Review Question Why should an organization conduct monitoring activities? |
To ensure the achievement of IT process objectives, management should establish a system for defining performance indicators (service levels), gathering performance data, and generating performance reports. Management should review these reports to measure progress toward identified goals. Independent audits or evaluations should be conducted on a regular basis to increase confidence that IT objectives are being achieved, that controls are in place, and to benefit from advice regarding best practices for IT.
The WebTrust Seal of Assurance discussed in Chapter 4 is one example of an independent review of IT processes that an organization might obtain. Another service, introduced by the AICPA and the Canadian Institute of Chartered Accountants in 1999, is SysTrust. In a SysTrust engagement, the CA or CPA tests a system to provide assurance that the system meets four criteria (see the qualities of information in Table 1.1): availability, security, integrity, and maintainability, while conducting business over the Web. |
Similar services to Webtrust and Systrust are offered by many IT consulting and Internet security firms. Check your favorite Web sites to see if they host any “seals of approval” of their transaction security, privacy protection, or system reliability.
- 2523 reads