A control model for the evaluation and analysis of control facilities in a simple path context model in a MVS/XA environment
- Authors: Damianides, Marios
- Date: 2014-07-28
- Subjects: Computer security , Computers - Access control , Auditing - Data processing
- Type: Thesis
- Identifier: uj:11839 , http://hdl.handle.net/10210/11571
- Description: M.Com. (Computer Auditing) , The need to evaluate today's complex computer environments from an audit perspective has increased, particularly in viewof the disappearance of a paper audit trail and the inefficiencies of auditing "around" the computer in these environments. By making use of the Access Path and the Path Context Models, it was possible to carry out an evaluation of the MVS/XA environment. This evaluation was carried out using the methodology developed in this research essay. This methodology may have universal applicability in the evaluation of computer security. The concept of each layer in the access path being a "net", which only allows authorised users to drop to the next layer, was applied. It was found that each systems software component had sufficient facilities to meet the control objectives. The operating system itself, however, was found to present the installation with more risk factors than controls. It was therefore concluded that an external access control software package needs to be implemented to supplement the controls in this environment, if the control objectives are to be met. It was also concluded that the implementation of this package would not, in itself, solve all the security issues, and that the matrices developed should be used in the implementation of this package. This is a further indication of the usefulness of the model and the methodology. The applicability of the Access Path and the Path Context Models in the evaluation of the predefined environment has therefore been established.
- Full Text:
A model for the evaluation of risks and control features in ORACLE 7
- Authors: Snyman, Elisna
- Date: 2015-09-08
- Subjects: ORACLE 7 (Computer system) , Database management , Auditing - Data processing
- Type: Thesis
- Identifier: uj:14059 , http://hdl.handle.net/10210/14475
- Description: M.Com. , The proliferation of computers and the advances in technology introduced a number of new and additional management and control considerations. The inherent complexity of these environments has also increased the need to evaluate the adequacy of controls from an audit perspective. Due to the increasing use of database management systems as the backbone of information processing applications and the inherent complexities and diversity of these environments, the auditor is faced with the challenge of whether and to what extent reliance may be placed on the data contained in these databases...
- Full Text:
A taxonomy of risks in rapid application development (RAD) projects
- Authors: Dunseith, Roy H.
- Date: 2014-04-16
- Subjects: Auditing - Data processing , Computer auditing
- Type: Thesis
- Identifier: uj:10786 , http://hdl.handle.net/10210/10294
- Description: M. Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
Access control by means of speech recognition and its impact on the auditor
- Authors: Van Graan, Johan Hendrik Otto
- Date: 2012-08-22
- Subjects: Computers - Access control , Automatic speech recognition , Auditing - Data processing
- Type: Mini-Dissertation
- Identifier: uj:3016 , http://hdl.handle.net/10210/6438
- Description: M.Comm. , In recent times access control has become more and more important, largely as a result of changes in society and an increase in the quantity and sensitivity of information being stored on computers. Speech recognition is nothing but communication which occurs when two persons have a conversation and one understands what the other says and means. This process consists of sound waves (analogue signals) that are carried through the air. The sound is converted (digitized) by the ear to impulses. The brain matches these impulses to a meaning (template) to which the person responds by an action. Speaker independent recognition involves converting the spoken word into an electronic signal. The signal is then compared to the computer's vocabulary, which consists of a set of templates which have been chosen to represent the average speaker. Speaker dependent recognition consists of training the computer to recognize a specific word spoken by an individual. This is done by having the speaker say the word several times. The computer then creates an average template for that word for that speaker which is then used for reference. For any speech recognition system that an auditor needs to audit, the following have to be established: What does the system reside on? A mainframe, Mini, PC or LAN. Is the system speaker independent, speaker dependent or both? Is the system used for control of physical access, logical access or both? Is the system used for control of access to high security area/data, low security area/data or both? The answers to the above will place the system in one of the categories of the following risk matrix. At the moment the auditor need not be excessively concerned about speech recognition, as it is mainly confined to access control. Both physical and logical access control can easily be audited using normal audit techniques, with a basic knowledge of speech recognition. The future promises exciting applications for speech recognition, which may even include the ability to communicate with the computer in the same way as one speaks to another human being. The auditor will have to grow with technology and keep up to date with developments.
- Full Text:
An analysis of information technology governance of listed companies in South Africa
- Authors: Masake, Napoleon
- Date: 2019
- Subjects: Electronic data processing - Auditing , Auditing - Data processing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/414797 , uj:34998
- Description: Abstract: Keeping up with the information technology governance requirements is critical in many listed companies in South Africa. It requires the governance framework to identify the mechanisms which will oversee the use of information technology and manage the risk associated with using information and technology. This study aimed to analyse the information technology governance by listed companies in South Africa. It does so through a case study of selected companies listed in the Johannesburg Stock Exchange (JSE). The present study also focused on the seven principles of information technology governance, which requires the companies to apply the principles or explain the non-application of the principles of the governance of information technology. Using a qualitative study approach, the study adopted a content analysis approach to analyse the governance of information technology by listed companies in South Africa. Such analysis was based on the integrated annual reports for the financial year end 2015, which were published by listed companies in South Africa in order to ascertain the level of application with the principles of information technology governance. Thus, the study revealed that almost ninety percent (90%) of the selected companies adhere to the compliance framework, whereas, ten (10%) are still not applying with the principles of information technology governance. As usual in research, this study is not free from limitation. Thus, the limitation to this study is that it presents a snapshot of information technology governance up until 2015, and these results cannot be extrapolated to other chapters of The King Report on Corporate Governance for South Africa 2009, such as risk management. Further studies could include a review of compliance to The King IV on Corporate Governance for South Africa 2016 and compliance to The King III on Corporate Governance of South Africa 2009 by non-listed entities. , M.Com. (Computer Auditing)
- Full Text:
An audit approach to risks and controls in the virtual enterprise
- Authors: Britz, Charl van Reenen
- Date: 2012-08-22
- Subjects: Electronic data processing - Auditing , Auditing - Data processing , Corporations - Auditing
- Type: Mini-Dissertation
- Identifier: http://ujcontent.uj.ac.za8080/10210/378504 , uj:2936 , http://hdl.handle.net/10210/6364
- Description: M.Comm. , "The convergence of computer networking and telecommunication technologies is making it possible for groups of companies to co-ordinate geographically and institutionally distributed capabilities into a single virtual organisation and to achieve powerful competitive advantages in the process" (Grimshaw & Kwok, 1998:45). To what extent do these developments effect the auditor's approach in determining his audit strategy? According to Jenkins, Cooke and Quest (1992:18), one of the factors that effects the audit strategy is the overall control environment of the business. The objectives of this short dissertation will be: to identify the risks from an audit perspective that are associated with the virtual enterprise; and to identify controls which the management of the auditor's client could implement to minimise these risks. This short dissertation has concentrated exclusively on the investigation of risks and the related controls which are relevant to the auditor in the virtual enterprise. Certain limitations have been necessary in order to remain focused, namely: The so-called teleshopping or telemarketing organisation is excluded from this short dissertation; and Plastic cards and the detail controls under each of the main category of computer controls are also excluded.
