Internal control and systems software, including analysis of MVS/XA SP 2.2
- Boessenkool, Marnix Guillaume
- Authors: Boessenkool, Marnix Guillaume
- Date: 2014-03-27
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: uj:4536 , http://hdl.handle.net/10210/9872
- Description: M.Com. (Computer Auditing) , In this chapter the actual topic will be presented. The reason for this study will be motivated with reference to current audit developments. This chapter will also highlight the constraints of the study. This is necessary to clearly identify the application of this essay in practice. The reader of this essay should be able to identify the relevance and possible applications of this study after having read chapter 1. In the past few years substantial attention has been given to auditing aspects of system software. The way system software operates and interacts, and the impact on the auditability of computer based systems were issues discussed in the EDP auditing environment. Auditors are now concentrating on using technology to assist in the performance of their audit procedures. The reasons for this are multiple, but for the purposes of this document only the major reasons will be highlighted.
- Full Text:
- Authors: Boessenkool, Marnix Guillaume
- Date: 2014-03-27
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: uj:4536 , http://hdl.handle.net/10210/9872
- Description: M.Com. (Computer Auditing) , In this chapter the actual topic will be presented. The reason for this study will be motivated with reference to current audit developments. This chapter will also highlight the constraints of the study. This is necessary to clearly identify the application of this essay in practice. The reader of this essay should be able to identify the relevance and possible applications of this study after having read chapter 1. In the past few years substantial attention has been given to auditing aspects of system software. The way system software operates and interacts, and the impact on the auditability of computer based systems were issues discussed in the EDP auditing environment. Auditors are now concentrating on using technology to assist in the performance of their audit procedures. The reasons for this are multiple, but for the purposes of this document only the major reasons will be highlighted.
- Full Text:
An audit approach to risks and controls in the virtual enterprise
- Authors: Britz, Charl van Reenen
- Date: 2012-08-22
- Subjects: Electronic data processing - Auditing , Auditing - Data processing , Corporations - Auditing
- Type: Mini-Dissertation
- Identifier: http://ujcontent.uj.ac.za8080/10210/378504 , uj:2936 , http://hdl.handle.net/10210/6364
- Description: M.Comm. , "The convergence of computer networking and telecommunication technologies is making it possible for groups of companies to co-ordinate geographically and institutionally distributed capabilities into a single virtual organisation and to achieve powerful competitive advantages in the process" (Grimshaw & Kwok, 1998:45). To what extent do these developments effect the auditor's approach in determining his audit strategy? According to Jenkins, Cooke and Quest (1992:18), one of the factors that effects the audit strategy is the overall control environment of the business. The objectives of this short dissertation will be: to identify the risks from an audit perspective that are associated with the virtual enterprise; and to identify controls which the management of the auditor's client could implement to minimise these risks. This short dissertation has concentrated exclusively on the investigation of risks and the related controls which are relevant to the auditor in the virtual enterprise. Certain limitations have been necessary in order to remain focused, namely: The so-called teleshopping or telemarketing organisation is excluded from this short dissertation; and Plastic cards and the detail controls under each of the main category of computer controls are also excluded.
- Full Text:
- Authors: Britz, Charl van Reenen
- Date: 2012-08-22
- Subjects: Electronic data processing - Auditing , Auditing - Data processing , Corporations - Auditing
- Type: Mini-Dissertation
- Identifier: http://ujcontent.uj.ac.za8080/10210/378504 , uj:2936 , http://hdl.handle.net/10210/6364
- Description: M.Comm. , "The convergence of computer networking and telecommunication technologies is making it possible for groups of companies to co-ordinate geographically and institutionally distributed capabilities into a single virtual organisation and to achieve powerful competitive advantages in the process" (Grimshaw & Kwok, 1998:45). To what extent do these developments effect the auditor's approach in determining his audit strategy? According to Jenkins, Cooke and Quest (1992:18), one of the factors that effects the audit strategy is the overall control environment of the business. The objectives of this short dissertation will be: to identify the risks from an audit perspective that are associated with the virtual enterprise; and to identify controls which the management of the auditor's client could implement to minimise these risks. This short dissertation has concentrated exclusively on the investigation of risks and the related controls which are relevant to the auditor in the virtual enterprise. Certain limitations have been necessary in order to remain focused, namely: The so-called teleshopping or telemarketing organisation is excluded from this short dissertation; and Plastic cards and the detail controls under each of the main category of computer controls are also excluded.
