Hello Clifford,
Thank you for taking your time to review and offer a response to my post. Allow me to follow up on your post based on the statement “you do not remember any time a customer audit asks for implementation data.” The practice means the organization is already putting more emphasis on certification at the expense of auditing. The risk is the lack of information system audits that could help support all the outcomes of functions that, if stressed, can help gain a competitive advantage. Nonetheless, we need to agree that an audit’s results will only be as good as the effort placed if certification and auditing are allowed to work together. Separating one and working with another will not generate the same results. It is for this reason that studies such as Leem and Lee (2004) have acknowledged that the objective and scope of the audit must succinctly work in tandem with the goals of the organization through combining certification and system audits.
DJ
Leem, C. S., & Lee, H. J. (2004). Development of certification and audit processes of an application service provider for IT outsourcing. Technovation, 24(1), 63-71.