Search results for: information security audit
13051 Exploring the Dark Side of IT Security: Delphi Study on Business’ Influencing Factors
Authors: Tizian Matschak, Ilja Nastjuk, Stephan Kühnel, Simon Trang
Abstract:
We argue that besides well-known primary effects of information security controls (ISCs), namely confidentiality, integrity, and availability, ISCs can also have secondary effects. For example, while IT can add business value through impacts on business processes, ISCs can be a barrier and distort the relationship between IT and organizational value through the impact on business processes. By applying the Delphi method with 28 experts, we derived 27 business process influence dimensions of ISCs. Defining and understanding these mechanisms can change the common understanding of the cost-benefit valuation of IT security investments and support managers' effective and efficient decision-making.Keywords: business process dimensions, dark side of information security, Delphi study, IT security controls
Procedia PDF Downloads 11013050 The Role of the Internal Audit Unit in Detecting and Preventing Fraud at Public Universities in West Java, Indonesia
Authors: Fury Khristianty Fitriyah
Abstract:
This study aims to identify the extent of the role of the Satuan Pengawas Intern (Internal Audit Unit) in detecting and preventing fraud in public universities in West Java under the Ministry of Research, Technology and Higher Education. The research method applied was a qualitative case study approach, while the unit of analysis for this study is the Internal Audit Unit at each public university. Results of this study indicate that the Internal Audit Unit is able to detect and prevent fraud within a public university environment by means of red flags to mark accounting anomalies. These stem from inaccurate budget planning that prompts inappropriate use of funds, exacerbated by late disbursements of funds, which potentially lead to fictitious transactions, and discrepancies in recording state-owned assets into a state property management system (SIMAK BMN), which, if not conducted properly, potentially causes loss to the state.Keywords: governance, internal control, fraud, public university
Procedia PDF Downloads 28413049 Determining the Appropriate Methodology for the Security Evaluation of Equipment Related to Information and Communication Technology in the Industry
Authors: Sofia Ahanj Sofia Ahanj, Mahsa Rahmani Mahsa Rahmani, Zahra Sadeghigol, Vida Nobakht Vida Nobakht
Abstract:
Providing security in the electricity industry, as one of the vital infrastructures of the country, is one of the essential operations that must be taken in order to improve the security of the country. Resistant security strategies need to be regularly implemented as a dynamic process to improve security, and security evaluation is one of the most important steps in this process. Methodology in the field of evaluation in both technical and managerial dimensions is discussed in the laboratory. There are various standards in the field of general ICT technical-security evaluation. The most important are ISO / IEC 15408, ISO / IEC 27001 and NIST SP 800-53. In the present paper, these standards are first examined. Then, the standards and reports in the industrial field have been reviewed and compared, and finally, based on the results and special considerations of information and communication technology equipment in the electricity industry, the appropriate methodology has been presented.Keywords: security standards, ISO/IEC 15408, ISA/IEC 62443 series, NIST SP 800-53, NISTIR 7628
Procedia PDF Downloads 16613048 Corporate Governance Disclosures by South African Auditing Firms
Authors: Rozanne Janet Smith
Abstract:
This article examined the corporate governance disclosures of the large and medium-sized auditing firms in South Africa. It is important that auditing firms disclose their practice of good corporate governance to the public, as they serve the public interest. The auditing profession has been criticized due to many corporate scandals in recent years. This has undermined the reputation of the profession, with experts and the public questioning whether auditing firms have corporate governance structures in place, and whether they are taking public interest into consideration. In South Africa there is no corporate governance code specifically for audit firms. Auditing firms are encouraged by IRBA to issue a transparency report in which they disclose corporate governance structures and application, but this is not compulsory in South Africa. Moreover, the information issued in these transparency reports is limited and often only focuses on audit quality, and not governance. Through a literature review it was found that the UK is one of only a few countries who has a corporate governance code for audit firms. As South Africa initially used the UK Cadbury report to develop the King IV Code, it was fitting to use the UK Audit Firm Governance Code as a benchmark to determine if audit firms in South Africa are disclosing relevant corporate governance information in their transparency reports and/or integrated reports. This study contributes to the existing body of knowledge by pursuing the following objective: To determine the improvement in the corporate governance disclosures of large and medium-sized auditing firms in South Africa through comparative research. Available data from 2019 will be used and compared to the disclosures in the 2023/2024 transparency and or integrated reports of the large and medium-sized auditing firms in South Africa. To achieve this objective a constructivist research paradigm was applied. Qualitative secondary information was gathered for the analysis. A content analysis was selected to collect the qualitative data by analyzing the integrated reports and/or transparency reports of large and medium-sized auditing firms with 20 or more partners and to determine what is disclosed on their corporate governance practices. These transparency reports and integrated reports were then read and analyzed in depth and compared to the principles stated in the UK Code. Since there are only nine medium-sized and large auditing firms in South Africa, the researcher was able to conduct the content analysis by reading each report in depth. The following six principles which are found in the UK Code were assessed for disclosure. (1) Leadership, (2) Values, (3) INED, (4) Operations, (5) Reporting, and (6) Dialogue. The results reveal that the auditing firms are not disclosing the corporate governance principles and practices to the necessary extent. Although there has been some improvement, the disclosure is not to the extent which it should be. There is still a need for a South African audit firm governance code.Keywords: auditing firms, corporate governance, South Africa, disclosure
