Assuring Homeland Security: Continuous Monitoring, Control and Assurance of Emergency Preparedness

This paper examines the potential relationships of Continuous Auditing and Emergency Preparedness to the design, development, and implementation of Emergency Response Management Information Systems (ERMIS). It develops an argument for the integration of emergency response processes and continuous decision process auditing requirements into the system development life cycle of an organization wide ERMIS

Audit Methodology for IT Governance

The continuous development of the new IT technologies was followed up by a rapid integration of them at the organization level. The management of the organizations face a new challenge: structural redefinition of the IT component in order to create plus value and to minimize IT risks through an efficient management of all IT resources of the organization. These changes have had a great impact on the governance of the IT component. The paper proposes an audit methodology of the IT Governance at the organization level. From this point of view the developed audit strategy is a strategy based on risks to enable IT auditor to study from the best angle efficiency and effectiveness of the IT Governance structure. The evaluation of the risks associated with IT Governance is a key process in planning the audit mission which will allow the identification of the segments with increased risks. With now ambition for completeness, the proposed methodology provides the auditor a useful tool in the accomplishment of his mission.IT Governance, Corporate Governance, IT Audit Process, IT Risk

Continuous Assurance for the Digital Transformation of Internal Auditing

As a result of the increasing demand on the credibility of the financial information disclosure, internal auditing has been playing an increasingly important role in organizations. Currently, there is a need to ensure the compliance of organizational transactions in real time in order to increase the reliability of the information and to reduce risks. In this context, the concept of Continuous Assurance has emerged, allowing to reduce potential errors and risks and obtain useful information in real time, supporting more effectively the decision making and internal auditing. This paper aims to understand the importance and the use of Continuous Assurance services from the perspective of the internal auditor. So, the methodology used is qualitative and the questionnaire survey was used to collect data from interna auditors in Portugal. The main results demonstrate, among other findings, that the Continuous Assurance services are considered by the internal auditors as very important. Despite this, its implementation in the organizations does not follow the importance assigned to it, and is still far from being fully deployed. The dimension of the audit department is an influential factor in the use of some Continuous Assurance services.info:eu-repo/semantics/publishedVersio

Continuous monitoring of enterprise risks: A delphi feasibility study

A constantly evolving regulatory environment, increasing market pressure to improve operations, and rapidly changing business conditions are creating the need for ongoing assurance that organizational risks are continually and adequately mitigated. Enterprises are perpetually exposed to fraud, poor decision making and/or other inefficiencies that can lead to significant financial loss and/or increased levels of operating risk. Increasingly, Information Systems are being harnessed to reinvent the risk management process. One promising technology is Continuous Auditing, which seeks to transform the audit process from periodic reviews of a few transactions to a continuous review of all transactions. However, the highly integrated, rapidly changing and hypercompetitive business environment of many corporations spawns numerous Enterprise Risks that have been excluded from standard risk management processes. An extension of Continuous Auditing is Continuous Monitoring, which is used by management to continually review business processes for unexpected deviations. Using a Delphi, the feasibility and desirability of applying Continuous Monitoring to different Enterprise Risks is studied. This study uncovers a significant relationship between the perceived business value of Continuous Monitoring and years of experience in Risk Management and Auditing, determines that all key architectural components for a Continuous Monitoring system are known, and indicates that Continuous Monitoring may be better suited for monitoring computer crime than monitoring strategic risks such as the loss of a competitive position

REQUIREMENT ANALYSIS FOR PROCESS-CENTRIC CONTINUOUS MONITORING

With the emergence of mission-critical real-time systems becoming ever more important to the competitive strategies of corporations and their e-business and supply-chain models, an increasing number of process controls are being embedded into information systems, and co-processed with business transaction thus providing for the continuous monitoring of business operations. A parallel trend in the auditing industry is towards continuous auditing, able to provide management with real-time auditing of the functioning of controls and of business transactions, thus enhancing significantly management’s ability to ensure compliance and make key business decisions. Continuous auditing requires that information systems are developed not only to fulfill business requirements but also continuous monitoring of transactions and other compliance and control requirements. This integration of business systems and their controls within a process-centric logic necessitates a likewise integration of their development processes. Subsequently existing tools and techniques for requirements analysis need to be recast within a hybrid and integrated approach dubbed requirement analysis for process-centric continuous monitoring or RA-PCCM, which consists of the concurrent analysis of operational systems, information systems, the control system, and the management system. Whilst efforts exist within the auditing community to outline a process-driven methodology for developing continuous auditing systems, this paper argues for integrating control development for continuous monitoring within the fold of information system development, hence restricting auditors to control monitoring assurance

