To see the other types of publications on this topic, follow the link: Computer Auditing.
Dissertations / Theses on the topic 'Computer Auditing'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Computer Auditing.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Ching, Siu-ming Vincent. "Computer auditing in Hong Kong /." [Hong Kong : University of Hong Kong], 1986. http://sunzi.lib.hku.hk/hkuto/record.jsp?B12325764.
Full text
2
Ching, Siu-ming Vincent, and 程少明. "Computer auditing in Hong Kong." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 1986. http://hub.hku.hk/bib/B31263550.
Full text
3
Sridhar, Mayuri. "Optimizations for election tabulation auditing." Thesis, Massachusetts Institute of Technology, 2019. https://hdl.handle.net/1721.1/121684.
Full textAbstract:
This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2019
Cataloged from student-submitted PDF version of thesis.
Includes bibliographical references (pages 129-131).
In this thesis, we explore different techniques to improve the field of election tabulation audits. In particular, we start by discussing the open problems in statistical election tabulation audits and categorizing these problems into three main sections - audit correctness, flexibility, and efficiency. In our first project, we argue that Bayesian audits provide a more flexible framework for a variety of elections than RLAs. Thus, we initially focus on analyzing their statistical soundness. Furthermore, we design and implement optimization techniques for Bayesian audits which show an increase in efficiency on synthetic election data. Then, motivated by empirical feedback from audit teams, we focus on workload estimation for RLAs. That is, we note that audit teams often want to finish the audit in a single round even if it requires sampling a few additional ballots. Hence, for the second project, we design software tools which can make initial sample size recommendations with this in mind. For our largest project, we focus on approximate sampling. That is, we argue that approximate sampling would provide an increase in efficiency for RLAs and suggest a particular sampling scheme, k-cut. We explore the usability of k-cut by providing and analyzing empirical data on single cuts. We argue that for large k, the model will converge to the uniform distribution exponentially quickly. We discuss simple mitigation procedures to make any statistical procedure work with approximate sampling and provide guidance on how to choose k. We also discuss usage of k-cut in practice, from pilot audit experiences in Indiana and Michigan, which showed that k-cut led to a significant real-life increase in efficiency.
Supported by Center for Science of Information (CSoI), an NSF Science and Technology Centergrant agreement CCF-0939370
by Mayuri Sridhar.
M. Eng.
M.Eng. Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science
4
Leung, Chung-pak. "Concurrent auditing on computerized accounting systems /." Hong Kong : University of Hong Kong, 1998. http://sunzi.lib.hku.hk/hkuto/record.jsp?B19872501.
Full text
5
Nagle, Liam. "Development of a Computer Based Energy Management System." Thesis, Cranfield University, 1998. http://dspace.lib.cranfield.ac.uk/handle/1826/4662.
Full textAbstract:
A prototype computer based expert system has been developed to aid energy managers
by speeding the energy auditing process and rapidly identifying potential low cost and
fast pay-back energy saving investments for a wide range of businesses.
It consists of a generally applicable energy management system based on sound, tried
theory and practical experience gained from a number of energy management surveys.
These surveys were used to identify key data requirements for the identification of
common areas of wastage. The system uses sparse data analysis and the building
energy signature model. It produces an entire energy audit and list of economic
recommendations for a site based upon minimal input data. This is accomplished by
reference to a number of internal databases containing the technical information
required, as well as the entire set of algorithms and mathematical routines required for
the analyses.
The prototype was tested with a synthetic data set derived from the site surveys and
with real data from a large tertiary college and it was found to give credible results in
line with those produced by extensive and in-depth manual data-gathering and analysis.
6
Cohen, Sharon B. "Auditing technology for electronic voting machines." Thesis, Massachusetts Institute of Technology, 2005. http://hdl.handle.net/1721.1/33119.
Full textAbstract:
Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.Includes bibliographical references (leaf 63).
Direct Recording Electronic (DRE) voting machine security has been a significant topic of contention ever since Diebold voting machine code turned up on a public Internet site in 2003 and computer scientists at Johns Hopkins University declared the machine "unsuitable for use in a general election." Since then, many people from computer scientists to politicians have begun to insist that DREs be equipped with a paper trail. A paper trail provides a paper printout for the voter to approve at the end of each voting session. Although there have been strong political efforts to place paper trails on DRE machines, there have not been any scientific studies to indicate that paper trails are effective audits. This work describes a user study done to compare paper trails to audio audits, a new proposal for DRE auditing. Participants in the study completed four elections on a voting machine with a paper trail and four elections on a machine with an audio trail. There were purposeful mistakes inserted into the audits on some of the machines. Results from the study indicated that participants were able to find almost 10 times as many errors in the audio audit then they were able to find in the paper trail. Voters' attitudes towards the paper audit were extremely apathetic, and voters did not spend much time reviewing their paper record. When asked which type of audit voters would prefer for their own county elections, almost all voters preferred the VVPAT. These results indicate that newer alternative audit technology holds great promise in delivering a safe and accurate audit and further that paper trails have some significant design obstacles that need to be overcome before they will be effective audits.
by Sharon B. Cohen.
M.Eng.and S.B.
7
梁松柏 and Chung-pak Leung. "Concurrent auditing on computerized accounting systems." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 1998. http://hub.hku.hk/bib/B31269011.
Full text
8
Brazel, Joseph F. Agoglia Chris. "The effects of computer assurance specialist competence and auditor accounting information system expertise on auditor planning judgments /." Philadelphia, Pa. : Drexel University, 2004. http://dspace.library.drexel.edu/handle/1860/293.
Full text
9
Aldeco, Perez Rocio. "Secure provenance-based auditing of personal data use." Thesis, University of Southampton, 2012. https://eprints.soton.ac.uk/340065/.
Full textAbstract:
In recent years, an increasing number of personalised services that require users to disclose personal information have appeared on the Web (e.g. social networks, governmental sites, on-line selling sites). By disclosing their personal information, users are given access to a wide range of new functionality and benefits. However, there exists a risk that their personal information is misused. To strike a balance between the advantages of personal information disclosure and protection of information, governments have created legal frameworks, such as the Data Protection Act, Health Insurance Portability & Accountability Act (HIPAA) or Safe Harbor, which place restrictions on how organisations can process personal information. By auditing the way in which organisations used personal data, it is possible to determine whether they process personal information in accordance with the appropriate frameworks. The traditional way of auditing collects evidence in a manual way. This evidence is later analysed to assess the degree of compliance to a predefined legal framework. These manual assessments are long, since large amounts of data need to be analysed, and they are unreliable, since there is no guarantee that all data is correctly analysed. As several cases of data leaks and exposures of private data have proven, traditional audits are also prone to intentional and unintentional errors derived from human intervention. Therefore, this thesis proposes a provenance-based approach to auditing the use of personal information by securely gathering and analysing electronic evidence related to the processing of personal information. This approach makes three contributions to the state of art. The first contribution is the Provenance-based Auditing Architecture that defies a set of communication protocols to make existing systems provenance-aware. These protocols specify which provenance information should be gathered to verify the compliance with the Data Protection Act. Moreover, we derive a set of Auditing Requirements by analysing a Data Protection Act case study and demonstrate that provenance can be used as electronic evidence of past processing. The second contribution is the Compliance Framework, which is a provenance-based auditing framework for automatically auditing the compliance with the Data Protection Act's principles. This framework consist of a provenance graph representation (Processing View), a novel graph-based rule representation expressing processing rules (Usage Rules Definition) and a novel set of algorithms that automatically verify whether information was processed according to the Auditing Requirements by comparing the Processing View against the Usage Rules Definition. The third contribution is the Secure Provenance-based Auditing Architecture that ensures any malicious alteration on provenance during the entire provenance life cycle of recording, storage, querying and analysis can be detected. This architecture, which relies on cryptographic techniques, guarantees the correctness of the audit results
10
Pinthuprapa, Chatchai. "The development and adaptation of the computer aided environment to facilitate industrial energy audits." Diss., Columbia, Mo. : University of Missouri-Columbia, 2007. http://hdl.handle.net/10355/5093.
Full textAbstract:
Thesis (M.S.)--University of Missouri-Columbia, 2007.The entire dissertation/thesis text is included in the research.pdf file; the official abstract appears in the short.pdf file (which also appears in the research.pdf); a non-technical general description, or public abstract, appears in the public.pdf file. Title from title screen of research.pdf file (viewed on April 7, 2008) Includes bibliographical references.
11
Narasimhan, Ramesh. "Preliminary control risk assessments by computer audit specialists and non-specialists." Diss., Virginia Polytechnic Institute and State University, 1987. http://hdl.handle.net/10919/49868.
Full textAbstract:
Auditors are encountering more and more computerized accounting applications as the pervasiveness of computing technology increases in business. Auditors, therefore, need to adapt their audit approaches in the face of the changes caused by the new technology.
The AICPA has addressed the issue by requiring auditors to consider the nature of the data processing system ln their client environments when planning the audits. Specialists, if necessary, are recommended to be brought in as part of the audit team in audits involving computerized accounting applications. The implicit assumption behind this is that the specialists would make “better” judgments in auditing computerized systems than non-specialists. A need was seen to compare the judgments of specialists and non-specialists in evaluating controls in a simple computerized environment.
The results indicate that while both specialists and non-specialists have a high degree of consensus, a significant difference existed between the two groups of auditors. Both groups of auditors exhibited high reliability and self-insights. Experienced non-specialists had lower consensus than specialists while inexperienced non-specialists had lower reliability than specialists. Firm affiliation effects were noted for the non-specialists in their consensus scores. Unlike previous studies, segregation of duties cue did not account for a majority of the variance In judgments. This cue was considered important only by the experienced non-specialists. A need was seen for further research into how the difference ln consensus affects subsequent audit program planning.Ph. D.
incomplete_metadata
12
Ottosson, Patrik, and Andreas Danielsson. "Auditing med digital signatur för Javabaserad plattform : design och implementation." Thesis, Linköpings universitet, Programvara och system, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-107389.
Full textAbstract:
Omfattningen av vad som loggas i ett system idag är varierande, de flesta har någon form av loggning av oönskade händelser. Vi inriktar oss på olika metoder för att applicera auditing så det går att spåra hela händelseförlopp. Vi undersöker vilka vitala delar en auditlogg ska innehålla, utifrån SANS policy för auditing. Vi designar och implementerar ett ramverk för auditing och väljer ut en säker digitalsigneringsmetod för loggad data. Slutligen verifierar vi implementation och signeringsmetod.The extent of what is logged in systems today is varying, most of them have some form of logging of undesired events. We focus on various methods for applying auditing to be able to track an entire sequence of events. We examine vital information an audit log should contain, based SANS policy for auditing. We design and implement a framework for auditing and selects a secure digital signing method for logged data. Finally we verify the implementation and signing method.
13
Botha, David Petrus. "Bridging the Information Technology (IT) gap in South Africa through a step by step approach to IT governance." Thesis, Stellenbosch : Stellenbosch University, 2014. http://hdl.handle.net/10019.1/86464.
Full textAbstract:
Thesis (Mcomm)--Stellenbosch University, 2014.ENGLISH ABSTRACT: The focus of this research was to compile a practical, step by step approach that can be followed by those persons charged with the governance of enterprises in South Africa to successfully bridge the information technology gap. The King Code of Corporate Governance for South Africa and the King Report on Corporate Governance for South Africa (together KINGIII) was identified as a starting point for the compilation of the approach. KINGIII is the corporate governance standard in South Africa and in the introduction to KINGIII it is recommended that the principles contained in the Code should be implemented by all entities. KINGIII is the third report on governance issued by the King Committee and introduced governance principles for Information Technology (IT). The Code contains seven IT governance principles and 24 recommended practices. The application of the IT governance principles of KINGIII, as well as the related recommended practices, is a complicated endeavour. This is partly because IT in itself is complex and also partly because the governance of IT is a relatively new area of corporate governance. Through a detailed study of the seven IT governance principles of KINGIII, as well as the related recommended practices and narrative discussions, it was identified that in order to successfully implement IT governance, a company has to establish and implement an IT governance framework which includes relevant structures, processes and mechanisms to enable IT to deliver value to the business. It was also identified that the IT governance framework has to facilitate and enhance the company’s ability to reach its stated objectives by ensuring that the most appropriate decisions are made in respect of the incorporation of IT into the operations of the business. Lastly, it was identified that a company must acquire and use appropriate technology and people to support its business.To address the requirement for the establishment and implementation of relevant structures, processes and mechanisms, a framework of 33 IT governance practices was identified, mapped to the IT governance principles of KINGIII and an analysis performed. Through this analysis the IT governance practices that can be utilised to implement the IT governance principles of KINGIII were identified and discussed. To address the requirement of ensuring that the framework facilitates that the most appropriate decisions are made in respect of the incorporation of IT into the operations of the business, five key decisions that have to be made in respect of IT was identified and discussed. The five decisions were mapped to (1) the KINGIII principles to demonstrate which of the IT governance principles are addressed by each of the decisions and (2) the IT governance structures identified in the framework above to demonstrate which of the IT governance structures can be used to provide input into taking the relevant decision and which can be used to take the decision. Finally, to address the requirement that a company must acquire and use appropriate people and technology to support its business, a framework of organizational competencies required in small and medium-sized enterprises (SME’s) was identified and mapped to (1) the KING III principles to demonstrate which of the IT governance principles could be addressed by each of the relevant competencies and (2) to the five key IT decisions identified above to demonstrate which of the competencies can be utilised to make each of the five key decisions. Based on the findings of the research conducted as set out above, the practical, step by step approach was compiled.
