Earnings management and the role of the audit committee: an investigation of the influence of cross-listing and government officials on the audit committee

This paper extends research on the corporate governance practices of transitional economies by examining whether the ability of the audit committee to constrain earnings management in Chinese firms is associated with the listing environment and the presence of government officials on the audit committee. Despite considerable regulatory reforms by the Chinese Securities Regulatory Commission, there remain incentives for Chinese firms to manage earnings. However, government initiatives to encourage domestic firms to cross-list on the Hong Kong Stock Exchange are accompanied by improved governance. We find that the expertise and independence of the audit committee for cross-listed (CL) Chinese firms are associated with lower abnormal accruals, our measure of earnings management. Both domestic only listed firms and CL Chinese firms appoint government officials as independent members on the audit committee. However, due to the political connection between government officials and the controlling shareholder (the State), these appointments can severely mitigate audit committee independence. Subsequently, we find a significant and positive association between audit committee independence and experience and earnings management when there are government officials on the audit committee.

Secure stream cipher initialisation processes

Stream ciphers are symmetric key cryptosystems that are used commonly to provide confidentiality for a wide range of applications; such as mobile phone, pay TV and Internet data transmissions. This research examines the features and properties of the initialisation processes of existing stream ciphers to identify flaws and weaknesses, then presents recommendations to improve the security of future cipher designs. This research investigates well-known stream ciphers: A5/1, Sfinks and the Common Scrambling Algorithm Stream Cipher (CSA-SC). This research focused on the security of the initialisation process. The recommendations given are based on both the results in the literature and the work in this thesis.

An audit of first-aid treatment of pediatric burns patients and their clinical outcome

This study describes the first aid used and clinical outcomes of all patients who presented to the Royal Children's Hospital, Brisbane, Australia in 2005 with an acute burn injury. A retrospective audit was performed with the charts of 459 patients and information concerning burn injury, first-aid treatment, and clinical outcomes was collected. First aid was used on 86.1% of patients, with 8.7% receiving no first aid and unknown treatment in 5.2% of cases. A majority of patients had cold water as first aid (80.2%), however, only 12.1% applied the cold water for the recommended 20 minutes or longer. Recommended first aid (cold water for >or=20 minutes) was associated with significantly reduced reepithelialization time for children with contact injuries (P=.011). Superficial depth burns were significantly more likely to be associated with the use of recommended first aid (P=.03). Suboptimal treatment was more common for children younger than 3.5 years (P<.001) and for children with friction burns. This report is one of the few publications to relate first-aid treatment to clinical outcomes. Some positive clinical outcomes were associated with recommended first-aid use; however, wound outcomes were more strongly associated with burn depth and mechanism of injury. There is also a need for more public awareness of recommended first-aid treatment.

Supermarkets and private standards : unintended consequences of the audit ritual

Recent scholarship has considered the implications of the rise of voluntary private standards in food and the role of private actors in a rapidly evolving, de-facto ‘mandatory’ sphere of governance. Standards are an important element of this globalising private sphere, but are an element that has been relatively peripheral in analyses of power in agri-food systems. Sociological thought has countered orthodox views of standards as simple tools of measurement, instead understanding their function as a governance mechanism that transforms many things, and people, during processes of standardisation. In a case study of the Australian retail supermarket duopoly and the proprietary standards required for market access this paper foregrounds retailers as standard owners and their role in third-party auditing and certification. Interview data from primary research into Australia’s food standards captures the multifaceted role supermarkets play as standard-owners, who are found to impinge on the independence of third-party certification while enforcing rigorous audit practices. We show how standard owners, in attempting to standardize the audit process, generate tensions within certification practices in a unique example of ritualism around audit. In examining standards to understand power in contemporary food governance, it is shown that retailers are drawn beyond standard-setting into certification and enforcement, that is characterized by a web of institutions and actors whose power to influence outcomes is uneven.