Alat pemungut tandan kelapa sawit darjah kebebasan

Kelapa sawit merupakan tanaman yang menyumbang kepada industri penghasilan minyak di dunia seperti minyak masak, minyak industri, dan minyak bahan bakar (biodiesal). Pulangan dari sektor pertanian khususnya kelapa sawit sangat menguntungkan. Kini ramai petani telah bertukar ke tanaman kelapa sawit. Indonesia merupakan pengeluar minyak kelapa sawit terbesar di dunia [1]. Dengan terdapatnya pembukaan ladang sawit secara besar-besaran maka banyaklah syarikat-syarikat pertanian mula mencipta alat atau mesin yang baik untuk mencepatkan proses memetik dan mengeluarkan sawit dari ladang. Namun alatan yang lebih mesra pengguna dilihat tidak dipandang serius. Atas isu ini timbul idea mencipta alat pemungut tandan kelapa sawit darjah kebebasan. Semua sedia maklum untuk mengeluarkan sawit dari ladang perlunya meletakan tandan sawit ke dalam kereta sorong terlebih dahulu.Untuk meletakan sawit ke dalam kereta sorong T-shape palm fruit shank diperlukan. Pekebun akan mengangkat sawit yang telah dipetik dari pokok menggunakan alatan tersebut.Tanpa disedari alatan ini membahayakan pekebun dan membebankan. Pekebun memerlukan tenaga yang banyak untuk mengangkat tandan sawit yang amat berat ke dalam kereta sorong. Selain itu, mengangkat bebanan yang berat dalam kuantiti yang banyak menyebabkan sakit dibahagian tulang belakang pekebun. Di samping itu, mata alat yang tajam dan terdedah meningkatkan risiko kecederaan pekebun. Duri pada buah sawit juga bahaya pada pekebun

An overview on the development of internal control in public sector entities : evidence from Kosovo

Purpose: The development and implementation of Public Internal Financial Control (PIFC) in the management processes plays an important role in providing sound financial management, transparency, efficiency and effectiveness in the public sector entities. Design/Methodology/Approach: In this paper we have analysed the annual reports on the functioning of the PIFC system in the public sector of Kosovo for the 2014 – 2017 period. The analysis has been completed even more, based on the annual reports of National Audit Office, progress reports published by the European Commission, showing the progress achieved under the EU directives as well as the data from the monitoring reports of SIGMA (Support for Improvement in Governance and Management). Findings: The findings show that the implementation of rules and procedures for internal control in budget organizations lags behind the development of the overall framework. Practical Implications: Continuous improvements in the field of Public Internal Financial Control are important steps in the process of European integration, while Kosovo has made considerable efforts to develop the control environment and implement the PIFC principles, particularly by establishing the appropriate legal, and institutional framework to support the PIFC system. Originality/Value: PIFC development is a continuous process and is part of the public administration reform, hence this paper contributes in identifying possible gaps and weaknesses in the system of internal control in Kosovo and provides recommendations for their improvement.peer-reviewe

The Pervasive Impact of Information Technology on Internal Auditing

The impetus for this supplemental chapter titled The Pervasive Impact of Information Technology on Internal Auditing comes from The Institute of Internal Auditors Research Foundation (IIARF) monograph, Research Opportunities in Internal Auditing (2003), hereafter ROIA. ROIA combines theory and practice in conceptual frameworks to promote an understanding of the contemporary internal auditing environment. The goals of ROIA include stimulating academic research on significant internal auditing topics and serving as a “communication bridge” between academics and practicing professionals. ROIA provided us with internal auditing related subject matter content, including the most promising areas of information technology (IT) application in internal auditing. One significant topic that is only briefly mentioned in ROIA is the impact of IT on the internal audit function.3 IT is revolutionizing the nature and scope of worldwide communications, changing business processes, and erasing the traditional boundaries of the organization — internally between departments and externally with suppliers and customers. The resulting intra-enterprise coordination as well as inter-enterprise integration with external business partners through supply chain management and customer relationship management systems demonstrates the power of IT as both a driver and enabler of management processes and strategies. Indeed, internal auditors must recognize and leverage the powerful capabilities of computers and technology in collecting, generating, and evaluating information for managerial decision making related to strategy, risk management and controls, and, more broadly, for effective organizational governance. At the same time, internal auditors must recognize that IT, in itself, will not increase the function’s effectiveness. Rather internal auditors must first understand the audit objectives and select appropriate IT to achieve those objectives (i.e., the task-technology fit is essential). It is also imperative that internal auditors understand their organization’s appropriate leveraging of IT, and learn to harness additional IT to optimize internal audit performance.https://ecommons.udayton.edu/books/1037/thumbnail.jp

Report from GI-Dagstuhl Seminar 16394: Software Performance Engineering in the DevOps World

This report documents the program and the outcomes of GI-Dagstuhl Seminar 16394 "Software Performance Engineering in the DevOps World". The seminar addressed the problem of performance-aware DevOps. Both, DevOps and performance engineering have been growing trends over the past one to two years, in no small part due to the rise in importance of identifying performance anomalies in the operations (Ops) of cloud and big data systems and feeding these back to the development (Dev). However, so far, the research community has treated software engineering, performance engineering, and cloud computing mostly as individual research areas. We aimed to identify cross-community collaboration, and to set the path for long-lasting collaborations towards performance-aware DevOps. The main goal of the seminar was to bring together young researchers (PhD students in a later stage of their PhD, as well as PostDocs or Junior Professors) in the areas of (i) software engineering, (ii) performance engineering, and (iii) cloud computing and big data to present their current research projects, to exchange experience and expertise, to discuss research challenges, and to develop ideas for future collaborations