A control model for the evaluation and analysis of control facilities in a simple path context model in a MVS/XA environment
- Authors: Damianides, Marios
- Date: 2014-07-28
- Subjects: Computer security , Computers - Access control , Auditing - Data processing
- Type: Thesis
- Identifier: uj:11839 , http://hdl.handle.net/10210/11571
- Description: M.Com. (Computer Auditing) , The need to evaluate today's complex computer environments from an audit perspective has increased, particularly in viewof the disappearance of a paper audit trail and the inefficiencies of auditing "around" the computer in these environments. By making use of the Access Path and the Path Context Models, it was possible to carry out an evaluation of the MVS/XA environment. This evaluation was carried out using the methodology developed in this research essay. This methodology may have universal applicability in the evaluation of computer security. The concept of each layer in the access path being a "net", which only allows authorised users to drop to the next layer, was applied. It was found that each systems software component had sufficient facilities to meet the control objectives. The operating system itself, however, was found to present the installation with more risk factors than controls. It was therefore concluded that an external access control software package needs to be implemented to supplement the controls in this environment, if the control objectives are to be met. It was also concluded that the implementation of this package would not, in itself, solve all the security issues, and that the matrices developed should be used in the implementation of this package. This is a further indication of the usefulness of the model and the methodology. The applicability of the Access Path and the Path Context Models in the evaluation of the predefined environment has therefore been established.
- Full Text:
- Authors: Damianides, Marios
- Date: 2014-07-28
- Subjects: Computer security , Computers - Access control , Auditing - Data processing
- Type: Thesis
- Identifier: uj:11839 , http://hdl.handle.net/10210/11571
- Description: M.Com. (Computer Auditing) , The need to evaluate today's complex computer environments from an audit perspective has increased, particularly in viewof the disappearance of a paper audit trail and the inefficiencies of auditing "around" the computer in these environments. By making use of the Access Path and the Path Context Models, it was possible to carry out an evaluation of the MVS/XA environment. This evaluation was carried out using the methodology developed in this research essay. This methodology may have universal applicability in the evaluation of computer security. The concept of each layer in the access path being a "net", which only allows authorised users to drop to the next layer, was applied. It was found that each systems software component had sufficient facilities to meet the control objectives. The operating system itself, however, was found to present the installation with more risk factors than controls. It was therefore concluded that an external access control software package needs to be implemented to supplement the controls in this environment, if the control objectives are to be met. It was also concluded that the implementation of this package would not, in itself, solve all the security issues, and that the matrices developed should be used in the implementation of this package. This is a further indication of the usefulness of the model and the methodology. The applicability of the Access Path and the Path Context Models in the evaluation of the predefined environment has therefore been established.
- Full Text:
Packaged software : security and controls audit review
- Authors: Van Heerden, Chris
- Date: 2015-09-15
- Subjects: Auditing - Data processing , Software protection , Database security
- Type: Thesis
- Identifier: uj:14103 , http://hdl.handle.net/10210/14536
- Description: M.Com. , In recent years large organisations that developed mainframe application software in-house are now purchasing software packages to replace these applications. These advanced packages incorporate a high level of integration and include security and control features to ensure that the integrity of input, processing, output and storage are maintained. Computer auditors are required to evaluate these advanced packaged software to ensure that the security and control features are adequate and comply with organisational standards. Furthermore, they must ensure that the integrity of information systems programs and data are maintained ...
- Full Text:
- Authors: Van Heerden, Chris
- Date: 2015-09-15
- Subjects: Auditing - Data processing , Software protection , Database security
- Type: Thesis
- Identifier: uj:14103 , http://hdl.handle.net/10210/14536
- Description: M.Com. , In recent years large organisations that developed mainframe application software in-house are now purchasing software packages to replace these applications. These advanced packages incorporate a high level of integration and include security and control features to ensure that the integrity of input, processing, output and storage are maintained. Computer auditors are required to evaluate these advanced packaged software to ensure that the security and control features are adequate and comply with organisational standards. Furthermore, they must ensure that the integrity of information systems programs and data are maintained ...
