• Reliability; and
• Compliance with legal and regulatory requirements.
Underpinning these goals and objectives is the need to ensure information technology, and the controls supporting such technology, assists the organization to achieve its business objectives (effectiveness) with appropriate use of resources (efficiency).
Confidentiality concerns the protection of sensitive information from unauthorized disclosure. Consideration needs to be given to the level of sensitivity to the data, as this will determine how stringent controls over its access should be. Management need assurance of the organization’s ability to maintain information confidential, as compromises in confidentiality could lead to significant public reputation harm, particularly where the information relates to sensitive client data.
Integrity refers to the accuracy and completeness of information as well as to its validity in accordance with business values and expectations. This is an important audit objective to gain assurance on because it provides assurance to both management and external report users that the information produced by the organization’s information systems can be relied and trusted upon to make business decisions.
Availability relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities. Given the high-risk nature of keeping important information stored on computer systems, it is important that organizations gain assurance that the information they need for decision-making is available when required. This implies ensuring that the organization has measures in place to ensure business continuity and ensuring that recovery can be made in a timely manner from disasters so that information is available to users as and when required.
Reliability refers to the degree of consistency of a system or the ability of a system (or component) to perform its required function under stated conditions. Reliability is an important audit objective in order to provide assurance that the system consistently operates and performs its stated functions as expected.
• Compliance with Legal and Regulatory Requirements
Compliance deals with complying with those laws, regulations and contractual obligations to which the business process is subject, that is, externally imposed business criteria. Management and key stakeholders require assurance that necessary compliance procedures have been put in place, as there is a potential risk that the organization could incur penalties should legal and regulatory procedures not be enforced.