Understanding the Problem with IT and Business Opinions on Application Server Availability

B.

When IT and the business have different opinions on the availability of their application servers, the IS auditor needs to determine the root cause of the issue. To understand the problem, the IS auditor should review the following options:

A. The regular performance-reporting documentation: This option may provide information on the past performance of the application servers but may not provide insights into the current issues causing the differences in opinions between IT and the business. Therefore, it may not be the best place to start.

B. The exact definition of the service levels and their measurement: This option is an important consideration for understanding the differences in opinion. It will help to determine if there is a mismatch between the expectations of IT and the business for availability. The IS auditor should review the Service Level Agreements (SLAs) between the IT and business to verify that both parties have agreed on the same level of availability.

C. The alerting and measurement process on the application servers: This option involves reviewing how alerts are triggered, and how availability is measured. This will help to determine if there is a flaw in the process leading to the different opinions on the availability of the application servers.

D. The actual availability of the servers as part of a substantive test: This option will provide information on the current state of the application servers, but it should not be the first option to consider. It would be more efficient to review the service level agreements and alerting and measurement process before conducting substantive tests.

Therefore, the IS auditor should review the exact definition of the service levels and their measurement (option B) first to understand the problem.