Home > Articles

  • Print
  • + Share This
This chapter is from the book

Evaluating the Use of System Performance and Monitoring Processes, Tools, and Techniques

To ensure continued availability of both software and hardware, the IT department should implement monitoring processes. These processes should include performance, capacity, and network monitoring. The IT organization should have a performance-monitoring plan that defines service levels of hardware and software. The metrics associated with service levels generally include service availability (uptime), support levels, throughput, and responsiveness. The organization should compare stated service levels against problem logs, processing schedules, job accounting system reports, and preventive maintenance reports, to ensure that hardware availability and utilization meet the stated service levels. As an example, throughput should measure the amount of work that the system performs over a period of time. In looking at an online transaction system, the number of transactions per second/minute can be used as a throughput index.

The IS auditor might need to review specific reports associated with availability and response. This list identifies log types and characteristics:

  • System logs identify the activities performed on a system and can be analyzed to determine the existence of unauthorized access to data by a user or program.

  • The review of abnormal job-termination reports should identify application jobs that terminated before successful completion.

  • Operator problem reports are used by operators to log computer operations problems and their solutions. Operator work schedules are maintained by IS management to assist in human resource planning.

  • Capacity-monitoring software to monitor usage patterns and trends enables management to properly allocate resources and ensure continuous efficiency of operations.

  • Network-monitoring devices are used to capture and inspect network traffic data. The logs from these devices can be used to inspect activities from known or unknown users to find evidence of unauthorized access.

  • System downtime provides information regarding the effectiveness and adequacy of computer preventive maintenance programs and can be very helpful to an IS auditor when determining the efficacy of a systems-maintenance program.

  • + Share This
  • 🔖 Save To Your Account