Identity, addressing, authenticity and audit requirements for trust in ERP, analytics and big/open data in a “Cloud” computing environment : a review and proposal

Enterprises, both public and private, have rapidly commenced using the benefits of enterprise resource planning (ERP) combined with business analytics and “open data sets” which are often outside the control of the enterprise to gain further efficiencies, build new service operations and increase business activity. In many cases, these business activities are based around relevant software systems hosted in a “cloud computing” environment. “Garbage in, garbage out”, or “GIGO”, is a term long used to describe problems in unqualified dependency on information systems, dating from the 1960s. However, a more pertinent variation arose sometime later, namely “garbage in, gospel out” signifying that with large scale information systems, such as ERP and usage of open datasets in a cloud environment, the ability to verify the authenticity of those data sets used may be almost impossible, resulting in dependence upon questionable results. Illicit data set “impersonation” becomes a reality. At the same time the ability to audit such results may be an important requirement, particularly in the public sector. This paper discusses the need for enhancement of identity, reliability, authenticity and audit services, including naming and addressing services, in this emerging environment and analyses some current technologies that are offered and which may be appropriate. However, severe limitations to addressing these requirements have been identified and the paper proposes further research work in the area.

Desktop Audit and Analysis of Model Server Capability

This report presents the current state and approach in Building Information Modelling (BIM). The report is focussed at providing a desktop audit of the current state and capabilities of the products and applications supporting BIM. This includes discussion on BIM model servers as well as discipline specific applications, for which the distinction is explained below. The report presented here is aimed at giving a broad overview of the tools and applications with respect to their BIM capabilities and in no way claims to be an exhaustive report for individual tools. Chapter 4 of the report includes the research and development agendas pertaining to the BIM approach based on the observations and analysis from the desktop audit.

An examination of the utility of the AUDIT in people with schizophrenia

Objective: To examine the reliability and validity of the Alcohol Use Disorders Identification Test (AUDIT) compared to a structured diagnostic interview, the Composite international Diagnostic Interview (CIDI; 12-month version) in psychiatric patients with a diagnosis of schizophrenia. Method: Patients (N = 71, 53 men) were interviewed using the CIDI (Alcohol Misuse Section; 12-month version) and then completed the AUDIT. Results: The CIDI identified 32.4% of the sample as having an alcohol use disorder. Of these, 5 (7.0%) met diagnostic criteria for harmful use of alcohol, 1 (1.4%) met diagnostic criteria for alcohol abuse and 17 (23.9%) met diagnostic criteria for alcohol dependence. The AUDIT was found to have good internal reliability (coefficient = 0.85). An AUDIT cutoff of greater than or equal to 8 had a sensitivity of 87% and specificity of 90% in detecting CIDI-diagnosed alcohol disorders. All items except Item 9 contributed significantly to discriminant validity. Conclusions: The findings replicate and extend previous findings of high rates of alcohol use disorders in people with severe mental illness. The AUDIT was found to be reliable and valid in this sample and can be used with confidence as a screening instrument for alcohol use disorders in people with schizophrenia.

Internal audit quality, audit committee independence, growth opportunities and firm performance

This study explores whether the relation between internal audit quality and firm performance is associated with firm characteristics of information asymmetry and uncertainty (growth opportunities) and certain governance controls (audit committee effectiveness). The results from this preliminary study of 60 Malaysian companies show that the association between internal audit quality and firm performance is stronger for firms with high growth opportunities and that this positive association is weakened by increasing audit committee independence. These findings demonstrate the internal auditors conflicting roles and question the governance recommendations that require all members of the audit committee to be non-executive directors.

External auditors' reliance on internal audit : the impact of sourcing arrangements and consulting activities

This study examines the impact of internal audit outsourcing and internal audit’s involvement in consulting on external auditors’ reliance on the work of internal audit. We test whether these factors influence (i) reliance on internal audit work already undertaken and (ii) the use of internal auditors as assistants. In each case, we distinguish between control evaluation and substantive testing. We find that involvement in consulting impacts reliance on work undertaken and the use of internal auditors as assistants for control evaluation. External auditors make greater use of internal auditors as assistants for substantive testing when internal audit is provided in-house. Overall, external auditors use internal audit more for control evaluation tasks than for substantive testing.

A Knight without a Sword? The Effects of Audit Courts on Tax Morale

The intention of this paper is to analyse how audit courts affect tax morale, controlling in a multivariate analysis for a broad variety of potential factors. Switzerland, with its variety of audit-court competence among the cantons, has been analysed. With data from the ISSP [1998] (Swiss data 1999), evidence has been found that higher audit-court competence has a significantly positive effect on tax morale. Thus, the results in Switzerland suggest that in the cantons where audit courts are not just knights without swords; they help improve taxpayers' tax morale and thus citizens' intrinsic motivation to pay taxes.