- Full Text:
A control model for the evaluation and analysis of control facilities in a simple path context model in a MVS/XA environment
- Authors: Damianides, Marios
- Date: 2014-07-28
- Subjects: Computer security , Computers - Access control , Auditing - Data processing
- Type: Thesis
- Identifier: uj:11839 , http://hdl.handle.net/10210/11571
- Description: M.Com. (Computer Auditing) , The need to evaluate today's complex computer environments from an audit perspective has increased, particularly in viewof the disappearance of a paper audit trail and the inefficiencies of auditing "around" the computer in these environments. By making use of the Access Path and the Path Context Models, it was possible to carry out an evaluation of the MVS/XA environment. This evaluation was carried out using the methodology developed in this research essay. This methodology may have universal applicability in the evaluation of computer security. The concept of each layer in the access path being a "net", which only allows authorised users to drop to the next layer, was applied. It was found that each systems software component had sufficient facilities to meet the control objectives. The operating system itself, however, was found to present the installation with more risk factors than controls. It was therefore concluded that an external access control software package needs to be implemented to supplement the controls in this environment, if the control objectives are to be met. It was also concluded that the implementation of this package would not, in itself, solve all the security issues, and that the matrices developed should be used in the implementation of this package. This is a further indication of the usefulness of the model and the methodology. The applicability of the Access Path and the Path Context Models in the evaluation of the predefined environment has therefore been established.
- Full Text:
- Authors: Damianides, Marios
- Date: 2014-07-28
- Subjects: Computer security , Computers - Access control , Auditing - Data processing
- Type: Thesis
- Identifier: uj:11839 , http://hdl.handle.net/10210/11571
- Description: M.Com. (Computer Auditing) , The need to evaluate today's complex computer environments from an audit perspective has increased, particularly in viewof the disappearance of a paper audit trail and the inefficiencies of auditing "around" the computer in these environments. By making use of the Access Path and the Path Context Models, it was possible to carry out an evaluation of the MVS/XA environment. This evaluation was carried out using the methodology developed in this research essay. This methodology may have universal applicability in the evaluation of computer security. The concept of each layer in the access path being a "net", which only allows authorised users to drop to the next layer, was applied. It was found that each systems software component had sufficient facilities to meet the control objectives. The operating system itself, however, was found to present the installation with more risk factors than controls. It was therefore concluded that an external access control software package needs to be implemented to supplement the controls in this environment, if the control objectives are to be met. It was also concluded that the implementation of this package would not, in itself, solve all the security issues, and that the matrices developed should be used in the implementation of this package. This is a further indication of the usefulness of the model and the methodology. The applicability of the Access Path and the Path Context Models in the evaluation of the predefined environment has therefore been established.
- Full Text:
The impact of IT risk on external audit reports
- Authors: Dempsey, Karlien
- Date: 2018
- Subjects: Auditing - Data processing , Information technology - Management , Information technology - Risk management
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/292142 , uj:31743
- Description: Abstract: IT is an integral part of all organisations and consequently, all organisations should be considered as IT-affected entities. IT risk is therefore an entity risk which should be managed and mitigated through effective IT governance processes and the selection or design and implementation of IT governance frameworks. These frameworks should be designed and implemented at managerial level, however, the board and / or the audit committee should take overall responsibility for IT governance. The auditor uses the audit report as the primary tool to communicate their opinion to the users of the financial statements. The new audit report format, which superseded the previous format in 2016, should address the audit expectation gap as well as the shortcomings of the previous format, namely, limited communication and standardised language. The most significant change in this new format is the disclosure of items that are deemed of most significance in the audit, namely, Key Audit Matters. Through a content analysis of the JSE top 40 listed entities, it was found that those charged with governance in 39 of these entities regard IT as a significant risk and disclosed detail on IT governance or IT committees. However, although a total of 130 Key Audit Matters were raised by the entire study, none related to IT. This suggests a disconnect between the literature and the view of those charged with IT governance on the one hand, and the disclosure made by the auditor on the other. , M.Com. (Computer Auditing)
- Full Text:
- Authors: Dempsey, Karlien
- Date: 2018
- Subjects: Auditing - Data processing , Information technology - Management , Information technology - Risk management
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/292142 , uj:31743
- Description: Abstract: IT is an integral part of all organisations and consequently, all organisations should be considered as IT-affected entities. IT risk is therefore an entity risk which should be managed and mitigated through effective IT governance processes and the selection or design and implementation of IT governance frameworks. These frameworks should be designed and implemented at managerial level, however, the board and / or the audit committee should take overall responsibility for IT governance. The auditor uses the audit report as the primary tool to communicate their opinion to the users of the financial statements. The new audit report format, which superseded the previous format in 2016, should address the audit expectation gap as well as the shortcomings of the previous format, namely, limited communication and standardised language. The most significant change in this new format is the disclosure of items that are deemed of most significance in the audit, namely, Key Audit Matters. Through a content analysis of the JSE top 40 listed entities, it was found that those charged with governance in 39 of these entities regard IT as a significant risk and disclosed detail on IT governance or IT committees. However, although a total of 130 Key Audit Matters were raised by the entire study, none related to IT. This suggests a disconnect between the literature and the view of those charged with IT governance on the one hand, and the disclosure made by the auditor on the other. , M.Com. (Computer Auditing)
- Full Text:
A taxonomy of risks in rapid application development (RAD) projects
- Authors: Dunseith, Roy H.
- Date: 2014-04-16
- Subjects: Auditing - Data processing , Computer auditing
- Type: Thesis
- Identifier: uj:10786 , http://hdl.handle.net/10210/10294
- Description: M. Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
- Authors: Dunseith, Roy H.
