Legislative and security requirements of audit material for evidentiary purpose

This research used the Queensland Police Service, Australia, as a major case study. Information on principles, techniques and processes used, and the reason for the recording, storing and release of audit information for evidentiary purposes is reported. It is shown that Law Enforcement Agencies have a two-fold interest in, and legal obligation pertaining to, audit trails. The first interest relates to the situation where audit trails are actually used by criminals in the commission of crime and the second to where audit trails are generated by the information systems used by the police themselves in support of the recording and investigation of crime. Eleven court cases involving Queensland Police Service audit trails used in evidence in Queensland courts were selected for further analysis. It is shown that, of the cases studied, none of the evidence presented was rejected or seriously challenged from a technical perspective. These results were further analysed and related to normal requirements for trusted maintenance of audit trail information in sensitive environments with discussion on the ability and/or willingness of courts to fully challenge, assess or value audit evidence presented. Managerial and technical frameworks for firstly what is considered as an environment where a computer system may be considered to be operating “properly” and, secondly, what aspects of education, training, qualifications, expertise and the like may be considered as appropriate for persons responsible within that environment, are both proposed. Analysis was undertaken to determine if audit and control of information in a high security environment, such as law enforcement, could be judged as having improved, or not, in the transition from manual to electronic processes. Information collection, control of processing and audit in manual processes used by the Queensland Police Service, Australia, in the period 1940 to 1980 was assessed against current electronic systems essentially introduced to policing in the decades of the 1980s and 1990s. Results show that electronic systems do provide for faster communications with centrally controlled and updated information readily available for use by large numbers of users who are connected across significant geographical locations. However, it is clearly evident that the price paid for this is a lack of ability and/or reluctance to provide improved audit and control processes. To compare the information systems audit and control arrangements of the Queensland Police Service with other government departments or agencies, an Australia wide survey was conducted. Results of the survey were contrasted with the particular results of a survey, conducted by the Australian Commonwealth Privacy Commission four years previous, to this survey which showed that security in relation to the recording of activity against access to information held on Australian government computer systems has been poor and a cause for concern. However, within this four year period there is evidence to suggest that government organisations are increasingly more inclined to generate audit trails. An attack on the overall security of audit trails in computer operating systems was initiated to further investigate findings reported in relation to the government systems survey. The survey showed that information systems audit trails in Microsoft Corporation's “Windows” operating system environments are relied on quite heavily. An audit of the security for audit trails generated, stored and managed in the Microsoft “Windows 2000” operating system environment was undertaken and compared and contrasted with similar such audit trail schemes in the “UNIX” and “Linux” operating systems. Strength of passwords and exploitation of any security problems in access control were targeted using software tools that are freely available in the public domain. Results showed that such security for the “Windows 2000” system is seriously flawed and the integrity of audit trails stored within these environments cannot be relied upon. An attempt to produce a framework and set of guidelines for use by expert witnesses in the information technology (IT) profession is proposed. This is achieved by examining the current rules and guidelines related to the provision of expert evidence in a court environment, by analysing the rationale for the separation of distinct disciplines and corresponding bodies of knowledge used by the Medical Profession and Forensic Science and then by analysing the bodies of knowledge within the discipline of IT itself. It is demonstrated that the accepted processes and procedures relevant to expert witnessing in a court environment are transferable to the IT sector. However, unlike some discipline areas, this analysis has clearly identified two distinct aspects of the matter which appear particularly relevant to IT. These two areas are; expertise gained through the application of IT to information needs in a particular public or private enterprise; and expertise gained through accepted and verifiable education, training and experience in fundamental IT products and system.

Can an effective audit committee help to mitigate earnings management in Chinese firms listed in Hong Kong?

This paper attempts to determine whether the adoption of recommended corporate governance practices by Chinese firms is associated with less earnings management proxied by abnormal accruals. We examine the role of the audit committee and ownership concentration in preventing earnings management using Chinese firms listed in Hong Kong. The results of this preliminary analysis show that the frequency of audit committee meetings is associated with reduced levels of abnormal accruals, our measure of earnings management. We conclude that audit committee activity is an important factor in constraining the propensity of managers to engage in earnings management. In contrast, we find that the size of the audit committee is associated with increased levels of abnormal accruals and suggest that increasing the size of the audit committee creates information asymmetry between the audit committee and management that reduces the monitoring capacity of the audit committee. We do not find any association between audit committee independence, financial and industry experience, or ownership concentration and abnormal accruals.