Procedia PDF Downloads 2213047 Exploring Corporate Governance Structure in Gulf Cooperation Council Countries
Authors: Zahra A. Al Nasser, Domenico Campa
Abstract:
This paper investigates board of directors and firms’ ownership structure on non-financial companies listed in Gulf Cooperation council (GCC) countries using data from 2009 to 2013. The overall result of the study is that board size and board meeting have increased over years. Additionally, all combined committee variables have improved as well as audit committee size, audit committee meeting and audit committee experience have improved over the years. Furthermore, Oman is the only country that has not shown any statistically significant change in value of its associated variables.Keywords: corporate governance, GCC countries, board of directors, ownership structure
Procedia PDF Downloads 57113046 Runtime Monitoring Using Policy-Based Approach to Control Information Flow for Mobile Apps
Authors: Mohamed Sarrab, Hadj Bourdoucen
Abstract:
Mobile applications are verified to check the correctness or evaluated to check the performance with respect to specific security properties such as availability, integrity, and confidentiality. Where they are made available to the end users of the mobile application is achievable only to a limited degree using software engineering static verification techniques. The more sensitive the information, such as credit card data, personal medical information or personal emails being processed by mobile application, the more important it is to ensure the confidentiality of this information. Monitoring non-trusted mobile application during execution in an environment where sensitive information is present is difficult and unnerving. The paper addresses the issue of monitoring and controlling the flow of confidential information during non-trusted mobile application execution. The approach concentrates on providing a dynamic and usable information security solution by interacting with the mobile users during the run-time of mobile application in response to information flow events.Keywords: mobile application, run-time verification, usable security, direct information flow
Procedia PDF Downloads 37913045 Board Characteristics, Audit Committee Characteristics, and the Level of Bahraini Corporate Compliance with Mandatory IFRS Disclosure Requirements
Authors: Omar Juhmani
Abstract:
This paper examines the relation between internal corporate governance and the level of corporate compliance with mandatory IFRS disclosure requirements. The internal corporate governance is measured by board and audit committee characteristics. Using data from Bahrain Stock Exchange, the results show that board independence is positively and significantly associated with level of compliance with IFRS disclosure requirements. This suggests that internal corporate governance mechanisms are effective in the financial reporting practices by increasing the level of compliance with IFRS disclosures. Also, the results of the regression analyses indicate that two of the control variables; company size and audit firm size are significantly positively associated with the level of corporate compliance with mandatory IFRS disclosure requirements in Bahrain.Keywords: Bahrain, board and audit committee characteristics, compliance, disclosure, IFRS
Procedia PDF Downloads 42113044 A Risk-Based Modeling Approach for Successful Adoption of CAATTs in Audits: An Exploratory Study Applied to Israeli Accountancy Firms
Authors: Alon Cohen, Jeffrey Kantor, Shalom Levy
Abstract:
Technology adoption models are extensively used in the literature to explore drivers and inhibitors affecting the adoption of Computer Assisted Audit Techniques and Tools (CAATTs). Further studies from recent years suggested additional factors that may affect technology adoption by CPA firms. However, the adoption of CAATTs by financial auditors differs from the adoption of technologies in other industries. This is a result of the unique characteristics of the auditing process, which are expressed in the audit risk elements and the risk-based auditing approach, as encoded in the auditing standards. Since these audit risk factors are not part of the existing models that are used to explain technology adoption, these models do not fully correspond to the specific needs and requirements of the auditing domain. The overarching objective of this qualitative research is to fill the gap in the literature, which exists as a result of using generic technology adoption models. Followed by a pretest and based on semi-structured in-depth interviews with 16 Israeli CPA firms of different sizes, this study aims to reveal determinants related to audit risk factors that influence the adoption of CAATTs in audits and proposes a new modeling approach for the successful adoption of CAATTs. The findings emphasize several important aspects: (1) while large CPA firms developed their own inner guidelines to assess the audit risk components, other CPA firms do not follow a formal and validated methodology to evaluate these risks; (2) large firms incorporate a variety of CAATTs, including self-developed advanced tools. On the other hand, small and mid-sized CPA firms incorporate standard CAATTs and still need to catch up to better understand what CAATTs can offer and how they can contribute to the quality of the audit; (3) the top management of mid-sized and small CPA firms should be more proactive and updated about CAATTs capabilities and contributions to audits; and (4) All CPA firms consider professionalism as a major challenge that must be constantly managed to ensure an optimal CAATTs operation. The study extends the existing knowledge of CAATTs adoption by looking at it from a risk-based auditing approach. It suggests a new model for CAATTs adoption by incorporating influencing audit risk factors that auditors should examine when considering CAATTs adoption. Since the model can be used in various audited scenarios and supports strategic, risk-based decisions, it maximizes the great potential of CAATTs on the quality of the audits. The results and insights can be useful to CPA firms, internal auditors, CAATTs developers and regulators. Moreover, it may motivate audit standard-setters to issue updated guidelines regarding CAATTs adoption in audits.Keywords: audit risk, CAATTs, financial auditing, information technology, technology adoption models
