This article summarizes U.S. Sarbanes-Oxley Act section 404 internal control reports that reveal material weaknesses due to inadequate disaster recovery planning. According to the authors, Section 404 applies to public companies with over $75 million in public float. They advise that auditors evaluating internal control over financial reporting must consider key information technology-related risks and controls that affect financial reporting, including issues related to disaster recovery planning.
Hermanson, Dana R., Daniel M. Ivancevich, and Susan H. Ivancevich. "Disaster Recovery Planning: What Section 404 Audits Reveal." CPA Journal 77.12 (2007): 60-62.