Lattice mixing and vanishing trapdoors : a framework for fully secure short signatures and more

We propose a framework for adaptive security from hard random lattices in the standard model. Our approach borrows from the recent Agrawal-Boneh-Boyen families of lattices, which can admit reliable and punctured trapdoors, respectively used in reality and in simulation. We extend this idea to make the simulation trapdoors cancel not for a specific forgery but on a non-negligible subset of the possible challenges. Conceptually, we build a compactly representable, large family of input-dependent “mixture” lattices, set up with trapdoors that “vanish” for a secret subset which we hope the forger will target. Technically, we tweak the lattice structure to achieve “naturally nice” distributions for arbitrary choices of subset size. The framework is very general. Here we obtain fully secure signatures, and also IBE, that are compact, simple, and elegant.

HPAKE : Password authentication secure against cross-site user impersonation

We propose a new kind of asymmetric mutual authentication from passwords with stronger privacy against malicious servers, lest they be tempted to engage in “cross-site user impersonation” to each other. It enables a person to authenticate (with) arbitrarily many independent servers, over adversarial channels, using a memorable and reusable single short password. Beside the usual PAKE security guarantees, our framework goes to lengths to secure the password against brute-force cracking from privileged server information.

Graph coloring applied to secure computation in non-Abelian groups

We study the natural problem of secure n-party computation (in the computationally unbounded attack model) of circuits over an arbitrary finite non-Abelian group (G,⋅), which we call G-circuits. Besides its intrinsic interest, this problem is also motivating by a completeness result of Barrington, stating that such protocols can be applied for general secure computation of arbitrary functions. For flexibility, we are interested in protocols which only require black-box access to the group G (i.e. the only computations performed by players in the protocol are a group operation, a group inverse, or sampling a uniformly random group element). Our investigations focus on the passive adversarial model, where up to t of the n participating parties are corrupted.

Unconditionally secure disjointness tests for private datasets

We present two unconditional secure protocols for private set disjointness tests. In order to provide intuition of our protocols, we give a naive example that applies Sylvester matrices. Unfortunately, this simple construction is insecure as it reveals information about the intersection cardinality. More specifically, it discloses its lower bound. By using the Lagrange interpolation, we provide a protocol for the honest-but-curious case without revealing any additional information. Finally, we describe a protocol that is secure against malicious adversaries. In this protocol, a verification test is applied to detect misbehaving participants. Both protocols require O(1) rounds of communication. Our protocols are more efficient than the previous protocols in terms of communication and computation overhead. Unlike previous protocols whose security relies on computational assumptions, our protocols provide information theoretic security. To our knowledge, our protocols are the first ones that have been designed without a generic secure function evaluation. More important, they are the most efficient protocols for private disjointness tests in the malicious adversary case.

Identity, addressing, authenticity and audit requirements for trust in ERP, analytics and big/open data in a “Cloud” computing environment : a review and proposal

Enterprises, both public and private, have rapidly commenced using the benefits of enterprise resource planning (ERP) combined with business analytics and “open data sets” which are often outside the control of the enterprise to gain further efficiencies, build new service operations and increase business activity. In many cases, these business activities are based around relevant software systems hosted in a “cloud computing” environment. “Garbage in, garbage out”, or “GIGO”, is a term long used to describe problems in unqualified dependency on information systems, dating from the 1960s. However, a more pertinent variation arose sometime later, namely “garbage in, gospel out” signifying that with large scale information systems, such as ERP and usage of open datasets in a cloud environment, the ability to verify the authenticity of those data sets used may be almost impossible, resulting in dependence upon questionable results. Illicit data set “impersonation” becomes a reality. At the same time the ability to audit such results may be an important requirement, particularly in the public sector. This paper discusses the need for enhancement of identity, reliability, authenticity and audit services, including naming and addressing services, in this emerging environment and analyses some current technologies that are offered and which may be appropriate. However, severe limitations to addressing these requirements have been identified and the paper proposes further research work in the area.

