Compliance review: Level 6

Specifies organisational procedures for the internal or third-party assessment of an activity, process, product or service, against recognised criteria, such as BS EN ISO 9000/14000. Develops plans for review of technology systems, including the review of implementation and use of standards and the effectiveness of operational and process controls. May manage the review, conduct the review or manage third party reviewers. Identifies areas of risk and specifies interrogation programs. Recommends improvements in processes and control procedures. Provides advice and guidance. Authorises the issue of formal reports to management on the extent of compliance of systems with standards, regulations and/or legislation.

Compliance review: Level 5

Evaluates and independently appraises the internal control of automated business processes, based on investigative evidence and assessments undertaken by self or team. Ensures that independent appraisals follow agreed procedure and advises others on the review process. Provides advice to management on ways of improving the effectiveness and efficiency of their control mechanisms. Identifies and evaluates associated risks and how they can be reduced.

Compliance review: Level 4

Plans programmes to review activities, processes, products or services. Collects, collates and examines records as part of specified testing strategies for evidence of compliance with management directives, or the identification of abnormal occurrences. Analyses evidence collated and drafts part or all of formal reports commenting on the conformance found to exist in the reviewed part of an information systems environment.

Compliance review: Level 3

Collects and collates evidence as part of a formally conducted and planned review of activities, processes, products or services. Examines records as part of specified testing strategies for evidence of compliance with management directives, or the identification of abnormal occurrences.