Auditability Requirements
- Auditability Requirement
- any user-oriented
quality requirement
that specifies a minimum required amount of the
quality factor
auditability
The typical objectives of a auditability requirement are
to:
- Ensure that adequate records are stored to:
- Support financial audits.
- Determine whether financial transactions have occurred
as claimed.
Auditability requirements are typically specified in terms
of the following measurements:
The following are typical examples of auditability
requirements for an online auction website:
- “The application shall store the following
information about each auction for a minimum of one year:
- Auction identifier.
- Item title and description.
- Auction type.
- Seller.
- Bid history.
- Auction results.
- Start and end dates and times.
- Winning buyers (if any).
- Winning bid(s).”
- “The application shall store the following
information about each invoice for a minimum of one year:
- Invoice identifier.
- Invoice period (dates).
- Seller.
- Auctions and associated charges.
- Total charge.”
- “The application shall store the following
information about each payment for a minimum of one year:
- Payment identifier.
- Seller.
- Payment date.
- Payment amount.
- Payment form.”
The following guidelines have been found to be useful when
producing auditability requirements:
- The scope of an auditability requirement can be:
- Auditability requirements can be identified and specified
in term of the following:
| Component of
Requirement |
Possibile Values |
| TBD |
TBD |
- Ensure that all auditable financial information is
stored.
- Ensure that such information is stored for an adequate
period of time.
- Check with the subject matter experts in the legal
department of the customer organization to determine what
information to store and how long it should be stored.
- All of the information may need not to be stored using
the same mechanism. For example, recent information is more
likely to be accessed than older information, which can be
archived off site. However, do not specify such design
decisions as auditability requirements