AFRIKAANSE OPSOMMING: Die fokus van hierdie navorsing was die samestelling van ‘n praktiese, stapsgewyse benadering wat gebruik kan word deur daardie persone wat verantwoordelik is vir die korporatiewe beheer van ondernemings in Suid Afrika om suksesvol die inligtings tegnologie (IT) gaping te oorbrug. Die King Code of Corporate Governance for South Africa en die King Report on Corporate Governance for South Africa (gesamentlik KINGIII), was geidentifiseer as ‘n beginpunt vir die samestelling van die benadering. KINGIII is die korporatiewe beheer standaard in Suid Afrika en in die inleiding tot KINGIII word alle ondernemings aanbeveel om die korporatiewe beheer beginsels en gepaardgaande aanbeveelde praktyke te implementeer. KINGIII is die derde verslag oor korporatiewe beheer wat deur die King Komitee uitgereik is en het korporatiewe beheer beginsels met betrekking tot IT bekend gestel. KINGIII bevat sewe koporatiewe beheer beginsels wat met IT verband hou, asook 24 aanbeveelde korporatiewe beheer praktyke. Die toepassing van die IT korporatiewe beheer beginsels van KINGIII, asook die aanbeveelde praktyke, is ‘n ingewikkelde onderneming. Dit is gedeeltelik omdat IT self kompleks is, maar ook omdat die korporatiewe beheer van IT ‘n relatiewe nuwe area van korporatiewe beheer is. Deur middel van ‘n in diepte studie van die sewe korporatiewe beheer beginsels van KINGIII, insluitend die aanbeveelde korporatiewe beheer praktyke en besprekings, is daar geïndetifiseer dat ‘n IT korporatiewe beheer raamwerk saamgestel en geimplementeer moet word as deel van die implementering van korporatiewe beheer oor IT. Hierdie IT korporatiewe beheer raamwerk moet relevante strukture, prosesse en meganismes bevat wat IT daartoe instaat sal stel om waarde toe te voeg tot die onderneming. Dit is ook geïdentifiseer dat die IT korporatiewe beheer raamwerk die onderneming se vermoeë om sy doelstellings te bereik moet verbeter deur te verseker dat die mees gepaste besluite geneem word met betrekking tot die integrasie van IT in die bedrywighede van die onderneming. Laastens is daar geïdentifiseer dat ‘n maatskappy toepaslike tegnologie en mense moet bekom en aanwend om die bedrywighede van die onderneming te ondersteun. Om die vereiste vir die samestelling en implementering van relevante strukture, prosesse en meganismes aan te spreek, is ‘n raamwerk van 33 IT korporatiewe beheer praktyke geïdentifiseer, kruisverwys na die IT korporatiewe beheer beginsels van KINGIII en verder ontleed. Deur hierdie ontleding is die IT koporatiewe beheer praktyke wat aangewend kan word om die IT korporatiewe beheer beginsels te implementeer geïdentifiseer en bespreek. Om die vereiste aan te spreek dat die raamwerk fasiliteer dat die mees gepaste besluite geneem word met betrekking tot die integrasie van IT in die bedrywighede van die onderneming, is vyf sleutel besluite wat in verband met IT geneem moet word geïdentifiseer en bespreek. Die vyf besluite is (1) kruisverwys na die IT korporatiewe beheer beginsels van KINGIII om te demonstreer watter IT korporatiewe beheer beginsels deur elke besluit aangespreek word en (2) na die IT korporatiewe beheer strukture wat in die bogenoemde raamwerk geidentifiseer is om aan te dui watter IT korporatiewe beheer strukture gebruik kan word om insette te verskaf vir die neem van die vyf sleutel besluite en watter strukture gebruik kan word om die besluite te neem. Laastens, om die vereiste aan te spreek dat ‘n maatskappy toepaslike tegnologie en mense moet bekom en aanwend om sy bedrywighede te ondersteun, is ‘n raamwerk van organisatoriese bevoegdhede wat benodig word in klein tot medium-groote ondernemings (SME’s) geïdentifiseer en kruisverwys na (1) die KINGIII korporatiewe beheer beginsels om aan te dui watter IT korporatiewe beheer beginsels deur die relevante bevoegdhede aangespreek word en (2) na die vyf sleutel besluite wat hierbo geïdentifiseer is om aan te dui watter van die bevoegdhede aangewend kan word om elkeen van die vyf sleutel besluite te neem. Die stapsgewyse benadering tot die korporatiewe beheer van IT is gevolglik saamgestel met verwysing na die bevindinge van die navorsing wat uitgevoer is soos hierbo uiteengesit.
14
Engström, Ericsson Matilda. "Security Auditing and Testing of two Android Client-Server Applications." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-172129.
Full textAbstract:
How secure is your application? How can you evaluate if it is secure? The threats are many and may be hard to find. In a world where things are more and more automated; how does manual labour contribute to security auditing applications? This study aims to assess two proof of concept Android client-server applications, developed by students to suit the needs of a fictitious Police Department and Fire Department, respectively. The approach is unconventional yet supported by well-established theory. The gist of a vulnerability assessment methodology initially developed to assess the security of middleware is followed and applied to the entire architecture of these client-server applications. How the manual labour contributed to the end results, in comparison to the use of automated tools and a list of known threats, is then evaluated. It is concluded that the applications encompass multiple of the Open Web Application Security Project (OWASP) Top 10 Mobile Risks and that automated tools find most of those vulnerabilities. However, relying on automation may lead to a false sense of security, which in effect may cause developers to lose understanding of why vulnerabilities occur and how they should be mitigated. Understanding how the design and architecture of the application influence its security is key. As of Android 9.0+, default is that applications use SSL encrypted communication. Only 40% of Android users are in 2020 affected by this change according to Android studio developer information, leaving a majority of users unaware of if or how their data is being protected, also observed in analysis results from this thesis work. One should consider if or how to inform users of how their data is being handled, not only in newer Android versions or regarding SSL communication. This work also shows that developers' decisions may be greatly affected by time pressed situations, which is reflected upon in the last chapter. Another important finding was that the third-party software Sinch, which enabled the use of voice and video communication in one of the applications, sent IP addresses and usernames of the users in clear text during the binding request, when the Session Traversal Utilities for NAT (STUN) protocol was used.
15
Butler, Rika, and W. Boshoff. "B2B and the supplier : preventing repudiation of orders in an open account system." Thesis, Stellenbosch : University of Stellenbosch, 2003. http://hdl.handle.net/10019.1/15525.
Full text
16
Terblanche, Judith. "An information technology governance framework for the public sector." Thesis, Stellenbosch : Stellenbosch University, 2011. http://hdl.handle.net/10019.1/18007.
Full textAbstract:
Thesis (MComm)--Stellenbosch University, 2011.ENGLISH ABSTRACT: Information technology (IT) has an impact on the accomplishments of the entity (Kaselowski, 2008:83). Traditionally, public sector entities struggle to gain any value from the IT environment and regularly overspend on IT projects. In South Africa the Third King Report on Corporate Governance (King III) introduced ‘The governance of IT’ (IODSA, 2009) applicable to both private and public sector entities. Although generic IT frameworks such as ITIL and COBIT exist and are used by private and public entities to govern the IT environment, public sector entities require a specific IT governance framework suited to the unique characteristics and business processes of the public sector entity. Taking into account the unique nature of the public sector entity, the purpose of this study was to assist public sector entities in their IT governance efforts through the development of a framework to be used to govern IT effectively, since sufficient guidance for the public sector does not exist. Leopoldi (2005) specifically pointed out that a top-bottom framework could be limiting for entities operating in a diverse field and having complicated organisational structures, both characteristics integral to the public sector environment. Since a topbottom and a bottom-top approach fulfil different purposes, both are needed for IT governance in the public sector entity. By combining the two approaches and focusing on the unique environment of the public sector entity, a governance framework can be established. This will ensure that insight has been gained into the IT environment and the business processes and that true alignment between the business and the IT environment for the public sector entity has been achieved. This framework developed will assist the public sector entity in governing the IT environment unique to this industry and will equip public sector management with a framework to govern IT more effectively, while under pressure of public scrutiny.
AFRIKAANSE OPSOMMING: Informasietegnologie (IT) het 'n impak op die prestasies van 'n entiteit (Kaselowski, 2008:83). Openbare sektor entiteite sukkel tradisioneel om enige voordeel uit die IT-omgewing te behaal en oorspandeer gereeld op IT-projekte. Die Derde King Verslag oor Korporatiewe Beheer (King III) het beheerbeginsels vir IT omskryf wat vir beide die private en openbare sektor entiteite in die Suid-Afrikaanse konteks toepaslik is (IODSA, 2009). Alhoewel generiese IT raamwerke, soos ITIL en COBIT, deur beide private en openbare sektor entiteite gebruik word om die IT-omgewing te beheer, benodig openbare sektor entiteite 'n toepaslike IT-beheerraamwerk wat die unieke eienskappe en besigheidsprosesse van die openbare sektor entiteit ondersteun. Die fokus van hierdie navorsing was gerig op die identifisering van ’n IT-beheerraamwerk vir die openbare sektor, om openbare sektor entiteite te ondersteun in die beheer van IT. Aangesien die aard van ’n openbare sektor entiteit verskil van dié van ’n private sektor entiteit, moet die beheer wat toegepas word ook verskillend van aard wees en geen toepaslike riglyne vir die openbare sektor is tans beskikbaar nie. Entiteite wat in 'n diverse omgewing bedryf word en aan 'n komplekse organisatoriese struktuur blootgestel is, mag moontlik deur gebruik te maak van 'n top-bodem beheerraamwerk beperk word (Leopoldi, 2005). Beide hierdie eienskappe is integraal tot openbare sektor entiteite. 'n Top-bodem en bodem-top beheerraamwerk vervul verskillende funksies en in die openbare sektor is beide aanslae noodsaaklik vir die beheer van IT. Deur gebruik te maak van ’n gekombineerde aanslag en op die unieke eienskappe verwant aan die openbare sektor entiteite te fokus, kan effektiewe beheerraamwerk ontwikkel word. Dit sal verseker dat insig in die IT-omgewing en die besigheidsprosesse verkry is en dat belyning tussen die besigheid en die IT-omgewing vir die openbare sektor bereik is. Die beheerraamwerk wat ontwikkel is sal die openbare sektor entiteit ondersteun om die IT omgewing, uniek aan die sektor, doeltreffend te beheer. Die openbare sektor is blootgestel aan skrutinering en bestuur sal nou toegerus wees met 'n beheerraamwerk om die IT omgewing meer effektief te bestuur.
17
Kruger, Wandi. "Addressing application software package project failure : bridging the information technology gap by aligning business processes and package functionality." Thesis, Stellenbosch : Stellenbosch University, 2011. http://hdl.handle.net/10019.1/17868.
Full textAbstract:
Thesis (MComm)--Stellenbosch University, 2011.ENGLISH ABSTRACT: An application software package implementation is a complex endeavour, and as such it requires the proper understanding, evaluation and redefining of the current business processes to ensure that the project delivers on the objectives set at the start of the project. Numerous factors exist that may contribute to the unsuccessful implementation of application software package projects. However, the most significant contributor to the failure of an application software package project lies in the misalignment of the organisation’s business processes with the functionality of the application software package. Misalignment is attributed to a gap that exists between the business processes of an organisation and what functionality the application software package has to offer to translate the business processes of an organisation into digital form when implementing and configuring an application software package. This gap is commonly referred to as the information technology (IT) gap. The purpose of this assignment is to examine and discuss to what degree a supporting framework such as the Projects IN Controlled Environment (PRINCE2) methodology assists in the alignment of the organisation’s business processes with the functionality of the end product; as so many projects still fail even though the supporting framework is available to assist organisations with the implementation of the application software package. This assignment proposes to define and discuss the IT gap. Furthermore this assignment will identify shortcomings and weaknesses in the PRINCE2 methodology which may contribute to misalignment between the business processes of the organisation and the functionality of the application software package. Shortcomings and weaknesses in the PRINCE2 methodology were identified by: • Preparing a matrix table summarising the reasons for application software package failures by conducting a literature study; Mapping the reasons from the literature study to those listed as reasons for project failure by the Office of Government Commerce (the publishers of the PRINCE2 methodology); • Mapping all above reasons to the PRINCE2 methodology to determine whether the reasons identified are adequately addressed in the PRINCE2 methodology. This assignment concludes by proposing recommendations for aligning the business processes with the functionality of the application software package (addressing the IT gap) as well as recommendations for addressing weaknesses identified in the PRINCE2 methodology. By adopting these recommendations in conjunction with the PRINCE2 methodology the proper alignment between business processes and the functionality of the application software package may be achieved. The end result will be more successful application software package project implementations.
AFRIKAANSE OPSOMMING: Toepassingsprogrammatuurpakket implementering is komplekse strewe en vereis daarom genoegsame kennis, evaluasie en herdefiniëring van die huidige besigheidsprosesse om te verseker dat die projek resultate lewer volgens die doelwitte wat aan die begin van die projek neergelê is. Daar bestaan talryke faktore wat kan bydrae tot die onsuksesvolle implementering van toepassingsprogrammatuurpakket projekte. Die grootste bydrae tot die mislukking van toepassingsprogrammatuurpakket lê egter by die wanbelyning van die organisasie se besigheidsprosesse met die funksionaliteit van die toepassingsprogrammatuurpakket. Wanbelyning spruit uit gaping tussen die besigheidsprosesse van `n organisasie en die funksionaliteit wat die toepassingsprogrammatuur kan aanbied om die besigheidsprosesse van 'n organisasie om te skakel in digitale formaat wanneer `n toepassingsprogrammatuurpakket geimplementeer en gekonfigureer word. Daar word gewoonlik na hierdie gaping verwys as die informasie tegnologie (IT) gaping. Die doel van hierdie opdrag is om te evalueer en bespreek in watter mate ondersteunende raamwerk soos die PRojects IN Controlled Environment (PRINCE2) metodologie kan help om die organisasie se besigheidsprosesse in lyn te bring met die funksionaliteit van die eindproduk; aangesien so baie projekte steeds misluk ten spyte van die ondersteunende raamwerke wat beskikbaar is om organisasies by te staan met die implementering. Die opdrag beoog om die IT gaping te definieer en te bepreek. Verder sal hierdie opdrag die swakhede in die PRINCE2 metodologie, wat moontlik die volbringing van behoorlike belyning tussen die besigheidsprosesse en die funksionaliteit van die toepassingsprogrammatuurpakket belemmer, identifiseer. Swakhede en tekortkominge in die PRINCE2 metodologie is as volg geïdentifiseer: • Voorbereiding van matriks-tabel wat die redes vir toepassingsprogrammatuurpakket mislukking deur middel van die uitvoering van literatuurstudie opsom • Koppeling van die redes bekom deur middel van die literatuurstudie met die redes vir projek mislukking geidentifiseer deur die Office of Government Commerce (uitgewers van die PRINCE2 metodologie) • Koppeling van al die bogenoemde redes na die PRINCE2 metodologie om vas te stel of die redes wat geïdentifiseer is voldoende deur die PRINCE2 metodologie aangespreek word. Die opdrag sluit af met aanbevelings om die besigheidsprosesse in lyn te bring met die funksionaliteit van die toepassingsprogrammatuurpakket en aanbevelings vir swakhede wat in die PRINCE2 metodologie geïdentifiseer is aan te spreek. Behoorlike belyning tussen besigheidsprosesse en die funksionaliteit van toepassingsprogrammatuurpakket kan behaal word indien hierdie aanbevelings aangeneem word en tesame met die PRINCE2 metodologie gebruik word. Die eindresultaat is meer suksesvolle implementering van toepassingsprogrammatuurpakket projekte.
18
Goosen, Riana. "The development of an integrated framework in order to implement information technology governance principles at a strategic and operational level for medium-to-large sized South African business." Thesis, Stellenbosch : Stellenbosch University, 2012. http://hdl.handle.net/10019.1/20279.
Full textAbstract:
Thesis (MComm)--Stellenbosch University, 2012.ENGLISH ABSTRACT: In today's technologically advanced business environments, Information Technology (IT) has become the centre of most, if not all businesses' strategic and operational activities. It is for this reason that the King III report has dedicated a chapter to IT governance principles, in effect making the board of directors and senior management responsible for implementing such principles. King III's guidance on these principles is only described in broad terms and lack sufficient detail as how to implement these principles. Though various guidelines, in the form of IT control frameworks, -models and -standards exist, it remains highly theoretical in nature and companies tend to view these control frameworks, -models and -standards on an individual basis, implementing them in an ad hoc manner, resulting in the implementation of an inefficient IT governance system, that does not address the key strategic areas and risks in a business. The purpose of this study is to develop an IT best practices integrated framework which can assist management in implementing an effective IT governance system at both a strategic and operational level. The integrated framework was developed by performing a detailed literature review of a best practice control framework, -model and -standard, including its underlying processes. By combining and aligning the relevant processes of the control framework, -model and -standard to the business' imperatives, a framework was developed to implement IT governance principles at a strategic level. The integrated framework is extended to provide guidance on how to implement good IT controls at an operational level. The control techniques, of the applicable processes identified at a strategic level, are implemented as well as the controls around a company's various access paths, which are affected by a company's business imperatives. These access paths are controlled through the implementation of applicable configuration controls. By making use of the integrated framework which was developed, an effective and efficient IT governance system can be implemented, addressing all applicable IT risks relevant to the key focus areas of a business.
AFRIKAANSE OPSOMMING: In vandag se tegnologies gevorderde besigheids omgewings het Informasie Tegnologie (IT) die middelpunt geraak van die meeste, indien nie elke onderneming se strategiese en operasionele aktiwiteite nie. Dit is vir hierdie rede dat die King III verslag 'n hoofstuk aan die beginsels van IT korporatiewe beheer wy. Dié verslag hou die direkteure en bestuur verantwoordelik vir die implementering van hierdie beginsels. Die King III verslag verskaf egter slegs in breë trekke leiding in verband met die implementering van hierdie beginsels en 'n gebrek aan meer gedetailleerde beskrywings bestaan. Alhoewel verskeie riglyne, in die vorm van IT kontrole raamwerke, -modelle en -standaarde bestaan, bly dit steeds teoreties van aard en is maatskappye geneig om hierdie riglyne op 'n individuele vlak te hanteer en op 'n willekeurige wyse te implementeer. Hierdie proses lei tot die implementering van 'n ondoeltreffende IT korporatiewe beheerstelsel. Die doel van hierdie studie is om 'n geïntegreerde beste praktykraamwerk te ontwikkel wat deur die direkteure en bestuur van 'n onderneming gebruik kan word om op beide 'n strategiese en operasionele vlak 'n doeltreffende IT korporatiewe beheermaatstelsel in plek te stel. 'n Geïntegreerde raamwerk is ontwikkel deur 'n volledige literatuurstudie uit te voer, gebaseer op 'n beste praktyk IT kontrole raamwerk, -model en -standaard en die gepaardgaande prosesse. Deur die toepaslike prosesse van hierdie kontrole raamwerk, -model en -standaard te kombineer en te belyn met 'n besigheid se besigheidsimperatiewe, word IT korporatiewe beheerbeginsels op 'n strategiese vlak in plek gestel. Die geïntegreerde raamwerk sluit riglyne in om goeie IT kontroles op 'n operasionele vlak te implementeer. Die kontrole tegnieke, wat verbind word met die gepaardgaande prosesse wat tydens die strategiese vlak geïdentifiseerd is, word geimplementeer asook die die toepaslike konfigurasie kontroles oor die verskeie toegangspaaie wat beïnvloed word deur 'n besigheids se besigheidsimperatiewe. Deur gebruik te maak van die ontwikkelde geïntegreerde raamwerk kan alle geaffekteerde IT risikos nou aangespreek word en 'n doeltreffende IT korporatiewe beheerstelsel in plek gestel word.
19
Baldwin-Morgan, Amelia Annette. "The impact of expert systems on auditing firms : an investigation using the Delphi technique and a case study approach /." Diss., This resource online, 1991. http://scholar.lib.vt.edu/theses/available/etd-08062007-094401/.
Full text
20
Basson, Benhardus. "The right to privacy : how the proposed POPI Bill will impact data security in a cloud computing environment." Thesis, Stellenbosch : Stellenbosch University, 2014. http://hdl.handle.net/10019.1/86184.
Full textAbstract:
Thesis (MComm)--Stellenbosch University, 2014.ENGLISH ABSTRACT: The growing popularity and continuing development of cloud computing services is ever evolving and is slowly being integrated into our daily lives through our interactions with electronic devices. Cloud Computing has been heralded as the solution for enterprises to reduce information technology infrastructure cost by buying cloud services as a utility. While this premise is generally correct, in certain industries for example banking, the sensitive nature of the information submitted to the cloud for storage or processing places information security responsibilities on the party using the cloud services as well as the party providing them. Problems associated with cloud computing are loss of control, lack of trust between the contracting parties in the cloud relationship (customer and cloud service provider) and segregating data securely in the virtual environment. The risk and responsibilities associated with data loss was previously mainly reputational in nature but with the promulgation and signing by the South African Parliament of the Protection of Personal Information Bill (POPI) in August 2013 these responsibilities to protect information are in the process to be legislated in South Africa. The impact of the new legislation on the cloud computing environment needs to be investigated as the requirements imposed by the Bill might render the use of cloud computing in regard to sensitive data nonviable without replacing some of the IT infrastructure cost benefits that cloud computing allows with increased data security costs. In order to investigate the impact of the new POPI legislation on cloud computing, the components and characteristics of the cloud will be studied and differentiated from other forms of computing. The characteristics of cloud computing are the unique identifiers that differentiate it from Grid and Cluster computing. The component study is focused on the service and deployment models that can be associated with cloud computing. The understanding obtained will be used to compile a new definition of cloud computing. By utilizing the cloud definition of what components and processes constitute cloud computing the different types of data security processes and technical security measures can be implemented are studied. This will include information management and governance policies as well as technical security measures such as encryption and virtualisation security. The last part of the study will be focussed on the Bill and the legislated requirements and how these can be complied with using the security processes identified in the rest of the study. The new legislation still has to be signed by the State President after which businesses will have one year to comply and due to the short grace period businesses need to align their business practices with the proposed requirements. The impact is wide ranging from implementing technical information security processes to possible re-drafting of service level agreements with business partners that share sensitive information. The study will highlight the major areas where the Bill will impact businesses as well as identifying possible solutions that could be implemented by cloud computing users when storing or processing data in the cloud.
AFRIKAANSE OPSOMMING: Die groei in gewildheid en die ontwikkeling van wolkbewerking dienste is besig om te verander en is stadig besig om in ons daaglikse lewens geintegreer te word deur ons interaksie met elektroniese toestelle. Wolkbewerking word voorgehou as ‘n oplossing vir besighede om hul inligtings tegnologie infrastruktuur kostes te verminder deur dienste te koop soos hulle dit benodig. Alhoewel die stelling algemeen as korrek aanvaar word, kan spesifieke industrië soos byvoorbeeld die bankwese se inligting so sensitief wees dat om die inligting aan wolkbewerking bloot te stel vir berging en prosesseering dat addisionele verantwoodelikhede geplaas op die verantwoordelike partye wat die wolk dienste gebruik sowel as die persone wat dit voorsien. Probleme geassosieër met wolk- bewerking is die verlies aan beheer, gebrekkige vertroue tussen kontakteurende partye in die wolk verhouding (verbruiker en wolk dienste verskaffer) en die beveiliging van verdeelde inligting in die virtuele omgewing. Die risiko’s en verantwoordelikhede geassosieër met inligtings verlies was voorheen grootliks gebasseer op die skade wat aan die besigheid se reputasie aangedoen kan word, maar met die publiseering en ondertekening deur die Suid-Afrikaans Parliament van die Beskerming van Persoonlike Inligting Wet (BVPI) in Augustus 2013 is hierdie verantwoordelikhede in die proses om in wetgewing in Suid Afrika vas gelê te word. Die impak van die nuwe wetgewing op die wolkbewering omgewing moet ondersoek word omdat die vereistes van die Wet die gebruik van wolkbewerking in terme van sensitiewe inligting so kan beinvloed dat dit nie die moeite werd kan wees om te gebruik nie, en veroorsaak dat addisionele verminderde IT infrastruktuur koste voordele vervang moet word met addisionele inligting beveiligings kostes. Om die impak van die nuwe BVPI wetgewing op wolkbewerking te ondersoek moet die komponente en karakter eienskappe van die wolk ondersoek word om vas te stel wat dit uniek maak van ander tipes rekenaar bewerking. Die karakter eienskappe van wolkbewerking is die unieke aspekte wat dit apart identifiseer van Rooster en Groep rekenaar bewerking. Die komponente studie sal fokus op die dienste en implimenterings modelle wat geassosieer word met wolkbewerking. Die verstandhouding wat deur voorsafgaande studie verkry is sal dan gebruik word om ‘n nuwe definisie vir wolkbewerking op te stel. Deur nou van die definisie gebruik te maak kan die inligtings sekuriteit prosesse en tegniese sekuriteits maatreëls wat deur die verantwoordelike party en die wolkbewerkings dienste verskaffer gebruik kan word om die komponente en prosesse te beveilig bestudeer word. Die studie sal insluit, inligtings bestuur prosesse en korporatiewe bestuur asook tegniese beveiligings maatreels soos kodering en virtualisasie sekuriteit. Die laaste deel van die studie sal fokus op die BVPI wetgewing en die vereistes en hoe om daaraan te voldoen deur die sekuritiets maatreëls geidentifiseer in die res van die studie te implimenteer. Die nuwe wetgewing moet nog deur die Staats President onderteken word waarna besighede ‘n jaar sal he om aan die vereistes te voldoen en omdat die periode so kort is moet besighede hulself voorberei en besigheid prosesse aanpas. Die impak van die wetgewing strek baie wyd en beinvloed van tegnise inligtings beveiligings prosesse tot kontrakte aangaande diens lewering wat dalk oor opgestel moet word tussen partye wat sensitiewe inligting uitruil. Die studie sal die prominente areas van impak uitlig asook die moontlike oplossings wat gebruik kan word deur partye wat wolkbewerking gebruik om inligting te stoor of te bewerk.
21
Ipland, Frederick Ferdinand. "An investigation to determine incremental risks to software as a service from a user’s perspective." Thesis, Stellenbosch : Stellenbosch University, 2011. http://hdl.handle.net/10019.1/18086.
Full textAbstract:
Thesis (MComm)--Stellenbosch University, 2011.ENGLISH ABSTRACT: Software as a Service (SaaS) – which is a deployment model of cloud computing – is a developing trend in technology that brings with it new potential opportunities and consequently potential risk to enterprise. These incremental risks need to be identified in order to assist in risk management and therefore information technology (IT) governance. IT governance is a cornerstone of enterprise-wide corporate governance. For many entities corporate governance has become a statutory requirement, due to the implementation of legislation such as Sarbanes-Oxley Act of the United States of America. The research aims to assist in the IT governance of SaaS, by identifying risks and possible controls. By means of an in-depth literature review, the study identified 30 key risks relating to the use and implementation of SaaS from the user’s perspective. Different governance and risk frameworks were considered, including CobiT and The Risk IT Framework. In the extensive literature review, it was found that CobiT would be the most appropriate framework to use in this study. Mapping the risks and technologies from the user's perspective to one or more of the processes of the CobiT framework, the research found that not all processes where applicable. Merely 18 of 34 CobiT processes where applicable. The study endeavoured to identify possible controls and safeguards for the risks identified. By using the technologies and risks that were mapped to the CobiT processes, a control framework was developed which included 11 key controls to possibly reduce, mitigate or accept the risks identified. Controls are merely incidental if it is not linked to a framework.
AFRIKAANSE OPSOMMING: Software as a Service (SaaS) – ‘n ontplooiingsmodel van cloud computing – is ‘n ontwikkelende tegnologiese tendens wat verskeie moontlikhede, maar daarby ook verskeie risiko’s vir ondernemings inhou. Hierdie addisionele risiko’s moet geïdentifiseer word om te help met die bestuur van risiko’s en daarom ook die beheer van Informasie Tegnologie (IT). IT beheer is ‘n belangrike deel van die grondslag van ondernemingswye korporatiewe beheer. As gevolg van die implimentering van wetgewing soos die Sarbanes-Oxley wetsontwerp van die Verenigde State van Amerika, het korporatiewe beheer ‘n statutêre vereiste geword vir verskeie ondernemings. Hierdie studie poog om die IT beheer van SaaS by te staan, deur risiko’s en moontlike beheermaatreëls te identifiseer. Deur middel van ‘n indiepte literatuur ondersoek het die studie 30 sleutelrisiko’s geïdentifiseer wat verband hou met die gebruik en implimentering van SaaS vanuit ‘n gebruikersoogpunt. Verskeie korporatiewe- en risiko raamwerke, insluitende CobiT en The Risk IT Framework, was oorweeg. Die literatuur ondersoek het egter bevind dat CobiT die mees toepaslikste raamwerk vir dié studie sal wees. Deur die risiko’s en tegnologieë vanuit ‘n gebruikers perspektief te laat pas met een of meer CobiT prosesse, het die navorsing bevind dat nie alle prosesse in CobiT van toepassing is nie. Slegs 18 van die 34 prosesse was van toepassing. Die studie het ook gepoog om moontlike beheer- en voorsorgmaatreëls vir die risiko’s te identifiseer. Deur die tegnologieë en risiko’s te gebruik wat gepas is teen die CobiT prosesse, is ‘n beheer raamwerk ontwikkel wat 11 sleutel beheermaatreëls insluit, wat die geïdentifiseerde risiko’s kan verminder, temper of aanvaar. Beheermaatreëls is slegs bykomstig as dit nie direk aan ‘n raamwerk gekoppel is nie.
22
Enslin, Zacharias. "Cloud computing : COBIT-mapped benefits, risks and controls for consumer enterprises." Thesis, Stellenbosch : Stellenbosch University, 2012. http://hdl.handle.net/10019.1/20116.
Full textAbstract:
Thesis (MComm)--Stellenbosch University, 2012.ENGLISH ABSTRACT: Cloud computing has emerged as one of the most hyped information technology topics of the decade. Accordingly, many information technology service offerings are now termed as cloud offerings. Cloud computing has attracted, and continues to attract, extensive technical research attention. However, little guidance is given to prospective consumers of the cloud computing services who may not possess technical knowledge, or be interested in the in-depth technical aspects aimed at information technology specialists. Yet these consumers need to make sense of the possible advantages that may be gained from utilising cloud services, as well as the possible incremental risks it may expose an enterprise to. The aim of this study is to inform enterprise managers, who possess business knowledge and may also be knowledgeable on the main aspects of COBIT, on the topic of cloud computing. The study focuses on the significant benefits which the utilisation of cloud computing services may bring to a prospective consumer enterprise, as well as the significant incremental risks this new technological advancement may expose the enterprise to. Proposals of possible controls that the prospective consumer enterprise can implement to mitigate the incremental risks of cloud computing are also presented.
AFRIKAANSE OPSOMMING: “Cloud computing” (wolkbewerking) het na vore getree as een van die mees opspraakwekkende inligtingstegnologieverwante onderwerpe van die dekade. Gevolglik word talle inligtingstegnologie-dienste nou as “cloud”-dienste aangebied. Uitgebreide aandag in terme van tegnologiese navorsing is en word steeds deur “cloud computing” ontlok. Weinig aandag word egter geskenk aan leiding vir voornemende verbruikers van “cloud”-dienste, wie moontlik nie tegniese kennis besit nie, of nie belangstel in die diepgrondige tegniese aspekte wat op inligtingstegnologie-spesialiste gemik is nie. Tog moet hierdie verbruikers sin maak van die moontlike voordele wat die gebruik van “cloud”-dienste mag bied, asook die moontlike inkrementele risiko’s waaraan die onderneming blootgestel mag word. Die doel van hierdie studie is om die bestuurders van ondernemings, wie besigheidskennis besit en moontlik ook kundig is oor die hoof aspekte van COBIT, in te lig oor wat “cloud computing” is. Die studie fokus op die beduidende voordele wat die benutting van “cloud computing”-dienste aan die voornemende verbruikersonderneming mag bied, asook die beduidende inkrementele risiko’s waaraan die onderneming blootgestel mag word as gevolg van hierdie tegnologiese vooruitgang. Voorstelle van moontlike beheermaatreëls wat die voornemende verbruikersonderneming kan implementeer ten einde die inkrementele risiko’s van “cloud computing” teë te werk word ook aangebied.
23
Bruwer, Hendrik Jacobus. "An investigation of developments in Web 3.0 : opportunities, risks, safeguards and governance." Thesis, Stellenbosch : Stellenbosch University, 2014. http://hdl.handle.net/10019.1/86535.
Full textAbstract:
Thesis (MComm)--Stellenbosch University, 2014.ENGLISH ABSTRACT: Many organisations consider technology as a significant asset to generate income and control cost. The World Wide Web (henceforth referred to as the Web), is recognised as the fastest growing publication medium of all time, now containing well over 1 trillion URLs. In order to stay competitive it is crucial to stay up to date with technological trends that create new opportunities for organisations, as well as creating risks. The Web acts as an enabler for technological advancement, and matures in its own unique way. From the static informative characteristics of Web 1.0, it progressed into the interactive experience Web 2.0 provides. The next phase of Web evolution, Web 3.0, is already in progress. Web 3.0 entails an integrated Web experience where the machine will be able to understand and catalogue data in a manner similar to humans. This will facilitate a world wide data warehouse where any format of data can be shared and understood by any device over any network. The evolution of the Web will bring forth new opportunities as well as challenges. Organisations need to be ready, and acquire knowledge about the opportunities and risks arising from Web 3.0 technologies. The purpose of this study is to define Web 3.0, and identify new opportunities and risks associated with Web 3.0 technologies by using a control framework. Identified opportunities can mainly be characterised as the autonomous integration of data and services which increases the pre-existing capabilities of Web services, as well as the creation of new functionalities. The identified risks mainly concern unauthorised access and manipulation of data; autonomous initiation of actions, and the development of scripts and languages. Risks will be mitigated by control procedures which organisations need to implement (examples include but is not limited to encryptions; access control; filtering; language and ontology development control procedures; education of consumers and usage policies). The findings will assist management in addressing the key focus areas of opportunities and risks when implementing a new technology.
AFRIKAANSE OPSOMMING: Baie organisasies beskou tegnologie as 'n belangrike bate om inkomste te genereer en kostes te beheer. Die Wêreldwye Web (voorts na verwys as die Web), word erken as die vinnigste groeiende publikasiemedium van alle tye, met tans meer as 1 triljoen URLs. Ten einde kompeterend te bly, is dit noodsaaklik om op datum te bly met tegnologiese tendense wat nuwe geleenthede, sowel as risikos, vir organisasies kan skep. Die Web fasiliteer tegnologiese vooruitgang, en ontwikkel op sy eie unieke manier. Vanaf die statiese informatiewe eienskappe van Web 1.0, het dit ontwikkel tot die interaktiewe ervaring wat Web 2.0 bied. Die volgende fase van Web-ontwikkeling, Web 3.0, is reeds in die proses van ontwikkeling. Web 3.0 behels 'n geïntegreerde Web-ervaring waar ʼn masjien in staat sal wees om data te verstaan en te kategoriseer op ʼn soortgelyke wyse as wat ʼn mens sou kon. Dit sal lei tot 'n wêreldwye databasis waar enige vorm van data gedeel en verstaan kan word deur enige toestel oor enige netwerk. Die ontwikkeling van die Web sal lei tot die ontstaan van nuwe geleenthede, sowel as uitdagings. Dit is noodsaaklik dat organisasies bewus sal wees hiervan, en dat hulle oor genoegsame kennis sal beskik met betrekking tot die geleenthede en risikos wat voortspruit uit Web 3.0 tegnologieë. Die doel van hierdie studie is om Web 3.0 te definieer, en nuwe geleenthede en risikos wat verband hou met Web 3.0 tegnologieë, te identifiseer deur gebruik te maak van ʼn kontrole raamwerk. Geleenthede wat geïdentifiseer is, word hoofsaaklik gekenmerk deur outonome integrasie van data en dienste wat lei tot ʼn toename in die vermoëns van reeds bestaande Webdienste, sowel as die skepping van nuwe funksionaliteite. Die risikos wat geïdentifiseer is, word hoofsaaklik gekenmerk deur ongemagtigde toegang en manipulasie van data; outonome inisieering van aksies, en die ontwikkeling van programskrifte en tale. Risikos wat geïdentifiseer is, sal aangespreek word deur die implementering van voorgestelde kontroleprosedures om sodanige risikos te verminder tot ʼn aanvaarbare vlak (voorbeelde sluit in maar is nie beperk tot enkripsie; toegangkontroles; filters; programmatuur taal en ontologie ontwikkels kontroles prosedures; opleiding van gebruikers en ontwikkelaars en beleide ten op sigte van gebruik van tegnologië). Die bevindinge sal bestuur in staat stel om die sleutelfokus-areas van geleenthede en risikos te adresseer gedurende die implementering van 'n nuwe tegnologie.
24
Wheeler, Sonya. "A structured technique for applying Risk Based Internal Auditing in information technology environments (with specific reference to IIA RBIA, King Report and CobiT)." Thesis, Stellenbosch : University of Stellenbosch, 2005. http://hdl.handle.net/10019.1/1016.
Full textAbstract:
Thesis (M.Comm. (Accountancy))--University of Stellenbosch, 2005.ENGLISH ABSTRACT: A technique that may be used to incorporate Risk Based Internal Auditing (RBIA) in the IT environment is to follow annual audit planning methodology steps. The IT infrastructure elements are linked to the business processes which they support. Their ranking are based on the risk assessments of the business process, the business process priority, the dependency of the business process on IT and the IT infrastructure element’s own risk assessment. CobiT is used as an auditing method, i.e. best practice guidance to audit against.
25
Jenkins, Donald J. "Evaluation of fraud detection data mining used in the auditing process of the Defense Finance And Accounting Service." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2002. http://library.nps.navy.mil/uhtbin/hyperion-image/02Jun%5FJenkins.pdf.
Full textAbstract:
Thesis (M.S. in Operations Research)--Naval Postgraduate School, June 2002.Thesis advisor(s): Samuel E. Buttrey, Lyn R. Whitaker. Includes bibliographical references (p. 103-105). Also available online.
26
Xozwa, Thandolwethu. "Automated statistical audit system for a government regulatory authority." Thesis, Nelson Mandela Metropolitan University, 2015. http://hdl.handle.net/10948/6061.
Full textAbstract:
Governments all over the world are faced with numerous challenges while running their countries on a daily basis. The predominant challenges which arise are those which involve statistical methodologies. Official statistics to South Africa’s infrastructure are very important and because of this it is important that an effort is made to reduce the challenges that occur during the development of official statistics. For official statistics to be developed successfully quality standards need to be built into an organisational framework and form a system of architecture (Statistics New Zealand 2009:1). Therefore, this study seeks to develop a statistical methodology that is appropriate and scientifically correct using an automated statistical system for audits in government regulatory authorities. The study makes use of Mathematica to provide guidelines on how to develop and use an automated statistical audit system. A comprehensive literature study was conducted using existing secondary sources. A quantitative research paradigm was adopted for this study, to empirically assess the demographic characteristics of tenants of Social Housing Estates and their perceptions towards the rental units they inhabit. More specifically a descriptive study was undertaken. Furthermore, a sample size was selected by means of convenience sampling for a case study on SHRA to assess the respondent’s biographical information. From this sample, a pilot study was conducted investigating the general perceptions of the respondents regarding the physical conditions and quality of their units. The technical development of an automated statistical audit system was discussed. This process involved the development and use of a questionnaire design tool, statistical analysis and reporting and how Mathematica software served as a platform for developing the system. The findings of this study provide insights on how government regulatory authorities can best utilise automated statistical audits for regulation purposes and achieved this by developing an automated statistical audit system for government regulatory authorities. It is hoped that the findings of this study will provide government regulatory authorities with practical suggestions or solutions regarding the generating of official statistics for regulatory purposes, and that the suggestions for future research will inspire future researchers to further investigate automated statistical audit systems, statistical analysis, automated questionnaire development, and government regulatory authorities individually.
27
Ali, Sami Abbas Hussain. "The impact of computer technology on accounting and auditing in the Middle East with special emphasis on Arabisation, transfer of technology and training." Thesis, City University London, 1995. http://openaccess.city.ac.uk/7737/.
Full textAbstract:
The purpose of this research is to examine closely the impact of information technology on accounting and auditing , in particular, the computer technology on accounting and auditing in the Middle East with special emphasis on arabisation, transfer of technology and training. The use of computers and information technology is altering the way we do things. Middle East practitioners at present are experiencing a transition in contemplating the use of technology to improve their working methods. The traditional role of Arab accountants is changing. There is a great deal of demand for improved skills to cope with the increased use of technology by government agencies, private businesses and educational institutions. The improved economic conditions in the Middle East over the past decade have made it possible to acquire new technology, and at the same time made it necessary for accountants and auditors who do not have technical skills to upgrade their standards to deal with the revolution of information technology that is taking place in the West. The objective of the research is to deal with two distinct problems relating to computer technology. The first is that of existence of such technology in the Middle East. The second concerns the appropriate level of its introduction to the region. The specific objectives of this research are as follows: (a) to review the current status of computer technology worldwide and in the Middle East; (b) to outline the inadequacies of the current practice by businesses, governments, auditing firms and educational institutions; (c) to show how the region may benefit from the introduction of computer technology; and (d) to discuss the implications of such technology on the region as a whole and its impact on issues such as Arabisation, transfer of technology and training. To accomplish the desired objectives of the research, a research methodology was used and included a historical analysis and literature search and pilot study and analysis of the survey which included computer technology users, providers and consultants. The study focused on the key variables namely introducing the technology and its impact, computer hardware, computer software Arabisation and training and skills transfer.
28
Brand, Johanna Catherina. "The governance of significant enterprise mobility security risks." Thesis, Stellenbosch : Stellenbosch University, 2013. http://hdl.handle.net/10019.1/85853.
Full textAbstract:
Thesis (MComm)--Stellenbosch University, 2013.ENGLISH ABSTRACT: Enterprise mobility is emerging as a megatrend in the business world. Numerous risks originate from using mobile devices for business-related tasks and most of these risks pose a significant security threat to organisations’ information. Organisations should therefore apply due care during the process of governing the significant enterprise mobility security risks to ensure an effective process to mitigate the impact of these risks. Information technology (IT) governance frameworks, -models and -standards can provide guidance during this governance process to address enterprise mobility security risks on a strategic level. Due to the existence of the IT gap these risks are not effectively governed on an operational level as the IT governance frameworks, -models and -standards do not provide enough practical guidance to govern these risks on a technical, operational level. This study provides organisations with practical, implementable guidance to apply during the process of governing these risks in order to address enterprise mobility security risks in an effective manner on both a strategic and an operational level. The guidance given to organisations by the IT governance frameworks, -models and -standards can, however, lead to the governance process being inefficient and costly. This study therefore provides an efficient and cost-effective solution, in the form of a short list of best practices, for the governance of enterprise mobility security risks on both a strategic and an operational level.
AFRIKAANSE OPSOMMING: Ondernemingsmobiliteit kom deesdae as ‘n megatendens in die besigheidswêreld te voorskyn. Talle risiko's ontstaan as gevolg van die gebruik van mobiele toestelle vir sake-verwante take en meeste van hierdie risiko's hou 'n beduidende sekuriteitsbedreiging vir organisasies se inligting in. Organisasies moet dus tydens die risikobestuursproses van wesenlike mobiliteit sekuriteitsrisiko’s die nodige sorg toepas om ‘n doeltreffende proses te verseker ten einde die impak van hierdie risiko’s te beperk. Informasie tegnologie (IT)- risikobestuurraamwerke, -modelle en -standaarde kan op ‘n strategiese vlak leiding gee tydens die risikobestuursproses waarin mobiliteit sekuriteitsrisiko’s aangespreek word. As gevolg van die IT-gaping wat bestaan, word hierdie risiko’s nie effektief op ‘n operasionele vlak bestuur nie aangesien die ITrisikobestuurraamwerke, -modelle en -standaarde nie die nodige praktiese leiding gee om hierdie risiko’s op ‘n tegniese, operasionele vlak te bestuur nie. Om te verseker dat organisasies mobiliteit sekuriteitsrisiko’s op ‘n effektiewe manier op beide ‘n strategiese en operasionele vlak bestuur, verskaf hierdie studie praktiese, implementeerbare leiding aan organisasies wat tydens die bestuursproses van hierdie risiko’s toegepas kan word. Die leiding aan organisasies, soos verskaf in die IT-risikobestuurraamwerke, - modelle en -standaarde, kan egter tot’n ondoeltreffende en duur risikobestuursproses lei. Hierdie studie bied dus 'n doeltreffende, koste-effektiewe oplossing, in die vorm van 'n kort lys van beste praktyke, vir die bestuur van die mobiliteit sekuriteitsrisiko’s op beide 'n strategiese en 'n operasionele vlak.
29
Persson-Holmes, Paul, and Pontus Lyngsten. "IT in auditing : A descriptive study about IT-tool usage, IT knowledge, and the future digital environment for auditors." Thesis, Umeå universitet, Företagsekonomi, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:umu:diva-172383.
Full textAbstract:
The audit industry is under a digital transformation where various IT-tools are being frequently used by auditors at different experience levels. It is almost impossible to perform an audit with good results without using any IT-tools. Therefore, pressure is put on audit firms,both Big 4 and Non-Big 4 firms to stay ahead or at least up to date in terms of the digital development, implementation and usage of IT-tools to not fall behind its competitors. Educating the audit team members in the different information technology systems (IT) will be of great importance so that auditors can utilize new technology and enhance audit quality.This study contributes with practical knowledge by mapping out and describing in detail how and in which IT-tools auditors spend their time in during their commitments during a typical week. Secondly, the study provides insights on the current IT-knowledge among auditors, which is a factor that influences the use of IT-tools among auditors. Further, this also includes, getting an enhanced understanding of what type of IT-knowledge that is required today, for the audit team member at a specific level, ranging from associates to partners at Big 4 and Non-big 4 firms. Thirdly, the thesis will also discuss impacts of digitalisation and advanced technologies in auditing and give an update of to what degree advanced technologies has been implemented.This was possible to accomplish through an online questionnaire and interview sessions which implied that seven different types of software are used by auditors where Spreadsheet software is one of the most frequently used IT-tools. Auditors generally use software they are familiar with and a resistance towards new software exists. The study also highlights the discussion if the implementation and use of advanced technologies is as widespread as the auditing firms are picturing it. Additionally, there is still a general lack of IT-skills among auditors, and students seeing a future in the auditing profession would have to take responsibility over their own IT-knowledge increasement alongside with educators implementing more IT-courses for students studying Business administration.
30
Tschantz, Michael Carl. "Formalizing and Enforcing Purpose Restrictions." Research Showcase @ CMU, 2012. http://repository.cmu.edu/dissertations/128.
Full textAbstract:
Privacy policies often place restrictions on the purposes for which a governed entity may use personal information. For example, regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), require that hospital employees use medical information for only certain purposes, such as treatment, but not for others, such as gossip. Thus, using formal or automated methods for enforcing privacy policies requires a semantics of purpose restrictions to determine whether an action is for a purpose. We provide such a semantics using a formalism based on planning. We model planning using a modified version of Markov Decision Processes (MDPs), which exclude redundant actions for a formal definition of redundant. We argue that an action is for a purpose if and only if the action is part of a plan for optimizing the satisfaction of that purpose under the MDP model. We use this formalization to define when a sequence of actions is only for or not for a purpose. This semantics enables us to create and implement an algorithm for automating auditing, and to describe formally and compare rigorously previous enforcement methods. We extend this formalization to Partially Observable Markov Decision Processes (POMDPs) to answer when information is used for a purpose. To validate our semantics, we provide an example application and conduct a survey to compare our semantics to how people commonly understand the word “purpose”.
31
Pretorius, Dawid Johannes. "NoSQL database considerations and implications for businesses." Thesis, Stellenbosch : Stellenbosch University, 2013. http://hdl.handle.net/10019.1/85727.
Full textAbstract:
Thesis (MComm)--Stellenbosch University, 2013.ENGLISH ABSTRACT: NoSQL databases, a new way of storing and retrieving data, can provide businesses with many benefits, although they also pose many risks for businesses. The lack of knowledge among decision-makers of businesses regarding NoSQL databases can lead to risks left unaddressed and missed opportunities. This study, by means of an extensive literature review, identifies the key drivers, characteristics and benefits of a NoSQL database, thereby providing a clear understanding of the subject. The business imperatives related to NoSQL databases are also identified and discussed. This can help businesses to determine whether a NoSQL database might be a viable solution, and to align business and information technology (IT) objectives. The key strategic and operational IT risks are also identified and discussed, based on the literature review. This can help business to ensure that the risks related to the use of NoSQL databases are appropriately addressed. Lastly, the identified risks were mapped to the processes of COBIT (Control Objectives for Information and Related Technology) to inform a business of the highest risk areas and the associated focus areas.
AFRIKAANSE OPSOMMING: NoSQL databasisse, 'n nuwe manier om data te stoor en herwin, het die potensiaal om baie voordele vir besighede in te hou, maar kan ook baie risiko's teweeg bring. Gebrekkige kennis onder besigheidsbesluitnemers oor NoSQL databasisse kan lei tot onaangespreekte risiko’s en verlore geleenthede. Hierdie studie, deur middel van 'n uitgebreide literatuuroorsig, identifiseer die sleutel eienskappe, kenmerke en voordele van 'n NoSQL databasis, om sodoende 'n duidelike begrip van die onderwerp te verkry. Die besigheidsimperatiewe wat verband hou met NoSQL databasisse is ook geïdentifiseer en bespreek. Dit kan besighede help om te bepaal of 'n NoSQL databasis 'n werkbare oplossing kan wees, asook sake- en inligtingstegnologie (IT) doelwitte in lyn met mekaar bring. Na aanleiding van die literatuurstudie is die sleutel-strategiese en operasionele IT-risiko's geïdentifiseer en bespreek. Dit kan help om aan besighede sekerheid te verskaf dat die risiko's wat verband hou met die gebruik van NoSQL databasisse toepaslik aangespreek word. Laastens is die geïdentifiseerde risiko's gekoppel aan die prosesse van COBIT om 'n besigheid van die hoë-risiko areas en die gepaardgaande fokusareas in te lig.
32
Weber, Lyle. "Addressing the incremental risks associated with adopting a Bring Your Own Device program by using the COBIT 5 framework to identify keycontrols." Thesis, Stellenbosch : Stellenbosch University, 2014. http://hdl.handle.net/10019.1/86694.
Full textAbstract:
Thesis (MComm)--Stellenbosch University, 2014.ENGLISH ABSTRACT: Bring Your Own Device (BYOD) is a technological trend which individuals of all ages are embracing. BYOD involves an employee of an organisation using their own mobile devices to access their organisations network. Several incremental risks will arise as a result of adoption of a BYOD program by an organisation. The research aims to assist organisations to identify what incremental risks they could potentially encounter if they adopt a BYOD program and how they can use a framework like COBIT 5 in order to reduce the incremental risks to an acceptable level. By means of an extensive literature review the study revealed 50 incremental risks which arise as a result of the adoption of a BYOD program. COBIT 5 was identified as the most appropriate framework which could be used to map the incremental risks against. Possible safeguards were identified from the mapping process which would reduce the incremental risks to an acceptable level. It was identified that 13 of the 37 COBIT 5 processes were applicable for the study.
33
Namli, Tuncay. "Security, Privacy, Identity And Patient Consent Management Across Healthcare Enterprises Inintegrated Healthcare Enterprises (ihe) Cross Enterprise Document Sharing (xds) Affinity Domain." Master's thesis, METU, 2007. http://etd.lib.metu.edu.tr/upload/12608463/index.pdf.
Full textAbstract:
Integrated Healthcare Enterprise (IHE) is an initiative by industry and healthcare professionals to improve knowledge sharing and interoperability between healthcare related enterprises. IHE publishes Integration Profiles on several Healthcare Fields to define how systems can use existing standards and technologies to execute a specific use case in healthcare. Cross Enterprise Document Sharing (XDS) is such a profile which defines the way of sharing Electronic Health Records (EHR) between healthcare enterprises. In this thesis, IHE Cross Enterprise User Authentication, IHE Node Authentication and Audit Trail, IHE Basic Patient Privacy Consent profiles are implemented based on the IHE XDSimplementation by National Institute of Standards, USA. Furthermore, some of the unspecified issues related with these profiles are clarified and new techniques are offered for their implementations. One of the contribution of the thesis is to use OASIS Extensible Access Control Markup Language (XACML) to define patient consent policies and manage access control. Other technologies and standards that are used in the implementation are as followsOASIS Security Assertion Markup Language (SAML), XML Signature, Mutual Transport Layer Security (TLS), RFC 3195 Reliable Delivery for Syslog, RFC 3881 Security Audit and Access Accountability Message XML Data Definitions.
34
Kalibjian, Jeffrey R. "Accountable Security Architectures for Protecting Telemetry Data." International Foundation for Telemetering, 2001. http://hdl.handle.net/10150/606436.
Full textAbstract:
International Telemetering Conference Proceedings / October 22-25, 2001 / Riviera Hotel and Convention Center, Las Vegas, NevadaToday there are many security solutions available which can facilitate both protection and sharing of telemetry data. While the technologies behind these solutions are maturing [1] [2] [3], most products lack a consistent and coherent paradigm for enforcing who is able to access the secured data, what is done with it, and insuring it can be recovered if the person who secured it is disabled.
35
Barros, Marcelo Gomes de. "O uso das ferramentas em auditoria "Computer Audit Auxiliary Techniques and Tools - CAAT" - pelas empresas de auditoria no aux??lio da revis??o das demonstra????es financeiras no Brasil." FECAP - Faculdade Escola de Com??rcio ??lvares Penteado, 2003. http://132.0.0.61:8080/tede/handle/tede/584.
Full textAbstract:
Made available in DSpace on 2015-12-04T11:45:18Z (GMT). No. of bitstreams: 1
Marcelo_Gomes_de_Barros.pdf: 512439 bytes, checksum: 648452f88c671e15ddcdd5bd166e392c (MD5)
Previous issue date: 2003-07-01In this beginning of the century XXI, Brazil reached an incommensurable managerial development, proportionate for the effect in chain of the globalization, going by countless restructurings and reengineeries, taking the extinction of several tasks, with objective of accompanying what it happens in the world, ending, mainly, with the bureaucratization that our settled business foundations, leverage the speed of the information and of the electric outlet of decision on behalf of the Society, besides the placement of the national company in the global competitive market. With the change of the atmosphere and of the needs of the companies, the audit services rendered was forced to accompany this evolution on behalf of your subsistence, fact that generated the development of the accounting class, as the improvement of the quality in the services rendered and the progresses of your legislation. This new atmosphere brought new perspectives, the simple execution of the contracted task became the minimum and the excellence in the service installment it became the indispensable, the contracted and it stopped being it "non-participative" with specific and limited functions to become a collaborator in the creation of new ideas, contributing to the improvement of the atmosphere and of the system of information, acting as facilitator in the visualization of the tools " for electric outlet of decisions, as well as, suggesting alternative roads to find the best solution. To reach this status, the technological evolution of the audit atmosphere it was vital, providing the automation of your processes, generating an evolution of the traditional auditor's profile-that that corroborates the information of the financial demonstrations to emit your opinion-for an ally that contributes to the improvement of the company, seeking the mutual growth. Through the field research, this work can reach your objectives, making a mapping of the current situation on the use tools auditing "Computer Audit Techniques and Tools - CAATs" - to help of the financial statement review by audits' company, seeking to heal the audit customers' needs, supporting the concern of the companies of independent audit in they automate your work stages, creating space for the creation of talents, properly valued by the acquired knowledge. In add the objective of this work is to provide to the literary atmosphere before not the compilation of information available to the interested ones in the subject.
In this beginning of the century XXI, Brazil reached an incommensurable managerial development, proportionate for the effect in chain of the globalization, going by countless restructurings and reengineeries, taking the extinction of several tasks, with objective of accompanying what it happens in the world, ending, mainly, with the bureaucratization that our settled business foundations, leverage the speed of the information and of the electric outlet of decision on behalf of the Society, besides the placement of the national company in the global competitive market. With the change of the atmosphere and of the needs of the companies, the audit services rendered was forced to accompany this evolution on behalf of your subsistence, fact that generated the development of the accounting class, as the improvement of the quality in the services rendered and the progresses of your legislation. This new atmosphere brought new perspectives, the simple execution of the contracted task became the minimum and the excellence in the service installment it became the indispensable, the contracted and it stopped being it "non-participative" with specific and limited functions to become a collaborator in the creation of new ideas, contributing to the improvement of the atmosphere and of the system of information, acting as facilitator in the visualization of the tools " for electric outlet of decisions, as well as, suggesting alternative roads to find the best solution. To reach this status, the technological evolution of the audit atmosphere it was vital, providing the automation of your processes, generating an evolution of the traditional auditor's profile-that that corroborates the information of the financial demonstrations to emit your opinion-for an ally that contributes to the improvement of the company, seeking the mutual growth. Through the field research, this work can reach your objectives, making a mapping of the current situation on the use tools auditing "Computer Audit Techniques and Tools - CAATs" - to help of the financial statement review by audits' company, seeking to heal the audit customers' needs, supporting the concern of the companies of independent audit in they automate your work stages, creating space for the creation of talents, properly valued by the acquired knowledge. In add the objective of this work is to provide to the literary atmosphere before not the compilation of information available to the interested ones in the subject.
Neste in??cio do s??culo XXI, o Brasil alcan??ou um desenvolvimento empresarial incomensur??vel, proporcionado pelo efeito em cadeia da globaliza????o, passando por in??meras reestrutura????es e reengenharias, levando a extin????o de diversas tarefas, com o objetivo de acompanhar o que acontece no mundo, acabando, principalmente, com a burocratiza????o que enra??za nossos alicerces de neg??cio, acelerando a velocidade da informa????o e da tomada de decis??es em prol da entidade, al??m da coloca????o da empresa nacional no mercado competitivo global. Com a mudan??a do ambiente e das necessidades das empresas, a presta????o de servi??os de auditoria foi for??ada a acompanhar esta evolu????o em prol de sua subsist??ncia, fato que gerou o desenvolvimento da classe cont??bil, com melhoria da qualidade na presta????o de servi??os e avan??os da legisla????o pertinente. Este novo ambiente trouxe novas perspectivas, a simples execu????o da tarefa contratada passou a ser o m??nimo e a excel??ncia na presta????o de servi??o passou a ser o indispens??vel, com o contratado deixando de ser o "n??o participativo" com fun????es espec??ficas e limitadas para se tornar um colaborador na cria????o de novas id??ias, contribuindo para a melhoria do ambiente e do sistema de informa????es, agindo como facilitador na visualiza????o das ferramentas para tomada de decis??es, bem como sugerindo caminhos alternativos para encontrar a melhor solu????o. Para alcan??ar este status, a evolu????o tecnol??gica do ambiente de auditoria foi vital, proporcionando a automatiza????o de seus processos, gerando uma evolu????o do perfil do auditor tradicional - aquele que corrobora as informa????es das demonstra????es financeiras para emitir sua opini??o - para um aliado que contribui para a melhoria da empresa, visando o crescimento m??tuo. Por meio de pesquisa de campo, este trabalho pode alcan??ar seus objetivos, efetuando um mapeamento da situa????o atual sobre o uso das ferramentas de auditoria "Computer Audit Auxiliary Techniques and Tools - CAATs" - pelas empresas de auditoria no aux??lio da revis??o das demonstra????es financeiras, visando sanar as necessidades dos clientes de auditoria, dando apoio ??s empresas de auditoria independente em seu esfor??o de automatiza????o das etapas de trabalho, criando espa??o para a cria????o de talentos, devidamente valorizados pelo conhecimento adquirido. Adicionalmente, este trabalho tem como objetivo proporcionar ao ambiente liter??rio a compila????o de informa????es antes n??o dispon??veis aos interessados.
36
Marziale, Lodovico. "Advanced Techniques for Improving the Efficacy of Digital Forensics Investigations." ScholarWorks@UNO, 2009. http://scholarworks.uno.edu/td/1027.
Full textAbstract:
Digital forensics is the science concerned with discovering, preserving, and analyzing evidence on digital devices. The intent is to be able to determine what events have taken place, when they occurred, who performed them, and how they were performed. In order for an investigation to be effective, it must exhibit several characteristics. The results produced must be reliable, or else the theory of events based on the results will be flawed. The investigation must be comprehensive, meaning that it must analyze all targets which may contain evidence of forensic interest. Since any investigation must be performed within the constraints of available time, storage, manpower, and computation, investigative techniques must be efficient. Finally, an investigation must provide a coherent view of the events under question using the evidence gathered. Unfortunately the set of currently available tools and techniques used in digital forensic investigations does a poor job of supporting these characteristics. Many tools used contain bugs which generate inaccurate results; there are many types of devices and data for which no analysis techniques exist; most existing tools are woefully inefficient, failing to take advantage of modern hardware; and the task of aggregating data into a coherent picture of events is largely left to the investigator to perform manually. To remedy this situation, we developed a set of techniques to facilitate more effective investigations. To improve reliability, we developed the Forensic Discovery Auditing Module, a mechanism for auditing and enforcing controls on accesses to evidence. To improve comprehensiveness, we developed ramparser, a tool for deep parsing of Linux RAM images, which provides previously inaccessible data on the live state of a machine. To improve efficiency, we developed a set of performance optimizations, and applied them to the Scalpel file carver, creating order of magnitude improvements to processing speed and storage requirements. Last, to facilitate more coherent investigations, we developed the Forensic Automated Coherence Engine, which generates a high-level view of a system from the data generated by low-level forensics tools. Together, these techniques significantly improve the effectiveness of digital forensic investigations conducted using them.
37
Pedro, Inês Filipe da Silva. "Tecnologias da informação em auditorias financeiras : uso, importância e risco." Master's thesis, Instituto Superior de Economia e Gestão, 2018. http://hdl.handle.net/10400.5/17344.
Full textAbstract:
Mestrado em Contabilidade, Fiscalidade e Finanças EmpresariaisEste estudo contribui para uma maior perceção da importância da utilização das TI e de especialistas em auditorias de sistemas de informação em auditorias financeiras, bem como dos riscos a que os auditores estão sujeitos nos dias de hoje. Desta forma, identificou-se qual a importância do uso de especialistas em auditorias de sistemas da informação em auditorias financeiras, os fatores que influenciam os auditores financeiros a usarem as TI, nomeadamente as Técnicas de Auditoria Assistidas por Computador (TAAC’s), qual a importância do uso de TAAC’s e por fim procura perceber se os auditores estão conscientes dos riscos que surgem com o aumento da utilização das TI’s por parte dos seus clientes. Foi realizado um focus group com especialistas em segurança da informação, uma entrevista a um auditor financeiro de uma Big4 e aplicados questionários a Revisores Oficiais de Contas (ROC’s) portugueses. Para análise dos dados do questionário foi utilizada a metodologia de análise de componentes principais. Pode concluir-se que especialistas em auditoria de sistemas de informação são importantes para planear e executar testes de controlos de TI, que as TAAC’s são especialmente importantes para que os auditores possam trabalhar sobre a totalidade da informação e não apenas sobre uma amostra e que são três os fatores principais a influenciarem o seu uso: suporte organizacional e aptidão, influência social e da empresa e expetativa de desempenho. Os resultados indicam ainda que os auditores estão conscientes dos riscos de manipulação da informação.
This study contributes to a greater understanding of the importance of the use of IT and of specialists in information systems audits in financial audits, as well as the risks to which auditors are subject to nowadays. Thus, we identified the importance of having specialists in information systems audits in financial audits, the factors that influence financial auditors to use IT, namely Computer Assisted Audit Techniques (CAAT's), how important is the use of CAAT’s and finally we tried to understand if the auditors are aware of the risks that arise with the increase of the use of the IT's by their clients. A focus group with information security experts, an interview with a financial auditor of a Big4, and surveys were applied to Portuguese Official Chartered Accountants. For the analysis of the data of the questionnaire, the principal components analysis methodology was used. It may be concluded that information systems auditing experts are important in planning and executing IT control tests, that CAAT’s are especially important so that auditors can work on all of the information and not just on a sample, and that organizational support and skills, social and business influence and performance expectancy are the three main factors that influence their use. The results also indicate that auditors are aware of information manipulation risks.
info:eu-repo/semantics/publishedVersion
38
du, Fresne Andrew J. "Can Audits be an Effective Method to Improve Information Governance Compliance Objectives?" University of Findlay / OhioLINK, 2020. http://rave.ohiolink.edu/etdc/view?acc_num=findlay1595949409362295.
Full text
39
Olsson, Johnny. "Det auditiva nätet." Thesis, University of Gävle, Department of Mathematics, Natural and Computer Sciences, 2006. http://urn.kb.se/resolve?urn=urn:nbn:se:hig:diva-43.
Full textAbstract:
En skillnad i internets utveckling kan ses mellan de visuella och de auditiva elementen, där det auditiva ligger långt efter vad gäller övergripande standarder och användningens utbredning. Vad beror det på? Har skillnader mellan hur vi ser och hör information en betydelse? Denna uppsats undersöker inställningen till ljud över internet med hjälp av en enkät som vanliga internetsurfare med varierande vana av informationssökning över internet har svarat på. Resultaten visar en, inte helt oväntad och inte heller osminkad, skepsis mot ljud över internet.
40
Schmerber, Sébastien. "Nouvelle technologie d'identification et d'interprétation des potentiels évoqués auditifs précoces per-opératoires." Phd thesis, Université Joseph Fourier (Grenoble), 2002. http://tel.archives-ouvertes.fr/tel-00006758.
Full textAbstract:
Les techniques de monitorage per-opératoire par potentiels évoqués auditifs du tronc cérébral (PEAop) sont utiles pour la chirurgie de l'angle ponto-cérébelleux et visent à augmenter la préservation del'audition. Le monitorage auditif informe le chirurgien des modifications de la fonction auditive, mais les techniques existantes ont leurs limites, et de nouvelles méthodes doivent être inventées. Dans ce but, un nouveau système compact de PEAop a été conçu qui donne une information en temps réel (moins de 10 sec) sur la fonction auditive. Un algorithme original de réjection d'artéfact et une analyse par transformée de Fourier ont été développés. Les tests cliniques ont porté sur 23 patients. Les résultats indiquent que notre technique a des avantages significatifs par rapport aux autres méthodes de monitorage, bien qu'aucune différence statistiquement significative dans le taux de préservation auditive n'ait pu être rapporté. Pour augmenter l'efficacité du monitorage auditif per-opératoire, des enregistrements par potentiels directs sur nerfs seront associés aux PEAop. Dans ce but, nous avons mis au point une micro-électrode flexible à haute résolution spatio-temporelle pour réaliser des enregistrements directs. Des tests sur modèle animal par enregistrement multi-sites des aires auditives corticales, en réponse à une stimulation acoustique ou électrique au niveau du noyau cochléaire, ont prouvé la faisabilité de la technique. L'utilisation de micro-électrodes souples devrait permettre une meilleure compréhension du codage du signal le long des voies auditives, et conduire à de nouvelles applications pour le système auditif chez l'homme.
41
Johansson, Anna. "Utvärdering av den auditiva modaliteten i förhållande till grafik i multigränssnittsspelet Sightlence." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-108913.
Full textAbstract:
Denna uppsats syftar till att utvärdera ljudmodaliteten i multigränssnittsspelet Sightlence, genom att jämföra gränssnitten grafik mot det grafisk-auditiva gränssnittet. 16 personer har testats och intervjuats i en studie med mixed design. Kvalitativa och kvantitativa datum har använts för att kunna jämföra resultat och upplevelser i spelets två gränssnitt, och för att undersöka om förbättringar skulle kunna göras med avseende på ljudets användbarhet i spelet.Resultaten visar att det inte finns några skillnader mellan de två gränssnitten vad gäller prestation eller underhållningsvärde, vilka mättes kvantitativt. Det visade sig dock att kvalitativa data gav information om att majoriteten av deltagarna upplevde att det var mer underhållande att spela med ljud även om det inte upplevdes som prestationshöjande. Det framgick även att ljudet påverkade spelarna på två olika sätt, några spelare ansåg att ljudet gjorde spelet mer fängslande och att de blev mer fokuserad på spelet, medan andra spelare såg ljudet som ett hjälpmedel som gjorde att de kunde fokusera visuellt på något annat än spelet. En sammanställning av resultaten visar på att spelupplevelse vad gäller ljudfeedback är individuell och att Sightlence som multigränssnittsspel har fördelen att spelaren kan anpassa gränssnittet efter eget önskemål.
42
Vieira, Eliara Pinto [UNIFESP]. "Mutações genéticas da deficiência auditiva: avaliação comportamental e eletrofisiológica da audição sem e com prótese auditiva em crianças." Universidade Federal de São Paulo (UNIFESP), 2011. http://repositorio.unifesp.br/handle/11600/9832.
Full textAbstract:
Made available in DSpace on 2015-07-22T20:50:27Z (GMT). No. of bitstreams: 0
Previous issue date: 2011-01-26. Added 1 bitstream(s) on 2015-08-11T03:26:03Z : No. of bitstreams: 1
Publico-12529a.pdf: 1382817 bytes, checksum: 65bd98549521fbf2650836a170f9761e (MD5). Added 1 bitstream(s) on 2015-08-11T03:26:03Z : No. of bitstreams: 2
Publico-12529a.pdf: 1382817 bytes, checksum: 65bd98549521fbf2650836a170f9761e (MD5)
Publico-12529b.pdf: 1113563 bytes, checksum: 3261d75b2356f849d087c69443322b57 (MD5)As BMPs, proteínas indutoras de crescimento ósseo, desde o início de sua utilização têm sido avaliadas em diferentes modelos experimentais objetivando determinar sua eficácia. Sabemos que algumas substâncias podem interferir positiva ou negativamente quando utilizadas de forma sistêmica ou local, associadas à BMP. Objetivo: Este estudo tem por objetivo avaliar as possíveis interferências da utilização de antibioticoterapia profilática pré e pós-operatória, utilizando-se como princípio ativo a cefazolina, aplicada a um modelo experimental em coelhos. Métodos: Foram utilizados dois grupos de coelhos fêmea, neozelandeses, submetidos à artrodese intertransversa da coluna lombar, segmento L5-L6, por via posterior. No primeiro grupo foi utilizado o enxerto autólogo associado ao biocomposto (BMP bovino, 1,0mg e hidroxiapatita, 9,0mg). No segundo grupo foi realizado o mesmo procedimento e utilizado o mesmo biocomposto, porém os animais foram submetidos a antibioticoterapia profilática com cefazolina iniciada duas horas antes e mantida por 24 horas após o término do procedimento. Os animais foram acompanhados por 15 semanas, isolados em cativeiro e avaliados diariamente por veterinário sob o ponto de vista clínico e neurológico, sendo posteriormente sacrificados e retiradas as peças cirúrgicas para serem submetidas à análise radiográfica e histológica. Resultados: Para o grupo 1, a quantidade e localização do material implantado variaram entre os indivíduos, porém, na maioria dos casos (6 amostras), a quantidade de partículas de osso homólogo era insignificante e estava dispersa ao longo do tecido mole que recobre o dorso da vértebra, circundado por tecido reacional com área de necrose. Nos demais casos as partículas com reabsorção preenchiam o reduzido espaço entre os processos transversos. Para o grupo 2, a quantidade do material e sua localização também variaram entre os indivíduos. Na maioria dos casos inúmeras partículas de osso mole preenchiam o espaço entre os processos laterais cuja neoformação óssea levou ao aprisionamento de algumas dessas partículas. Todos os casos exibiram formação em maior ou menor intensidade de tecido cartilaginoso na superfície dos processos transversos. A análise radiográfica mostrou em sua freqüência relativa maior freqüência de fusão completa para o grupo 2 quando comparado ao grupo 1. Conclusão: Do ponto de vista histológico para o modelo e período experimental analisado, inferimos que, embora nenhum dos tratamentos propostos tenha promovido o completo fusionamento das vértebras por tecido ósseo, a utilização de osso homólogo + BMP bovina, associada à aplicação de cefazolina, promoveu maior formação cartilaginosa e óssea com menor índice de rejeição do material enxertado na área doadora, quando comparada ao grupo sem associação de cefazolina. Do ponto de vista radiográfico, a análise relativa também demonstrou-se superior para o grupo onde foi utilizado cefazolina.
The BMPs, the inductive proteins of bone growth since the beginning of their use have been evaluated in different experimental models aiming to determine their efficacy. We know that some substances can interfere positively or negatively when used in a systemic way or places associated with the BMP. Objective: this study objective to evaluate the possible interferences of antibiotic-therapy by using the active principle of cefazolin in an experimental model with rabbits. Methods: Two groups of female New Zealand rabbits underwent a lumbar spine inter-transverse artrodesys of segment L5-L6 using posterior approach. An homolog bone graft associated with a bio-compound (bovine BMP, 1,0mg and hydroxiapatita, 9,0mg) was used in the first group. The same procedure and bio-compound were used in the second group. However the animals were submitted to a prophylactic antibiotic-therapy with cefazolin starting two hours before the procedure and maintained for 24 hours after surgery. The animals were analyzed for 15 weeks, isolated in captivity and daily evaluated by a veterinarian under the clinical and neurological views and then euthanized, being the surgical pieces removed and submitted to a radiological and histological analysis. Results: For the first group the quantity and location of the implanted material varied among the individuals. However in most of the cases, the quantity and particles of homolog bone was insignificant and disperse along the soft tissue that covers the posterior region of the vertebrae. In the other cases, the particles with reabsorvation filled the reduced space between the transversal processes. For the second group, the quantity of material and its location also varied among the individuals. In most of the cases, several particles of homolog bone filled the space between the lateral processes whose bone neo-formation led to a trapping of these particles. All the cases showed formation in a higher or lower intensity of the cartilaginous tissue in the surface of the transverse processes. The radiological analysis showed in its relative frequency a higher frequency of complete fusion for group 2 when compared to group 1. Conclusion: Under the histological view for the model and experimental period analyzed, we inferred that, despite the fact that none of the proposed treatments had promoted a complete fusion of the vertebraes per bone tissue, the use of homolog bone + bovine BMPs associated with the use of cefazolin promoted a higher cartilaginous and bone formation with lower incidence of rejection of the material grafted in the doer area when compared to the group without the association of cefazolin. Under the radiological view, the relative analysis also showed to be superior in the group where cefazolin was used as a prophylactic antibiotic.
TEDE
BV UNIFESP: Teses e dissertações
43
Wang, Shou-Feng, and 王碩鋒. "The Relationship between Computer Auditing and Auditing Quality." Thesis, 2013. http://ndltd.ncl.edu.tw/handle/9868n6.
Full textAbstract:
碩士國立中正大學
會計與資訊科技研究所
102
The main purpose of this study is to investigate the relationship between computer auditing and audit quality, understanding whether the implementation of computer audit can reduce the enterprise motivation for earnings management. In this study, we use the absolute value of abnormal accruals as a proxy for audit quality, and computer audit is divided into the following four categories, 1. General Information Technology Control, 2. Application data validation test, 3. Application control, 4. Journal Entry Testing. This study aimed to investigate the relationships between computer auditing and audit quality. The empirical results of this study found that for the implementation of General Information Technology Control have a positive impact on audit quality, but the implementation of Application data validation test, Application control and Journal Entry Testing for enhancing audit quality is unhelpful.
44
Chen, Wei-Ting, and 陳威廷. "A Study on Computer Skills, Computer Auditing Practices, and Computer Auditing Performances of the Computer Auditors in Taiwan." Thesis, 2007. http://ndltd.ncl.edu.tw/handle/v8t5vx.
Full textAbstract:
碩士國立東華大學
企業管理學系
95
Facing the trend of computer transactions, computer files replace the traditional transaction documents, and stored in computer disks. Computerization has brought many conveniences for enterprises, but also raises the risks of computer frauds. Iin order to evaluate client’s internal control environment, auditors should not only just specialized in accounting and auditing knowledge, but also have to equip with appropriate computer abilities and utilize appropriate audit strategies, to provide efficient and better quality financial statements. The study subjects of this study are computer auditors of Taiwan Big 4 auditing firms. This study investigate four constructs – the study subjects’ computer skills, their prospected computer skills for auditing, their computer auditing practices, and the computer auditing performances of enterprises. With different auditing experiences (total working years, auditing years, working years in IT department, and computer auditing years), this study investigate the relationship among the four constructs. In MANOVA, computer auditors who have different total working years have different prospects on computer auditing practices and computer auditing performances, but have no difference on the importance of computer skills and their own computer skills. Computer auditors who have different auditing years have different prospects on importance of computer skills, their own computer skills, and computer auditing practices, but no difference on computer auditing performances. Computer auditors who have different working years in IT department, have different prospects on their own computer skills, computer auditing practices and computer auditing performances, but no difference on the importance of computer skills. Computer auditors who have different computer auditing years have different prospects on their own computer skills and computer auditing practices, but no difference on the importance of computer skills and computer auditing performances. By Scheffe test, we conclude that senior auditors appraise the four constructs better than juniors. We can conclude that the experience of senior auditors do help them accomplish their auditing practices, therefore, getting better computer auditing performances than juniors. In SEM 1, important computer skills do affect computer auditing practice, and then affect computer auditing performances. The important computer skills also affect computer auditing performances. In SEM 2, auditors’ own computer skills do affect computer auditing practice, and then affect computer auditing performances. The important computer skills also affect computer auditing performances. From the two models, computer auditing performances are the mediated variables, that is, when computer auditors consider the computer skills are more important (or equipped more computer skills), their computer auditing practices are much easier, and then getting better computer auditor performance.
45
Hsu, Ming-Fu, and 徐銘甫. "A Hybrid Computer Assisted Auditing Techniques In Auditing Risk Management." Thesis, 2012. http://ndltd.ncl.edu.tw/handle/54639207305419236438.
Full textAbstract:
博士國立暨南國際大學
國際企業學系
100
To protect the global economic market, fraudulent financial statements (FFS) detection is essential. Recently, FFS have begun to grow extremely, which has deteriorated the confidence of investors and shocked the financial systems. Professional literature indicated that failure in detecting FFS rested with auditor’s insufficient capability and lacked of effective assisted mechanism. Auditing judgment consistency has proven that it is subject to auditor’s work experience and the ability of problem solving, so that leads the auditing decisions encountered in today’s turbulent business environment to cover with a layer. In addition, most FFS is caused by top managers who have the authority to override the internal controls and deploys de facto power against audit committee. Such managers understand the limitation of an audit and the insufficient of standard auditing procedures in detecting FFS. There is an urgent need for another effective detecting mechanism. The study proposed a hybrid model to reduce these risks. The model integrates multiple feature selection combination which was grounded on ensemble learning, support vector machine (SVM) and knowledge extraction approaches. The advantage of multiple feature selection can eliminate the errors made by singular approach and determine appropriate features and mechanisms by multiple criteria decision making (MCDM) technique. The SVM has superior forecasting accuracy comes with a critical defects is lacking of interpretability. Thus, the knowledge extraction approaches were employed to tackle with the obscure nature of SVM and yield comprehensive rules as well as enhance its empirical application. The proposed model, which is supported by real example, can assist both internal and external auditors who must allocate limited auditing resource. The decision rules derived from the proposed model can be viewed as a roadmap to modify the personal capital structure. In addition, the investigation further examines the effectiveness of corporate transparency and information disclosure index on FFS. The governors can consider the potential implication and formulate future policy to sound the stability of financial market.
46
HUANG, CHAO-CHUN, and 黃朝淳. "The relationship between computer auditing and financial restatements." Thesis, 2017. http://ndltd.ncl.edu.tw/handle/73561954976496609798.
Full textAbstract:
碩士國立臺北大學
會計學系
105
The purpose of this study is to examine whether internal auditors using computer auditing affects financial reporting quality.This study used a sample of companies listed in Taiwan Stock Exchange Market and GreTai Securities Market over the period of 2005-2007.The quality of financial reporting proxy by financial restatements and internal auditors with computer skill experience measure computer auditing level.The primary research finding indicates that the companies with higher using computer auditing is lower financial restatements.The result provides incremental contribution to both literatures of quality of financial reporting and internal auditing.
47
崔靜青. "A Study of Computer Auditing Dynamic Risk Assessment." Thesis, 2003. http://ndltd.ncl.edu.tw/handle/21707586996074095929.
Full text
48
Joubert, Tinus. "Auditing Windows 2000 : methodologies and issues." Thesis, 2012. http://hdl.handle.net/10210/4338.
Full text
49
Wu, Tung-Hsien, and 吳東憲. "The Effect of Competency, Team Problem Solving Ability, and Computer Auditing Activity on Internal Auditing Performance." Thesis, 2013. http://ndltd.ncl.edu.tw/handle/73810191277120445634.
Full textAbstract:
博士國立中正大學
會計與資訊科技研究所
101
The majority of internal audit departments use computer-assisted audit tools and techniques (CAATTs) for assistance when performing computer auditing. Internal auditors generally possess substantial auditing knowledge and experience. Although this can facilitate the establishment of clear objectives for computer auditing operations to respond appropriately to computerized environments, in practice, the intended targets may not necessarily be met during each auditing operation. Previous studies on computer auditing have investigated diverse topics. However, few have empirically examined the benefits of CAATTs. Therefore, this study addresses the influence that competency, team problem-solving ability, and computer auditing activity have on audit performance. Because the implementation of CAATTs remains at an early stage, this study examines internal auditors’ personal perception to understand the relationships between variables. This study employed questionnaires to collect data from internal auditors and adopted the partial least squares regression method for analysis. The empirical results show team problem-solving ability and computer auditing activity directly influenced internal auditing performance and competency indirectly influenced internal auditing performance through the mediating effects of team problem-solving ability and computer auditing activity. For the sample of companies that had implemented CAATTs, computer auditing activity, and team problem-solving ability and computer auditing activity influenced internal auditing performance directly, and competency indirectly influenced internal auditing performance through the mediating effects of team problem-solving ability. For the sample of companies that had yet to implement CAATTs, competency exhibited a partial direct effect and a direct effect on internal auditing performance through the mediating effects of computer auditing activity, and computer auditing activity influenced internal auditing performance directly. The results of this study also indicated that knowledge indirectly influenced internal auditing performance through other competencies, team problem-solving ability, and computer auditing activity. Therefore, the implementation of CAATTs requires not only internal auditor competency, but also team cooperation and thoroughly established computer auditing activity to achieve the projected goals. The results of this study can enable internal audit departments to effectively perform computer auditing using CAATTs in the future.
50
Zavou, Angeliki. "Information Flow Auditing in the Cloud." Thesis, 2015. https://doi.org/10.7916/D82B8WQ9.
Full textAbstract:
As cloud technology matures and trendsetters like Google, Amazon, Microsoft, Apple, and VMware have become the top-tier cloud services players, public cloud services have turned mainstream for individual users. In this work, I propose a set of techniques that can be used as the basis for alleviating cloud customers' privacy concerns and elevating their condence in using the cloud for security-sensitive operations as well as trusting it with their sensitive data. The main goal is to provide cloud customers' with a reliable mechanism that will cover the entire path of tracking their sensitive data, while they are collected and used by cloud-hosted services, to the presentation of the tracking results to the respective data owners. In particular, my design accomplishes this goal by retrofitting legacy applications with data flow tracking techniques and providing the cloud customers with comprehensive information flow auditing capabilities. For this purpose, we created CloudFence, a cloud-wide fine-grained data flow tracking (DFT) framework, that sensitive data in well-defined domains, offering additional protection against inadvertent leaks and unauthorized access.