The quality of mandatory non-financial (risk) disclosures: the moderating role of audit firm and partner characteristics

Risk disclosures are among the most important types of non-financial information valued by investors. Risk disclosures are mostly narrative, proprietary in nature and, consequently, the importance of their accuracy and assurance is high to prevent them becoming boiler-plate and lose their relevance. By exploiting the unique features of a setting in which risk disclosure is mandatory and under a positive assurance requirement, we investigate whether the quality of audited risk disclosures is associated with the type of audit firm (Big-4 vs. non-Big-4), the characteristics of the audit firm and the attributes of the audit partner. Our results show an association between risk disclosure quality and auditors, but not in the ways that one would have expected. After the enforcement of a regulation that requires a detailed description of risks in the Operating and Financial Review (OFR) and a positive assurance of external audit over these disclosures, we do not document any significant Big-4 effect. The quality of risk disclosures is associated with the attributes of the audit partner, namely familiarity with different client risk disclosures, expertise and gender, independently from her belonging to a Big-4 audit firm. Along this way, we extend the recent evidence on the audit partner effects in the assurance of non-financial narrative information

The future of corporate reporting: a review article

Significant changes in the corporate external reporting environment have led to proposals for fundamental changes in corporate reporting practices. Recent influential reports by major organisations have suggested that a variety of new information types be reported, in particular forward-looking, non-financial and soft information. This paper presents a review and synthesis of these reports and provides a framework for classifying and describing suggested information types. The existence of academic antecedents for certain current proposals are identified and the ambiguous relationship between research and practice is explored. The implications for future academic research are discussed and a research agenda is introduced

Safety-Critical Systems and Agile Development: A Mapping Study

In the last decades, agile methods had a huge impact on how software is developed. In many cases, this has led to significant benefits, such as quality and speed of software deliveries to customers. However, safety-critical systems have widely been dismissed from benefiting from agile methods. Products that include safety critical aspects are therefore faced with a situation in which the development of safety-critical parts can significantly limit the potential speed-up through agile methods, for the full product, but also in the non-safety critical parts. For such products, the ability to develop safety-critical software in an agile way will generate a competitive advantage. In order to enable future research in this important area, we present in this paper a mapping of the current state of practice based on {a mixed method approach}. Starting from a workshop with experts from six large Swedish product development companies we develop a lens for our analysis. We then present a systematic mapping study on safety-critical systems and agile development through this lens in order to map potential benefits, challenges, and solution candidates for guiding future research.Comment: Accepted at Euromicro Conf. on Software Engineering and Advanced Applications 2018, Prague, Czech Republi

A Security Pattern for Cloud service certification

Cloud computing is interesting from the economic, operational and even energy consumption perspectives but it still raises concerns regarding the security, privacy, governance and compliance of the data and software services offered through it. However, the task of verifying security properties in services running on cloud is not trivial. We notice the provision and security of a cloud service is sensitive. Because of the potential interference between the features and behavior of all the inter-dependent services in all layers of the cloud stack (as well as dynamic changes in them). Besides current cloud models do not include support for trust-focused communication between layers. We present a mechanism to implement cloud service certification process based on the usage of Trusted Computing technology, by means of its Trusted Computing Platform (TPM) implementation of its architecture. Among many security security features it is a tamper proof resistance built in device and provides a root of trust to affix our certification mechanism. We present as a security pattern the approach for service certification based on the use TPM.Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tec

KAPTUR: technical analysis report

Led by the Visual Arts Data Service (VADS) and funded by the JISC Managing Research Data programme (2011-13) KAPTUR will discover, create and pilot a sectoral model of best practice in the management of research data in the visual arts in collaboration with four institutional partners: Glasgow School of Art; Goldsmiths, University of London; University for the Creative Arts; and University of the Arts London. This report is framed around the research question: which technical system is most suitable for managing visual arts research data? The first stage involved a literature review including information gathered through attendance at meetings and events, and Internet research, as well as information on projects from the previous round of JISCMRD funding (2009-11). During February and March 2012, the Technical Manager carried out interviews with the four KAPTUR Project Officers and also met with IT staff at each institution. This led to the creation of a user requirement document (Appendix A), which was then circulated to the project team for additional comments and feedback. The Technical Manager selected 17 systems to compare with the user requirement document (Appendix B). Five of the systems had similar scores so these were short-listed. The Technical Manager created an online form into which the Project Officers entered priority scores for each of the user requirements in order to calculate a more accurate score for each of the five short-listed systems (Appendix C) and this resulted in the choice of EPrints as the software for the KAPTUR project

Risk across design domains

Design processes involve risk: to life and limb if the product is unsafe, to the financial health of the company if the product is late, unsuccessful or simply the wrong product, as well as to the emotions and careers of the designers. Many of the risks are shared universally by all designers, but each different industry and each different project faces its own spectrum of serious and minor risks. Different industries have put their methodological effort into finding ways to mitigate the risks they recognise as important. As part of the Across Design project exploring similarities and differences between design processes in different industries, this paper examines how risks are perceived and handled in different types of design process, and proposes that designers and managers can usefully look to other industries for ways to handle risks that are more central for those other industries

Architecture and Information Requirements to Assess and Predict Flight Safety Risks During Highly Autonomous Urban Flight Operations

As aviation adopts new and increasingly complex operational paradigms, vehicle types, and technologies to broaden airspace capability and efficiency, maintaining a safe system will require recognition and timely mitigation of new safety issues as they emerge and before significant consequences occur. A shift toward a more predictive risk mitigation capability becomes critical to meet this challenge. In-time safety assurance comprises monitoring, assessment, and mitigation functions that proactively reduce risk in complex operational environments where the interplay of hazards may not be known (and therefore not accounted for) during design. These functions can also help to understand and predict emergent effects caused by the increased use of automation or autonomous functions that may exhibit unexpected non-deterministic behaviors. The envisioned monitoring and assessment functions can look for precursors, anomalies, and trends (PATs) by applying model-based and data-driven methods. Outputs would then drive downstream mitigation(s) if needed to reduce risk. These mitigations may be accomplished using traditional design revision processes or via operational (and sometimes automated) mechanisms. The latter refers to the in-time aspect of the system concept. This report comprises architecture and information requirements and considerations toward enabling such a capability within the domain of low altitude highly autonomous urban flight operations. This domain may span, for example, public-use surveillance missions flown by small unmanned aircraft (e.g., infrastructure inspection, facility management, emergency response, law enforcement, and/or security) to transportation missions flown by larger aircraft that may carry passengers or deliver products. Caveat: Any stated requirements in this report should be considered initial requirements that are intended to drive research and development (R&D). These initial requirements are likely to evolve based on R&D findings, refinement of operational concepts, industry advances, and new industry or regulatory policies or standards related to safety assurance