- Full Text:
An evaluation of information technology security threats : a case study of the University of Johannesburg
- Authors: Rama, Pranisha
- Date: 2016
- Subjects: Information technology - Security measures , Auditing - Data processing , Cyberterrorism
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/237303 , uj:24314
- Description: M.Com. (Computer Auditing) , Abstract: This research investigated the different information technology (IT) security threats that the university faces and the concept of IT security awareness. The research has become increasingly relevant because IT plays an important role to prevent the interruption of a university network in the event of a cyber-attack. Thus, universities must consider the importance of creating IT security awareness. However, IT risks such as phishing, hacking, viruses and stolen passwords often expose universities to cyber-attacks. As a consequence of these ongoing IT security risks, universities must fully understand the importance of IT security and the impact it could have on the institution. To achieve the research objective, the research followed an empirical study and a quantitative method that consisted of a questionnaire distributed to BCom Accounting second year students at the University of Johannesburg. Using a literature review on IT security threats and IT security awareness programmes at universities had also produced a significant findings on IT security threats. Thus, the study found that that the majority of students are not aware of IT security threats affecting a university. Although the majority of the students perceive IT security threats as a negative implication, it was found that universities are not placing enough focus on IT security awareness. It was evident that there is a need for improvement in the way universities address IT security threats. Arising from the analysis, the study recommends that an effective and adequate IT security awareness should be in place to address IT security threats
- Full Text:
- Authors: Rama, Pranisha
- Date: 2016
- Subjects: Information technology - Security measures , Auditing - Data processing , Cyberterrorism
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/237303 , uj:24314
- Description: M.Com. (Computer Auditing) , Abstract: This research investigated the different information technology (IT) security threats that the university faces and the concept of IT security awareness. The research has become increasingly relevant because IT plays an important role to prevent the interruption of a university network in the event of a cyber-attack. Thus, universities must consider the importance of creating IT security awareness. However, IT risks such as phishing, hacking, viruses and stolen passwords often expose universities to cyber-attacks. As a consequence of these ongoing IT security risks, universities must fully understand the importance of IT security and the impact it could have on the institution. To achieve the research objective, the research followed an empirical study and a quantitative method that consisted of a questionnaire distributed to BCom Accounting second year students at the University of Johannesburg. Using a literature review on IT security threats and IT security awareness programmes at universities had also produced a significant findings on IT security threats. Thus, the study found that that the majority of students are not aware of IT security threats affecting a university. Although the majority of the students perceive IT security threats as a negative implication, it was found that universities are not placing enough focus on IT security awareness. It was evident that there is a need for improvement in the way universities address IT security threats. Arising from the analysis, the study recommends that an effective and adequate IT security awareness should be in place to address IT security threats
- Full Text:
An audit approach to risks and controls in the virtual enterprise
- Authors: Britz, Charl van Reenen
- Date: 2012-08-22
- Subjects: Electronic data processing - Auditing , Auditing - Data processing , Corporations - Auditing
- Type: Mini-Dissertation
- Identifier: http://ujcontent.uj.ac.za8080/10210/378504 , uj:2936 , http://hdl.handle.net/10210/6364
- Description: M.Comm. , "The convergence of computer networking and telecommunication technologies is making it possible for groups of companies to co-ordinate geographically and institutionally distributed capabilities into a single virtual organisation and to achieve powerful competitive advantages in the process" (Grimshaw & Kwok, 1998:45). To what extent do these developments effect the auditor's approach in determining his audit strategy? According to Jenkins, Cooke and Quest (1992:18), one of the factors that effects the audit strategy is the overall control environment of the business. The objectives of this short dissertation will be: to identify the risks from an audit perspective that are associated with the virtual enterprise; and to identify controls which the management of the auditor's client could implement to minimise these risks. This short dissertation has concentrated exclusively on the investigation of risks and the related controls which are relevant to the auditor in the virtual enterprise. Certain limitations have been necessary in order to remain focused, namely: The so-called teleshopping or telemarketing organisation is excluded from this short dissertation; and Plastic cards and the detail controls under each of the main category of computer controls are also excluded.
- Full Text:
- Authors: Britz, Charl van Reenen
- Date: 2012-08-22
- Subjects: Electronic data processing - Auditing , Auditing - Data processing , Corporations - Auditing
- Type: Mini-Dissertation
- Identifier: http://ujcontent.uj.ac.za8080/10210/378504 , uj:2936 , http://hdl.handle.net/10210/6364
- Description: M.Comm. , "The convergence of computer networking and telecommunication technologies is making it possible for groups of companies to co-ordinate geographically and institutionally distributed capabilities into a single virtual organisation and to achieve powerful competitive advantages in the process" (Grimshaw & Kwok, 1998:45). To what extent do these developments effect the auditor's approach in determining his audit strategy? According to Jenkins, Cooke and Quest (1992:18), one of the factors that effects the audit strategy is the overall control environment of the business. The objectives of this short dissertation will be: to identify the risks from an audit perspective that are associated with the virtual enterprise; and to identify controls which the management of the auditor's client could implement to minimise these risks. This short dissertation has concentrated exclusively on the investigation of risks and the related controls which are relevant to the auditor in the virtual enterprise. Certain limitations have been necessary in order to remain focused, namely: The so-called teleshopping or telemarketing organisation is excluded from this short dissertation; and Plastic cards and the detail controls under each of the main category of computer controls are also excluded.
- Full Text:
IT risk management disclosure in the integrated reports of the Top 40 listed companies on the JSE Limited
- Authors: Hohls-du Preez, Covanni
- Date: 2016
- Subjects: Information technology - Risk management , Information technology - Security measures , Financial risk management , Auditing - Data processing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/245826 , uj:25469
- Description: M.Com. (Computer Auditing) , Abstract: Information Technology (IT) has become an integral part of virtually all modern day organisations. The advent of IT has given rise to numerous benefits which increase productivity and efficiency in the workplace, however, IT also brings with it significant risks that can have an impact on an organisation’s ability to function as a going concern. Organisations, especially those listed on the Johannesburg Stock Exchange (JSE), are required to submit an Integrated Report (IR) on an annual basis in which they indicate how they used the resources at their disposal to create value for the organisation and its stakeholders during the year under review. The IR is also a forward-looking document, as opposed to the traditional, backward-looking reports. The purpose of this study is to analyse the Integrated Reports of the Top 40 listed organisations on the JSE and determine the extent to which IT risks are disclosed in their IR and whether the way these risks are managed is also included in the IR as required by the IR Framework. This is done by means of an empirical study consisting of a content analysis of the IRs of the Top 40 listed companies on the JSE. The results of the analysis indicate that more than half of the companies in the sample included IT risk as part of their material risks and outlined appropriate and detailed processes that are followed by the company to manage those IT risks.
