An entity’s control environment (CE) can provide discipline and structure to processes ensuring operational, financial, and compliance requirements are adequately addressed. As an integrated component, technology has and will continue to influence the CE as well as assume activity change agent responsibility. Nevertheless, technological development and deployment is inextricably connected to the economic, social, political, and informational factors that prevail in the entity’s CE.
Managements’ interest in, and awareness of, IT capabilities (including those performed for the entity by Third Party Providers (TPPs)) is important in establishing an entity-wide consciousness of control issues. To determine appropriate IT control issues, an entity’s CE normally requires management define control emphasis through ‘assessments of importance’ between IT domain criteria and entity objectives.