Legislative and security requirements of audit material for evidentiary purpose

This research used the Queensland Police Service, Australia, as a major case study. Information on principles, techniques and processes used, and the reason for the recording, storing and release of audit information for evidentiary purposes is reported. It is shown that Law Enforcement Agencies have a two-fold interest in, and legal obligation pertaining to, audit trails. The first interest relates to the situation where audit trails are actually used by criminals in the commission of crime and the second to where audit trails are generated by the information systems used by the police themselves in support of the recording and investigation of crime. Eleven court cases involving Queensland Police Service audit trails used in evidence in Queensland courts were selected for further analysis. It is shown that, of the cases studied, none of the evidence presented was rejected or seriously challenged from a technical perspective. These results were further analysed and related to normal requirements for trusted maintenance of audit trail information in sensitive environments with discussion on the ability and/or willingness of courts to fully challenge, assess or value audit evidence presented. Managerial and technical frameworks for firstly what is considered as an environment where a computer system may be considered to be operating “properly” and, secondly, what aspects of education, training, qualifications, expertise and the like may be considered as appropriate for persons responsible within that environment, are both proposed. Analysis was undertaken to determine if audit and control of information in a high security environment, such as law enforcement, could be judged as having improved, or not, in the transition from manual to electronic processes. Information collection, control of processing and audit in manual processes used by the Queensland Police Service, Australia, in the period 1940 to 1980 was assessed against current electronic systems essentially introduced to policing in the decades of the 1980s and 1990s. Results show that electronic systems do provide for faster communications with centrally controlled and updated information readily available for use by large numbers of users who are connected across significant geographical locations. However, it is clearly evident that the price paid for this is a lack of ability and/or reluctance to provide improved audit and control processes. To compare the information systems audit and control arrangements of the Queensland Police Service with other government departments or agencies, an Australia wide survey was conducted. Results of the survey were contrasted with the particular results of a survey, conducted by the Australian Commonwealth Privacy Commission four years previous, to this survey which showed that security in relation to the recording of activity against access to information held on Australian government computer systems has been poor and a cause for concern. However, within this four year period there is evidence to suggest that government organisations are increasingly more inclined to generate audit trails. An attack on the overall security of audit trails in computer operating systems was initiated to further investigate findings reported in relation to the government systems survey. The survey showed that information systems audit trails in Microsoft Corporation's “Windows” operating system environments are relied on quite heavily. An audit of the security for audit trails generated, stored and managed in the Microsoft “Windows 2000” operating system environment was undertaken and compared and contrasted with similar such audit trail schemes in the “UNIX” and “Linux” operating systems. Strength of passwords and exploitation of any security problems in access control were targeted using software tools that are freely available in the public domain. Results showed that such security for the “Windows 2000” system is seriously flawed and the integrity of audit trails stored within these environments cannot be relied upon. An attempt to produce a framework and set of guidelines for use by expert witnesses in the information technology (IT) profession is proposed. This is achieved by examining the current rules and guidelines related to the provision of expert evidence in a court environment, by analysing the rationale for the separation of distinct disciplines and corresponding bodies of knowledge used by the Medical Profession and Forensic Science and then by analysing the bodies of knowledge within the discipline of IT itself. It is demonstrated that the accepted processes and procedures relevant to expert witnessing in a court environment are transferable to the IT sector. However, unlike some discipline areas, this analysis has clearly identified two distinct aspects of the matter which appear particularly relevant to IT. These two areas are; expertise gained through the application of IT to information needs in a particular public or private enterprise; and expertise gained through accepted and verifiable education, training and experience in fundamental IT products and system.

Bridging technical and HCI research : creating usable ubiquitous computing

This paper describes methods used to support collaboration and communication between practitioners, designers and engineers when designing ubiquitous computing systems. We tested methods such as “Wizard of Oz” and design games in a real domain, the dental surgery, in an attempt to create a system that is: affordable; minimally disruptive of the natural flow of work; and improves human-computer interaction. In doing so we found that such activities allowed the practitioners to be on a ‘level playing ground’ with designers and engineers. The findings we present suggest that dentists are willing to engage in detailed exploration and constructive critique of technical design possibilities if the design ideas and prototypes are presented in the context of their work practice and are of a resolution and relevance that allow them to jointly explore and question with the design time. This paper is an extension of a short paper submitted to the Participatory Design Conference, 2004.

Technical support and professional development : using remote desktops to address bottlenecks in music technology

This paper presents research findings about the use of remote desktop applications to teach music sequencing software. It highlights the successes, shortcomings and interactive issues encountered during a pilot project with a theoretical focus on a specific interactive bottleneck. The paper proposes a new delivery and partnership model to widen this bottleneck, which currently hinders interactions between the technical support, education and professional development communities in music technology.

Comparative study : health research on traffic noise pollution vs. Technical research on traffic noise mitigation

Community awareness and the perception on the traffic noise related health impacts have increased significantly over the last decade resulting in a large volume of public inquiries flowing to Road Authorities for planning advice. Traffic noise management in the urban environment is therefore becoming a “social obligation”, essentially due to noise related health concerns. Although various aspects of urban noise pollution and mitigation have been researched independently, an integrated approach by stakeholders has not been attempted. Although the current treatment and mitigation strategies are predominantly handled by the Road Agencies, a concerted effort by all stakeholders is becoming mandatory for effective and tangible outcomes in the future. A research project is underway a RMIT University, Australia, led by the second author to consider the use of “hedonic pricing” for alternative noise amelioration treatments within the road reserve and outside the road reserve. The project aims to foster a full range noise abatement strategy encompassing source, path and noise receiver. The benefit of such a study would be to mitigate the problem where it is most effective and would defuse traditional “authority” boundaries to produce the optimum outcome. The project is conducted in collaboration with the Department of Main Roads Queensland, Australia and funded by the CRC for Construction Innovation. As part of this study, a comprehensive literature search is currently underway to investigate the advancements in community health research, related to environmental noise pollution, and the advancements in technical and engineering research in mitigating the issue. This paper presents the outcomes of this work outlining state of the art, national and international good practices and gap analysis to identify major anomalies and developments.

Desktop Audit and Analysis of Model Server Capability

This report presents the current state and approach in Building Information Modelling (BIM). The report is focussed at providing a desktop audit of the current state and capabilities of the products and applications supporting BIM. This includes discussion on BIM model servers as well as discipline specific applications, for which the distinction is explained below. The report presented here is aimed at giving a broad overview of the tools and applications with respect to their BIM capabilities and in no way claims to be an exhaustive report for individual tools. Chapter 4 of the report includes the research and development agendas pertaining to the BIM approach based on the observations and analysis from the desktop audit.

An examination of the utility of the AUDIT in people with schizophrenia

Objective: To examine the reliability and validity of the Alcohol Use Disorders Identification Test (AUDIT) compared to a structured diagnostic interview, the Composite international Diagnostic Interview (CIDI; 12-month version) in psychiatric patients with a diagnosis of schizophrenia. Method: Patients (N = 71, 53 men) were interviewed using the CIDI (Alcohol Misuse Section; 12-month version) and then completed the AUDIT. Results: The CIDI identified 32.4% of the sample as having an alcohol use disorder. Of these, 5 (7.0%) met diagnostic criteria for harmful use of alcohol, 1 (1.4%) met diagnostic criteria for alcohol abuse and 17 (23.9%) met diagnostic criteria for alcohol dependence. The AUDIT was found to have good internal reliability (coefficient = 0.85). An AUDIT cutoff of greater than or equal to 8 had a sensitivity of 87% and specificity of 90% in detecting CIDI-diagnosed alcohol disorders. All items except Item 9 contributed significantly to discriminant validity. Conclusions: The findings replicate and extend previous findings of high rates of alcohol use disorders in people with severe mental illness. The AUDIT was found to be reliable and valid in this sample and can be used with confidence as a screening instrument for alcohol use disorders in people with schizophrenia.

Internal audit quality, audit committee independence, growth opportunities and firm performance

This study explores whether the relation between internal audit quality and firm performance is associated with firm characteristics of information asymmetry and uncertainty (growth opportunities) and certain governance controls (audit committee effectiveness). The results from this preliminary study of 60 Malaysian companies show that the association between internal audit quality and firm performance is stronger for firms with high growth opportunities and that this positive association is weakened by increasing audit committee independence. These findings demonstrate the internal auditors conflicting roles and question the governance recommendations that require all members of the audit committee to be non-executive directors.

An extended CDIO syllabus framework with preparatory engineering proficiencies

The CDIO Initiative has been globally recognised as an enabler for engineering education reform. With the CDIO process, the CDIO Standards and the CDIO Syllabus, many scholarly contributions have been made around cultural change, curriculum reform and learning environments. In the Australasian region, reform is gaining significant momentum within the engineering education community, the profession, and higher education institutions. This paper presents the CDIO Syllabus cast into the Australian context by mapping it to the Engineers Australia Graduate Attributes, the Washington Accord Graduate Attributes and the Queensland University of Technology Graduate Capabilities. Furthermore, in recognition that many secondary schools and technical training institutions offer introductory engineering technology subjects, this paper presents an extended self-rating framework suited for recognising developing levels of proficiency at a preparatory level. The framework is consistent with conventional application to undergraduate programs and professional practice, but adapted for the preparatory context. As with the original CDIO framework with proficiency levels, this extended framework is informed by Bloom’s Educational Objectives. A proficiency evaluation of Queensland Study Authority’s Engineering Technology senior syllabus is demonstrated indicating proficiency levels embedded within this secondary school subject within a preparatory scope. Through this extended CDIO framework, students and faculty have greater awareness and access to tools to promote (i) student engagement in their own graduate capability development, (ii) faculty engagement in course and program design, through greater transparency and utility of the continuum of graduate capability development with associate levels of proficiency, and the context in which they exist in terms of pre-tertiary engineering studies; and (iii) course maintenance and quality audit methodology for the purpose of continuous improvement processes and program accreditation.