- Date: 2014-04-16
- Subjects: Auditing - Data processing , Computer auditing
- Type: Thesis
- Identifier: uj:10786 , http://hdl.handle.net/10210/10294
- Description: M. Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
The need for the external auditor to rely on internal E.D.P. auditors in complex computerised environments (with particular reference to financial institutions)
- Authors: Ford, John Charles
- Date: 2014-09-23
- Subjects: Auditing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:12358 , http://hdl.handle.net/10210/12143
- Description: M.Com. (Accounting) , Please refer to full text to view abstract
- Full Text:
- Authors: Ford, John Charles
- Date: 2014-09-23
- Subjects: Auditing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:12358 , http://hdl.handle.net/10210/12143
- Description: M.Com. (Accounting) , Please refer to full text to view abstract
- Full Text:
IT risk management disclosure in the integrated reports of the Top 40 listed companies on the JSE Limited
- Authors: Hohls-du Preez, Covanni
- Date: 2016
- Subjects: Information technology - Risk management , Information technology - Security measures , Financial risk management , Auditing - Data processing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/245826 , uj:25469
- Description: M.Com. (Computer Auditing) , Abstract: Information Technology (IT) has become an integral part of virtually all modern day organisations. The advent of IT has given rise to numerous benefits which increase productivity and efficiency in the workplace, however, IT also brings with it significant risks that can have an impact on an organisation’s ability to function as a going concern. Organisations, especially those listed on the Johannesburg Stock Exchange (JSE), are required to submit an Integrated Report (IR) on an annual basis in which they indicate how they used the resources at their disposal to create value for the organisation and its stakeholders during the year under review. The IR is also a forward-looking document, as opposed to the traditional, backward-looking reports. The purpose of this study is to analyse the Integrated Reports of the Top 40 listed organisations on the JSE and determine the extent to which IT risks are disclosed in their IR and whether the way these risks are managed is also included in the IR as required by the IR Framework. This is done by means of an empirical study consisting of a content analysis of the IRs of the Top 40 listed companies on the JSE. The results of the analysis indicate that more than half of the companies in the sample included IT risk as part of their material risks and outlined appropriate and detailed processes that are followed by the company to manage those IT risks.
- Full Text:
- Authors: Hohls-du Preez, Covanni
- Date: 2016
- Subjects: Information technology - Risk management , Information technology - Security measures , Financial risk management , Auditing - Data processing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/245826 , uj:25469
- Description: M.Com. (Computer Auditing) , Abstract: Information Technology (IT) has become an integral part of virtually all modern day organisations. The advent of IT has given rise to numerous benefits which increase productivity and efficiency in the workplace, however, IT also brings with it significant risks that can have an impact on an organisation’s ability to function as a going concern. Organisations, especially those listed on the Johannesburg Stock Exchange (JSE), are required to submit an Integrated Report (IR) on an annual basis in which they indicate how they used the resources at their disposal to create value for the organisation and its stakeholders during the year under review. The IR is also a forward-looking document, as opposed to the traditional, backward-looking reports. The purpose of this study is to analyse the Integrated Reports of the Top 40 listed organisations on the JSE and determine the extent to which IT risks are disclosed in their IR and whether the way these risks are managed is also included in the IR as required by the IR Framework. This is done by means of an empirical study consisting of a content analysis of the IRs of the Top 40 listed companies on the JSE. The results of the analysis indicate that more than half of the companies in the sample included IT risk as part of their material risks and outlined appropriate and detailed processes that are followed by the company to manage those IT risks.
- Full Text:
Auditing database integrity with special reference to relational and relationallike database management systems
- Authors: Johnston, Hester Nicolette
- Date: 2014-09-23
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: uj:12359 , http://hdl.handle.net/10210/12144
- Description: M.Com. (Accounting) , Please refer to full text to view abstract
- Full Text:
- Authors: Johnston, Hester Nicolette
- Date: 2014-09-23
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: uj:12359 , http://hdl.handle.net/10210/12144
- Description: M.Com. (Accounting) , Please refer to full text to view abstract
- Full Text:
Mobile applications security controls in the South African banking sector
- Authors: Lemao, Kingsley Neo
- Date: 2016
- Subjects: Banks and banking, Mobile , Banks and banking - Security measures , Auditing - Data processing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/237231 , uj:24304
- Description: M.Com. (Computer Auditing) , Abstract: Mobile applications have grown to be the preferred mode of the banking sector and end-user’s means of conducting transactions due to benefits of ease of use and cost. The proliferation of mobile applications increases the likelihood that some may include IT security vulnerabilities. The objective of this paper is to examine the impact that mobile applications’ IT security risks have on the IT security controls in the South African (SA) banking sector – and the frameworks used by the organisations to assess the IT security controls related to mobile applications. An electronically administered questionnaire was sent to IT security analysts who are responsible for assessing IT security risks at the big four banking organisations in SA. The findings of this paper reveal that a number of IT security risks in mobile banking applications are related to inadequate software coding. Software programmers are more concerned with mobile application functionality than with IT security and this is the root cause of the noted finding. Banking organisations should ensure that mobile applications are secure before deployment to proactively prevent prospective attacks on their organisation’s IT control environment. This can be realised by conducting IT security audits, vulnerability assessments, and penetration testing throughout the software development lifecycle.
