Abstract
M.Comm.
Internet applications are increasingly being applied by businesses to manage and send information. As the Internet is an open network for use by anyone in the world, the business and auditor need to ensure that it's information integrity and security is not compromised in any way and that the risks are managed.
This short dissertation attempts to define information security and integrity by means of an acknowledged security control model (COBIT) and then uses this control model as a measurement and risk identification tool in the SAP Internet application environment.
The author then attempts to formulate generic audit guidelines for this environment, which the auditor can use as future reference.
It was possible to define information security and integrity based on the COBIT framework and the definition is regarded as adequate. Information security and integrity risks are impacted by the hardware infrastructure environment as well as the software functionality. It is accepted that functionality of Internet applications will change, differ and increase as more vendors make different solutions available to the market. The auditor therefore needs to assess the impact of the different functionalities, and consequently control risks and audit procedures will differ.