Meet eSAC, IIA's New Model for Technology Audits
The Foundation named its model eSAC to reflect the nature of today’s e-business models and the accompanying need for Electronic Systems Assurance and Control. A key purpose of the model is to provide management and auditors with a practical framework for relating basic assurance objectives to the dynamic environments in which companies operate today.
The basic assurance objectives included in the eSAC Model are:
- Availability: The system is able to receive, accept, process, and support transactions at all times, as required, (e.g., 7 days a week, 24 hours a day, 365 days a year).
- Capability: The system allows for end-to-end reliable, timely completion and fulfillment of all transactions.
- Functionality: The system provides necessary facilities, responsiveness, and ease-of-use to meet user needs and expectations.
- Protectability: The system includes logical and physical security controls ensure authorized access and deny unauthorized access to servers, applications, and information assets.
- Accountability: The transaction processing is accurate, complete, and non-refutable.
The model also incorporates the building blocks that make assurances possible, (i.e., people, technology, processes, investment, and communication), the external forces that impact assurances, (e.g., ever-increasing interaction, interconnectivity, and system sharing with customers, competition, regulators, community, and owners), and difficult-to-monitor intangibles, such as the speed of change and external interdependencies (e.g., providers, alliances, and agents).
Learn more  about eSAC.