- Full Text:
- Authors: Lemao, Kingsley Neo
- Date: 2016
- Subjects: Banks and banking, Mobile , Banks and banking - Security measures , Auditing - Data processing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/237231 , uj:24304
- Description: M.Com. (Computer Auditing) , Abstract: Mobile applications have grown to be the preferred mode of the banking sector and end-user’s means of conducting transactions due to benefits of ease of use and cost. The proliferation of mobile applications increases the likelihood that some may include IT security vulnerabilities. The objective of this paper is to examine the impact that mobile applications’ IT security risks have on the IT security controls in the South African (SA) banking sector – and the frameworks used by the organisations to assess the IT security controls related to mobile applications. An electronically administered questionnaire was sent to IT security analysts who are responsible for assessing IT security risks at the big four banking organisations in SA. The findings of this paper reveal that a number of IT security risks in mobile banking applications are related to inadequate software coding. Software programmers are more concerned with mobile application functionality than with IT security and this is the root cause of the noted finding. Banking organisations should ensure that mobile applications are secure before deployment to proactively prevent prospective attacks on their organisation’s IT control environment. This can be realised by conducting IT security audits, vulnerability assessments, and penetration testing throughout the software development lifecycle.
- Full Text:
IT governance disclosures of South African telecommunications companies
- Authors: Lengana, Obakeng
- Date: 2018
- Subjects: Auditing - Data processing , Telecommunication - South Africa , Information technology - South Africa
- Language: English
- Type: Masters (Thesis)
- Identifier: http://ujcontent.uj.ac.za8080/10210/378194 , http://hdl.handle.net/10210/292223 , uj:31753
- Description: Abstract: The South African telecommunications industry has been experiencing constant transformation as a result of ongoing developments in technology. Over the years, the top telecommunications companies have invested billions into information technology (IT) infrastructure in order to expand their portfolios to meet the growing demands of a digital hungry society. Considering the nature of their business activities and their heavy reliance on IT, telecommunications companies are exposed to significant IT governance issues which may affect the sustainability of their business activities. In order to effectively address these issues, the governing bodies need to ensure that strong IT governance is implemented. Governing bodies also need to communicate these issues to external stakeholders, who require such information to make informed assessments of the companies’ operations. The disclosure of IT governance information is, according to King IV, a regulated requirement for JSE-listed companies. However, it is unclear whether these IT governance disclosure requirements are sufficient to satisfy stakeholder expectations. This study evaluates the IT governance disclosures of the top three telecommunications companies according to the stipulations of King IV. It also benchmarks these disclosures against the five IT governance focus areas and stakeholder values (Strategic Alignment, Value Delivery, Risk Management, Resource Management and Performance Management) established by the IT Governance Institute (ITGI) and the Information Systems Audit and Control Association (ISACA). This comparison aims to determine whether the King IV IT governance disclosures are sufficient to satisfy stakeholder expectations. The results were gathered by analysing the annual integrated reports of the top three telecommunications companies. The results of the study revealed that none of the top three selected telecommunications companies in were fully compliant with the IT governance disclosure requirements of King IV. The findings did confirm, however, that the IT governance requirements of King IV were aligned to the five IT governance focus areas and to stakeholder values in terms of the ITGI and ISACA. Companies needing clarity on specific items of disclosure may therefore refer to the five IT governance focus areas and stakeholder values by the ITGI and ISACA. , M.Com. (Computer Auditing)
- Full Text:
- Authors: Lengana, Obakeng
- Date: 2018
- Subjects: Auditing - Data processing , Telecommunication - South Africa , Information technology - South Africa
- Language: English
- Type: Masters (Thesis)
- Identifier: http://ujcontent.uj.ac.za8080/10210/378194 , http://hdl.handle.net/10210/292223 , uj:31753
- Description: Abstract: The South African telecommunications industry has been experiencing constant transformation as a result of ongoing developments in technology. Over the years, the top telecommunications companies have invested billions into information technology (IT) infrastructure in order to expand their portfolios to meet the growing demands of a digital hungry society. Considering the nature of their business activities and their heavy reliance on IT, telecommunications companies are exposed to significant IT governance issues which may affect the sustainability of their business activities. In order to effectively address these issues, the governing bodies need to ensure that strong IT governance is implemented. Governing bodies also need to communicate these issues to external stakeholders, who require such information to make informed assessments of the companies’ operations. The disclosure of IT governance information is, according to King IV, a regulated requirement for JSE-listed companies. However, it is unclear whether these IT governance disclosure requirements are sufficient to satisfy stakeholder expectations. This study evaluates the IT governance disclosures of the top three telecommunications companies according to the stipulations of King IV. It also benchmarks these disclosures against the five IT governance focus areas and stakeholder values (Strategic Alignment, Value Delivery, Risk Management, Resource Management and Performance Management) established by the IT Governance Institute (ITGI) and the Information Systems Audit and Control Association (ISACA). This comparison aims to determine whether the King IV IT governance disclosures are sufficient to satisfy stakeholder expectations. The results were gathered by analysing the annual integrated reports of the top three telecommunications companies. The results of the study revealed that none of the top three selected telecommunications companies in were fully compliant with the IT governance disclosure requirements of King IV. The findings did confirm, however, that the IT governance requirements of King IV were aligned to the five IT governance focus areas and to stakeholder values in terms of the ITGI and ISACA. Companies needing clarity on specific items of disclosure may therefore refer to the five IT governance focus areas and stakeholder values by the ITGI and ISACA. , M.Com. (Computer Auditing)
