Search results for: information security audit

Authors: Satinder Bhatia

Abstract:

Limited Liability Partnerships (LLPs) was a concept introduced in India in 2009. Ever since then, there has been a fierce growth in the number of organizations registered as LLPs outpacing the number of registrations as private companies. Among other benefits extended to LLPs, the audit being mandated only for LLPs having a turnover of at least Rs 40 lakhs or capital contribution of Rs 25 lakhs, has been a major attraction. This has resulted in only about 10 per cent of LLPs coming under mandatory audit. Even for such companies, the accounting standards to be followed in the preparation of financial statements have not been specified. The Revised Indian Accounting Standards (Revised IndAS) which are aligned with IFRS to a great extent, may apply to LLPs only under limited conditions. Thus, the veracity of even the audited financial statements of LLPs can be questioned. If in future, these LLPs would like to list on a stock exchange to raise capital, there can be serious hurdles if investors do not find the financial statements to be reliable and consistent. LLPs are generally governed by country-specific rules in the area of accounts and audit. Thus, such rules vary across UK, EU and the USA. Some countries have adopted the IFRS for SMEs and since LLPs can be referred to as SMEs; they would come under the ambit of these IFRS provisions. Besides, as the scope of audit widens to cover qualitative information in addition to quantitative data, audit of LLPs has now acquired a new meaning and a new urgency as demands for at least limited purpose audits are arising from different stakeholders including lenders, suppliers, customers and joint venture partners.

Keywords: audit disclosures, audit quality, guidance for SMEs, non-audit services

Procedia PDF Downloads 131

Authors: Shuofen Hsu, Ya-Yi Chao, Chao-Wei Li

Abstract:

This paper investigates the relationship between voluntary audit (hereafter, VA) of semi-annual consolidated financial statements decision and accounting conservatism. In general, there are four kinds of auditors' assurance services, which include audit, review, agreed-upon procedure and compliance engagements base on degree of assurance. The VA work by auditors may not only have the higher audit quality but an important signal of more reliable information than the review work. In Taiwan, The listed companies must prepare the semi-annual consolidated financial statements and with auditors' review before 2012, but some of the listed companies choose the assurance work from review to audit voluntarily. Due to the adoption of International Financial Reporting Standards, the listed companies were required to prepare the second quarterly consolidated financial statements which should be reviewed by auditors since 2013. This rule will change some of the assurance work from audit to review by auditors, and the information asymmetry maybe increased. To control the selection bias, we use two-stage model to test the relationship between VA decision and accounting conservatism. Our empirical results indicate that the VA decision and accounting conservatism have a significant positive relationship in firms with family-controlled. That is, firms with family-controlled are more likely to do VA and to prepare more conservative consolidated financial statements to reduce the information asymmetry, meaning that there is a complementary effect between VA and accounting conservatism for firms with more information asymmetry. But on the contrary, we find that the VA decision and accounting conservatism have a significant negative relationship in firms with professional managers-controlled, meaning that there is a substitution effect between VA and accounting conservatism for firms with less information asymmetry. Finally, the accounting conservatism of consolidated financial statements decrease after the adoption of IFRSs (International Financial Reporting Standards) in Taiwan. It means that the disclosure and transparency of consolidated financial statements had be improved.

Keywords: voluntary audit, accounting conservatism, audit quality, information asymmetry

Procedia PDF Downloads 200

Authors: Hani Albogami

Abstract:

The internal audit function is considered as one of the internal corporate governance mechanisms that may have an impact on improving earnings quality by constraining earnings management. The internal audit function is also a unique corporate governance mechanism because internal auditors have more involvement with the day-to-day operations comparing to the audit committee, and also internal auditors audit their companies the whole year compared to the external auditor who audits only a certain time of the year. The relationships between internal audit function and earnings management can be understood by some theories. Therefore, this paper provides a theoretical background of the influence of the quality of internal audit function on earnings management. In particular, the agency theory, institutional theory, singling theory, and resource dependency theory are adapted by this paper to provide some understanding and analyses that can be a basis for future research to contribute to the corporate governance academic studies.

Keywords: internal audit, corporate governance, earnings management, accounting

Procedia PDF Downloads 155

Authors: M. S. Razana, Z. W. Shafiuddin

Abstract:

Internal auditing is one of the most important activities for organizations that implement information security management systems (ISMS). The purpose of internal audits is to ensure the ISMS implementation is in accordance to the ISO/IEC 27001 standard and the organization’s own requirements for its ISMS. Competent internal auditors are the main element that contributes to the effectiveness of internal auditing activities. To realize this need, CyberSecurity Malaysia is now in the process of becoming a certification body that certifies ISMS internal auditors. The certification scheme will assess the competence of internal auditors in generic knowledge and skills in management systems, and also in ISMS-specific knowledge and skills. The certification assessment is based on the ISO/IEC 19011 Guidelines for auditing management systems, ISO/IEC 27007 Guidelines for information security management systems auditing and ISO/IEC 27001 Information security management systems requirements. The certification scheme complies with the ISO/IEC 17024 General requirements for bodies operating certification systems of persons. Candidates who pass the exam will be certified as an ISMS Internal Auditor, whose competency will be evaluated every three years.

Keywords: ISMS internal audit, ISMS internal auditor, ISO/IEC 17024, competence, certification

Procedia PDF Downloads 214

Authors: Lajmi Azhaar, Yab Mdallelah

Abstract:

This study examines the Tunisian market in which recent events, notably financial scandals, provide an appropriate framework for studying the impact of corporate governance on the audit report lag. Moreover, very little research has been done to examine this relationship in this context. The objective of this work is, therefore, to understand the factors influencing audit report lag, drawing primarily on agency theory (Jensen and Meckling, 1976), which shows that the characteristics of the board of directors have an impact on the report lag (independence, diligence, and size). In addition, the characteristics of the committee also have an impact on the audit report lag (size, independence, diligence, and expertise). Therefore, our research provides empirical evidence on the impact of governance mechanisms attributes on audit report lag. Using a sample of forty-seven (47) Tunisian companies listed on the Tunis Stock Exchange (BVMT) during the period from 2014 to 2019, and basing on the GMM method of the dynamic panel, multivariate analysis shows that most corporate governance attributes have a significant effect on audit report lag. Specifically, the audit committee diligence and the audit committee expertise have a significant and positive effect on audit report lag. But the diligence of the board has a significant and negative effect on audit report lag. However, this study finds no evidence that the audit committee independence, the size, independence, and diligence of the director’s board are associated with the audit report lag. In addition, the results of this study also show that there is a significant effect of some control variables. Finally, we are contributing to this study by using the GMM method of the dynamic panel. We are also using an emerging context that is very poorly developed and exploited by previous studies.

Keywords: governance mechanisms, audit committee, board of directors, audit report lag

Procedia PDF Downloads 137

Authors: Abdulaziz Abdulsaleh

Abstract:

This study aims at identifying the practices that should be taken into consideration by audit committees as a tool of corporate governance in Libyan commercial banks by investigating various perceptions on this topic. The study is based on a questionnaire submitted to audit committees ‘members at Libyan commercial banks, directors of internal audit departments as well as members of board of directors at these banks in addition to a number of external auditors and academic staff from Libyan universities. The study reveals that the role of audit committees has to be shifted from traditional areas of accounting to a broader role including functions related to financial reporting, audit planning, support the independence of internal and external auditors, acting as a channel of communication between external auditors and board of directors, reviewing external audit, and evaluating internal control systems. Although the study is a starting point in developing a framework of good audit committees’ practices in Libya, it is believed that the adoption of its results can result in enhancing the corporate governance practices not only in the banking sector but also in the entire corporate sector in Libya.

Keywords: audit committees, corporate governance, commercial banks, Libya

Procedia PDF Downloads 372

Authors: Abdulqader Rasool Feqi Mohammed, Ergun Erçelebi̇

Abstract:

A large number of hospitals from developed countries are adopting hospital information system to bring efficiency in hospital information system. The purpose of this project is to research on new network security techniques in order to enhance the current network security structure of save a hospital information system (HIS). This is very important because, it will avoid the system from suffering any attack. Security architecture was optimized but there are need to keep researching on best means to protect the network from future attacks. In this final project research, security techniques were uncovered to produce best network security results when implemented in an integrated framework.

Keywords: hospital information system, HIS, network security techniques, internet protocol, IP, network

Procedia PDF Downloads 400

Authors: Hsiao-Wen Wang

Abstract:

The split-share structure reform in China represents one of the most significant milestones in the evolution of the capital market. With the goal of converting non-tradable shares into tradable shares, the reform laid the foundation and supported the development of full-scale privatization. This study explores China’s split-share structure reform and its impact on statutory audit fees. This study finds that auditors earn a significant statutory audit fee premium after the split-share structure reform. The Big 4 auditors who provide better audit quality receive higher statutory audit fee premium than non-Big 4 auditors after the share reform, which is attributable to their brand reputation, rather than the relative market dominance.

Keywords: chinese split-share structure reform, statutory audit fees, big-4 auditors, corporate governance

Procedia PDF Downloads 368

Authors: Iyad Ismail, Fathilatul Abdul Hamid

Abstract:

This research was mainly investigated to recognize the extent of big data analysis by external auditors. This paper adopts grounded theory as a framework for conducting a series of semi-structured interviews with eighteen external auditors. The research findings comprised the availability extent of big data and big data analysis usage by the external auditors in Palestine, Gaza Strip. Considering the study's outcomes leads to a series of auditing procedures in order to improve the external auditing techniques, which leads to high-quality audit process. Also, this research is crucial for auditing firms by giving an insight into the mechanisms of auditing firms to identify the most important strategies that help in achieving competitive audit quality. These results are aims to instruct the auditing academic and professional institutions in developing techniques for external auditors in order to the big data analysis. This paper provides appropriate information for the decision-making process and a source of future information which affects technological auditing.

Keywords: big data analysis, external auditors, audit reliance, internal audit function

Procedia PDF Downloads 43

Authors: A. Haddick, A. Soltan

Abstract:

Background: During the period of recovery from an operative obstetric procedure, a woman is not only at risk of the life-threatening complications accompanying labour but also those associated with surgery and anaesthesia. It is speculated that women in the recovery area may receive a lower standard of care over a night shift. Thus obstetric recovery room care should be evaluated regularly to ensure all women receive an equally high standard of care 24/7. Aim: The aim of this audit was to undertake an audit in the Liverpool Women’s Hospital on the care in recovery, and to ascertain the extent to which the standards were met. This audit included the full audit cycle. Method: Standards were taken from the AAGBI, RCOA, NICE and CNST guidelines. There were 12 standards including appropriate documentation of vital signs and appropriate length of stay after surgery. Notes from 100 patients were analysed from March 2011-March 2012. There were 52 day notes and 48 night notes; these were accessed to gain the relevant data. In the re audit 35 notes were accessed from March 14-September 14. Results: The Liverpool Women’s Hospital met in total 10 of these standards. 10 were met during the day shift (83%) and 0 met during the night shift. In the re audit, there was a significant improvement in the standards met at night. 9 of the standards were met during the day and 7 of the standards were met at night. Clearly there are still improvements to be made. Conclusions: In the original audit, an audit action plan was formulated. This was following discussion of the results of this audit in an MDT meeting and presentation with a consultant Obstetrician, the head of Midwifery, the head of Obstetrics theatres and a recovery nurse. This audit will be further discussed in the Liverpool Woman's Hospital in July 2015 for further implementation for improvement.

Keywords: care, recovery, room, women

Procedia PDF Downloads 281

Authors: R. Manjula, Kaustav Bagchi, Sushant Ramesh, Anush Baskaran

Abstract:

In the past century, the emergence of information technology has had a significant positive impact on human life. While companies tend to be more involved in the completion of projects, the turn of the century has seen importance being given to investment in information security policies. These policies are essential to protect important data from adversaries, and thus following these policies has become one of the most important attributes revolving around information security models. In this research, we have focussed on the factors affecting information security policy compliance in two models : The theory of planned behaviour and the integration of the social bond theory and the involvement theory into a single model. Finally, we have given a proposal of where these theories would be successful.

Keywords: information technology, information security, involvement theory, policies, social bond theory

Procedia PDF Downloads 345

Authors: Fati̇h Apaydin

Abstract:

Education technology is an area which constantly changes and creates innovations. As an inevitable part of the changing circumstances, the societies who have a tendency to the improvements keep up with these innovations by using the methods and strategies which have been designed for education technology. At this point, education technology has taken the responsibility to help the individuals improve themselves and teach the effective teaching methods by filling the airs in theoretical information, information security and the practice. The technology which comes to the core of our lives by raising the importance of it day by day and it enforced its position in computer- based environments. As a result, ‘being ready for technological innovations, improvement on computer-based talent, information, ability and attitude’ doctrines have to be given. However, it is today quite hard to deal with the security and reinforcement of this information. The information which is got illegally gives harm to society from every aspect, especially education. This study includes how and to what extent to use these innovative appliances such as computers and the factor of information security of these appliances in computer-based education. As the use of computer is constantly becoming prevalent in our country, both education and computer will never become out of date, so how computer-based education affects our lives and the study of information security for this type of education are important topics.

Keywords: computer, information security, education, technology, development

Procedia PDF Downloads 562

Authors: M. El Mousadik, F. Elkandoussi

Abstract:

The concern for increased rigor in social management has led more and more Moroccan business leaders to question the value of applying social audit as an essential tool in the management of human resources. Hotel companies are not excluded; in fact, they are expected to implement such an audit to develop sound and credible human resources management (HRM) policies. The main objective of this paper is to establish the relationship between the practice of social audit as a tool, and its impact on the tourism sector, especially on hotels at one of the Morocco’s first and most popular city for tourism, Agadir. This exploratory study of properties in Agadir has revealed that hotel executives are aware of the importance of social auditing to hone their decisions in the field of HRM.

Keywords: social audit, hotel companies, human resources management, social piloting

Procedia PDF Downloads 254

Authors: Sana Masmoudi Mardassi, Yosra Makni Fourati

Abstract:

Regulators highlight the importance of the Audit Committee (AC) as a key internal corporate governance mechanism. One of the most important roles of this committee is to oversee the financial reporting process. The purpose of this paper is to examine the link between the characteristics of an audit committee and the financial reporting quality by investigating whether the characteristics of audit committees are associated with improved financial reporting quality, especially the Real Earnings Management. In the current study, a panel data from 80 nonfinancial companies listed on the Amsterdam Stock Exchange during the period between 2010 and 2017 were used. To measure audit committee characteristics, four proxies have been used, specifically, audit committee independence, financial expertise, gender diversity and AC meetings. For this research, a linear regression model was used to identify the influence of a set of board characteristics of the audit committee on real earnings management after controlling for firm audit committee size, leverage, size, loss, growth and board size. This research provides empirical evidence of the association between audit committee independence, financial expertise, gender diversity and meetings and Real Earnings Management (REM) as a proxy of financial reporting quality. The study finds that independence and AC Gender diversity are strongly related to financial reporting quality. In fact, these two characteristics constrain REM. The results also suggest that AC- financial expertise reduces to some extent, the likelihood of engaging in REM. These conclusions provide support then to the audit committee requirement under the Dutch Corporate Governance Code rules regarding gender diversity and AC meetings.

Keywords: audit committee, financial expertise, independence, real earnings management

Procedia PDF Downloads 140

Authors: Diego Saldo Alves, Marcelo Paveck Ayub

Abstract:

The quality of accounting information is very important for the decision-making of managers, investors government and other information users. The opinion of the independent audit has a significant influence on the decision-making, especially the investors. Therefore, the aim of this study is to analyze the reasons that companies listed on Brazilian Stock Exchange B3, if they received qualified opinion and disclaimer of opinion of the independent auditors. We analyzed the reports of the independent auditors of 23 Brazilian companies listed in B3 that received qualified opinion and disclaimer of opinion between the years 2012 and 2017. The findings show that the companies do not comply the International Financial Reporting Standard, IFRS, also they did not provide documentation to prove the operations performed, did not account expenses, problems in corporate governance and internal controls.

Keywords: audit, disclaimer of opinion, independent auditors, qualified opinion

Procedia PDF Downloads 166

Authors: Arpine Maghakyan

Abstract:

The purpose of this paper is to study the relationship between the level of industry digitalization and audit fees, especially, the relationship between Big 4 auditor fees and industry digitalization level. On the one hand, automation of business processes decreases internal control weakness and manual mistakes; increases work effectiveness and integrations. On the other hand, it may cause serious misstatements, high business risks or even bankruptcy, typically in early stages of automation. Incomplete automation can bring high audit risk especially if the auditor does not fully understand client’s business automation model. Higher audit risk consequently will cause higher audit fees. Higher audit fees for clients with high automation level are more highlighted in Big 4 auditor’s behavior. Using data of US firms from 2005-2015, we found that industry level digitalization is an interaction for the auditor quality on audit fees. Moreover, the choice of Big4 or non-Big4 is correlated with client’s industry digitalization level. Big4 client, which has higher digitalization level, pays more than one with low digitalization level. In addition, a high-digitalized firm that has Big 4 auditor pays higher audit fee than non-Big 4 client. We use audit fees and firm-specific variables from Audit Analytics and Compustat databases. We analyze collected data by using fixed effects regression methods and Wald tests for sensitivity check. We use fixed effects regression models for firms for determination of the connections between technology use in business and audit fees. We control for firm size, complexity, inherent risk, profitability and auditor quality. We chose fixed effects model as it makes possible to control for variables that have not or cannot be measured.

Keywords: audit fees, auditor quality, digitalization, Big4

Procedia PDF Downloads 270

Authors: Adel M. Qatawneh

Abstract:

This paper aimed to determine the importance of knowledge innovation for external audit on anti-corruption in the entire Jordanian bank companies are listed in Amman Stock Exchange (ASE). The study importance arises from the need to recognize the Knowledge innovation for external audit and anti-corruption as the development in the world of business, the variables that will be affected by external audit innovation are: reliability of financial data, relevantly of financial data, consistency of the financial data, Full disclosure of financial data and protecting the rights of investors to achieve the objectives of the study a questionnaire was designed and distributed to the society of the Jordanian bank are listed in Amman Stock Exchange. The data analysis found out that the banks in Jordan have a positive importance of Knowledge innovation for external audit on anti-corruption. They agree on the benefit of Knowledge innovation for external audit on anti-corruption. The statistical analysis showed that Knowledge innovation for external audit had a positive impact on the anti-corruption and that external audit has a significantly statistical relationship with anti-corruption, reliability of financial data, consistency of the financial data, a full disclosure of financial data and protecting the rights of investors.

Keywords: knowledge innovation, external audit, anti-corruption, Amman Stock Exchange

Procedia PDF Downloads 439

Authors: Pichamon Chansuchai

Abstract:

The objective of this research were to investigate electronic payment system on the internet and offer the guidelines for proper internal control of the payment system based on international standard security control (ISO/IEC 17799:2005),in a case study of payment of the internet, Thailand. The guidelines covered five important areas: (1) business requirement for access control, (2) information systems acquisition, development and maintenance, (3) information security incident management, (4) business continuity management, and (5) compliance with legal requirement. The findings from this qualitative study revealed the guidelines for proper internet control that were more reliable and allow the same line of business to implement the same system of control.

Keywords: audit, best practice, internet, payment

Procedia PDF Downloads 471

Authors: Sana Masmoudi, Yosra Makni

Abstract:

Regulators highlight the importance of the Audit Committee (AC) as a key internal corporate governance mechanism. One of the most important roles of this committee is to oversee the financial reporting process. The purpose of this paper is to examine the link between the characteristics of an audit committee and the financial reporting quality by investigating whether the formation of audit committees and their characteristics are associated with improved financial reporting quality. This study provides empirical evidence of the association between audit committee independence, financial expertise, gender diversity, and meetings and Real Earnings Management (REM) as a proxy of financial reporting quality. Using data from, with a sample of 80 companies listed on the Amsterdam Stock Exchange during 2010-2017, the study finds that independence and AC Gender diversity are strongly related to financial reporting quality. In fact, these two characteristics constrain REM. The results also suggest that AC-financial expertise reduces to some extent, the likelihood of engaging in REM. These conclusions provide support then to the audit committee requirement under the Dutch Corporate Governance Code rules regarding gender diversity and AC meetings.

Keywords: audit committee, financial expertise, independence, real earnings management

Procedia PDF Downloads 145

Authors: Mehmet Kargaci

Abstract:

It is more important to access information than to get the correct information and to transform it to the knowledge in a proper way. Every person, organizations or governments who have the knowledge now become the target. Cyber security involves the range of measures to be taken from individual to the national level. The National institutions refer to academic, military and major public and private institutions, which are very important for the national security. Thus they need further cyber security measures. It appears that the traditional cyber security measures in the national level are alone not sufficient, while the individual measures remain in a restricted level. It is evaluated that the most appropriate method for preventing the cyber vulnerabilities rather than existing measures are to develop institutional measures. This study examines the cyber security measures to be taken, especially in the national institutions.

Keywords: cyber defence, information, critical infrastructure, security

Procedia PDF Downloads 505

Authors: Ammar Ayad Issa Al-Rifaie, Zuhreya Muazu, Maysam Ali Abdulwahid, Dermot Gleeson

Abstract:

The aim of this audit was to examine the efficiency of alcohol history documentation and screening for hazardous drinkers at the Medical Admission Unit (MAU) of Northern General Hospital (NGH), Sheffield, to identify any potential for enhancing clinical practice. Data were collected from medical clerking sheets, ICE system and directly from 82 patients by three junior medical doctors using both CAGE questionnaire and AUDIT-C tool for newly admitted patients to MAU in NGH, in the period between January and March 2015. Alcohol consumption was documented in around two-third of the patient sample and this was documented fairly accurately by health care professionals. Some used subjective words such as 'social drinking' in the alcohol units’ section of the history. CAGE questionnaire was applied to only four patients and none of the patients had documented advice, education or referral to an alcohol liaison team. AUDIT-C tool had identified 30.4%, while CAGE 10.9%, of patients admitted to the NGH MAU as hazardous drinkers. The amount of alcohol the patient consumes positively correlated with the score of AUDIT-C (Pearson correlation 0.83). Re-audit is planned to be carried out after integrating AUDIT-C tool as labels in the notes and presenting a brief teaching session to junior doctors. Alcohol misuse screening is not adequately undertaken and no appropriate action is being offered to hazardous drinkers. CAGE questionnaire is poorly applied to patients and when satisfactory and adequately used has low sensitivity to detect hazardous drinkers in comparison with AUDIT-C tool. Re-audit of alcohol screening practice after introducing AUDIT-C tool in clerking sheets (as labels) is required to compare the findings and conclude the audit cycle.

Keywords: alcohol screening, AUDIT-C, CAGE, hazardous drinking

Procedia PDF Downloads 381

Authors: Wiji Wijaya

Abstract:

The aim of this research is to examine the effect of internal control weaknesses and audit opinion on the state’s loss findings of audit compliance to the regulation in public sector. The samples of this research consisted of 175 local government financial statements in the area of Central Java Province at 2009 until 2013. Area sampling design was used to select the financial statements. This study using quantitative descriptive statistical analysis and regression was run for data analysis and hypothesis examination. Result of this study indicated that internal control weaknesses and audit opinion contributes a positive influence which is significant to the state’s loss findings of audit compliance to the regulation. The internal control weaknesses that affect the state's loss finding are weakness control system of accounting and reporting with the value of the critical ratio 0.010 p 2.613 ; weakness budget execution control system with critical ratio value of 3.421 p 0.001 and weaknesses internal control structure with critical ratio value of 2.246 p 0.026 . While the audit opinion with a critical ratio value of 4.401 p 0.000. The implications of this research so that policy makers at the local government should give more attention to the implementation and improvement of internal control system.

Keywords: audit compliance findings, state’s loss, audit opinion, internal control, local government

Procedia PDF Downloads 352

Authors: Lan Luo

Abstract:

In China’s construction industry, it is a normal practice to separately subcontract the decoration engineering part from construction engineering, and Building Information Modeling (BIM) is also done separately. Application of BIM in decoration engineering should be integrated with other disciplines, but Chinese current practice makes this very difficult and complicated. Currently, there are three barriers in the auditing of BIM application in decoration engineering in China: heavy workload; scarcity of qualified professionals; and lack of literature concerning audit contents, standards, and methods. Therefore, it is significant to perform research on what (contents) should be evaluated, in which phase, and by whom (professional qualifications) in BIM application in decoration construction so that the application of BIM can be promoted in a better manner. Based on this consideration, four principles of BIM auditing are proposed: Comprehensiveness of information, accuracy of data, aesthetic attractiveness of appearance, and scheme optimization. In the model audit, three methods should be used: Collision, observation, and contrast. In addition, BIM auditing at six stages is discussed and a checklist for work items and results to be submitted is proposed. This checklist can be used for reference by decoration project participants.

Keywords: audit, evaluation, dimensions, methods, standards, BIM application in decoration engineering projects

Procedia PDF Downloads 314

Authors: Dyana Zainudin, Atta Ur-Rahman, Thaier Hamed

Abstract:

This paper explains about human nature concept as to understand the significance of information security in employees’ mentality including leaders in an organisation. By studying on a theory concept of the latest Von Solms fourth waves, information security governance basically refers to the concept of a set of methods, techniques and tools that responsible for protecting resources of a computer system to ensure service availability, confidentiality and integrity of information. However, today’s information security dilemma relates to the acceptance of employees mentality. The major causes are a lack of communication and commitment. These types of management in an organisation are labelled as immoral/amoral management which effects on information security compliance. A recovery action is taken based on ‘learn a lesson from incident events’ rather than prevention. Therefore, the paper critically analysed the Von Solms fourth waves’ theory with current human events and its correlation by studying secondary data and also from qualitative analysis among employees in public sectors. ‘Three-dimensions to failure’ of information security dilemma are explained as deny, don’t know and don’t care. These three-dimensions are the most common vulnerable behaviour owned by employees. Therefore, by avoiding the three-dimensions to failure may improve the vulnerable behaviour of employees which is often related to immoral/amoral management.

Keywords: information security management system, information security behaviour, information security governance, information security culture

Procedia PDF Downloads 181

Authors: Laleh Taheri, Noraini C. Pa, Rusli Abdullah, Salfarina Abdullah

Abstract:

Knowledge plays an important role to the success of any organization. Software development organizations are highly knowledge-intensive organizations especially in their Requirement Elicitation Process (REP). There are several problems regarding communicating and using the knowledge in REP such as misunderstanding, being out of scope, conflicting information and changes of requirements. All of these problems occurred in transmitting the requirements knowledge during REP. Several researches have been done in REP in order to solve the problem towards requirements. Knowledge Audit (KA) approaches were proposed in order to solve managing knowledge in human resources, financial, and manufacturing. There is lack of study applying the KA in requirements elicitation process. Therefore, this paper proposes a KA model for REP in supporting to acquire good requirements.

Keywords: knowledge audit, requirement elicitation process, KA model, knowledge in requirement elicitation

Procedia PDF Downloads 318

Authors: Michaela Vašková

Abstract:

With the increasing dependence of countries on the critical infrastructure, it increases their vulnerability. Big threat is primarily in the human factor (personnel of the critical infrastructure) and in terrorist attacks. It emphasizes the development of methodology for searching of weak points and their subsequent elimination. This article discusses methods for the analysis of safety in the objects of critical infrastructure. It also contains proposal for methodology for training employees of security services in the objects of the critical infrastructure and developing scenarios of attacks on selected objects of the critical infrastructure.

Keywords: critical infrastructure, object of critical infrastructure, protection, safety, security, security audit

Procedia PDF Downloads 315

Authors: Khadidja Mebarki, Naceur Boussouar, Nabila Ihaddadene, M. Akermi

Abstract:

Food products are particularly sensitive, since they concern the health of the consumer, whether it’s be from the health point of view or commercial, this kind of product must be subjected to rigorous controls, in order to prevent any fraud. Quality and safety are essential for food security, public health and economic development. The strengthening of food security is essential to increase food security which is considered reached when all individuals can at any time access safe and nutritious food they need to lead healthy and active lives. The objective of this project is to initiate a quality approach in the laboratories of the quality control and the repression of fraud. It will be directed towards the application of good laboratory practices, traceability, management of quality documents (quality, procedures and specification manual) and quality audits. And to prepare the ground for a possible accreditation by ISO 17025 standard of BECHAR laboratory’s. The project will take place in four main stages: 1- Preparation of an audit grid; 2- Realization of a quality audit according to the method of 5 M completed by a section on quality documentation; 3- Drafting of an audit report and proposal for recommendations; 4- Implementation of corrective actions on the ground. This last step consisted in the formalization of the cleaning disinfection plan; work on good hygiene practices, establishment of a mapping of processes and flow charts of the different processes of the laboratory, classifying quality documents and formalizing the process of document management. During the period of the study within the laboratory, all facets of the work were almost appreciated, as we participated in the expertise performed in within it.

Keywords: quality, management, ISO 17025 accreditation, GLP

Procedia PDF Downloads 487

Authors: Douglas F. Prawitt, Nathan Y. Sharp, David A. Wood

Abstract:

Consistent with prior experimental and survey studies, we find that IAFs that spend more time directly assisting the external auditor is associated with lower external audit fees. Interestingly, we do not find evidence that external auditors reduce fees based on work previously performed by the IAF. We also find that the time spent assisting the external auditor has a greater negative effect on external audit fees than the time spent performing tasks upon which the auditor may rely but that are not performed as direct assistance to the external audit. Our results also show that previous proxies used to measure this relation is either not associated with or are negatively associated with our direct measures of how the IAF can contribute to the external audit and are highly positively associated with the size and the complexity of the organization. Thus, we conclude the disparate experimental and archival results may be attributable to issues surrounding the construct validity of measures used in previous archival studies and that when measures similar to those used in experimental studies are employed in archival tests, the archival results are consistent with experimental findings. Our research makes four primary contributions to the literature. First, we provide evidence that internal auditing contributes to a reduction in external audit fees. Second, we replicate and provide an explanation for why previous archival studies find that internal auditing has either no association with external audit fees or is associated with an increase in those fees: prior studies generally use proxies of internal audit contribution that do not adequately capture the intended construct. Third, our research expands on survey-based research (e.g., Oil Libya sh.co.) by separately examining the impact on the audit fee of the internal auditors’ work, indirectly assisting external auditors and internal auditors’ prior work upon which external auditors can rely. Finally, we extend prior research by using a new, independent data source to validate and extend prior studies. This data set also allows for a sample of examining the impact of internal auditing on the external audit fee and the use of a more comprehensive external audit fee model that better controls for determinants of the external audit fee.

Keywords: internal audit, contribution, external audit, function

Procedia PDF Downloads 95

Authors: Mohamed Fadzlee Sulaiman, Zainurrasyid Abdullah, Mohd Zabri Adil Talib, Aswami Fadillah Mohd Ariffin

Abstract:

In common digital forensics cases, investigation may rely on the analysis conducted on specific and relevant exhibits involved. Usually the investigation officer may define and advise digital forensic analyst about the goals and objectives to be achieved in reconstructing the trail of evidence while maintaining the specific scope of investigation. With the technology growth, people are starting to realize the importance of cyber security to their organization and this new perspective creates awareness that digital forensics auditing must come in place in order to measure possible threat or attack to their cyber-infrastructure. Instead of performing investigation on incident basis, auditing may broaden the scope of investigation to the level of anomaly detection in daily operation of organization’s cyber space. While handling a huge amount of data such as log files, performing digital forensics audit for large organization proven to be onerous task for the analyst either to analyze the huge files or to translate the findings in a way where the stakeholder can clearly understand. Data visualization can be emphasized in conducting digital forensic audit and investigation to resolve both needs. This study will identify the important factors that should be considered to perform data visualization techniques in order to detect anomaly that meet the digital forensic audit and investigation objectives.

Keywords: digital forensic, data visualization, anomaly detection , log analysis, forensic audit, visualization techniques

Procedia PDF Downloads 259

Authors: L. Sierra, N. Gambetta, M. A. Garcia-Benau, M. Orta

Abstract:

Financial scandals and financial crisis have led to an international debate on the value of auditing. In recent years there have been significant legislative reforms aiming to increase markets’ confidence in audit services. In particular, there has been a significant debate on the need to improve the communication of auditors with audit reports users as a way to improve its informative value and thus, to improve audit quality. The International Auditing and Assurance Standards Board (IAASB) has proposed changes to the audit report standards. The International Standard on Auditing 701, Communicating Key Audit Matters (KAM) in the Independent Auditor's Report, has introduced new concepts that go beyond the auditor's opinion and requires to disclose the risks that, from the auditor's point of view, are more significant in the audited company information. Focusing on the companies included in the Financial Times Stock Exchange 100 index, this study aims to focus on the analysis of the determinants of the number of KAM disclosed by the auditor in the audit report and moreover, the analysis of the determinants of the different type of KAM reported during the period 2013-2015. To test the hypotheses in the empirical research, two different models have been used. The first one is a linear regression model to identify the client’s characteristics, industry sector and auditor’s characteristics that are related to the number of KAM disclosed in the audit report. Secondly, a logistic regression model is used to identify the determinants of the number of each KAM type disclosed in the audit report; in line with the risk-based approach to auditing financial statements, we categorized the KAM in 2 groups: Entity-level KAM and Accounting-level KAM. Regarding the auditor’s characteristics impact on the KAM disclosure, the results show that PwC tends to report a larger number of KAM while KPMG tends to report less KAM in the audit report. Further, PwC reports a larger number of entity-level risk KAM while KPMG reports less account-level risk KAM. The results also show that companies paying higher fees tend to have more entity-level risk KAM and less account-level risk KAM. The materiality level is positively related to the number of account-level risk KAM. Additionally, these study results show that the relationship between client’s characteristics and number of KAM is more evident in account-level risk KAM than in entity-level risk KAM. A highly leveraged company carries a great deal of risk, but due to this, they are usually subject to strong capital providers monitoring resulting in less account-level risk KAM. The results reveal that the number of account-level risk KAM is strongly related to the industry sector in which the company operates assets. This study helps to understand the UK audit market, provides information to auditors and finally, it opens new research avenues in the academia.

Keywords: FTSE 100, IAS 701, key audit matters, auditor’s characteristics, client’s characteristics

Procedia PDF Downloads 206