- Full Text:
- Authors: Hohls-du Preez, Covanni
- Date: 2016
- Subjects: Information technology - Risk management , Information technology - Security measures , Financial risk management , Auditing - Data processing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/245826 , uj:25469
- Description: M.Com. (Computer Auditing) , Abstract: Information Technology (IT) has become an integral part of virtually all modern day organisations. The advent of IT has given rise to numerous benefits which increase productivity and efficiency in the workplace, however, IT also brings with it significant risks that can have an impact on an organisation’s ability to function as a going concern. Organisations, especially those listed on the Johannesburg Stock Exchange (JSE), are required to submit an Integrated Report (IR) on an annual basis in which they indicate how they used the resources at their disposal to create value for the organisation and its stakeholders during the year under review. The IR is also a forward-looking document, as opposed to the traditional, backward-looking reports. The purpose of this study is to analyse the Integrated Reports of the Top 40 listed organisations on the JSE and determine the extent to which IT risks are disclosed in their IR and whether the way these risks are managed is also included in the IR as required by the IR Framework. This is done by means of an empirical study consisting of a content analysis of the IRs of the Top 40 listed companies on the JSE. The results of the analysis indicate that more than half of the companies in the sample included IT risk as part of their material risks and outlined appropriate and detailed processes that are followed by the company to manage those IT risks.
- Full Text:
Mobile applications security controls in the South African banking sector
- Authors: Lemao, Kingsley Neo
- Date: 2016
- Subjects: Banks and banking, Mobile , Banks and banking - Security measures , Auditing - Data processing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/237231 , uj:24304
- Description: M.Com. (Computer Auditing) , Abstract: Mobile applications have grown to be the preferred mode of the banking sector and end-user’s means of conducting transactions due to benefits of ease of use and cost. The proliferation of mobile applications increases the likelihood that some may include IT security vulnerabilities. The objective of this paper is to examine the impact that mobile applications’ IT security risks have on the IT security controls in the South African (SA) banking sector – and the frameworks used by the organisations to assess the IT security controls related to mobile applications. An electronically administered questionnaire was sent to IT security analysts who are responsible for assessing IT security risks at the big four banking organisations in SA. The findings of this paper reveal that a number of IT security risks in mobile banking applications are related to inadequate software coding. Software programmers are more concerned with mobile application functionality than with IT security and this is the root cause of the noted finding. Banking organisations should ensure that mobile applications are secure before deployment to proactively prevent prospective attacks on their organisation’s IT control environment. This can be realised by conducting IT security audits, vulnerability assessments, and penetration testing throughout the software development lifecycle.
- Full Text:
- Authors: Lemao, Kingsley Neo
- Date: 2016
- Subjects: Banks and banking, Mobile , Banks and banking - Security measures , Auditing - Data processing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/237231 , uj:24304
- Description: M.Com. (Computer Auditing) , Abstract: Mobile applications have grown to be the preferred mode of the banking sector and end-user’s means of conducting transactions due to benefits of ease of use and cost. The proliferation of mobile applications increases the likelihood that some may include IT security vulnerabilities. The objective of this paper is to examine the impact that mobile applications’ IT security risks have on the IT security controls in the South African (SA) banking sector – and the frameworks used by the organisations to assess the IT security controls related to mobile applications. An electronically administered questionnaire was sent to IT security analysts who are responsible for assessing IT security risks at the big four banking organisations in SA. The findings of this paper reveal that a number of IT security risks in mobile banking applications are related to inadequate software coding. Software programmers are more concerned with mobile application functionality than with IT security and this is the root cause of the noted finding. Banking organisations should ensure that mobile applications are secure before deployment to proactively prevent prospective attacks on their organisation’s IT control environment. This can be realised by conducting IT security audits, vulnerability assessments, and penetration testing throughout the software development lifecycle.
- Full Text:
A model for the evaluation of risks and control features in ORACLE 7
- Authors: Snyman, Elisna
- Date: 2015-09-08
- Subjects: ORACLE 7 (Computer system) , Database management , Auditing - Data processing
- Type: Thesis
- Identifier: uj:14059 , http://hdl.handle.net/10210/14475
- Description: M.Com. , The proliferation of computers and the advances in technology introduced a number of new and additional management and control considerations. The inherent complexity of these environments has also increased the need to evaluate the adequacy of controls from an audit perspective. Due to the increasing use of database management systems as the backbone of information processing applications and the inherent complexities and diversity of these environments, the auditor is faced with the challenge of whether and to what extent reliance may be placed on the data contained in these databases...
- Full Text:
- Authors: Snyman, Elisna
- Date: 2015-09-08
- Subjects: ORACLE 7 (Computer system) , Database management , Auditing - Data processing
- Type: Thesis
- Identifier: uj:14059 , http://hdl.handle.net/10210/14475
- Description: M.Com. , The proliferation of computers and the advances in technology introduced a number of new and additional management and control considerations. The inherent complexity of these environments has also increased the need to evaluate the adequacy of controls from an audit perspective. Due to the increasing use of database management systems as the backbone of information processing applications and the inherent complexities and diversity of these environments, the auditor is faced with the challenge of whether and to what extent reliance may be placed on the data contained in these databases...
