Problem
- The use of information technology has evolved from isolated,
back office functions to permeate all forms of business functions
- The reliance on information technology has broadened from
the enterprise level to the inter-enterprise level
- The inter-enterprise relationships cross industry, national,
and other boundaries
Trust and assurance are no longer for internal consumption,
but must be conveyed beyond the enterprise to customers, regulators,
and trading partners
Problem
(continued)
The evolution of inter-enterprise use of information technology
demands the use of trusted parties in the information technology
domain
- The variety of relationships among enterprises requires a
variety of trust models
- Private trust of one enterprise by another
- Private trust between two or more enterprises
- Public trust of an enterprise
Problem
(continued)
- That trust may exist in time differently among different enterprises
- That trust may be of differing levels
Need
Methods and standards to assess and attest to assurance in
information technology and its related operations are needed for
a broad-range of applications
- One time and continuous
- Public and private
- High, medium, and low
- Acceptance of standards are needed that cross industry, national,
and other boundaries
Need
(continued)
- Various levels or strengths of attestation are needed
- Self attested
- Third party attestation
- "Trusted" third
party attestation
- Assurance attestation liability and legal responsibilities
need to be established
Some Available Methods
Control Objectives and Procedures
- American Institute of Certified Public Accountants (AICPA)
Statement on Auditing Standards (SAS)
- Provides accepted policy, procedures, and controls for general
use in auditing financial statements
- Accounts for control objectives established by outside party
- For example:
- No. 55 - Consideration of the Internal Control Structure in
a Financial Statement Audit (with amendments)
- No. 70 - Reports on the Processing of Transactions by Service
Organizations