Procedia PDF Downloads 6613043 A Tutorial on Network Security: Attacks and Controls
Authors: Belbahi Ahlam
Abstract:
With the phenomenal growth in the Internet, network security has become an integral part of computer and information security. In order to come up with measures that make networks more secure, it is important to learn about the vulnerabilities that could exist in a computer network and then have an understanding of the typical attacks that have been carried out in such networks. The first half of this paper will expose the readers to the classical network attacks that have exploited the typical vulnerabilities of computer networks in the past and solutions that have been adopted since then to prevent or reduce the chances of some of these attacks. The second half of the paper will expose the readers to the different network security controls including the network architecture, protocols, standards and software/ hardware tools that have been adopted in modern day computer networks.Keywords: network security, attacks and controls, computer and information, solutions
Procedia PDF Downloads 45413042 Blockchain Security in MANETs
Authors: Nada Mouchfiq, Ahmed Habbani, Chaimae Benjbara
Abstract:
The security aspect of the IoT occupies a place of great importance especially after the evolution that has known this field lastly because it must take into account the transformations and the new applications .Blockchain is a new technology dedicated to the data sharing. However, this does not work the same way in the different systems with different operating principles. This article will discuss network security using the Blockchain to facilitate the sending of messages and information, enabling the use of new processes and enabling autonomous coordination of devices. To do this, we will discuss proposed solutions to ensure a high level of security in these networks in the work of other researchers. Finally, our article will propose a method of security more adapted to our needs as a team working in the ad hoc networks, this method is based on the principle of the Blockchain and that we named ”MPR Blockchain”.Keywords: Ad hocs networks, blockchain, MPR, security
Procedia PDF Downloads 18413041 Possible Risks for Online Orders in the Furniture Industry - Customer and Entrepreneur Perspective
Authors: Justyna Żywiołek, Marek Matulewski
Abstract:
Data, is information processed by enterprises for primary and secondary purposes as processes. Thanks to processing, the sales process takes place; in the case of the surveyed companies, sales take place online. However, this indirect form of contact with the customer causes many problems for both customers and furniture manufacturers. The article presents solutions that would solve problems related to the analysis of data and information in the order fulfillment process sent to post-warranty service. The article also presents an analysis of threats to the security of this information, both for customers and the enterprise.Keywords: ordering furniture online, information security, furniture industry, enterprise security, risk analysis
Procedia PDF Downloads 4713040 Modern Information Security Management and Digital Technologies: A Comprehensive Approach to Data Protection
Authors: Mahshid Arabi
Abstract:
With the rapid expansion of digital technologies and the internet, information security has become a critical priority for organizations and individuals. The widespread use of digital tools such as smartphones and internet networks facilitates the storage of vast amounts of data, but simultaneously, vulnerabilities and security threats have significantly increased. The aim of this study is to examine and analyze modern methods of information security management and to develop a comprehensive model to counteract threats and information misuse. This study employs a mixed-methods approach, including both qualitative and quantitative analyses. Initially, a systematic review of previous articles and research in the field of information security was conducted. Then, using the Delphi method, interviews with 30 information security experts were conducted to gather their insights on security challenges and solutions. Based on the results of these interviews, a comprehensive model for information security management was developed. The proposed model includes advanced encryption techniques, machine learning-based intrusion detection systems, and network security protocols. AES and RSA encryption algorithms were used for data protection, and machine learning models such as Random Forest and Neural Networks were utilized for intrusion detection. Statistical analyses were performed using SPSS software. To evaluate the effectiveness of the proposed model, T-Test and ANOVA statistical tests were employed, and results were measured using accuracy, sensitivity, and specificity indicators of the models. Additionally, multiple regression analysis was conducted to examine the impact of various variables on information security. The findings of this study indicate that the comprehensive proposed model reduced cyber-attacks by an average of 85%. Statistical analysis showed that the combined use of encryption techniques and intrusion detection systems significantly improves information security. Based on the obtained results, it is recommended that organizations continuously update their information security systems and use a combination of multiple security methods to protect their data. Additionally, educating employees and raising public awareness about information security can serve as an effective tool in reducing security risks. This research demonstrates that effective and up-to-date information security management requires a comprehensive and coordinated approach, including the development and implementation of advanced techniques and continuous training of human resources.Keywords: data protection, digital technologies, information security, modern management