- Full Text:
The need for the external auditor to rely on internal E.D.P. auditors in complex computerised environments (with particular reference to financial institutions)
- Authors: Ford, John Charles
- Date: 2014-09-23
- Subjects: Auditing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:12358 , http://hdl.handle.net/10210/12143
- Description: M.Com. (Accounting) , Please refer to full text to view abstract
- Full Text:
- Authors: Ford, John Charles
- Date: 2014-09-23
- Subjects: Auditing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:12358 , http://hdl.handle.net/10210/12143
- Description: M.Com. (Accounting) , Please refer to full text to view abstract
- Full Text:
Computer audit concerns in the client-server environment
- Authors: Streicher, Rika
- Date: 2014-02-13
- Subjects: Client/server computing , Electronic data processing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:3990 , http://hdl.handle.net/10210/9347
- Description: M. Com. (Computer Auditing) , and peer-to-peer have taken the world by storm. Dramatic changes have taken place in the information technology of organisations that have opted to follow this trend in the quest for greater flexibility and access to all those connected. Though technology has already had far-reaching effects on business, many changes are yet to be seen. The threats associated with the continuing developments in computer technology have resulted in many traditional internal control processes changing forever. Although, according to the above, it is fairly common that the client-server technology brings with it new threats and risks with internal control processes having to change to address these threats and risks, not all areas have been addressed yet. It is therefore clear that computer audit has a role to play. The main objective of this short dissertation is to shed some light on the problem described above: How will the changes wrought by the client-server technology affect the traditional audit approach? In other words, how will the computer auditor narrow the gap that has originated between traditional established audit procedures and an audit approach that meets the new challenges of the client-server environment? This will be achieved by pinpointing the audit concerns that arise due to the fundamental differences between the traditional systems environment and the new client-server environment...
- Full Text:
- Authors: Streicher, Rika
- Date: 2014-02-13
- Subjects: Client/server computing , Electronic data processing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:3990 , http://hdl.handle.net/10210/9347
- Description: M. Com. (Computer Auditing) , and peer-to-peer have taken the world by storm. Dramatic changes have taken place in the information technology of organisations that have opted to follow this trend in the quest for greater flexibility and access to all those connected. Though technology has already had far-reaching effects on business, many changes are yet to be seen. The threats associated with the continuing developments in computer technology have resulted in many traditional internal control processes changing forever. Although, according to the above, it is fairly common that the client-server technology brings with it new threats and risks with internal control processes having to change to address these threats and risks, not all areas have been addressed yet. It is therefore clear that computer audit has a role to play. The main objective of this short dissertation is to shed some light on the problem described above: How will the changes wrought by the client-server technology affect the traditional audit approach? In other words, how will the computer auditor narrow the gap that has originated between traditional established audit procedures and an audit approach that meets the new challenges of the client-server environment? This will be achieved by pinpointing the audit concerns that arise due to the fundamental differences between the traditional systems environment and the new client-server environment...
- Full Text:
The impact on information systems controls within an organisation when making use of an EDI VAN
- Authors: Rorbye, Trevor Wayne
- Date: 2014-05-08
- Subjects: Electronic data processing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:10944 , http://hdl.handle.net/10210/10517
- Description: M.Com. (Computer Auditing) , The implementation of EDI into South Africa business has only started in the recent past. The main reason for this is the fact that the huge benefits in terms of faster processing of business transactions, reduced costs of processing and the formation of strategic business alliances with key business partners, is only now being accepted by management. The other reason is due to the fact that large, commercially operated Value Added Networks (VANs) have only been in existence in this country during the last two years. The primary objective of this short dissertation can be summarised as follows: a) To provide a brief overview of the developments which are currently taking place in South Africa in the Electronic Data Interchange (EDI) environment and the Value Added Network (VAN) environment; b) To highlight how EDI is currently being implemented in South Africa; c) To develop a simplistic framework of key information systems controls which an auditor should consider when evaluating the information systems at a client; and d) To apply this controls framework to the EDI and VAN environments in order to derive lists of the information systems controls which should be reviewed by the auditor when their client makes use of an EDI VAN.
- Full Text:
- Authors: Rorbye, Trevor Wayne
- Date: 2014-05-08
- Subjects: Electronic data processing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:10944 , http://hdl.handle.net/10210/10517
- Description: M.Com. (Computer Auditing) , The implementation of EDI into South Africa business has only started in the recent past. The main reason for this is the fact that the huge benefits in terms of faster processing of business transactions, reduced costs of processing and the formation of strategic business alliances with key business partners, is only now being accepted by management. The other reason is due to the fact that large, commercially operated Value Added Networks (VANs) have only been in existence in this country during the last two years. The primary objective of this short dissertation can be summarised as follows: a) To provide a brief overview of the developments which are currently taking place in South Africa in the Electronic Data Interchange (EDI) environment and the Value Added Network (VAN) environment; b) To highlight how EDI is currently being implemented in South Africa; c) To develop a simplistic framework of key information systems controls which an auditor should consider when evaluating the information systems at a client; and d) To apply this controls framework to the EDI and VAN environments in order to derive lists of the information systems controls which should be reviewed by the auditor when their client makes use of an EDI VAN.
