Legislative and security requirements of audit material for evidentiary purpose

This research used the Queensland Police Service, Australia, as a major case study. Information on principles, techniques and processes used, and the reason for the recording, storing and release of audit information for evidentiary purposes is reported. It is shown that Law Enforcement Agencies have a two-fold interest in, and legal obligation pertaining to, audit trails. The first interest relates to the situation where audit trails are actually used by criminals in the commission of crime and the second to where audit trails are generated by the information systems used by the police themselves in support of the recording and investigation of crime. Eleven court cases involving Queensland Police Service audit trails used in evidence in Queensland courts were selected for further analysis. It is shown that, of the cases studied, none of the evidence presented was rejected or seriously challenged from a technical perspective. These results were further analysed and related to normal requirements for trusted maintenance of audit trail information in sensitive environments with discussion on the ability and/or willingness of courts to fully challenge, assess or value audit evidence presented. Managerial and technical frameworks for firstly what is considered as an environment where a computer system may be considered to be operating “properly” and, secondly, what aspects of education, training, qualifications, expertise and the like may be considered as appropriate for persons responsible within that environment, are both proposed. Analysis was undertaken to determine if audit and control of information in a high security environment, such as law enforcement, could be judged as having improved, or not, in the transition from manual to electronic processes. Information collection, control of processing and audit in manual processes used by the Queensland Police Service, Australia, in the period 1940 to 1980 was assessed against current electronic systems essentially introduced to policing in the decades of the 1980s and 1990s. Results show that electronic systems do provide for faster communications with centrally controlled and updated information readily available for use by large numbers of users who are connected across significant geographical locations. However, it is clearly evident that the price paid for this is a lack of ability and/or reluctance to provide improved audit and control processes. To compare the information systems audit and control arrangements of the Queensland Police Service with other government departments or agencies, an Australia wide survey was conducted. Results of the survey were contrasted with the particular results of a survey, conducted by the Australian Commonwealth Privacy Commission four years previous, to this survey which showed that security in relation to the recording of activity against access to information held on Australian government computer systems has been poor and a cause for concern. However, within this four year period there is evidence to suggest that government organisations are increasingly more inclined to generate audit trails. An attack on the overall security of audit trails in computer operating systems was initiated to further investigate findings reported in relation to the government systems survey. The survey showed that information systems audit trails in Microsoft Corporation's “Windows” operating system environments are relied on quite heavily. An audit of the security for audit trails generated, stored and managed in the Microsoft “Windows 2000” operating system environment was undertaken and compared and contrasted with similar such audit trail schemes in the “UNIX” and “Linux” operating systems. Strength of passwords and exploitation of any security problems in access control were targeted using software tools that are freely available in the public domain. Results showed that such security for the “Windows 2000” system is seriously flawed and the integrity of audit trails stored within these environments cannot be relied upon. An attempt to produce a framework and set of guidelines for use by expert witnesses in the information technology (IT) profession is proposed. This is achieved by examining the current rules and guidelines related to the provision of expert evidence in a court environment, by analysing the rationale for the separation of distinct disciplines and corresponding bodies of knowledge used by the Medical Profession and Forensic Science and then by analysing the bodies of knowledge within the discipline of IT itself. It is demonstrated that the accepted processes and procedures relevant to expert witnessing in a court environment are transferable to the IT sector. However, unlike some discipline areas, this analysis has clearly identified two distinct aspects of the matter which appear particularly relevant to IT. These two areas are; expertise gained through the application of IT to information needs in a particular public or private enterprise; and expertise gained through accepted and verifiable education, training and experience in fundamental IT products and system.

Marketing VM services to achieve competitive advantage in the Malaysian Construction Sector

Value Management (VM) has been proven to provide a structured framework, together with supporting tools and techniques that facilitate effective decision-making in many types of projects, thus achieving ‘best value’ for clients. It is identified at International level as a natural career progression for the construction service provider and as an opportunity in developing leading-edge skills. The services offered by contractors and consultants in the construction sector have been expanding. In an increasingly competitive and global marketplace, firms are seeking ways to differentiate their services to ever more knowledgeable and demanding clients. The traditional demarcations have given way, and the old definition of what contractors, designers, engineers and quantity surveyors can, and cannot do in terms of their market offering has changed. Project management, design and cost and safety consultancy services, are being delivered by a diverse range of suppliers. Value management services have been developing in various sectors in industry; from manufacturing to the military and now construction. Given the growing evidence that VM has been successful in delivering value-for-money to the client, VM would appear to be gaining some momentum as an essential management tool in the Malaysian construction sector. The recently issued VM Circular 3/2009 by the Economic Planning Unit Malaysia (EPU) possibly marks a new beginning in public sector client acceptance on the strength of VM in construction. This paper therefore attempts to study the prospects of marketing the benefits of VM by construction service providers, and how it may provide an edge in an increasingly competitive Malaysian construction industry.

The role of the audit committee and institutional investors in constraining earnings management : evidence from Chinese firms listed in Hong Kong

Using data from 2004 to 2008, we find that an audit committee is an important monitoring mechanism as audit committee independence, expertise and size are associated with reduced levels of abnormal accruals, our measure of earnings management. This study also attempts to discern when the monitoring role of the audit committee is more salient for the firm. We find that ownership concentration and the presence of government officials on the audit committee are important determinants of the negative association between audit committee characteristics and earnings management. In contrast, we find no significant associations between the audit committee and abnormal accruals for Chinese firms listed only on the Chinese domestic Stock Exchanges. The paper contributes to the corporate governance literature in a transitional economy. Identifying the role of audit committees of firms listed on markets other than the domicile market demonstrates the importance of considering the institutional setting in governance research.

Can an effective audit committee help to mitigate earnings management in Chinese firms listed in Hong Kong?

This paper attempts to determine whether the adoption of recommended corporate governance practices by Chinese firms is associated with less earnings management proxied by abnormal accruals. We examine the role of the audit committee and ownership concentration in preventing earnings management using Chinese firms listed in Hong Kong. The results of this preliminary analysis show that the frequency of audit committee meetings is associated with reduced levels of abnormal accruals, our measure of earnings management. We conclude that audit committee activity is an important factor in constraining the propensity of managers to engage in earnings management. In contrast, we find that the size of the audit committee is associated with increased levels of abnormal accruals and suggest that increasing the size of the audit committee creates information asymmetry between the audit committee and management that reduces the monitoring capacity of the audit committee. We do not find any association between audit committee independence, financial and industry experience, or ownership concentration and abnormal accruals.