Procedia PDF Downloads 2813039 Implementation of Learning Disability Annual Review Clinics to Ensure Good Patient Care, Safety, and Equality in Covid-19: A Two Pass Audit in General Practice
Authors: Liam Martin, Martha Watson
Abstract:
Patients with learning disabilities (LD) are at increased risk of physical and mental illness due to health inequality. To address this, NICE recommends that people from the age of 14 with a learning disability should have an annual LD health check. This consultation should include a holistic review of the patient’s physical, mental and social health needs with a view of creating an action plan to support the patient’s care. The expected standard set by the Quality and Outcomes Framework (QOF) is that each general practice should review at least 75% of their LD patients annually. During COVID-19, there have been barriers to primary care, including health anxiety, the shift to online general practice and the increase in GP workloads. A surgery in North London wanted to assess whether they were falling short of the expected standard for LD patient annual reviews in order to optimize care post Covid-19. A baseline audit was completed to assess how many LD patients were receiving their annual reviews over the period of 29th September 2020 to 29th September 2021. This information was accessed using EMIS Web Health Care System (EMIS). Patients included were aged 14 and over as per QOF standards. Doctors were not notified of this audit taking place. Following the results of this audit, the creation of learning disability clinics was recommended. These clinics were recommended to be on the ground floor and should be a dedicated time for LD reviews. A re-audit was performed via the same process 6 months later in March 2022. At the time of the baseline audit, there were 71 patients aged 14 and over that were on the LD register. 54% of these LD patients were found to have documentation of an annual LD review within the last 12 months. None of the LD patients between the ages of 14-18 years old had received their annual review. The results were discussed with the practice, and dedicated clinics were set up to review their LD patients. A second pass of the audit was completed 6 months later. This showed an improvement, with 84% of the LD patients registered at the surgery now having a documented annual review within the last 12 months. 78% of the patients between the ages of 14-18 years old had now been reviewed. The baseline audit revealed that the practice was not meeting the expected standard for LD patient’s annual health checks as outlined by QOF, with the most neglected patients being between the ages of 14-18. Identification and awareness of this vulnerable cohort is important to ensure measures can be put into place to support their physical, mental and social wellbeing. Other practices could consider an audit of their annual LD health checks to make sure they are practicing within QOF standards, and if there is a shortfall, they could consider implementing similar actions as used here; dedicated clinics for LD patient reviews.Keywords: COVID-19, learning disability, learning disability health review, quality and outcomes framework
Procedia PDF Downloads 8513038 Cloud Data Security Using Map/Reduce Implementation of Secret Sharing Schemes
Authors: Sara Ibn El Ahrache, Tajje-eddine Rachidi, Hassan Badir, Abderrahmane Sbihi
Abstract:
Recently, there has been increasing confidence for a favorable usage of big data drawn out from the huge amount of information deposited in a cloud computing system. Data kept on such systems can be retrieved through the network at the user’s convenience. However, the data that users send include private information, and therefore, information leakage from these data is now a major social problem. The usage of secret sharing schemes for cloud computing have lately been approved to be relevant in which users deal out their data to several servers. Notably, in a (k,n) threshold scheme, data security is assured if and only if all through the whole life of the secret the opponent cannot compromise more than k of the n servers. In fact, a number of secret sharing algorithms have been suggested to deal with these security issues. In this paper, we present a Mapreduce implementation of Shamir’s secret sharing scheme to increase its performance and to achieve optimal security for cloud data. Different tests were run and through it has been demonstrated the contributions of the proposed approach. These contributions are quite considerable in terms of both security and performance.Keywords: cloud computing, data security, Mapreduce, Shamir's secret sharing
Procedia PDF Downloads 30613037 Quality Management System Audit and Its Impact on Company's Performance
Authors: Redha Elhuni
Abstract:
The purpose of this paper is to find out the impact of Quality Management System (QMS) ISO/IEC 17025:2005 certification audit on company’s Performance. Libyan petroleum Institute has been certified ISO/IEC 17025:2005 for 8 years. Therefore, it is necessary to study and analyze the impact of that certification on its performance. Survey study has been done by distributing a questionnaire by handing it personally to qualified staff in the 15 accredited laboratories in the institute. The response rate was 66.6%. The statistical operations with the results of analytical study have been done to achieve the goal and objectives of the research. Finally, ISO/IEC 17025:2005 certification audit is found to have a positive effect on the institute’s performance.Keywords: auditing process, ISO/IEC 17025:2005, quality management system, Libyan petroleum institute