Towards beneficence for young children in research : challenges for bioethics committees

Bioethics committees are the focus of international scrutiny,particularly in relation to their application of the principle of beneficence,ensuring that risks incurred in research are outweighed by benefits to those involved directly and to the broader society. Beneficence, in turn, has become an international focus in research with young children, who hitherto had been rarely seen or heard in their own right in research.Twenty years ago, The United Nations Convention on the Rights of the Child 1989 raised global awareness of children’s human rights to both participation and protection, and articulation of children’s rights came to inform understandings of young children’s rights in research. In the intervening period, countries such as Australia came to favour child protection and risk minimisation in research over the notion of children’s bone fide participation in research. A key element of the protection regime was the theoretical understanding of young children as developmentally unable and, therefore, unfit to understand, consent to and fully participate as research participants. This understanding has been challenged in recent decades by new theoretical understandings of children’s competence, where children can be seen to demonstrate competence, even at an early age, in consenting to, participating in and withdrawing from research. The paper draws on these understandings to provide insights for human research gatekeepers, such as bioethics committees, to deal with the challenges of research with young children and to realize the benefits that may accrue to children in research.

Diarrhoea risk factors in enterally tube fed critically ill patients : a retrospective audit

Objective: Diarrhoea in the enterally tube fed (ETF) intensive care unit (ICU) patient is a multifactorial problem. Diarrhoeal aetiologies in this patient cohort remain debatable; however, the consequences of diarrhoea have been well established and include electrolyte imbalance, dehydration, bacterial translocation, peri anal wound contamination and sleep deprivation. This study examined the incidence of diarrhoea and explored factors contributing to the development of diarrhoea in the ETF, critically ill, adult patient. ---------- Method: After institutional ethical review and approval, a single centre medical chart audit was undertaken to examine the incidence of diarrhoea in ETF, critically ill patients. Retrospective, non-probability sequential sampling was used of all emergency admission adult ICU patients who met the inclusion/exclusion criteria. ---------- Results: Fifty patients were audited. Faecal frequency, consistency and quantity were considered important criteria in defining ETF diarrhoea. The incidence of diarrhoea was 78%. Total patient diarrhoea days (r = 0.422; p = 0.02) and total diarrhoea frequency (r = 0.313; p = 0.027) increased when the patient was ETF for longer periods of time. Increased severity of illness, peripheral oxygen saturation (Sp02), glucose control, albumin and white cell count were found to be statistically significant factors for the development of diarrhoea. ---------- Conclusion: Diarrhoea in ETF critically ill patients is multi-factorial. The early identification of diarrhoea risk factors and the development of a diarrhoea risk management algorithm is recommended.

Parliamentary committees are important in developing policy: evidence from a Queensland case study

Abstract This paper uses a case study to identify the impact of a Queensland parliamentary committee on policy. In 2003, the Travelsafe Committee undertook two inquiries investigating young driver and rider issues. In 2007, the Queensland Parliament passed legislation that provided the power to make regulations that changed the graduated driver licensing laws in Queensland. The analysis of the second reading speeches for this bill suggests that parliamentary committees can help set the agenda for government policy. The role of the Travelsafe Committee in this process was recognised by both government and non-government members of Parliament and by those that had been, or were currently, members of the committee and by those that had no membership experience of the Travelsafe Committee prior to the debate of the legislation. This paper suggests that in order for committees to successfully participate in policy work they need to have strong ideas, work to a consistently high standard and the chair needs to be dedicated to the work of the committee. This case study indicates the importance of parliamentary committees in the policy work of a parliament.

An analysis of the nature and effectiveness of corporate governance in smaller listed Australian companies