- Full Text:
A taxonomy of risks in rapid application development (RAD) projects
- Authors: Dunseith, Roy H.
- Date: 2014-04-16
- Subjects: Auditing - Data processing , Computer auditing
- Type: Thesis
- Identifier: uj:10786 , http://hdl.handle.net/10210/10294
- Description: M. Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
- Authors: Dunseith, Roy H.
- Date: 2014-04-16
- Subjects: Auditing - Data processing , Computer auditing
- Type: Thesis
- Identifier: uj:10786 , http://hdl.handle.net/10210/10294
- Description: M. Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
Diensleweringsverbetering van 'n interne ouditdepartement deur 'n kliëntebehoeftebepaling
- Authors: Van Biljon., D.P.
- Date: 2014-05-26
- Subjects: Auditing - Data processing , Marketing - Management Case studies , Auditing, Internal
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/385199 , uj:11207 , http://hdl.handle.net/10210/10800
- Description: M.Com. (Business Management) , The sector of the economy in which service providers compete, has undergone much change during tho last two decades. Successful service providers followed specific tactics to ensure that the needs of clients were satisfied. Customer satisfaction became more important as competition increased. Although the internal audit department of ABSA has never had to face competition, this situation is rapidly changing. External audit firms are attempting to expand their businesses by providing the internal and the external audit functions to a company. ABSA's internal audit department is not only faced with the increase in competition but is also under pressure to improve its level of service to clients who no longer receive its service free of charge.
- Full Text:
- Authors: Van Biljon., D.P.
- Date: 2014-05-26
- Subjects: Auditing - Data processing , Marketing - Management Case studies , Auditing, Internal
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/385199 , uj:11207 , http://hdl.handle.net/10210/10800
- Description: M.Com. (Business Management) , The sector of the economy in which service providers compete, has undergone much change during tho last two decades. Successful service providers followed specific tactics to ensure that the needs of clients were satisfied. Customer satisfaction became more important as competition increased. Although the internal audit department of ABSA has never had to face competition, this situation is rapidly changing. External audit firms are attempting to expand their businesses by providing the internal and the external audit functions to a company. ABSA's internal audit department is not only faced with the increase in competition but is also under pressure to improve its level of service to clients who no longer receive its service free of charge.
- Full Text:
The relationship between entity related corporate governance factors and the establishment of separate risk management committee in South Africa
- Authors: Sekome, Nkoko Blessy
- Date: 2014-06-10
- Subjects: Auditing - Data processing , Financial risk management - South Africa , Information technology - Risk assessment , Corporate governance - South Africa
- Type: Thesis
- Identifier: uj:11436 , http://hdl.handle.net/10210/11132
- Description: M.Com. (Computer Auditing) , This dissertation aims to explore the entity characteristics associated with the implementation of the board-level stand-alone risk management committee (RMC) in South Africa. We developed a battery of econometric models based on triangulation of corporate governance theories which linked an entity’s decision to set up a separate risk management committee (RMC) in its board structures as a dependent variable and a host of entity-specific factors as independent variables. Data collected from audited annual reports of 181 JSE-listed non-financial entities was analysed using logistics regression estimation procedures. Our results show a strong positive relationship between the likelihood that an entity would establish a separate RMC, on the one hand, and board independence, board size, entity size, and industry type, on the other. Our study fails to find support for the hypothesis that an entity’s characteristics – such as the independence of the board chairman, the use of Big Four audit firms, financial reporting risks, and levels of financial leverage – do influence an entity’s decision to form a separate RMC. Our findings emphasize the role that information asymmetry between executive and non-executive directors, agency cost and potential damage to reputation capital of directors; diversity in background, expertise, and skills of directors; economies of scale in absorbing RMC costs; and industry-specific institutions and norms play in an entity’s decision to form a separate RMC. The implication of our findings is that policy-makers should consider the size and composition of boards and also take cognizance of entity size and industry-specific idiosyncrasies in setting recommended corporate governance practices.
- Full Text:
- Authors: Sekome, Nkoko Blessy
- Date: 2014-06-10
- Subjects: Auditing - Data processing , Financial risk management - South Africa , Information technology - Risk assessment , Corporate governance - South Africa
- Type: Thesis
- Identifier: uj:11436 , http://hdl.handle.net/10210/11132
- Description: M.Com. (Computer Auditing) , This dissertation aims to explore the entity characteristics associated with the implementation of the board-level stand-alone risk management committee (RMC) in South Africa. We developed a battery of econometric models based on triangulation of corporate governance theories which linked an entity’s decision to set up a separate risk management committee (RMC) in its board structures as a dependent variable and a host of entity-specific factors as independent variables. Data collected from audited annual reports of 181 JSE-listed non-financial entities was analysed using logistics regression estimation procedures. Our results show a strong positive relationship between the likelihood that an entity would establish a separate RMC, on the one hand, and board independence, board size, entity size, and industry type, on the other. Our study fails to find support for the hypothesis that an entity’s characteristics – such as the independence of the board chairman, the use of Big Four audit firms, financial reporting risks, and levels of financial leverage – do influence an entity’s decision to form a separate RMC. Our findings emphasize the role that information asymmetry between executive and non-executive directors, agency cost and potential damage to reputation capital of directors; diversity in background, expertise, and skills of directors; economies of scale in absorbing RMC costs; and industry-specific institutions and norms play in an entity’s decision to form a separate RMC. The implication of our findings is that policy-makers should consider the size and composition of boards and also take cognizance of entity size and industry-specific idiosyncrasies in setting recommended corporate governance practices.