Procedia PDF Downloads 35313036 Towards A New Maturity Model for Information System
Authors: Ossama Matrane
Abstract:
Information System has become a strategic lever for enterprises. It contributes effectively to align business processes on strategies of enterprises. It is regarded as an increase in productivity and effectiveness. So, many organizations are currently involved in implementing sustainable Information System. And, a large number of studies have been conducted the last decade in order to define the success factors of information system. Thus, many studies on maturity model have been carried out. Some of this study is referred to the maturity model of Information System. In this article, we report on development of maturity models specifically designed for information system. This model is built based on three components derived from Maturity Model for Information Security Management, OPM3 for Project Management Maturity Model and processes of COBIT for IT governance. Thus, our proposed model defines three maturity stages for corporate a strong Information System to support objectives of organizations. It provides a very practical structure with which to assess and improve Information System Implementation.Keywords: information system, maturity models, information security management, OPM3, IT governance
Procedia PDF Downloads 44613035 Legal Issues of Food Security in Republic of Kazakhstan
Authors: G. T. Aigarinova
Abstract:
This article considers the legal issues of food security as a major component of national security of the republic. The problem of food security is the top priority of the economic policy strategy of any state, the effectiveness of this solution influences social, political, and ethnic stability in society. Food security and nutrition is everyone’s business. Food security exists when all people, at all times, have physical, social and economic access to sufficient safe and nutritious food that meets their dietary needs and food preferences for an active and healthy life. By analyzing the existing legislation in the area of food security, the author identifies weaknesses and gaps, suggesting ways to improve it.Keywords: food security, national security, agriculture, public resources, economic security
Procedia PDF Downloads 42313034 An Analysis of Institutional Audits: Basis for Teaching, Learning and Assessment Framework and Principles
Authors: Nabil El Kadhi, Minerva M. Bunagan
Abstract:
The dynamism in education, particularly in the area of teaching, learning and assessment has caused Higher Education Institutions (HEIs) worldwide to seek for ways to continuously improve their educational processes. HEIs use outcomes of institutional audits, assessments and accreditations, for improvement. In this study, the published institutional audit reports of HEIs in the Sultanate of Oman were analyzed to produce features of good practice; identify challenges along Teaching, Learning Assessment (TLA); and propose a framework that puts major emphasis in having a quality-assured TLA, including a set of principles that can be used as basis in succeeding an institutional visit. The TLA framework, which shows the TLA components, characteristics of the components, related expectation, including implementation tool/ strategy and pitfalls can be used by HEIs to have an adequate understanding of the scope of audit and be able to satisfy institutional audit requirements. The scope of this study can be widened by exploring the other requirements of the Institutional Audits in the Sultanate of Oman, particularly the area on Governance and Management and Student Support Services.Keywords: accreditation, audit, teaching, learning and assessment, quality assurance
Procedia PDF Downloads 30413033 Machine Learning Development Audit Framework: Assessment and Inspection of Risk and Quality of Data, Model and Development Process
Authors: Jan Stodt, Christoph Reich
Abstract:
The usage of machine learning models for prediction is growing rapidly and proof that the intended requirements are met is essential. Audits are a proven method to determine whether requirements or guidelines are met. However, machine learning models have intrinsic characteristics, such as the quality of training data, that make it difficult to demonstrate the required behavior and make audits more challenging. This paper describes an ML audit framework that evaluates and reviews the risks of machine learning applications, the quality of the training data, and the machine learning model. We evaluate and demonstrate the functionality of the proposed framework by auditing an steel plate fault prediction model.Keywords: audit, machine learning, assessment, metrics
Procedia PDF Downloads 26913032 Programming Systems in Implementation of Process Safety at Chemical Process Industry
Authors: Maryam Shayan
Abstract:
Programming frameworks have been utilized as a part of chemical industry process safety operation and configuration to enhance its effectiveness. This paper gives a brief survey and investigation of the best in class and effects of programming frameworks in process security. A study was completed by talking staff accountable for procedure wellbeing practices in the Iranian chemical process industry and diving into writing of innovation for procedure security. This article investigates the useful and operational attributes of programming frameworks for security and endeavors to sort the product as indicated by its level of effect in the administration chain of importance. The study adds to better comprehension of the parts of Information Communication Technology in procedure security, the future patterns and conceivable gaps for innovative work.Keywords: programming frameworks, chemical industry process, process security, administration chain, information communication technology
Procedia PDF Downloads 37213031 Forecasting Future Society to Explore Promising Security Technologies
Authors: Jeonghwan Jeon, Mintak Han, Youngjun Kim
Abstract:
Due to the rapid development of information and communication technology (ICT), a substantial transformation is currently happening in the society. As the range of intelligent technologies and services is continuously expanding, ‘things’ are becoming capable of communicating one another and even with people. However, such “Internet of Things” has the technical weakness so that a great amount of such information transferred in real-time may be widely exposed to the threat of security. User’s personal data are a typical example which is faced with a serious security threat. The threats of security will be diversified and arose more frequently because next generation of unfamiliar technology develops. Moreover, as the society is becoming increasingly complex, security vulnerability will be increased as well. In the existing literature, a considerable number of private and public reports that forecast future society have been published as a precedent step of the selection of future technology and the establishment of strategies for competitiveness. Although there are previous studies that forecast security technology, they have focused only on technical issues and overlooked the interrelationships between security technology and social factors are. Therefore, investigations of security threats in the future and security technology that is able to protect people from various threats are required. In response, this study aims to derive potential security threats associated with the development of technology and to explore the security technology that can protect against them. To do this, first of all, private and public reports that forecast future and online documents from technology-related communities are collected. By analyzing the data, future issues are extracted and categorized in terms of STEEP (Society, Technology, Economy, Environment, and Politics), as well as security. Second, the components of potential security threats are developed based on classified future issues. Then, points that the security threats may occur –for example, mobile payment system based on a finger scan technology– are identified. Lastly, alternatives that prevent potential security threats are proposed by matching security threats with points and investigating related security technologies from patent data. Proposed approach can identify the ICT-related latent security menaces and provide the guidelines in the ‘problem – alternative’ form by linking the threat point with security technologies.Keywords: future society, information and communication technology, security technology, technology forecasting
Procedia PDF Downloads 46713030 Corporate Governance Mechanisms, Whistle-Blowing Policy and Earnings Management Practices of Firms in Malaysia
Authors: Mujeeb Saif Mohsen Al-Absy, Ku Nor Izah Ku Ismail, Sitraselvi Chandren
Abstract:
This study examines whether corporate governance (CG) mechanisms in firms that have a whistle-blowing policy (WHBLP) are more effective in constraining earnings management (EM), than those without. A sample of 288 Malaysian firms for the years 2013 to 2015, amounting to 864 firm-years were grouped into firms with and without WHBLP. Results show that for firms without WHBLP, the board chairman tenure would minimize EM activities. Meanwhile, for firms with WHBLP, board chairman independence, board chairman tenure, audit committee size, audit committee meeting and women in the audit committees are found to be associated with less EM activities. Further, it is found that ownership concentration and Big 4 auditing firms help to reduce EM activities in firms with WHBLP, while not in firms without WHBLP. Hence, functional and effective governance can be achieved by having a WHBLP, which is in line with agency and resource dependent theories. Therefore, this study suggests that firms should have a WHBLP in place, and policymakers should come up with enhanced criteria to strengthen the mechanisms of WHBLP.Keywords: corporate governance, earnings management, whistle-blowing policy, audit committee, board of directors
Procedia PDF Downloads 13513029 Gender Mainstreaming in Kazakhstan: A University Audit as the First Stage to Inform Policy
Authors: A. S. CohenMiller, Jenifer Lewis, Gwen McEvoy, Kristy Kelly
Abstract:
This international, interdisciplinary study presents the first stage of a gender mainstreaming project within one university as a microcosm of society in Kazakhstan to make concrete policy recommendations and set up the potential for new research to monitor change over time. Local, regional, and UN representatives have noted the critical need and interest in gender related issues in Kazakhstan. Gender mainstreaming has been noted as a strategy to understand and address gender equality and equity such as within the academy in exploring and examining organizational/management issues, university decision-making and leadership, assessing the overall academic climate, discrimination issues, hiring and promotion, and student recruitment and retention. This presentation provides preliminary findings from the university gender audit, highlighting key elements for moving forward in gender mainstreaming. The full study analyzes findings from the full gender audit including interview with key stakeholders, time-use surveys, participant-observations and interviews with female students, staff and faculty, and reviews of formal organizational policies and practices.Keywords: academia, equity, Eurasia, gender audit, gender mainstreaming, Kazakhstan, policy, time-use survey
Procedia PDF Downloads 39913028 Best Practices to Enhance Patient Security and Confidentiality When Using E-Health in South Africa
Authors: Lethola Tshikose, Munyaradzi Katurura
Abstract:
Information and Communication Technology (ICT) plays a critical role in improving daily healthcare processes. The South African healthcare organizations have adopted Information Systems to integrate their patient records. This has made it much easier for healthcare organizations because patient information can now be accessible at any time. The primary purpose of this research study was to investigate the best practices that can be applied to enhance patient security and confidentiality when using e-health systems in South Africa. Security and confidentiality are critical in healthcare organizations as they ensure safety in EHRs. The research study used an inductive research approach that included a thorough literature review; therefore, no data was collected. The research paper’s scope included patient data and possible security threats associated with healthcare systems. According to the study, South African healthcare organizations discovered various patient data security and confidentiality issues. The study also revealed that when it comes to handling patient data, health professionals sometimes make mistakes. Some may not be computer literate, which posed issues and caused data to be tempered with. The research paper recommends that healthcare organizations ensure that security measures are adequately supported and promoted by their IT department. This will ensure that adequate resources are distributed to keep patient data secure and confidential. Healthcare organizations must correctly use standards set up by IT specialists to solve patient data security and confidentiality issues. Healthcare organizations must make sure that their organizational structures are adaptable to improve security and confidentiality.Keywords: E-health, EHR, security, confidentiality, healthcare
Procedia PDF Downloads 5613027 Risk in the South African Sectional Title Industry: An Assurance Perspective
Authors: Leandi Steenkamp
Abstract:
The sectional title industry has been a part of the property landscape in South Africa for almost half a century, and plays a significant role in addressing the housing problem in the country. Stakeholders such as owners and investors in sectional title property are in most cases not directly involved in the management thereof, and place reliance on the audited annual financial statements of bodies corporate for decision-making purposes. Although the industry seems to be highly regulated, the legislation regarding accounting and auditing of sectional title is vague and ambiguous. Furthermore, there are no industry-specific auditing and accounting standards to guide accounting and auditing practitioners in performing their work and industry financial benchmarks are not readily available. In addition, financial pressure on sectional title schemes is often very high due to the fact that some owners exercise unrealistic pressure to keep monthly levies as low as possible. All these factors have an impact on the business risk as well as audit risk of bodies corporate. Very little academic research has been undertaken on the sectional title industry in South Africa from an accounting and auditing perspective. The aim of this paper is threefold: Firstly, to discuss the findings of a literature review on uncertainties, ambiguity and confusing aspects in current legislation regarding the audit of a sectional title property that may cause or increase audit and business risk. Secondly, empirical findings of risk-related aspects from the results of interviews with three groups of body corporate role-players will be discussed. The role-players were body corporate trustee chairpersons, body corporate managing agents and accounting and auditing practitioners of bodies corporate. Specific reference will be made to business risk and audit risk. Thirdly, practical recommendations will be made on possibilities of closing the audit expectation gap, and further research opportunities in this regard will be discussed.Keywords: assurance, audit, audit risk, body corporate, corporate governance, sectional title
Procedia PDF Downloads 26613026 Audit and Assurance Program for AI-Based Technologies
Authors: Beatrice Arthur
Abstract:
The rapid development of artificial intelligence (AI) has transformed various industries, enabling faster and more accurate decision-making processes. However, with these advancements come increased risks, including data privacy issues, systemic biases, and challenges related to transparency and accountability. As AI technologies become more integrated into business processes, there is a growing need for comprehensive auditing and assurance frameworks to manage these risks and ensure ethical use. This paper provides a literature review on AI auditing and assurance programs, highlighting the importance of adapting traditional audit methodologies to the complexities of AI-driven systems. Objective: The objective of this review is to explore current AI audit practices and their role in mitigating risks, ensuring accountability, and fostering trust in AI systems. The study aims to provide a structured framework for developing audit programs tailored to AI technologies while also investigating how AI impacts governance, risk management, and regulatory compliance in various sectors. Methodology: This research synthesizes findings from academic publications and industry reports from 2014 to 2024, focusing on the intersection of AI technologies and IT assurance practices. The study employs a qualitative review of existing audit methodologies and frameworks, particularly the COBIT 2019 framework, to understand how audit processes can be aligned with AI governance and compliance standards. The review also considers real-time auditing as an emerging necessity for influencing AI system design during early development stages. Outcomes: Preliminary findings indicate that while AI auditing is still in its infancy, it is rapidly gaining traction as both a risk management strategy and a potential driver of business innovation. Auditors are increasingly being called upon to develop controls that address the ethical and operational risks posed by AI systems. The study highlights the need for continuous monitoring and adaptable audit techniques to handle the dynamic nature of AI technologies. Future Directions: Future research will explore the development of AI-specific audit tools and real-time auditing capabilities that can keep pace with evolving technologies. There is also a need for cross-industry collaboration to establish universal standards for AI auditing, particularly in high-risk sectors like healthcare and finance. Further work will involve engaging with industry practitioners and policymakers to refine the proposed governance and audit frameworks. Funding/Support Acknowledgements: This research is supported by the Information Systems Assurance Management Program at Concordia University of Edmonton.Keywords: AI auditing, assurance, risk management, governance, COBIT 2019, transparency, accountability, machine learning, compliance
