Modern businesses are organized as a set of core processes operating within supply and demand networks. Almost every organization in the world is faced with increasing pressure for effectiveness and efficiency (i.e., higher quality requirements for products and services, increased revenue, cost reduction, new product development), a pressure for better, faster and cheaper processes. These increasingly complex operating networks are supported by available communication technologies (mainly the Internet), allowing businesses to focus on their core competencies and partner with others to deliver enhanced value to customers; thereby, complexity introduces multiple avenues of threats and vulnerabilities.

The transformation of the old processes is enabled by new communication channels. These channels provide new linking possibilities among different systems and networks, making them available to more people and letting the organizations and their processes interact (e.g., e-procurement and e-sourcing).

Record Keeping
Records should be in sufficient detail to support the findings and conclusions reached as a result of the testing to:

Defend against accusations of unethical or unauthorized practices against the IS auditor performing the test

Provide the organization with a detailed description of the weaknesses and how they were identified and exploited

Provide an audit log for future testing to provide reasonable assurance that vulnerabilities identified have been addressed

Demonstrate the possibility and risk of unauthorized access from any determined/willing attacker possessing the skills