- Full Text:
Die funksie van die eksterne ouditeur in die veranderende ouditsituasie meegebring deur die elektronieseverwerking van handelsdata met spesiale verwysing na die indeling van interne beheerpunte
- Pretorius, Jacobus Petrus Steyn
- Authors: Pretorius, Jacobus Petrus Steyn
- Date: 2014-09-23
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/380265 , uj:12389 , http://hdl.handle.net/10210/12171
- Description: M.Com. (Auditing) , Please refer to full text to view abstract
- Full Text:
- Authors: Pretorius, Jacobus Petrus Steyn
- Date: 2014-09-23
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/380265 , uj:12389 , http://hdl.handle.net/10210/12171
- Description: M.Com. (Auditing) , Please refer to full text to view abstract
- Full Text:
Audit evaluation of the controls in the Adabas database management system
- Authors: Van Schalkwyk, R.
- Date: 2014-02-11
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: uj:3906 , http://hdl.handle.net/10210/9270
- Description: M.Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
- Authors: Van Schalkwyk, R.
- Date: 2014-02-11
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: uj:3906 , http://hdl.handle.net/10210/9270
- Description: M.Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
Information technology audit approach for the assessment of software patch management
- Authors: Oosthuizen, Deon
- Date: 2015
- Subjects: Auditing - Data processing , Information technology - Auditing , Computer software - Development
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/54885 , uj:16254
- Description: Abstract: Computer software is ubiquitous and is driven extensively by our information-based society. However, little consideration is given to the complex task of developing software, which may involve conflicting objectives. Developing software that is free from material defects is the ultimate goal for software developers; however, due to its cost and complexity, it is a goal that is unlikely to be achieved. As a consequence of the inevitable defects that manifest within computer software, the task of software patch management becomes a key focus area for software companies, IT departments, and even end users. Audit departments, as part of their responsibilities, are required to provide assurance on the patching process and therefore need to understand the various decisionmaking factors. The task of patching software to rectify inherent flaws may be a simple operation on computer systems that are of low significance, but is far more complex and critical on high-risk systems. Software flaws that exist within computer systems may put confidential information at risk and may also compromise the availability of such systems. One of the environments that is extremely susceptible to software flaws is the South African banking system, where not only is confidentiality a critical imperative, but also where high system availability is expected by the banking public. The study investigated the recommended approaches for the task of software patching, with a view to balancing the sometimes conflicting requirements of security and system availability. The reasons for software patching, the discipline of risk management relating to IT and software patching are also identified as fundamental to the audit approach for assessing the process. The study found that there are a number of key aspects that are required to ensure a successful patching process and that the internal auditors of the ‘big four’ South African banks considered most of these factors to be important. Despite these organisations being extremely mature from a risk management perspective, the auditors believed that the patching process may benefit from an increased focus on risk management. , M.Com. (Computer Auditing)
- Full Text:
- Authors: Oosthuizen, Deon
- Date: 2015
- Subjects: Auditing - Data processing , Information technology - Auditing , Computer software - Development
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/54885 , uj:16254
- Description: Abstract: Computer software is ubiquitous and is driven extensively by our information-based society. However, little consideration is given to the complex task of developing software, which may involve conflicting objectives. Developing software that is free from material defects is the ultimate goal for software developers; however, due to its cost and complexity, it is a goal that is unlikely to be achieved. As a consequence of the inevitable defects that manifest within computer software, the task of software patch management becomes a key focus area for software companies, IT departments, and even end users. Audit departments, as part of their responsibilities, are required to provide assurance on the patching process and therefore need to understand the various decisionmaking factors. The task of patching software to rectify inherent flaws may be a simple operation on computer systems that are of low significance, but is far more complex and critical on high-risk systems. Software flaws that exist within computer systems may put confidential information at risk and may also compromise the availability of such systems. One of the environments that is extremely susceptible to software flaws is the South African banking system, where not only is confidentiality a critical imperative, but also where high system availability is expected by the banking public. The study investigated the recommended approaches for the task of software patching, with a view to balancing the sometimes conflicting requirements of security and system availability. The reasons for software patching, the discipline of risk management relating to IT and software patching are also identified as fundamental to the audit approach for assessing the process. The study found that there are a number of key aspects that are required to ensure a successful patching process and that the internal auditors of the ‘big four’ South African banks considered most of these factors to be important. Despite these organisations being extremely mature from a risk management perspective, the auditors believed that the patching process may benefit from an increased focus on risk management. , M.Com. (Computer Auditing)
- Full Text:
Audit risks in a database environment with specific reference to Oracle7
- Authors: Wiid, Liné Cornette
- Date: 2014-02-13
- Subjects: Auditing - Data processing , Financial statements - South Africa , Risk management - Data processing , ORACLE 7 (Computer system)
- Type: Thesis
- Identifier: uj:3954 , http://hdl.handle.net/10210/9314
- Description: M.Com. (Computer Auditing) , The objective of an independent audit of financial statements is to express an opinion on the fair presentation of the financial statements. The auditor should obtain sufficient audit evidence to enable him to draw conclusions to support the content of his report. The auditor should obtain an understanding of the entity's accounting system and related internal controls to assess their adequacy as a basis for the preparation of financial information and to assist in the designing of his audit procedures. If the auditor intends to rely on any internal controls, he should study and evaluate those controls. If a database system is used, it is logical that all the financial data reside in the database. In order for an auditor to express an opinion on the financial statements, he has to determine to what extent he can rely on the integrity of the financial data that resides in the database. The objective of this research was to identify the risks and controls present in a general database environment as well as those present in the Oracle? database management system environment, to develop a comparison table between these environments and to develop an Oracle? internal control questionnaire.