- Full Text:
An analysis of information technology governance of listed companies in South Africa
- Authors: Masake, Napoleon
- Date: 2019
- Subjects: Electronic data processing - Auditing , Auditing - Data processing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/414797 , uj:34998
- Description: Abstract: Keeping up with the information technology governance requirements is critical in many listed companies in South Africa. It requires the governance framework to identify the mechanisms which will oversee the use of information technology and manage the risk associated with using information and technology. This study aimed to analyse the information technology governance by listed companies in South Africa. It does so through a case study of selected companies listed in the Johannesburg Stock Exchange (JSE). The present study also focused on the seven principles of information technology governance, which requires the companies to apply the principles or explain the non-application of the principles of the governance of information technology. Using a qualitative study approach, the study adopted a content analysis approach to analyse the governance of information technology by listed companies in South Africa. Such analysis was based on the integrated annual reports for the financial year end 2015, which were published by listed companies in South Africa in order to ascertain the level of application with the principles of information technology governance. Thus, the study revealed that almost ninety percent (90%) of the selected companies adhere to the compliance framework, whereas, ten (10%) are still not applying with the principles of information technology governance. As usual in research, this study is not free from limitation. Thus, the limitation to this study is that it presents a snapshot of information technology governance up until 2015, and these results cannot be extrapolated to other chapters of The King Report on Corporate Governance for South Africa 2009, such as risk management. Further studies could include a review of compliance to The King IV on Corporate Governance for South Africa 2016 and compliance to The King III on Corporate Governance of South Africa 2009 by non-listed entities. , M.Com. (Computer Auditing)
- Full Text:
- Authors: Masake, Napoleon
- Date: 2019
- Subjects: Electronic data processing - Auditing , Auditing - Data processing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/414797 , uj:34998
- Description: Abstract: Keeping up with the information technology governance requirements is critical in many listed companies in South Africa. It requires the governance framework to identify the mechanisms which will oversee the use of information technology and manage the risk associated with using information and technology. This study aimed to analyse the information technology governance by listed companies in South Africa. It does so through a case study of selected companies listed in the Johannesburg Stock Exchange (JSE). The present study also focused on the seven principles of information technology governance, which requires the companies to apply the principles or explain the non-application of the principles of the governance of information technology. Using a qualitative study approach, the study adopted a content analysis approach to analyse the governance of information technology by listed companies in South Africa. Such analysis was based on the integrated annual reports for the financial year end 2015, which were published by listed companies in South Africa in order to ascertain the level of application with the principles of information technology governance. Thus, the study revealed that almost ninety percent (90%) of the selected companies adhere to the compliance framework, whereas, ten (10%) are still not applying with the principles of information technology governance. As usual in research, this study is not free from limitation. Thus, the limitation to this study is that it presents a snapshot of information technology governance up until 2015, and these results cannot be extrapolated to other chapters of The King Report on Corporate Governance for South Africa 2009, such as risk management. Further studies could include a review of compliance to The King IV on Corporate Governance for South Africa 2016 and compliance to The King III on Corporate Governance of South Africa 2009 by non-listed entities. , M.Com. (Computer Auditing)
- Full Text:
The audit implications of object-oriented programming
- Authors: Murphy, Ninette
- Date: 2014-02-18
- Subjects: Object-oriented programming (Computer science) , Auditing - Data processing
- Type: Thesis
- Identifier: uj:4104 , http://hdl.handle.net/10210/9451
- Description: M.Com. (Computer Auditing) , During the last few decades the hardware of a computer system has undergone repeated revolutions. On the other hand the software development process has remained largely unchanged. The advent of the Information Age has, however, necessitated major improvements in the software development process. Object-Orientated Programming is seen as the vehicle by which this can be achieved. The use of object-orientation involves the auditor in two major areas. Firstly, the auditor may be involved in advising as to which systems engineering process to use and secondly, to assess the influence of the systems engineering process on the control environment of the client's computer system. In this dissertation, both the use of object orientation as a systems engineering methodology and the implications of this methodology on the control environment are discussed. Object-Orientated Programming can be broken down into the three main features, encapsulation, inheritance and interfaces. Encapsulation implies that both the data and processes that are permissible on that data, should be encapsulated as a single entity, known as an object. Inheritance on the other hand can be thought of as a specialisation of objects, to form a hierarchy of objects. Inheritance is, therefore, a way of sharing information between objects but with additional features to change or add certain attributes or methods of other objects. The external powers of an object are completely circumscribed by message passing. The only way in which an object can be addressed is to send a message to the object. This is done by the specific interfaces between the objects.
- Full Text:
- Authors: Murphy, Ninette
- Date: 2014-02-18
- Subjects: Object-oriented programming (Computer science) , Auditing - Data processing
- Type: Thesis
- Identifier: uj:4104 , http://hdl.handle.net/10210/9451
- Description: M.Com. (Computer Auditing) , During the last few decades the hardware of a computer system has undergone repeated revolutions. On the other hand the software development process has remained largely unchanged. The advent of the Information Age has, however, necessitated major improvements in the software development process. Object-Orientated Programming is seen as the vehicle by which this can be achieved. The use of object-orientation involves the auditor in two major areas. Firstly, the auditor may be involved in advising as to which systems engineering process to use and secondly, to assess the influence of the systems engineering process on the control environment of the client's computer system. In this dissertation, both the use of object orientation as a systems engineering methodology and the implications of this methodology on the control environment are discussed. Object-Orientated Programming can be broken down into the three main features, encapsulation, inheritance and interfaces. Encapsulation implies that both the data and processes that are permissible on that data, should be encapsulated as a single entity, known as an object. Inheritance on the other hand can be thought of as a specialisation of objects, to form a hierarchy of objects. Inheritance is, therefore, a way of sharing information between objects but with additional features to change or add certain attributes or methods of other objects. The external powers of an object are completely circumscribed by message passing. The only way in which an object can be addressed is to send a message to the object. This is done by the specific interfaces between the objects.
- Full Text:
Information technology audit approach for the assessment of software patch management
- Authors: Oosthuizen, Deon
- Date: 2015
- Subjects: Auditing - Data processing , Information technology - Auditing , Computer software - Development
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/54885 , uj:16254
- Description: Abstract: Computer software is ubiquitous and is driven extensively by our information-based society. However, little consideration is given to the complex task of developing software, which may involve conflicting objectives. Developing software that is free from material defects is the ultimate goal for software developers; however, due to its cost and complexity, it is a goal that is unlikely to be achieved. As a consequence of the inevitable defects that manifest within computer software, the task of software patch management becomes a key focus area for software companies, IT departments, and even end users. Audit departments, as part of their responsibilities, are required to provide assurance on the patching process and therefore need to understand the various decisionmaking factors. The task of patching software to rectify inherent flaws may be a simple operation on computer systems that are of low significance, but is far more complex and critical on high-risk systems. Software flaws that exist within computer systems may put confidential information at risk and may also compromise the availability of such systems. One of the environments that is extremely susceptible to software flaws is the South African banking system, where not only is confidentiality a critical imperative, but also where high system availability is expected by the banking public. The study investigated the recommended approaches for the task of software patching, with a view to balancing the sometimes conflicting requirements of security and system availability. The reasons for software patching, the discipline of risk management relating to IT and software patching are also identified as fundamental to the audit approach for assessing the process. The study found that there are a number of key aspects that are required to ensure a successful patching process and that the internal auditors of the ‘big four’ South African banks considered most of these factors to be important. Despite these organisations being extremely mature from a risk management perspective, the auditors believed that the patching process may benefit from an increased focus on risk management. , M.Com. (Computer Auditing)
- Full Text:
- Authors: Oosthuizen, Deon
- Date: 2015
- Subjects: Auditing - Data processing , Information technology - Auditing , Computer software - Development
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/54885 , uj:16254
- Description: Abstract: Computer software is ubiquitous and is driven extensively by our information-based society. However, little consideration is given to the complex task of developing software, which may involve conflicting objectives. Developing software that is free from material defects is the ultimate goal for software developers; however, due to its cost and complexity, it is a goal that is unlikely to be achieved. As a consequence of the inevitable defects that manifest within computer software, the task of software patch management becomes a key focus area for software companies, IT departments, and even end users. Audit departments, as part of their responsibilities, are required to provide assurance on the patching process and therefore need to understand the various decisionmaking factors. The task of patching software to rectify inherent flaws may be a simple operation on computer systems that are of low significance, but is far more complex and critical on high-risk systems. Software flaws that exist within computer systems may put confidential information at risk and may also compromise the availability of such systems. One of the environments that is extremely susceptible to software flaws is the South African banking system, where not only is confidentiality a critical imperative, but also where high system availability is expected by the banking public. The study investigated the recommended approaches for the task of software patching, with a view to balancing the sometimes conflicting requirements of security and system availability. The reasons for software patching, the discipline of risk management relating to IT and software patching are also identified as fundamental to the audit approach for assessing the process. The study found that there are a number of key aspects that are required to ensure a successful patching process and that the internal auditors of the ‘big four’ South African banks considered most of these factors to be important. Despite these organisations being extremely mature from a risk management perspective, the auditors believed that the patching process may benefit from an increased focus on risk management. , M.Com. (Computer Auditing)
- Full Text:
Die funksie van die eksterne ouditeur in die veranderende ouditsituasie meegebring deur die elektronieseverwerking van handelsdata met spesiale verwysing na die indeling van interne beheerpunte
- Pretorius, Jacobus Petrus Steyn
- Authors: Pretorius, Jacobus Petrus Steyn
- Date: 2014-09-23
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/380265 , uj:12389 , http://hdl.handle.net/10210/12171
