Auditor independence and audit risk: a reconceptualisation

The principles-based U.K. regulatory framework for auditor independence (Chartered Accountants Joint Ethics Committee 1996), which was adopted in 1997, identifies threats to independence in fact, independence in appearance, and the safeguards that control these threats. These principles are incorporated in the International Federation of Accountants (IFAC 2001) ethics framework. Drawing on six case studies of interactions involving significant accounting issues between audit engagement partners and finance directors in U.K.-listed companies, we analyze the threats and safeguards to auditor independence in fact that are relevant to the outcome of each interaction. Despite the U.K.'s comprehensive regulatory framework for independence, audit quality control, and independent inspection of firms, not all the interactions have a fully compliant outcome. Independence in fact is compromised where the safeguards in the framework are insufficient defense against the threats, particularly regarding intimidation and bullying during the audit process. Further examples of existing threats are identified and additional threats emerge, in particular an urgency threat, and a loss of face threat. Management motivation is found to be a key driver of pressure. Threats to independence arising within audit firms are not recognized in the current U.K. audit risk model. An extended risk model incorporating within-firm risk is suggested. This study demonstrates the need for continual improvement to regulatory frameworks; in particular it supports the recent U.S. Securities and Exchange Commission (SEC) rule on improper influence on the conduct of audits (Securities and Exchange Commission 2003a)

Capital markets and e-fraud: policy note and concept paper for future study

The technological dependency of securities exchanges on internet-based (IP) platforms has dramatically increased the industry's exposure to reputation, market, and operational risks. In addition, the convergence of several innovations in the market are adding stress to these systems. These innovations affect everything from software to system design and architecture. These include the use of XML (extensible markup language) as the industry IP language, STP or straight through processing of data, pervasive or diffuse computing and grid computing, as well as the increased use of Internet and wireless. The fraud is not new, rather, the magnitude and speed by which fraud can be committed has grown exponentially due to the convergence of once private networks on-line. It is imperative that senior management of securities markets and brokerage houses be properly informed of the negative externalities associated with e-brokerage and the possible critical points of failure that exist in today's digitized financial sector as they grow into tomorrow's exchanges. The overwhelming issue regarding e-finance is to determine the true level of understanding that senior management has about on-line platforms, including the inherent risks and the depth of the need to use it wisely. Kellermann and McNevin attempt to highlight the various risks that have been magnified by the increasing digitalization of processes within the brokerage arena and explain the need for concerted research and analysis of these as well as the profound consequences that may entail without proper planning. An effective legal, regulatory, and enforcement framework is essential for creating the right incentive structure for market participants. The legal and regulatory framework should focus on the improvement of internal monitoring of risks and vulnerabilities, greater information sharing about these risks and vulnerabilities, education and training on the care and use of these technologies, and better reporting of risks and responses. Public/private partnerships and collaborations also are needed to create an electronic commerce (e-commerce) environment that is safe and sound.Environmental Economics&Policies,Insurance&Risk Mitigation,Financial Intermediation,ICT Policy and Strategies,Banks&Banking Reform

An Overview of Economic Approaches to Information Security Management

The increasing concerns of clients, particularly in online commerce, plus the impact of legislations on information security have compelled companies to put more resources in information security. As a result, senior managers in many organizations are now expressing a much greater interest in information security. However, the largest body of research related to preventing breaches is technical, focusing on such issues as encryption and access control. In contrast, research related to the economic aspects of information security is small but rapidly growing. The goal of this technical note is twofold: i) to provide the reader with an structured overview of the economic approaches to information security and ii) to identify potential research directions

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Legislative responses to data breaches and information security failures

On July 23, 2008, the Payment Cards Center of the Federal Reserve Bank of Philadelphia hosted a workshop to discuss federal and state legislative responses to data breaches. The workshop addressed several laws and legislative initiatives designed to create greater safeguards for personal consumer information frequently targeted by data thieves and often subject to the failures of information security protocols. Diane Slifer, J.D., M.B.A., who has frequently presented at forums on data security and has represented clients in matters related to data breaches, led the workshop. Slifer examined several highly publicized data breaches and explained how various laws and regulations have been put in place in order to protect and inform consumers whose personal information has been compromised. Additionally, she discussed several legislative initiatives designed to potentially create a more structured and secure environment for private consumer data overall. This paper summarizes Slifer's presentation, the ensuing discussion, and additional Payment Cards Center research. In addition, it offers a brief overview of recent data breaches, a description of various ways that federal and state laws operate, and some thoughts on how effective these laws and regulations have been.Payment systems ; Identity theft ; Fraud ; Law and legislation

Time Enough - Consequences of Human Microchip Implantation

Dr. Ramesh argues that microchip implantation is both possible and, for some purposes, desirable and suggests that now is the time to consider strategies for preventing potentially grievous intrusion into personal privacy