- Full Text:
- Authors: Wiid, Liné Cornette
- Date: 2014-02-13
- Subjects: Auditing - Data processing , Financial statements - South Africa , Risk management - Data processing , ORACLE 7 (Computer system)
- Type: Thesis
- Identifier: uj:3954 , http://hdl.handle.net/10210/9314
- Description: M.Com. (Computer Auditing) , The objective of an independent audit of financial statements is to express an opinion on the fair presentation of the financial statements. The auditor should obtain sufficient audit evidence to enable him to draw conclusions to support the content of his report. The auditor should obtain an understanding of the entity's accounting system and related internal controls to assess their adequacy as a basis for the preparation of financial information and to assist in the designing of his audit procedures. If the auditor intends to rely on any internal controls, he should study and evaluate those controls. If a database system is used, it is logical that all the financial data reside in the database. In order for an auditor to express an opinion on the financial statements, he has to determine to what extent he can rely on the integrity of the financial data that resides in the database. The objective of this research was to identify the risks and controls present in a general database environment as well as those present in the Oracle? database management system environment, to develop a comparison table between these environments and to develop an Oracle? internal control questionnaire.
- Full Text:
An audit perspective of data quality
- Authors: Ramabulana, Territon
- Date: 2014-11-20
- Subjects: Database management , Database security , Auditing - Data processing
- Type: Thesis
- Identifier: uj:13087 , http://hdl.handle.net/10210/12965
- Description: M.Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
- Authors: Ramabulana, Territon
- Date: 2014-11-20
- Subjects: Database management , Database security , Auditing - Data processing
- Type: Thesis
- Identifier: uj:13087 , http://hdl.handle.net/10210/12965
- Description: M.Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
Access control by means of speech recognition and its impact on the auditor
- Van Graan, Johan Hendrik Otto
- Authors: Van Graan, Johan Hendrik Otto
- Date: 2012-08-22
- Subjects: Computers - Access control , Automatic speech recognition , Auditing - Data processing
- Type: Mini-Dissertation
- Identifier: uj:3016 , http://hdl.handle.net/10210/6438
- Description: M.Comm. , In recent times access control has become more and more important, largely as a result of changes in society and an increase in the quantity and sensitivity of information being stored on computers. Speech recognition is nothing but communication which occurs when two persons have a conversation and one understands what the other says and means. This process consists of sound waves (analogue signals) that are carried through the air. The sound is converted (digitized) by the ear to impulses. The brain matches these impulses to a meaning (template) to which the person responds by an action. Speaker independent recognition involves converting the spoken word into an electronic signal. The signal is then compared to the computer's vocabulary, which consists of a set of templates which have been chosen to represent the average speaker. Speaker dependent recognition consists of training the computer to recognize a specific word spoken by an individual. This is done by having the speaker say the word several times. The computer then creates an average template for that word for that speaker which is then used for reference. For any speech recognition system that an auditor needs to audit, the following have to be established: What does the system reside on? A mainframe, Mini, PC or LAN. Is the system speaker independent, speaker dependent or both? Is the system used for control of physical access, logical access or both? Is the system used for control of access to high security area/data, low security area/data or both? The answers to the above will place the system in one of the categories of the following risk matrix. At the moment the auditor need not be excessively concerned about speech recognition, as it is mainly confined to access control. Both physical and logical access control can easily be audited using normal audit techniques, with a basic knowledge of speech recognition. The future promises exciting applications for speech recognition, which may even include the ability to communicate with the computer in the same way as one speaks to another human being. The auditor will have to grow with technology and keep up to date with developments.