- Full Text:
An audit perspective of data quality
- Authors: Ramabulana, Territon
- Date: 2014-11-20
- Subjects: Database management , Database security , Auditing - Data processing
- Type: Thesis
- Identifier: uj:13087 , http://hdl.handle.net/10210/12965
- Description: M.Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
An evaluation of information technology security threats : a case study of the University of Johannesburg
- Authors: Rama, Pranisha
- Date: 2016
- Subjects: Information technology - Security measures , Auditing - Data processing , Cyberterrorism
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/237303 , uj:24314
- Description: M.Com. (Computer Auditing) , Abstract: This research investigated the different information technology (IT) security threats that the university faces and the concept of IT security awareness. The research has become increasingly relevant because IT plays an important role to prevent the interruption of a university network in the event of a cyber-attack. Thus, universities must consider the importance of creating IT security awareness. However, IT risks such as phishing, hacking, viruses and stolen passwords often expose universities to cyber-attacks. As a consequence of these ongoing IT security risks, universities must fully understand the importance of IT security and the impact it could have on the institution. To achieve the research objective, the research followed an empirical study and a quantitative method that consisted of a questionnaire distributed to BCom Accounting second year students at the University of Johannesburg. Using a literature review on IT security threats and IT security awareness programmes at universities had also produced a significant findings on IT security threats. Thus, the study found that that the majority of students are not aware of IT security threats affecting a university. Although the majority of the students perceive IT security threats as a negative implication, it was found that universities are not placing enough focus on IT security awareness. It was evident that there is a need for improvement in the way universities address IT security threats. Arising from the analysis, the study recommends that an effective and adequate IT security awareness should be in place to address IT security threats
- Full Text:
Audit evaluation of the controls in the Adabas database management system
- Authors: Van Schalkwyk, R.
- Date: 2014-02-11
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: uj:3906 , http://hdl.handle.net/10210/9270
- Description: M.Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
Audit risks in a database environment with specific reference to Oracle7
- Authors: Wiid, Liné Cornette
- Date: 2014-02-13
- Subjects: Auditing - Data processing , Financial statements - South Africa , Risk management - Data processing , ORACLE 7 (Computer system)
- Type: Thesis
- Identifier: uj:3954 , http://hdl.handle.net/10210/9314
- Description: M.Com. (Computer Auditing) , The objective of an independent audit of financial statements is to express an opinion on the fair presentation of the financial statements. The auditor should obtain sufficient audit evidence to enable him to draw conclusions to support the content of his report. The auditor should obtain an understanding of the entity's accounting system and related internal controls to assess their adequacy as a basis for the preparation of financial information and to assist in the designing of his audit procedures. If the auditor intends to rely on any internal controls, he should study and evaluate those controls. If a database system is used, it is logical that all the financial data reside in the database. In order for an auditor to express an opinion on the financial statements, he has to determine to what extent he can rely on the integrity of the financial data that resides in the database. The objective of this research was to identify the risks and controls present in a general database environment as well as those present in the Oracle? database management system environment, to develop a comparison table between these environments and to develop an Oracle? internal control questionnaire.
- Full Text:
Auditing database integrity with special reference to relational and relationallike database management systems
- Authors: Johnston, Hester Nicolette
- Date: 2014-09-23
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: uj:12359 , http://hdl.handle.net/10210/12144
- Description: M.Com. (Accounting) , Please refer to full text to view abstract
- Full Text:
Computer audit concerns in the client-server environment
- Authors: Streicher, Rika
- Date: 2014-02-13
- Subjects: Client/server computing , Electronic data processing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:3990 , http://hdl.handle.net/10210/9347
- Description: M. Com. (Computer Auditing) , and peer-to-peer have taken the world by storm. Dramatic changes have taken place in the information technology of organisations that have opted to follow this trend in the quest for greater flexibility and access to all those connected. Though technology has already had far-reaching effects on business, many changes are yet to be seen. The threats associated with the continuing developments in computer technology have resulted in many traditional internal control processes changing forever. Although, according to the above, it is fairly common that the client-server technology brings with it new threats and risks with internal control processes having to change to address these threats and risks, not all areas have been addressed yet. It is therefore clear that computer audit has a role to play. The main objective of this short dissertation is to shed some light on the problem described above: How will the changes wrought by the client-server technology affect the traditional audit approach? In other words, how will the computer auditor narrow the gap that has originated between traditional established audit procedures and an audit approach that meets the new challenges of the client-server environment? This will be achieved by pinpointing the audit concerns that arise due to the fundamental differences between the traditional systems environment and the new client-server environment...
- Full Text:
Data warehousing : data integrity risks and solutions through use of CobiT
- Authors: Van der Westhuizen, Johannes Carel
- Date: 2012-09-12
- Subjects: Data warehousing , Database management , Electronic data processing - Auditing , Auditing - Data processing
- Type: Mini-Dissertation
- Identifier: uj:10098 , http://hdl.handle.net/10210/7482
- Description: M.Comm. , English raises the following question that implies that data integrity problems exist in the data warehouse environment: "If the data in those "corporate" databases is of high quality, why is there a need for all the redundant, private databases that seems to multiply daily?" The purpose of this short dissertation therefore is to investigate the typical integrity control weaknesses in a data warehouse environment. The result of this research will be used to develop a model that may be used to assist auditors, developers and users of the data warehouse to be aware of the data integrity pitfalls that could be expected from the data quality. This short dissertation concentrates exclusively on identifying the data integrity risks in data warehousing through the use of the CobiT (Control Objectives For Information and related Technology) framework.
- Full Text:
Die funksie van die eksterne ouditeur in die veranderende ouditsituasie meegebring deur die elektronieseverwerking van handelsdata met spesiale verwysing na die indeling van interne beheerpunte
- Authors: Pretorius, Jacobus Petrus Steyn
- Date: 2014-09-23
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/380265 , uj:12389 , http://hdl.handle.net/10210/12171
- Description: M.Com. (Auditing) , Please refer to full text to view abstract
- Full Text:
Diensleweringsverbetering van 'n interne ouditdepartement deur 'n kliëntebehoeftebepaling
- Authors: Van Biljon., D.P.
- Date: 2014-05-26
- Subjects: Auditing - Data processing , Marketing - Management Case studies , Auditing, Internal
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/385199 , uj:11207 , http://hdl.handle.net/10210/10800
- Description: M.Com. (Business Management) , The sector of the economy in which service providers compete, has undergone much change during tho last two decades. Successful service providers followed specific tactics to ensure that the needs of clients were satisfied. Customer satisfaction became more important as competition increased. Although the internal audit department of ABSA has never had to face competition, this situation is rapidly changing. External audit firms are attempting to expand their businesses by providing the internal and the external audit functions to a company. ABSA's internal audit department is not only faced with the increase in competition but is also under pressure to improve its level of service to clients who no longer receive its service free of charge.
- Full Text:
Evaluation of access control within the Millennium software package
- Authors: Van Rooyen, J.
- Date: 2014-09-23
- Subjects: Auditing - Data processing , Auditing - Access control , Computers - Access control
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/375415 , uj:12372 , http://hdl.handle.net/10210/12156
- Description: M.Com. (Accounting) , Please refer to full text to view abstract
- Full Text:
Information technology audit approach for the assessment of software patch management
- Authors: Oosthuizen, Deon
- Date: 2015
- Subjects: Auditing - Data processing , Information technology - Auditing , Computer software - Development
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/54885 , uj:16254
- Description: Abstract: Computer software is ubiquitous and is driven extensively by our information-based society. However, little consideration is given to the complex task of developing software, which may involve conflicting objectives. Developing software that is free from material defects is the ultimate goal for software developers; however, due to its cost and complexity, it is a goal that is unlikely to be achieved. As a consequence of the inevitable defects that manifest within computer software, the task of software patch management becomes a key focus area for software companies, IT departments, and even end users. Audit departments, as part of their responsibilities, are required to provide assurance on the patching process and therefore need to understand the various decisionmaking factors. The task of patching software to rectify inherent flaws may be a simple operation on computer systems that are of low significance, but is far more complex and critical on high-risk systems. Software flaws that exist within computer systems may put confidential information at risk and may also compromise the availability of such systems. One of the environments that is extremely susceptible to software flaws is the South African banking system, where not only is confidentiality a critical imperative, but also where high system availability is expected by the banking public. The study investigated the recommended approaches for the task of software patching, with a view to balancing the sometimes conflicting requirements of security and system availability. The reasons for software patching, the discipline of risk management relating to IT and software patching are also identified as fundamental to the audit approach for assessing the process. The study found that there are a number of key aspects that are required to ensure a successful patching process and that the internal auditors of the ‘big four’ South African banks considered most of these factors to be important. Despite these organisations being extremely mature from a risk management perspective, the auditors believed that the patching process may benefit from an increased focus on risk management. , M.Com. (Computer Auditing)
- Full Text:
Information technology internal audit departments in South African national government departments
- Authors: Radingoana, Kenny Selume
- Date: 2016
- Subjects: Auditing - Computer programs , Auditing - Data processing , Auditing, Internal , Information technology - Auditing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/237300 , uj:24313
- Description: M.Com. (Computer Auditing) , Abstract: Please refer to full text to view abstract
- Full Text:
Internal control and systems software, including analysis of MVS/XA SP 2.2
- Authors: Boessenkool, Marnix Guillaume
- Date: 2014-03-27
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: uj:4536 , http://hdl.handle.net/10210/9872
- Description: M.Com. (Computer Auditing) , In this chapter the actual topic will be presented. The reason for this study will be motivated with reference to current audit developments. This chapter will also highlight the constraints of the study. This is necessary to clearly identify the application of this essay in practice. The reader of this essay should be able to identify the relevance and possible applications of this study after having read chapter 1. In the past few years substantial attention has been given to auditing aspects of system software. The way system software operates and interacts, and the impact on the auditability of computer based systems were issues discussed in the EDP auditing environment. Auditors are now concentrating on using technology to assist in the performance of their audit procedures. The reasons for this are multiple, but for the purposes of this document only the major reasons will be highlighted.
- Full Text:
IT governance disclosures of South African telecommunications companies
- Authors: Lengana, Obakeng
- Date: 2018
- Subjects: Auditing - Data processing , Telecommunication - South Africa , Information technology - South Africa
- Language: English
- Type: Masters (Thesis)
- Identifier: http://ujcontent.uj.ac.za8080/10210/378194 , http://hdl.handle.net/10210/292223 , uj:31753
- Description: Abstract: The South African telecommunications industry has been experiencing constant transformation as a result of ongoing developments in technology. Over the years, the top telecommunications companies have invested billions into information technology (IT) infrastructure in order to expand their portfolios to meet the growing demands of a digital hungry society. Considering the nature of their business activities and their heavy reliance on IT, telecommunications companies are exposed to significant IT governance issues which may affect the sustainability of their business activities. In order to effectively address these issues, the governing bodies need to ensure that strong IT governance is implemented. Governing bodies also need to communicate these issues to external stakeholders, who require such information to make informed assessments of the companies’ operations. The disclosure of IT governance information is, according to King IV, a regulated requirement for JSE-listed companies. However, it is unclear whether these IT governance disclosure requirements are sufficient to satisfy stakeholder expectations. This study evaluates the IT governance disclosures of the top three telecommunications companies according to the stipulations of King IV. It also benchmarks these disclosures against the five IT governance focus areas and stakeholder values (Strategic Alignment, Value Delivery, Risk Management, Resource Management and Performance Management) established by the IT Governance Institute (ITGI) and the Information Systems Audit and Control Association (ISACA). This comparison aims to determine whether the King IV IT governance disclosures are sufficient to satisfy stakeholder expectations. The results were gathered by analysing the annual integrated reports of the top three telecommunications companies. The results of the study revealed that none of the top three selected telecommunications companies in were fully compliant with the IT governance disclosure requirements of King IV. The findings did confirm, however, that the IT governance requirements of King IV were aligned to the five IT governance focus areas and to stakeholder values in terms of the ITGI and ISACA. Companies needing clarity on specific items of disclosure may therefore refer to the five IT governance focus areas and stakeholder values by the ITGI and ISACA. , M.Com. (Computer Auditing)
- Full Text: