SERVQUAL: Tangible Dimension
For auditors, the tangible dimension is based largely on
facility and staff appearance. Looking professional is essential
to being respected and successful in business environments.
Understanding what one’s attire is communicating and how
best to represent oneself and one’s company during an audit
engagement can influence customer perception.
A polished personal image is as important as an
organization’s polished image. Proper business attire should
be followed irrespective of age, gender or client. Queen
Elizabeth II of England is reported to have said, “Dress
gives one the outward sign from which people can judge
the inward state of mind. One they can see, the other they
cannot.” Expectations in dress may vary, but when in doubt,
it is always best to dress slightly more formally than may be
necessary. Overdressing may make a positive impression on
your peers or superiors; underdressing may be perceived as
lacking professionalism, savvy or competence.
SERVQUAL: Empathy Dimension
Extending caring, individualized service is a critical element
for success, as it is all about retention—keeping customers
inside the loyalty loop as long as possible. Research indicates
that improving retention rates can increase profitability. 8
A SAS 70 audit should be a security awareness process
that engages and educates the customer in ways to better
secure the organization’s IT resources. A broad base of
informed workers is a cost-effective way to mitigate security
risks and better assist auditors. To bring about security
awareness, auditors must be willing to relinquish a measure
of control as they learn to facilitate risk reduction through
effective communication. Once customers are empowered to
realize that they have the resources and authority to better
safeguard the organization’s information assets, their actions
could respond accordingly. An essential part of developing
security awareness is to engage the auditee and allow the
auditor to experience a paradigm shift—in which auditors
begin to comprehend the problems they unintentionally create
by their mere presence. Such actions epitomize empathy while
individualizing services to the customer’s vantage point.
SERVQUAL: Responsiveness Dimension
The responsiveness dimension examines an auditor’s willingness
to help and respond to customer needs. Responsiveness
encompasses an auditor’s objectivity; soft skills; and some
general understanding of the social psychology of conducting
a security audit and the need to understand the customer’s
thoughts, feelings, behaviors and influences.
The human psychology of the audit client or customer
(when collecting and evaluating evidence of an organization’s
information systems, practices and operations) is often
overlooked, with emphasis usually placed on the process and
not the customer. Arguably, auditing is a human relationship
business. As such, auditors should understand the social
psychology or the people-side of auditing, beyond the standards,
procedures and best practices. Clearly, it is important to
understand the process of obtaining and evaluating evidence to
determine whether an information system adequately safeguards
assets and maintains data integrity while operating effectively
and efficiently to achieve the organization’s goals and objectives.
However, understanding the social psychology of IT
security auditing is as important as the auditing processes and
procedures. Persuading audit clients to become more security-conscious may involve finding ways to overcome auditing
anxiety by effectively communicating with customers and letting
them know what they are expected to do and what the auditor
is willfully doing to support their efforts to reasonably safeguard
the organization’s information assets. 9