- Description: M.Com. (Auditing) , Please refer to full text to view abstract
- Full Text:
- Authors: Pretorius, Jacobus Petrus Steyn
- Date: 2014-09-23
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/380265 , uj:12389 , http://hdl.handle.net/10210/12171
- Description: M.Com. (Auditing) , Please refer to full text to view abstract
- Full Text:
Information technology internal audit departments in South African national government departments
- Authors: Radingoana, Kenny Selume
- Date: 2016
- Subjects: Auditing - Computer programs , Auditing - Data processing , Auditing, Internal , Information technology - Auditing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/237300 , uj:24313
- Description: M.Com. (Computer Auditing) , Abstract: Please refer to full text to view abstract
- Full Text:
- Authors: Radingoana, Kenny Selume
- Date: 2016
- Subjects: Auditing - Computer programs , Auditing - Data processing , Auditing, Internal , Information technology - Auditing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/237300 , uj:24313
- Description: M.Com. (Computer Auditing) , Abstract: Please refer to full text to view abstract
- Full Text:
An evaluation of information technology security threats : a case study of the University of Johannesburg
- Authors: Rama, Pranisha
- Date: 2016
- Subjects: Information technology - Security measures , Auditing - Data processing , Cyberterrorism
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/237303 , uj:24314
- Description: M.Com. (Computer Auditing) , Abstract: This research investigated the different information technology (IT) security threats that the university faces and the concept of IT security awareness. The research has become increasingly relevant because IT plays an important role to prevent the interruption of a university network in the event of a cyber-attack. Thus, universities must consider the importance of creating IT security awareness. However, IT risks such as phishing, hacking, viruses and stolen passwords often expose universities to cyber-attacks. As a consequence of these ongoing IT security risks, universities must fully understand the importance of IT security and the impact it could have on the institution. To achieve the research objective, the research followed an empirical study and a quantitative method that consisted of a questionnaire distributed to BCom Accounting second year students at the University of Johannesburg. Using a literature review on IT security threats and IT security awareness programmes at universities had also produced a significant findings on IT security threats. Thus, the study found that that the majority of students are not aware of IT security threats affecting a university. Although the majority of the students perceive IT security threats as a negative implication, it was found that universities are not placing enough focus on IT security awareness. It was evident that there is a need for improvement in the way universities address IT security threats. Arising from the analysis, the study recommends that an effective and adequate IT security awareness should be in place to address IT security threats
- Full Text:
- Authors: Rama, Pranisha
- Date: 2016
- Subjects: Information technology - Security measures , Auditing - Data processing , Cyberterrorism
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/237303 , uj:24314
- Description: M.Com. (Computer Auditing) , Abstract: This research investigated the different information technology (IT) security threats that the university faces and the concept of IT security awareness. The research has become increasingly relevant because IT plays an important role to prevent the interruption of a university network in the event of a cyber-attack. Thus, universities must consider the importance of creating IT security awareness. However, IT risks such as phishing, hacking, viruses and stolen passwords often expose universities to cyber-attacks. As a consequence of these ongoing IT security risks, universities must fully understand the importance of IT security and the impact it could have on the institution. To achieve the research objective, the research followed an empirical study and a quantitative method that consisted of a questionnaire distributed to BCom Accounting second year students at the University of Johannesburg. Using a literature review on IT security threats and IT security awareness programmes at universities had also produced a significant findings on IT security threats. Thus, the study found that that the majority of students are not aware of IT security threats affecting a university. Although the majority of the students perceive IT security threats as a negative implication, it was found that universities are not placing enough focus on IT security awareness. It was evident that there is a need for improvement in the way universities address IT security threats. Arising from the analysis, the study recommends that an effective and adequate IT security awareness should be in place to address IT security threats
- Full Text:
An audit perspective of data quality
- Authors: Ramabulana, Territon
- Date: 2014-11-20
- Subjects: Database management , Database security , Auditing - Data processing
- Type: Thesis
- Identifier: uj:13087 , http://hdl.handle.net/10210/12965
- Description: M.Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
- Authors: Ramabulana, Territon
- Date: 2014-11-20
- Subjects: Database management , Database security , Auditing - Data processing
- Type: Thesis
- Identifier: uj:13087 , http://hdl.handle.net/10210/12965
- Description: M.Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
The impact on information systems controls within an organisation when making use of an EDI VAN
- Authors: Rorbye, Trevor Wayne
- Date: 2014-05-08
- Subjects: Electronic data processing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:10944 , http://hdl.handle.net/10210/10517
- Description: M.Com. (Computer Auditing) , The implementation of EDI into South Africa business has only started in the recent past. The main reason for this is the fact that the huge benefits in terms of faster processing of business transactions, reduced costs of processing and the formation of strategic business alliances with key business partners, is only now being accepted by management. The other reason is due to the fact that large, commercially operated Value Added Networks (VANs) have only been in existence in this country during the last two years. The primary objective of this short dissertation can be summarised as follows: a) To provide a brief overview of the developments which are currently taking place in South Africa in the Electronic Data Interchange (EDI) environment and the Value Added Network (VAN) environment; b) To highlight how EDI is currently being implemented in South Africa; c) To develop a simplistic framework of key information systems controls which an auditor should consider when evaluating the information systems at a client; and d) To apply this controls framework to the EDI and VAN environments in order to derive lists of the information systems controls which should be reviewed by the auditor when their client makes use of an EDI VAN.
