Meet eSAC, IIA's New Model for Technology Audits | AccountingWEB

Meet eSAC, IIA's New Model for Technology Audits

At Fidelity Investments, the internal auditors use a heat map to discuss concerns and issues related to information technology (IT). The heat map communicates priorities and potential consequences though a range of colors from gray or white (cool) through blue and green to yellow (caution)and orange or red (hot). This innovative presentation is based on the eSAC Model recently developed by the Research Foundation of the Institute of Internal Auditors (IIA).

The Foundation named its model eSAC to reflect the nature of today’s e-business models and the accompanying need for Electronic Systems Assurance and Control. A key purpose of the model is to provide management and auditors with a practical framework for relating basic assurance objectives to the dynamic environments in which companies operate today.

The basic assurance objectives included in the eSAC Model are:

  • Availability: The system is able to receive, accept, process, and support transactions at all times, as required, (e.g., 7 days a week, 24 hours a day, 365 days a year).
  • Capability: The system allows for end-to-end reliable, timely completion and fulfillment of all transactions.
  • Functionality: The system provides necessary facilities, responsiveness, and ease-of-use to meet user needs and expectations.
  • Protectability: The system includes logical and physical security controls ensure authorized access and deny unauthorized access to servers, applications, and information assets.
  • Accountability: The transaction processing is accurate, complete, and non-refutable.

The model also incorporates the building blocks that make assurances possible, (i.e., people, technology, processes, investment, and communication), the external forces that impact assurances, (e.g., ever-increasing interaction, interconnectivity, and system sharing with customers, competition, regulators, community, and owners), and difficult-to-monitor intangibles, such as the speed of change and external interdependencies (e.g., providers, alliances, and agents).

Learn more about eSAC.

-Rosemary Schlank

Wait, there's more!
There's always more at AccountingWEB. We're an active community of financial professionals and journalists who strive to bring you valuable content every day. If you'd like, let us know your interests and we'll send you a few articles every week either in taxation, practice excellence, or just our most popular stories from that week. It's free to sign up and to be a part of our community.
Premium content is currently locked

Editor's Choice

WHAT KIND OF FIRM ARE YOU?
As part of our continued effort to provide valuable resources and insight to our subscribers, we're conducting this brief survey to learn more about your personal experiences in the accounting profession. We will be giving away five $50 Amazon gift cards, and a $250 Amazon gift card to one lucky participant.
This is strictly for internal use and data will not be sold
or shared with any third parties.