Arguably, data security is the most significant domain supporting information reliability. Entity oversight committees should monitor control activities for on-going relevance and effectiveness as well as responses to information security recommendations. If installed systems are inadequately protected, data may not be properly processed. An entity’s IT employees need to bring a fundamental understanding of operational requirements and security to their respective professional duties to ensure sustained confidentiality, integrity, and availability are achieved through appropriate consideration of control assessment results.
“View Part I of the Control Assessments series here“