Informal interactions between audit committees and internal audit functions : exploratory evidence and directions for future research

Purpose – This paper aims to recognise the importance of informal processes within corporate governance and complement existing research in this area by investigating factors associated with the existence of informal interactions between audit committees and internal audit functions and in providing directions for future research. Design/methodology/approach – To examine the existence and drivers of informal interactions between audit committees and internal audit functions, this paper relies on a questionnaire survey of chief audit executives (CAEs) in the UK from listed and non-listed, as well as financial and non-financial, companies. While prior qualitative research suggests that informal interactions do take place, most of the evidence is based on particular organisational setting or on a very small range of interviews. The use of a questionnaire enabled the examination of the existence of internal interactions across a relatively larger number of entities. Findings – The paper finds evidence of audit committees and internal audit functions engaging in informal interactions in addition to formal pre-scheduled regular meetings. Informal interactions complement formal meetings with the audit committee and as such represent additional opportunities for the audit committees to monitor internal audit functions. Audit committees’ informal interactions are significantly and positively associated with audit committee independence, audit chair’s knowledge and experience, and internal audit quality. Originality/value – The results demonstrate the importance of the background of the audit committee chair for the effectiveness of the governance process. This is possibly the first paper to examine the relationship between audit committee quality and internal audit, on the existence and driver of informal interactions. Policy makers should recognize that in addition to formal mechanisms, informal processes, such as communication outside of formal pre-scheduled meetings, play a significant role in corporate governance.

A model to estimate the durability performance of both normal and light-weight concrete

There has been an increasing focus on the development of test methods to evaluate the durability performance of concrete. This paper contributes to this focus by presenting a study that evaluates the effect of water accessible porosity and oven-dry unit weight on the resistance of both normal and light-weight concrete to chloride-ion penetration. Based on the experimental results and regression analyses, empirical models are established to correlate the total charge passed and the chloride migration coefficient with the basic properties of concrete such as water accessible porosity, oven dry unit weight, and compressive strength. These equations can be broadly applied to both normal and lightweight aggregate concretes. The model was also validated by an independent set of experimental results from two different concrete mixtures. The model provides a very good estimate on the concrete’s durability performance in respect to the resistance to chloride ion penetration.

Estimating the burden of disease attributable to excess body weight in South Africa in 2000

Objective. To estimate the burden of disease attributable to excess body weight using the body mass index (BMI), by age and sex, in South Africa in 2000. Design. World Health Organization comparative risk assessment (CRA) methodology was followed. Re-analysis of the 1998 South Africa Demographic and Health Survey data provided mean BMI estimates by age and sex. Populationattributable fractions were calculated and applied to revised burden of disease estimates. Monte Carlo simulation-modelling techniques were used for the uncertainty analysis. Setting. South Africa. Subjects. Adults 30 years of age. Outcome measures. Deaths and disability-adjusted life years (DALYs) from ischaemic heart disease, ischaemic stroke, hypertensive disease, osteoarthritis, type 2 diabetes mellitus, and selected cancers. Results. Overall, 87% of type 2 diabetes, 68% of hypertensive disease, 61% of endometrial cancer, 45% of ischaemic stroke, 38% of ischaemic heart disease, 31% of kidney cancer, 24% of osteoarthritis, 17% of colon cancer, and 13% of postmenopausal breast cancer were attributable to a BMI 21 kg/m2. Excess body weight is estimated to have caused 36 504 deaths (95% uncertainty interval 31 018 - 38 637) or 7% (95% uncertainty interval 6.0 - 7.4%) of all deaths in 2000, and 462 338 DALYs (95% uncertainty interval 396 512 - 478 847) or 2.9% of all DALYs (95% uncertainty interval 2.4 - 3.0%). The burden in females was approximately double that in males. Conclusions. This study shows the importance of recognising excess body weight as a major risk to health, particularly among females, highlighting the need to develop, implement and evaluate comprehensive interventions to achieve lasting change in the determinants and impact of excess body weight.

Error and variance bounds on sigmoidal neurons with weight and input errors

Bounds on the expectation and variance of errors at the output of a multilayer feedforward neural network with perturbed weights and inputs are derived. It is assumed that errors in weights and inputs to the network are statistically independent and small. The bounds obtained are applicable to both digital and analogue network implementations and are shown to be of practical value.

Building indifferentiable compression functions from the PGV compression functions

Preneel, Govaerts and Vandewalle (PGV) analysed the security of single-block-length block cipher based compression functions assuming that the underlying block cipher has no weaknesses. They showed that 12 out of 64 possible compression functions are collision and (second) preimage resistant. Black, Rogaway and Shrimpton formally proved this result in the ideal cipher model. However, in the indifferentiability security framework introduced by Maurer, Renner and Holenstein, all these 12 schemes are easily differentiable from a fixed input-length random oracle (FIL-RO) even when their underlying block cipher is ideal. We address the problem of building indifferentiable compression functions from the PGV compression functions. We consider a general form of 64 PGV compression functions and replace the linear feed-forward operation in this generic PGV compression function with an ideal block cipher independent of the one used in the generic PGV construction. This modified construction is called a generic modified PGV (MPGV). We analyse indifferentiability of the generic MPGV construction in the ideal cipher model and show that 12 out of 64 MPGV compression functions in this framework are indifferentiable from a FIL-RO. To our knowledge, this is the first result showing that two independent block ciphers are sufficient to design indifferentiable single-block-length compression functions.

Structural damage detection method using frequency response functions

Structural damage detection using measured dynamic data for pattern recognition is a promising approach. These pattern recognition techniques utilize artificial neural networks and genetic algorithm to match pattern features. In this study, an artificial neural network–based damage detection method using frequency response functions is presented, which can effectively detect nonlinear damages for a given level of excitation. The main objective of this article is to present a feasible method for structural vibration–based health monitoring, which reduces the dimension of the initial frequency response function data and transforms it into new damage indices and employs artificial neural network method for detecting different levels of nonlinearity using recognized damage patterns from the proposed algorithm. Experimental data of the three-story bookshelf structure at Los Alamos National Laboratory are used to validate the proposed method. Results showed that the levels of nonlinear damages can be identified precisely by the developed artificial neural networks. Moreover, it is identified that artificial neural networks trained with summation frequency response functions give higher precise damage detection results compared to the accuracy of artificial neural networks trained with individual frequency response functions. The proposed method is therefore a promising tool for structural assessment in a real structure because it shows reliable results with experimental data for nonlinear damage detection which renders the frequency response function–based method convenient for structural health monitoring.

An analysis of DNA methylation in human adipose tissue reveals differential modification of obesity genes before and after gastric bypass and weight loss

Background Environmental factors can influence obesity by epigenetic mechanisms. Adipose tissue plays a key role in obesity-related metabolic dysfunction, and gastric bypass provides a model to investigate obesity and weight loss in humans. Results Here, we investigate DNA methylation in adipose tissue from obese women before and after gastric bypass and significant weight loss. In total, 485,577 CpG sites were profiled in matched, before and after weight loss, subcutaneous and omental adipose tissue. A paired analysis revealed significant differential methylation in omental and subcutaneous adipose tissue. A greater proportion of CpGs are hypermethylated before weight loss and increased methylation is observed in the 3′ untranslated region and gene bodies relative to promoter regions. Differential methylation is found within genes associated with obesity, epigenetic regulation and development, such as CETP, FOXP2, HDAC4, DNMT3B, KCNQ1 and HOX clusters. We identify robust correlations between changes in methylation and clinical trait, including associations between fasting glucose and HDAC4, SLC37A3 and DENND1C in subcutaneous adipose. Genes investigated with differential promoter methylation all show significantly different levels of mRNA before and after gastric bypass. Conclusions This is the first study reporting global DNA methylation profiling of adipose tissue before and after gastric bypass and associated weight loss. It provides a strong basis for future work and offers additional evidence for the role of DNA methylation of adipose tissue in obesity.

Cryptographic hash functions

Cryptographic hash functions are an important tool of cryptography and play a fundamental role in efficient and secure information processing. A hash function processes an arbitrary finite length input message to a fixed length output referred to as the hash value. As a security requirement, a hash value should not serve as an image for two distinct input messages and it should be difficult to find the input message from a given hash value. Secure hash functions serve data integrity, non-repudiation and authenticity of the source in conjunction with the digital signature schemes. Keyed hash functions, also called message authentication codes (MACs) serve data integrity and data origin authentication in the secret key setting. The building blocks of hash functions can be designed using block ciphers, modular arithmetic or from scratch. The design principles of the popular Merkle–Damgård construction are followed in almost all widely used standard hash functions such as MD5 and SHA-1.

On hash functions using checksums

We analyse the security of iterated hash functions that compute an input dependent checksum which is processed as part of the hash computation. We show that a large class of such schemes, including those using non-linear or even one-way checksum functions, is not secure against the second preimage attack of Kelsey and Schneier, the herding attack of Kelsey and Kohno and the multicollision attack of Joux. Our attacks also apply to a large class of cascaded hash functions. Our second preimage attacks on the cascaded hash functions improve the results of Joux presented at Crypto’04. We also apply our attacks to the MD2 and GOST hash functions. Our second preimage attacks on the MD2 and GOST hash functions improve the previous best known short-cut second preimage attacks on these hash functions by factors of at least 226 and 254, respectively. Our herding and multicollision attacks on the hash functions based on generic checksum functions (e.g., one-way) are a special case of the attacks on the cascaded iterated hash functions previously analysed by Dunkelman and Preneel and are not better than their attacks. On hash functions with easily invertible checksums, our multicollision and herding attacks (if the hash value is short as in MD2) are more efficient than those of Dunkelman and Preneel.

On the Collision and Preimage Resistance of Certain Two-Call Hash Functions

In this paper we present concrete collision and preimage attacks on a large class of compression function constructions making two calls to the underlying ideal primitives. The complexity of the collision attack is above the theoretical lower bound for constructions of this type, but below the birthday complexity; the complexity of the preimage attack, however, is equal to the theoretical lower bound. We also present undesirable properties of some of Stam’s compression functions proposed at CRYPTO ’08. We show that when one of the n-bit to n-bit components of the proposed 2n-bit to n-bit compression function is replaced by a fixed-key cipher in the Davies-Meyer mode, the complexity of finding a preimage would be 2 n/3. We also show that the complexity of finding a collision in a variant of the 3n-bits to 2n-bits scheme with its output truncated to 3n/2 bits is 2 n/2. The complexity of our preimage attack on this hash function is about 2 n . Finally, we present a collision attack on a variant of the proposed m + s-bit to s-bit scheme, truncated to s − 1 bits, with a complexity of O(1). However, none of our results compromise Stam’s security claims.

Cryptanalysis of Tav-128 Hash Function

Many RFID protocols use cryptographic hash functions for their security. The resource constrained nature of RFID systems forces the use of light weight cryptographic algorithms. Tav-128 is one such 128-bit light weight hash function proposed by Peris-Lopez et al. for a low-cost RFID tag authentication protocol. Apart from some statistical tests for randomness by the designers themselves, Tav-128 has not undergone any other thorough security analysis. Based on these tests, the designers claimed that Tav-128 does not posses any trivial weaknesses. In this article, we carry out the first third party security analysis of Tav-128 and show that this hash function is neither collision resistant nor second preimage resistant. Firstly, we show a practical collision attack on Tav-128 having a complexity of 237 calls to the compression function and produce message pairs of arbitrary length which produce the same hash value under this hash function. We then show a second preimage attack on Tav-128 which succeeds with a complexity of 262 calls to the compression function. Finally, we study the constituent functions of Tav-128 and show that the concatenation of nonlinear functions A and B produces a 64-bit permutation from 32-bit messages. This could be a useful light weight primitive for future RFID protocols.

On Randomizing Hash Functions to Strengthen the Security of Digital Signatures

Halevi and Krawczyk proposed a message randomization algorithm called RMX as a front-end tool to the hash-then-sign digital signature schemes such as DSS and RSA in order to free their reliance on the collision resistance property of the hash functions. They have shown that to forge a RMX-hash-then-sign signature scheme, one has to solve a cryptanalytical task which is related to finding second preimages for the hash function. In this article, we will show how to use Dean’s method of finding expandable messages for finding a second preimage in the Merkle-Damgård hash function to existentially forge a signature scheme based on a t-bit RMX-hash function which uses the Davies-Meyer compression functions (e.g., MD4, MD5, SHA family) in 2 t/2 chosen messages plus 2 t/2 + 1 off-line operations of the compression function and similar amount of memory. This forgery attack also works on the signature schemes that use Davies-Meyer schemes and a variant of RMX published by NIST in its Draft Special Publication (SP) 800-106. We discuss some important applications of our attack.