Audit of the Care of the Dying in a Network of Hospitals and Institutions in Queensland

Background: Most Australians die in institutions and there is evidence to suggest that the care of these patients is not always optimal. Care pathways for the dying have been designed to transfer benchmarked hospice care to other settings (e.g. acute hospitals and residential age-care facilities) by defining goals of best care, providing guidelines to provide that care and documenting outcome. Method: A retrospective audit was undertaken across a network of health-care institutions in Queensland. The 18 goals considered essential for the care of the dying within the Liverpool Care Pathway were taken as a benchmark. Documentation of achievement of each of these goals was sought. Results: The notes of 160 patients who had died in eight institutions (four hospitals, three hospices, one nursing home) were reviewed. Several areas for improvement were identified, particularly in those goals relating to communication, resuscitation orders and care after death. Few units documented the provision of written information to families. Most patients were prescribed medications in anticipation of pain and agitation but less were prescribed drugs for other common symptoms in the dying. Most of the goals were achieved in a higher percentage of cases in hospice units. Marked differences in practice were noted between different institutions. Conclusion: The audit identified several aspects in the care of the terminally ill that could be improved. End-stage pathways may provide a model for improving the care of patients dying in hospitals and institutions in Australia.

Internal audit department characteristics/activities and audit fees : some evidence from Hong Kong firms

This study provides preliminary support for the notion that internal audit function assists in reducing external audit effort and fees. Data on internal audit characteristics and activities are obtained from survey respondents of Hong Kong companies and audit fee model data are acquired from their annual reports. The results of this study suggest that the external auditor of firms in Hong Kong rely on the internal audit function and subsequently charge a lower fee. Lower external audit fees are associated with a larger internal audit department and certain activities carried out by the internal audit. Specifically, lower external audit fees are associated with more internal audit effort spent on activities relating to financial statements, systems development and maintenance, operating efficiency and effectiveness, fraud investigations and unlimited access to internal auditors’ working papers. The results of this study suggest that the contribution of the internal audit may substitute for some substantive external auditing processes and lower monitoring costs.

Compliance with international financial reporting standards (IFRS) and the value relevance of accounting information in emerging stock markets : evidence from Kuwait

Since the 1960s, the value relevance of accounting information has been an important topic in accounting research. The value relevance research provides evidence as to whether accounting numbers relate to corporate value in a predicted manner (Beaver, 2002). Such research is not only important for investors but also provides useful insights into accounting reporting effectiveness for standard setters and other users. Both the quality of accounting standards used and the effectiveness associated with implementing these standards are fundamental prerequisites for high value relevance (Hellstrom, 2006). However, while the literature comprehensively documents the value relevance of accounting information in developed markets, little attention has been given to emerging markets where the quality of accounting standards and their enforcement are questionable. Moreover, there is currently no known research that explores the association between level of compliance with International Financial Reporting Standards (IFRS) and the value relevance of accounting information. Motivated by the lack of research on the value relevance of accounting information in emerging markets and the unique institutional setting in Kuwait, this study has three objectives. First, it investigates the extent of compliance with IFRS with respect to firms listed on the Kuwait Stock Exchange (KSE). Second, it examines the value relevance of accounting information produced by KSE-listed firms over the 1995 to 2006 period. The third objective links the first two and explores the association between the level of compliance with IFRS and the value relevance of accounting information to market participants. Since it is among the first countries to adopt IFRS, Kuwait provides an ideal setting in which to explore these objectives. In addition, the Kuwaiti accounting environment provides an interesting regulatory context in which each KSE-listed firm is required to appoint at least two external auditors from separate auditing firms. Based on the research objectives, five research questions (RQs) are addressed. RQ1 and RQ2 aim to determine the extent to which KSE-listed firms comply with IFRS and factors contributing to variations in compliance levels. These factors include firm attributes (firm age, leverage, size, profitability, liquidity), the number of brand name (Big-4) auditing firms auditing a firm’s financial statements, and industry categorization. RQ3 and RQ4 address the value relevance of IFRS-based financial statements to investors. RQ5 addresses whether the level of compliance with IFRS contributes to the value relevance of accounting information provided to investors. Based on the potential improvement in value relevance from adopting and complying with IFRS, it is predicted that the higher the level of compliance with IFRS, the greater the value relevance of book values and earnings. The research design of the study consists of two parts. First, in accordance with prior disclosure research, the level of compliance with mandatory IFRS is examined using a disclosure index. Second, the value relevance of financial statement information, specifically, earnings and book value, is examined empirically using two valuation models: price and returns models. The combined empirical evidence that results from the application of both models provides comprehensive insights into value relevance of accounting information in an emerging market setting. Consistent with expectations, the results show the average level of compliance with IFRS mandatory disclosures for all KSE-listed firms in 2006 was 72.6 percent; thus, indicating KSE-listed firms generally did not fully comply with all requirements. Significant variations in the extent of compliance are observed among firms and across accounting standards. As predicted, older, highly leveraged, larger, and profitable KSE-listed firms are more likely to comply with IFRS required disclosures. Interestingly, significant differences in the level of compliance are observed across the three possible auditor combinations of two Big-4, two non-Big 4, and mixed audit firm types. The results for the price and returns models provide evidence that earnings and book values are significant factors in the valuation of KSE-listed firms during the 1995 to 2006 period. However, the results show that the value relevance of earnings and book values decreased significantly during that period, suggesting that investors rely less on financial statements, possibly due to the increase in the available non-financial statement sources. Notwithstanding this decline, a significant association is observed between the level of compliance with IFRS and the value relevance of earnings and book value to KSE investors. The findings make several important contributions. First, they raise concerns about the effectiveness of the regulatory body that oversees compliance with IFRS in Kuwait. Second, they challenge the effectiveness of the two-auditor requirement in promoting compliance with regulations as well as the associated cost-benefit of this requirement for firms. Third, they provide the first known empirical evidence linking the level of IFRS compliance with the value relevance of financial statement information. Finally, the findings are relevant for standard setters and for their current review of KSE regulations. In particular, they highlight the importance of establishing and maintaining adequate monitoring and enforcement mechanisms to ensure compliance with accounting standards. In addition, the finding that stricter compliance with IFRS improves the value relevance of accounting information highlights the importance of full compliance with IFRS and not just mere adoption.