Procedia PDF Downloads 2213025 The Value of Job Security across Various Welfare Policies
Authors: Eithan Hourie, Miki Malul, Raphael Bar-El
Abstract:
To investigate the relationship between various welfare policies and the value of job security, we conducted a study with 201 people regarding their assessments of the value of job security with respect to three elements: income stability, assurance of continuity of employment, and security in the job. The experiment simulated different welfare policy scenarios, such as the amount and duration of unemployment benefits, workfare, and basic income. The participants evaluated the value of job security in various situations. We found that the value of job security is approximately 22% of the starting salary, which is distributed as follows: 13% reflects income security, 8.7% reflects job security, and about 0.3% is for being able to keep their current employment in the future. To the best of our knowledge, this article is one of the pioneers in trying to quantify the value of job security in different market scenarios and at varying levels of welfare policy. Our conclusions may help decision-makers when deciding on a welfare policy.Keywords: job security value, employment protection legislation, status quo bias, expanding welfare policy
Procedia PDF Downloads 10413024 Network Security Attacks and Defences
Authors: Ranbir Singh, Deepinder Kaur
Abstract:
Network security is an important aspect in every field like government offices, Educational Institute and any business organization. Network security consists of the policies adopted to prevent and monitor forbidden access, misuse, modification, or denial of a computer network. Network security is very complicated subject and deal by only well trained and experienced people. However, as more and more people become wired, an increasing number of people need to understand the basics of security in a networked world. The history of the network security included an introduction to the TCP/IP and interworking. Network security starts with authenticating, commonly with a username and a password. In this paper, we study about various types of attacks on network security and how to handle or prevent this attack.Keywords: network security, attacks, denial, authenticating
Procedia PDF Downloads 40313023 A Relationship between Transformational Leadership, Internal Audit and Risk Management Implementation in the Indonesian Public Sector
Authors: Tio Novita Efriani
Abstract:
Public sector organizations work in a complex and risky environment. Since the beginning of 2000s, the public sector has paid attention to the need for an effective risk management. The Indonesian public sector has also concerned about this issue and in 2008 it enacted the Government Regulation that gives mandate for the implementation of risk management in government organizations. This paper investigates risk management implementation in the Indonesian public sector organizations and the role of transformational leadership and internal audit activities. Data was collected via survey. A total of 202 effective responses (30% response rate) from employees in 34 government ministries were statistically analyzed by using Partial least square structural equation modelling (PLS-SEM) and the software was SmartPLS 3.0. All the constructs were lower order, except for the risk management implementation construct, which was treated as a second-order construct. A two-stage approach was employed in the analysis of the higher order component. The findings revealed that transformational leadership positively influence risk management implementation. The findings also found that the core and legitimate roles of internal audit in risk management positively affect the implementation of risk management. The final finding showed that internal auditing mediates a relationship between transformational leadership and risk management implementation. These results suggest that the implementation of risk management in the Indonesian public sector was significantly supported by internal auditors and leadership. The findings confirm the importance of transformational leadership and internal audit in the public sector risk management strategies.Keywords: Indonesian public sector, internal audit, risk management, transformational leadership
Procedia PDF Downloads 20113022 Design and Realization of Computer Network Security Perception Control System
Authors: El Miloudi Djelloul
Abstract:
Based on analysis on applications by perception control technology in computer network security status and security protection measures, from the angles of network physical environment and network software system environmental security, this paper provides network security system perception control solution using Internet of Things (IOT), telecom and other perception technologies. Security Perception Control System is in the computer network environment, utilizing Radio Frequency Identification (RFID) of IOT and telecom integration technology to carry out integration design for systems. In the network physical security environment, RFID temperature, humidity, gas and perception technologies are used to do surveillance on environmental data, dynamic perception technology is used for network system security environment, user-defined security parameters, security log are used for quick data analysis, extends control on I/O interface, by development of API and AT command, Computer Network Security Perception Control based on Internet and GSM/GPRS is achieved, which enables users to carry out interactive perception and control for network security environment by WEB, E-MAIL as well as PDA, mobile phone short message and Internet. In the system testing, through middle ware server, security information data perception in real time with deviation of 3-5% was achieved; it proves the feasibility of Computer Network Security Perception Control System.Keywords: computer network, perception control system security strategy, Radio Frequency Identification (RFID)
Procedia PDF Downloads 445