The objective of this thesis is to investigate the corporate governance attributes of smaller listed Australian firms. This study is motivated by evidence that these firms are associated with more regulatory concerns, the introduction of ASX Corporate Governance Recommendations in 2004, and a paucity of research to guide regulators and stakeholders of smaller firms. While there is an extensive body of literature examining the effectiveness of corporate governance, the literature principally focuses on larger companies, resulting in a deficiency in the understanding of the nature and effectiveness of corporate governance in smaller firms. Based on a review of agency theory literature, a theoretical model is developed that posits that agency costs are mitigated by internal governance mechanisms and transparency. The model includes external governance factors but in many smaller firms these factors are potentially absent, increasing the reliance on the internal governance mechanisms of the firm. Based on the model, the observed greater regulatory intervention in smaller companies may be due to sub-optimal internal governance practices. Accordingly, this study addresses four broad research questions (RQs). First, what is the extent and nature of the ASX Recommendations that have been adopted by smaller firms (RQ1)? Second, what firm characteristics explain differences in the recommendations adopted by smaller listed firms (RQ2), and third, what firm characteristics explain changes in the governance of smaller firms over time (RQ3)? Fourth, how effective are the corporate governance attributes of smaller firms (RQ4)? Six hypotheses are developed to address the RQs. The first two hypotheses explore the extent and nature of corporate governance, while the remaining hypotheses evaluate its effectiveness. A time-series, cross-sectional approach is used to evaluate the effectiveness of governance. Three models, based on individual governance attributes, an index of six items derived from the literature, and an index based on the full list of ASX Recommendations, are developed and tested using a sample of 298 smaller firms with annual observations over a five-year period (2002-2006) before and after the introduction of the ASX Recommendations in 2004. With respect to (RQ1) the results reveal that the overall adoption of the recommendations increased from 66 per cent in 2004 to 74 per cent in 2006. Interestingly, the adoption rate for recommendations regarding the structure of the board and formation of committees is significantly lower than the rates for other categories of recommendations. With respect to (RQ2) the results reveal that variations in rates of adoption are explained by key firm differences including, firm size, profitability, board size, audit quality, and ownership dispersion, while the results for (RQ3) were inconclusive. With respect to (RQ4), the results provide support for the association between better governance and superior accounting-based performance. In particular, the results highlight the importance of the independence of both the board and audit committee chairs, and of greater accounting-based expertise on the audit committee. In contrast, while there is little evidence that a majority independent board is associated with superior outcomes, there is evidence linking board independence with adverse audit opinion outcomes. These results suggest that board and chair independence are substitutes; in the presence of an independent chair a majority independent board may be an unnecessary and costly investment for smaller firms. The findings make several important contributions. First, the findings contribute to the literature by providing evidence on the extent, nature and effectiveness of governance in smaller firms. The findings also contribute to the policy debate regarding future development of Australia’s corporate governance code. The findings regarding board and chair independence, and audit committee characteristics, suggest that policy-makers could consider providing additional guidance for smaller companies. In general, the findings offer support for the “if not, why not?” approach of the ASX, rather than a prescriptive rules-based approach.

Preventing injuries on a state-wide basis : researchers and parliamentary committees are partners in turning injury prevention and safety research into practice and policy

Context: Parliamentary committees established in Westminster parliaments, such as Queensland, provide a cross-party structure that enables them to recommend policy and legislative changes that may otherwise be difficult for one party to recommend. The overall parliamentary committee process tends to be more cooperative and less adversarial than the main chamber of parliament and, as a result, this process permits parliamentary committees to make recommendations more on the available research evidence and less on political or party considerations. Objectives: This paper considers the contributions that parliamentary committees in Queensland have made in the past in the areas of road safety, drug use as well as organ and tissue donation. The paper also discusses the importance of researchers actively engaging with parliamentary committees to ensure the best evidence based policy outcomes. Key messages: In the past, parliamentary committees have successfully facilitated important safety changes with many committee recommendations based on research results. In order to maximise the benefits of the parliamentary committee process it is essential that researchers inform committees about their work and become key stakeholders in the inquiry process. Researchers can keep committees informed by making submissions to their inquiries, responding to requests for information and appearing as witnesses at public hearings. Researchers should emphasise the key findings and implications of their research as well as considering the jurisdictional implications and political consequences. It is important that researchers understand the differences between lobbying and providing informed recommendations when interacting with committees. Discussion and conclusions: Parliamentary committees in Queensland have successfully assisted in the introduction of evidence based policy and legislation. In order to present best practice recommendations, committees rely on the evidence presented to them including the results of researchers. Actively engaging with parliamentary committees will help researchers to turn their results into practice with a corresponding decrease in injuries and fatalities. Developing an understanding of parliamentary committees, and the typical inquiry process used by these committees, will help researchers to present their research results in a manner that will encourage the adoption of their ideas by parliamentary committees, the presentation of these results as recommendations within the report and the subsequent enactment of the committee’s recommendations by the government.

Driving for work : a series of organisational audit results

Previous research has indicated that road crashes are the most common form of work related fatalities (Haworth et al., 2000). Historically, industry has often taken a “silver bullet” approach developing and implementing a single countermeasure to address all their work related road safety issues, despite legislative requirements to discharge obligations through minimising risk and enhancing safety. This paper describes the results and implications from a series of work related road safety audits that were undertaken across five organisations to determine deficiencies in each organisation‟s safe driving management and practice. Researchers conducted a series of structured interviews, reviewed documentation relating to work related driving, and analysed vehicle related crash and incident records to determine each organisation‟s current situation in the management of work related road safety and driver behaviour. A number of consistent themes and issues across each organisation were identified relating to managing driver behaviour, organisational policies, incident recording and reporting, communication and education, and formalisation of key work related road safety strategies. Although organisations are required to undertake risk reduction strategies for all work related driving, the results of the research suggest that many organisations fail to systematically manage driver behaviour and mitigate work related road safety risk. Future improvements in work related road safety will require organisations to firstly acknowledge the high risk associated with drivers driving for work and secondly adopt comprehensive risk mitigation strategies in a similar manner to managing other workplace hazards.

A capabilities-based approach to obtaining a deeper understanding of information technology governance effectiveness : evidence from IT steering committees

Given the substantial investment in information technology (IT), and the significant impact IT has on organizational success, organizations consume considerable resources to manage acquisition and use of their IT resources. While various arguments proposed suggest which IT governance arrangements may work best, our understanding of the effectiveness of such initiatives is limited. We examine the relationship between the effectiveness of IT steering committee driven IT governance initiatives and firm's IT management and IT infrastructure related capabilities. We further propose that firm's ITrelated capabilities generated through IT governance initiatives should improve its business processes and firm-level performance. We test these relationships empirically by a field survey. Results suggest that firms' effectiveness of IT steering committee driven IT governance initiatives positively relates to the level of their IT-related capabilities. We also found positive relationships between IT-related capabilities and internal process-level performance. Our results also support that improvement in internal process-level performance positively relates to improvement in customer service and firm-level performance.

An exploratory study into audit challenges in IT governance : a Delphi approach

Information technology (IT) has been playing a powerful role in creating a competitive advantage for organisations over the past decades. This role has become proportionally greater over time as expectations for IT investments to drive business opportunities keep on rising. However, this reliance on IT has also raised concerns about regulatory compliance, governance and security. IT governance (ITG) audit leverages the skills of IS/IT auditors to ensure that IT initiatives are in line with the business strategies. ITG audit emerged as part of performance audit to provide an assessment of the effective implementation of ITG. This research attempts to empirically examine the ITG audit challenges in the Australian public sector. Based on literature research and Delphi research, this paper provides insights regarding the impact of, and required effort to address these challenges. The authors also present the ten major ITG audit challenges facing Australian public sector organisations today.

An analysis of the differences in audit processes used in the audit of nonprofit and profit organisations

Nonprofits constitute a large part of collective behaviour in society. Presently there is little formal research addressing the role of audits in nonprofit organisations. Before models can be developed for the production of nonprofit auditing information, it is necessary to examine the present conduct of nonprofit audits. The Australian Accounting Research Foundation - Legislation Review Board has released a position paper on the Association Incorporation Acts in Australia - the most frequently used legal form for nonprofit organisations. The Board is addressing the issue of financial statement reporting including audit. This is coinciding with the investigations resulting from the collapse of the National Safety Council (Victorian Division), (NSC). The NSC, a nonprofit organisation formed as a company limited by guarantee, is in liquidation and the auditors are being sued for damages resulting from their alleged failure to perform their duties adequately.

WSUD application audit at Gold Coast City

In recent years, Water Sensitive Urban Design (WSUD) has been strongly promoted in South East Queensland to mitigate quantity and quality issues in relation to stormwater. Gold Coast City Council has implemented WSUD devices widely for stormwater management for a number of years and is planning to continue this practice into the future. According to the planning policy of Gold Coast City Council, the adoption of WSUD practices is now mandatory for any new development within the city. As a result, Council is expected to be in possession of tens of millions of dollars of these assets in the future and will be responsible for their maintenance and long-term management. Any shortcoming in the implementation of best practice can potentially result in substantial liability for the Council in the future. However, there has been limited evaluation of WSUD systems in relation to their performance, long-term maintenance, and current knowledge gaps. It was considered that periodical audits of WSUD applications on the Gold Coast is vital to ensure that Council’s WSUD policies are continually improved to new learning and best practice is implemented and risk to Council is mitigated. After a series of stakeholder interviews within Council to understand current practical issues (weaknesses and strengths) in relation to the implementation of WSUD on the Gold Coast, a field audit comprising of condition assessment of eleven WSUD systems within four suburbs was undertaken to identify weaknesses and strengths in WSUD implementation on the Gold Coast. The outcomes of this study are presented in this paper.

A Delphi study into the audit challenges of IT governance in the Australian public sector

Information technology (IT) has been playing a powerful role in creating a competitive advantage for organisations over the past decades. This role has become proportionally greater over time as expectations for IT investments to drive business opportunities keep on rising. However, this reliance on IT has also raised concerns about regulatory compliance, governance and security. IT governance (ITG) audit leverages the skills of IS/IT auditors to ensure that IT initiatives are in line with the business strategies. ITG audit emerged as part of performance audit to provide an assessment of the effective implementation of ITG. This research attempts to empirically examine the ITG audit challenges in the public sector. Based on literature and Delphi research, this paper provides insights regarding the impact of, and required effort to address these challenges. The authors also present the ten major ITG audit challenges facing Australian public sector organisations today.