Legislative and security requirements of audit material for evidentiary purpose

This research used the Queensland Police Service, Australia, as a major case study. Information on principles, techniques and processes used, and the reason for the recording, storing and release of audit information for evidentiary purposes is reported. It is shown that Law Enforcement Agencies have a two-fold interest in, and legal obligation pertaining to, audit trails. The first interest relates to the situation where audit trails are actually used by criminals in the commission of crime and the second to where audit trails are generated by the information systems used by the police themselves in support of the recording and investigation of crime. Eleven court cases involving Queensland Police Service audit trails used in evidence in Queensland courts were selected for further analysis. It is shown that, of the cases studied, none of the evidence presented was rejected or seriously challenged from a technical perspective. These results were further analysed and related to normal requirements for trusted maintenance of audit trail information in sensitive environments with discussion on the ability and/or willingness of courts to fully challenge, assess or value audit evidence presented. Managerial and technical frameworks for firstly what is considered as an environment where a computer system may be considered to be operating “properly” and, secondly, what aspects of education, training, qualifications, expertise and the like may be considered as appropriate for persons responsible within that environment, are both proposed. Analysis was undertaken to determine if audit and control of information in a high security environment, such as law enforcement, could be judged as having improved, or not, in the transition from manual to electronic processes. Information collection, control of processing and audit in manual processes used by the Queensland Police Service, Australia, in the period 1940 to 1980 was assessed against current electronic systems essentially introduced to policing in the decades of the 1980s and 1990s. Results show that electronic systems do provide for faster communications with centrally controlled and updated information readily available for use by large numbers of users who are connected across significant geographical locations. However, it is clearly evident that the price paid for this is a lack of ability and/or reluctance to provide improved audit and control processes. To compare the information systems audit and control arrangements of the Queensland Police Service with other government departments or agencies, an Australia wide survey was conducted. Results of the survey were contrasted with the particular results of a survey, conducted by the Australian Commonwealth Privacy Commission four years previous, to this survey which showed that security in relation to the recording of activity against access to information held on Australian government computer systems has been poor and a cause for concern. However, within this four year period there is evidence to suggest that government organisations are increasingly more inclined to generate audit trails. An attack on the overall security of audit trails in computer operating systems was initiated to further investigate findings reported in relation to the government systems survey. The survey showed that information systems audit trails in Microsoft Corporation's “Windows” operating system environments are relied on quite heavily. An audit of the security for audit trails generated, stored and managed in the Microsoft “Windows 2000” operating system environment was undertaken and compared and contrasted with similar such audit trail schemes in the “UNIX” and “Linux” operating systems. Strength of passwords and exploitation of any security problems in access control were targeted using software tools that are freely available in the public domain. Results showed that such security for the “Windows 2000” system is seriously flawed and the integrity of audit trails stored within these environments cannot be relied upon. An attempt to produce a framework and set of guidelines for use by expert witnesses in the information technology (IT) profession is proposed. This is achieved by examining the current rules and guidelines related to the provision of expert evidence in a court environment, by analysing the rationale for the separation of distinct disciplines and corresponding bodies of knowledge used by the Medical Profession and Forensic Science and then by analysing the bodies of knowledge within the discipline of IT itself. It is demonstrated that the accepted processes and procedures relevant to expert witnessing in a court environment are transferable to the IT sector. However, unlike some discipline areas, this analysis has clearly identified two distinct aspects of the matter which appear particularly relevant to IT. These two areas are; expertise gained through the application of IT to information needs in a particular public or private enterprise; and expertise gained through accepted and verifiable education, training and experience in fundamental IT products and system.