Internal audit involvement in enterprise risk management

Purpose The paper examines the impact of internal auditors’ involvement in Enterprise Risk Management (ERM) on perceptions of their willingness to report a breakdown in risk procedures and whether a strong relationship with the audit committee affects such willingness to report. The study also investigates the use of ERM and the role of internal audit in ERM in Australian private and public sector entities. Design/methodology/approach The study uses an experimental design, manipulating (i) the internal auditor’s involvement in ERM and (ii) the strength of the relationship between internal audit and the audit committee. Participants are 117 certified internal auditors. The study also gathers descriptive data on the use of ERM. Findings The study indicates that a high involvement in ERM impacts the perceptions of internal auditors’ willingness to report a breakdown in risk procedures to the audit committee. However, a strong relationship with the audit committee does not appear to affect their perceived willingness to report. The study also finds that the majority of organisations have recently adopted ERM. Internal auditors are involved in ERM assurance activities but some also engage in activities that could compromise objectivity.

Secure coprocessor-based private information retrieval without periodical preprocessing

Early works on Private Information Retrieval (PIR) focused on minimizing the necessary communication overhead. They seemed to achieve this goal but at the expense of query response time. To mitigate this weakness, protocols with secure coprocessors were introduced. They achieve optimal communication complexity and better online processing complexity. Unfortunately, all secure coprocessor-based PIR protocols require heavy periodical preprocessing. In this paper, we propose a new protocol, which is free from the periodical preprocessing while offering the optimal communication complexity and almost optimal online processing complexity. The proposed protocol is proven to be secure.

An efficient scheme of common secure indices for conjunctive keyword-based retrieval on encrypted data

We consider the following problem: members in a dynamic group retrieve their encrypted data from an untrusted server based on keywords and without any loss of data confidentiality and member’s privacy. In this paper, we investigate common secure indices for conjunctive keyword-based retrieval over encrypted data, and construct an efficient scheme from Wang et al. dynamic accumulator, Nyberg combinatorial accumulator and Kiayias et al. public-key encryption system. The proposed scheme is trapdoorless and keyword-field free. The security is proved under the random oracle, decisional composite residuosity and extended strong RSA assumptions.

Secure computation of the vector dominance problem

Suppose two parties, holding vectors A = (a 1,a 2,...,a n ) and B = (b 1,b 2,...,b n ) respectively, wish to know whether a i  > b i for all i, without disclosing any private input. This problem is called the vector dominance problem, and is closely related to the well-studied problem for securely comparing two numbers (Yao’s millionaires problem). In this paper, we propose several protocols for this problem, which improve upon existing protocols on round complexity or communication/computation complexity.

An on-line secure e-passport protocol

The first generation e-passport standard is proven to be insecure and prone to various attacks. To strengthen, the European Union (EU) has proposed an Extended Access Control (EAC) mechanism for e-passports that intends to provide better security in protecting biometric information of the e-passport bearer. But, our analysis shows, the EU proposal fails to address many security and privacy issues that are paramount in implementing a strong security mechanism. In this paper we propose an on-line authentication mechanism for electronic passports that addresses the weakness in existing implementations, of both The International Civil Aviation Organisation (ICAO) and EU. Our proposal utilises ICAO PKI implementation, thus requiring very little modifications to the existing infrastructure which is already well established.

Secure and safe water supplies in remote Australian and rural Sri Lankan regions : common issues and emerging responses

Most urban dwelling Australians take secure and safe water supplies for granted. That is, they have an adequate quantity of water at a quality that can be used by people without harm from human and animal wastes, salinity and hardness or pollutants from agriculture and manufacturing industries. Australia wide urban and peri-urban dwellers use safe water for all domestic as well as industrial purposes. However, this is not the situation remote regions in Australia where availability and poor quality water can be a development constraint. Nor is it the case in Sri Lanka where people in rural regions are struggling to obtain a secure supply of water, irrespective of it being safe because of the impact of faecal and other contaminants. The purposes of this paper are to overview: the population and environmental health challenges arising from the lack of safe water in rural and remote communities; response pathways to address water quality issues; and the status of and need for integrated catchment management (ICM) in selected remote regions of Australia and vulnerable and lagging rural regions in Sri Lanka. Conclusions are drawn that focus on the opportunity for inter-regional collaborations between Australia and Sri Lanka for the delivery of safe water through ICM.