered);
- If the fraud is referred to law enforcement, back ups may be required as evidence.