2,577 research outputs found

    Environmental management system auditing within Australasian companies

    Full text link
    Reviews the literature on environmental management auditing, and surveys 132 ISO 14001 certified organizations in Australia and in New Zealand. Identifies the main reason for internal environmental audit, and the most frequent actions that result from the audit process, such as formation of a preventive plan. Looks at review procedures by top management, and the frequency of audit. Reveals the length of time an audit takes and the method of documentation adopted, by different industries. Notes six major findings and recommends sharing the findings of audits with employees and&nbsp; suppliers so that improvements can be identified and implemented.<br /

    The Social Construction of Risk in Trustworthy Digital Repository Audit and Certification

    Full text link
    This dissertation examines the social construction of risk in trustworthy digital repository (TDR) certification. It focuses on the Trustworthy Repositories Audit and Certification (TRAC) process, which is administered by the Center for Research Libraries and governed by the ISO 16363 standard. This research seeks to understand how standard developers, auditors, and repository staff members construct their understanding of risk, a foundational concept in digital preservation and TDR certification, in the context of a TRAC audit. In this dissertation, I have developed an analytical framework of risk that draws on eight social factors that influence how people and groups construct their understandings of risk in the context of digital preservation: communication, complexity, expertise, organizations, political culture, trust, uncertainty, and vulnerability. I argue that although digital preservation has been examined as a technical, economic, and organizational phenomenon, it is also social. I also argue that while the digital preservation community has regarded the concept of risk as a discoverable, calculable value, it is in fact socially constructed, and as such research is needed that considers the social context in which the repositories exist and the ways in which social factors may influence how participants understand and behave in response to risk information. This research employs a mixed methods research design combining in-depth semi-structured interviews with document analysis to examine: (1) how participants in three groups (i.e., standard developers, auditors, and repository staff members) construct their understanding of risk in the context of a TRAC audit, and (2) to what degree the eight factors from my analytical framework come into play in the audit process. My findings reveal the TRAC audit process is one in which the actors involved agree on a definition of risk, but differ about whether an audit process based on this definition can determine trustworthiness with regard to long-term digital preservation. My findings demonstrate that while standard developers, auditors, and repository staff generally share an understanding of the major sources of potential risk that face digital repositories, they disagree about whether an how these risks can be mitigated and how mitigation can be proven. Individuals who are more removed from the day-to-day work of the repositories undergoing an audit are more likely to accept well-documented risk identification and mitigation strategies as sufficient evidence of trustworthiness, while repository staff are skeptical that documentation is sufficient evidence of risk assessment and mitigation and thus question whether this will translate to actual trustworthiness for long-term digital preservation. My findings support the argument that digital preservation should treat risk as a socially constructed phenomenon and consider how social factors contribute to an understanding of risk by participants in the audit and certification of TDRs. I found that communication, expertise, uncertainty, and vulnerability were particularly strong factors that influenced how auditors and repository staff members understood risk in the context of TRAC audit processes. This research has brought empirical methods to an emerging discipline and has created a set of baseline data about the first wave of TRAC certifications that will lay a foundation for future research.PHDInformationUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/147539/1/frankrd_1.pd

    Data Analytics in Risk Assessment

    Get PDF
    Possibilities to obtain a more thorough and efficient understanding of the entity and its environment during an audit, lays in the use of technology and data analytics presented for the auditor. In an environment with high volume of data and increasing complexity, there are potential to improve the quality of the auditor's risk assessment (IAASB, 2017, p. 7). However, research indicates that the use of DA is limited, despite the fact that it offers a variety of advantages and multiple audit firms have invested capital in the technology to enable the use of DA (Krieger et al., 2021). This is due to lack of knowledge, support, and acceptance from the standard-setters (Austin et al., 2021). Prior research has focused largely on DA in the audit process of obtaining evidence. The aim of this master's thesis is to provide insight on how DA is utilized in risk assessment and how this is affected by the guidance provided by the International Standards on Auditing (ISA). We have examined how data analytics is currently used, identified potential for growth and improvement, and looked at how the ISAs support the use of data analytics in risk assessment. Our dissertation contributes to this lack of empirical research and add a new perspective to the discussion by answering: “How data analytics are utilized in risk assessment and the role of the auditing standards in shaping its use”. To answer our research aim, we used a qualitative approach for gathering primary data. We conducted eight semi-structured interviews with informants with deep and broad knowledge within the auditing field. Our results shows that DA is widely used in risk assessment by larger audit firms, however, there are variations in how it is applied, prioritized, and defined. As a result, DA in risk assessment is currently not operating at its highest potential. By increasing knowledge and expanding access to standardized data, we may take a step toward achieving DA's promise in risk assessment. But in order for this to happen, the standards need to be updated. The present guidelines need to be modified since they neither discourage nor support the auditor to use DA. The criteria for employing DA, the auditor's skill requirements, or just more guidance and information about what may be used, might all be added to achieve this

    Data Analytics in Risk Assessment

    Get PDF
    Possibilities to obtain a more thorough and efficient understanding of the entity and its environment during an audit, lays in the use of technology and data analytics presented for the auditor. In an environment with high volume of data and increasing complexity, there are potential to improve the quality of the auditor's risk assessment (IAASB, 2017, p. 7). However, research indicates that the use of DA is limited, despite the fact that it offers a variety of advantages and multiple audit firms have invested capital in the technology to enable the use of DA (Krieger et al., 2021). This is due to lack of knowledge, support, and acceptance from the standard-setters (Austin et al., 2021). Prior research has focused largely on DA in the audit process of obtaining evidence. The aim of this master's thesis is to provide insight on how DA is utilized in risk assessment and how this is affected by the guidance provided by the International Standards on Auditing (ISA). We have examined how data analytics is currently used, identified potential for growth and improvement, and looked at how the ISAs support the use of data analytics in risk assessment. Our dissertation contributes to this lack of empirical research and add a new perspective to the discussion by answering: “How data analytics are utilized in risk assessment and the role of the auditing standards in shaping its use”. To answer our research aim, we used a qualitative approach for gathering primary data. We conducted eight semi-structured interviews with informants with deep and broad knowledge within the auditing field. Our results shows that DA is widely used in risk assessment by larger audit firms, however, there are variations in how it is applied, prioritized, and defined. As a result, DA in risk assessment is currently not operating at its highest potential. By increasing knowledge and expanding access to standardized data, we may take a step toward achieving DA's promise in risk assessment. But in order for this to happen, the standards need to be updated. The present guidelines need to be modified since they neither discourage nor support the auditor to use DA. The criteria for employing DA, the auditor's skill requirements, or just more guidance and information about what may be used, might all be added to achieve this

    The Effects of Big Data and Blockchain on the Audit Profession

    Get PDF
    This qualitative study purposed to gain a greater understanding of the technological systems effecting the audit industry. The central focus was to gain an in-depth understanding of the effects of big data and blockchain technology on the audit industry. Interviews were carried out with selected participants working for Certified Public Accounting (CPA) firms. From the interviews, eleven CPAs provided the data to form the discovered themes. The information gathered in the interviews contributed to the body of knowledge concerning big data and blockchain technology as recognized by practicing CPAs. Four themes were identified which aligned with the participants feedback concerning big data and blockchain effects on the audit. The themes discovered were: the need for additional training to fully prepare for the technological spectrums, a need for software developments beyond the traditional excel applications, having an on-going correspondence with information (IT) technology personnel, and an acknowledgment of the limited practical application of blockchain on the audit. This study shall assist auditors and other stakeholders interested in preparing to work with clients that have big data and/or blockchain technology embedded in their systems

    The future of internal auditing: how technology is shaping the profession

    Get PDF
    openThis thesis explores the integration of technology into internal auditing methods to enhance effectiveness and efficiency. The first chapter provides an overview of internal auditing, including its origins, objectives, and theoretical frameworks. Emphasis is placed on maintaining independence, corporate governance, and risk management. The second chapter focuses on planning and daily operations, detailing the steps involved in the audit process and generating reports for improvement. The core of the thesis lies in the third chapter, which highlights the impact of technology, such as Data Analytics, Automation, Process Mining, and Artificial Intelligence. These technologies aim to simplify tasks and enable continuous auditing and monitoring. A vertical passage will be made in the fourth chapter with reference to current regulations in technological issues

    Framework for Security Transparency in Cloud Computing

    Get PDF
    The migration of sensitive data and applications from the on-premise data centre to a cloud environment increases cyber risks to users, mainly because the cloud environment is managed and maintained by a third-party. In particular, the partial surrender of sensitive data and application to a cloud environment creates numerous concerns that are related to a lack of security transparency. Security transparency involves the disclosure of information by cloud service providers about the security measures being put in place to protect assets and meet the expectations of customers. It establishes trust in service relationship between cloud service providers and customers, and without evidence of continuous transparency, trust and confidence are affected and are likely to hinder extensive usage of cloud services. Also, insufficient security transparency is considered as an added level of risk and increases the difficulty of demonstrating conformance to customer requirements and ensuring that the cloud service providers adequately implement security obligations. The research community have acknowledged the pressing need to address security transparency concerns, and although technical aspects for ensuring security and privacy have been researched widely, the focus on security transparency is still scarce. The relatively few literature mostly approach the issue of security transparency from cloud providers’ perspective, while other works have contributed feasible techniques for comparison and selection of cloud service providers using metrics such as transparency and trustworthiness. However, there is still a shortage of research that focuses on improving security transparency from cloud users’ point of view. In particular, there is still a gap in the literature that (i) dissects security transparency from the lens of conceptual knowledge up to implementation from organizational and technical perspectives and; (ii) support continuous transparency by enabling the vetting and probing of cloud service providers’ conformity to specific customer requirements. The significant growth in moving business to the cloud – due to its scalability and perceived effectiveness – underlines the dire need for research in this area. This thesis presents a framework that comprises the core conceptual elements that constitute security transparency in cloud computing. It contributes to the knowledge domain of security transparency in cloud computing by proposing the following. Firstly, the research analyses the basics of cloud security transparency by exploring the notion and foundational concepts that constitute security transparency. Secondly, it proposes a framework which integrates various concepts from requirement engineering domain and an accompanying process that could be followed to implement the framework. The framework and its process provide an essential set of conceptual ideas, activities and steps that can be followed at an organizational level to attain security transparency, which are based on the principles of industry standards and best practices. Thirdly, for ensuring continuous transparency, the thesis proposes an essential tool that supports the collection and assessment of evidence from cloud providers, including the establishment of remedial actions for redressing deficiencies in cloud provider practices. The tool serves as a supplementary component of the proposed framework that enables continuous inspection of how predefined customer requirements are being satisfied. The thesis also validates the proposed security transparency framework and tool in terms of validity, applicability, adaptability, and acceptability using two different case studies. Feedbacks are collected from stakeholders and analysed using essential criteria such as ease of use, relevance, usability, etc. The result of the analysis illustrates the validity and acceptability of both the framework and tool in enhancing security transparency in a real-world environment
    • …
    corecore