MO03: Assurance Reviews

Description | Activities | KGI | KPI | CSF | More Info | Previous CO | Next CO | CO Summary

Version 1.0 Printable Version

Version History

1. Description

2. Service Activities

3. Key Goal Indicators

• Index of senior management satisfaction and comfort with reporting on internal control monitoring
• Decreased probability of internal control incidents
• Positive external qualification and certification reports
• Number of control improvement initiatives
• Absence of regulatory or legal non-compliance events
• Decreased number of security incidents and quality defects

4. Key Performance Indicators

• Number and coverage of control selfassessments
• Timeliness between internal control deficiency occurrence and reporting
• Number, frequency and coverage of internal compliance reports
• Number of timely actions on internal control issues
• Number of control improvements stemming from root cause analysis

5. Critical Success Factors

• Management clearly defines what components of the processes need to be controlled
• Internal control, compliance and internal audit responsibilities are clearly understood
• Competence and authority of the internal control compliance function exist, addressing delegation as appropriate
• A properly defined IT control process framework is in place
• A clear process is used for timely reporting of internal control deficiencies
• Internal control monitoring data is accurate, complete and timely
• There is management commitment to act on internal control deficiencies
• There is alignment with risk assessment and security processes
• A process is in place to support knowledge sharing on internal control incidents and solutions

6. Additional Information

Maturity Level Characteristics

---