- Full Text:
- Authors: Van Graan, Johan Hendrik Otto
- Date: 2012-08-22
- Subjects: Computers - Access control , Automatic speech recognition , Auditing - Data processing
- Type: Mini-Dissertation
- Identifier: uj:3016 , http://hdl.handle.net/10210/6438
- Description: M.Comm. , In recent times access control has become more and more important, largely as a result of changes in society and an increase in the quantity and sensitivity of information being stored on computers. Speech recognition is nothing but communication which occurs when two persons have a conversation and one understands what the other says and means. This process consists of sound waves (analogue signals) that are carried through the air. The sound is converted (digitized) by the ear to impulses. The brain matches these impulses to a meaning (template) to which the person responds by an action. Speaker independent recognition involves converting the spoken word into an electronic signal. The signal is then compared to the computer's vocabulary, which consists of a set of templates which have been chosen to represent the average speaker. Speaker dependent recognition consists of training the computer to recognize a specific word spoken by an individual. This is done by having the speaker say the word several times. The computer then creates an average template for that word for that speaker which is then used for reference. For any speech recognition system that an auditor needs to audit, the following have to be established: What does the system reside on? A mainframe, Mini, PC or LAN. Is the system speaker independent, speaker dependent or both? Is the system used for control of physical access, logical access or both? Is the system used for control of access to high security area/data, low security area/data or both? The answers to the above will place the system in one of the categories of the following risk matrix. At the moment the auditor need not be excessively concerned about speech recognition, as it is mainly confined to access control. Both physical and logical access control can easily be audited using normal audit techniques, with a basic knowledge of speech recognition. The future promises exciting applications for speech recognition, which may even include the ability to communicate with the computer in the same way as one speaks to another human being. The auditor will have to grow with technology and keep up to date with developments.
- Full Text:
IT governance disclosures of South African telecommunications companies
- Authors: Lengana, Obakeng
- Date: 2018
- Subjects: Auditing - Data processing , Telecommunication - South Africa , Information technology - South Africa
- Language: English
- Type: Masters (Thesis)
- Identifier: http://ujcontent.uj.ac.za8080/10210/378194 , http://hdl.handle.net/10210/292223 , uj:31753
- Description: Abstract: The South African telecommunications industry has been experiencing constant transformation as a result of ongoing developments in technology. Over the years, the top telecommunications companies have invested billions into information technology (IT) infrastructure in order to expand their portfolios to meet the growing demands of a digital hungry society. Considering the nature of their business activities and their heavy reliance on IT, telecommunications companies are exposed to significant IT governance issues which may affect the sustainability of their business activities. In order to effectively address these issues, the governing bodies need to ensure that strong IT governance is implemented. Governing bodies also need to communicate these issues to external stakeholders, who require such information to make informed assessments of the companies’ operations. The disclosure of IT governance information is, according to King IV, a regulated requirement for JSE-listed companies. However, it is unclear whether these IT governance disclosure requirements are sufficient to satisfy stakeholder expectations. This study evaluates the IT governance disclosures of the top three telecommunications companies according to the stipulations of King IV. It also benchmarks these disclosures against the five IT governance focus areas and stakeholder values (Strategic Alignment, Value Delivery, Risk Management, Resource Management and Performance Management) established by the IT Governance Institute (ITGI) and the Information Systems Audit and Control Association (ISACA). This comparison aims to determine whether the King IV IT governance disclosures are sufficient to satisfy stakeholder expectations. The results were gathered by analysing the annual integrated reports of the top three telecommunications companies. The results of the study revealed that none of the top three selected telecommunications companies in were fully compliant with the IT governance disclosure requirements of King IV. The findings did confirm, however, that the IT governance requirements of King IV were aligned to the five IT governance focus areas and to stakeholder values in terms of the ITGI and ISACA. Companies needing clarity on specific items of disclosure may therefore refer to the five IT governance focus areas and stakeholder values by the ITGI and ISACA. , M.Com. (Computer Auditing)
- Full Text:
- Authors: Lengana, Obakeng
- Date: 2018
- Subjects: Auditing - Data processing , Telecommunication - South Africa , Information technology - South Africa
- Language: English
- Type: Masters (Thesis)
- Identifier: http://ujcontent.uj.ac.za8080/10210/378194 , http://hdl.handle.net/10210/292223 , uj:31753
- Description: Abstract: The South African telecommunications industry has been experiencing constant transformation as a result of ongoing developments in technology. Over the years, the top telecommunications companies have invested billions into information technology (IT) infrastructure in order to expand their portfolios to meet the growing demands of a digital hungry society. Considering the nature of their business activities and their heavy reliance on IT, telecommunications companies are exposed to significant IT governance issues which may affect the sustainability of their business activities. In order to effectively address these issues, the governing bodies need to ensure that strong IT governance is implemented. Governing bodies also need to communicate these issues to external stakeholders, who require such information to make informed assessments of the companies’ operations. The disclosure of IT governance information is, according to King IV, a regulated requirement for JSE-listed companies. However, it is unclear whether these IT governance disclosure requirements are sufficient to satisfy stakeholder expectations. This study evaluates the IT governance disclosures of the top three telecommunications companies according to the stipulations of King IV. It also benchmarks these disclosures against the five IT governance focus areas and stakeholder values (Strategic Alignment, Value Delivery, Risk Management, Resource Management and Performance Management) established by the IT Governance Institute (ITGI) and the Information Systems Audit and Control Association (ISACA). This comparison aims to determine whether the King IV IT governance disclosures are sufficient to satisfy stakeholder expectations. The results were gathered by analysing the annual integrated reports of the top three telecommunications companies. The results of the study revealed that none of the top three selected telecommunications companies in were fully compliant with the IT governance disclosure requirements of King IV. The findings did confirm, however, that the IT governance requirements of King IV were aligned to the five IT governance focus areas and to stakeholder values in terms of the ITGI and ISACA. Companies needing clarity on specific items of disclosure may therefore refer to the five IT governance focus areas and stakeholder values by the ITGI and ISACA. , M.Com. (Computer Auditing)
- Full Text: