Technology deployment and associated management information systems can provide a competitive advantage as well as increased control requirements. Legal noncompliance risks are an irrefutable fact, where consequences range from significant financial penalties to the threat of damage to an entity’s reputation. IT auditors are indirectly, if not directly, an entity control mechanism assuring mandated compliance expectations are adequately addressed by management. In one form or another, ensuring legal compliance serves as a significant information security audit objective for most entities. Amplifying information security criticality is the number of IAP related laws and regulations impacting compliance expectations.
Bakman, Alex. “If Compliance Is So Critical, Why Are We Still Failing Audits? How to Minimize Failure and Make the Audit Process Easier.” Information Systems Control Journal, vol. 5 (2007).
Generally Accepted Information Security Principles Committee. GAISP V3.0. N.p.: Information Systems Security Association, 2004.