- Full Text:
- Authors: Rorbye, Trevor Wayne
- Date: 2014-05-08
- Subjects: Electronic data processing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:10944 , http://hdl.handle.net/10210/10517
- Description: M.Com. (Computer Auditing) , The implementation of EDI into South Africa business has only started in the recent past. The main reason for this is the fact that the huge benefits in terms of faster processing of business transactions, reduced costs of processing and the formation of strategic business alliances with key business partners, is only now being accepted by management. The other reason is due to the fact that large, commercially operated Value Added Networks (VANs) have only been in existence in this country during the last two years. The primary objective of this short dissertation can be summarised as follows: a) To provide a brief overview of the developments which are currently taking place in South Africa in the Electronic Data Interchange (EDI) environment and the Value Added Network (VAN) environment; b) To highlight how EDI is currently being implemented in South Africa; c) To develop a simplistic framework of key information systems controls which an auditor should consider when evaluating the information systems at a client; and d) To apply this controls framework to the EDI and VAN environments in order to derive lists of the information systems controls which should be reviewed by the auditor when their client makes use of an EDI VAN.
- Full Text:
The role of information technology (IT) in the risk management of businesses in South Africa
- Authors: Schutte, Belinda
- Date: 2017
- Subjects: Risk management - South Africa , Information technology - South Africa , Auditing - Data processing , Information technology - Security measures - South Africa
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/245943 , uj:25485
- Description: M.Com. , Abstract: Information Technology (hereafter IT) is an ever changing discipline and has dramatically changed the way in which businesses operate today. The IT systems that organisations use within their business operations give rise to IT risks that can affect the organisation. Because of these IT risks, organisations now have to make certain that IT is incorporated into the risk management process within an organisation to ensure that there are mitigation strategies in place to mitigate these risks. Organisations should fully understand the role that IT will play in the risk management process to make sure the benefits linked to incorporating IT into this process are enjoyed. The study investigated the role of IT in the risk management process of businesses in South Africa by conducting a comprehensive literature study on the risk management process of businesses and establishing how IT is incorporated into the organisations risk management process. The literature study focused on the type of IT risks and threats affecting organisations, the principles of IT governance and the governance of risk in terms of the King III Code on Corporate Governance. The literature study was performed by researching and reading relevant sources to obtain evidence on risk, IT and risk management to support the objectives of the study. The study used content analysis to comprise an empirical study on the Top 40 Johannesburg Securities Exchange (hereafter JSE) listed companies' integrated reports. The content analysis specifically focused on the disclosure of IT in the risk management process. The content analysis was performed by using a control sheet that contained specific questions regarding what the company had disclosed regarding IT, risks and risk management. The study found that the companies are mitigating IT related risks and have included IT into the risk management process. The results also found that the awareness around IT risks might be industry driven, as companies operating in an IT driven industry are more likely to be exposed to IT risk than non-industrial companies are. The integrated reports disclosed that the governance of risk and IT governance are two principles that the majority of the companies take seriously and are therefore implementing.
- Full Text:
- Authors: Schutte, Belinda
- Date: 2017
- Subjects: Risk management - South Africa , Information technology - South Africa , Auditing - Data processing , Information technology - Security measures - South Africa
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/245943 , uj:25485
- Description: M.Com. , Abstract: Information Technology (hereafter IT) is an ever changing discipline and has dramatically changed the way in which businesses operate today. The IT systems that organisations use within their business operations give rise to IT risks that can affect the organisation. Because of these IT risks, organisations now have to make certain that IT is incorporated into the risk management process within an organisation to ensure that there are mitigation strategies in place to mitigate these risks. Organisations should fully understand the role that IT will play in the risk management process to make sure the benefits linked to incorporating IT into this process are enjoyed. The study investigated the role of IT in the risk management process of businesses in South Africa by conducting a comprehensive literature study on the risk management process of businesses and establishing how IT is incorporated into the organisations risk management process. The literature study focused on the type of IT risks and threats affecting organisations, the principles of IT governance and the governance of risk in terms of the King III Code on Corporate Governance. The literature study was performed by researching and reading relevant sources to obtain evidence on risk, IT and risk management to support the objectives of the study. The study used content analysis to comprise an empirical study on the Top 40 Johannesburg Securities Exchange (hereafter JSE) listed companies' integrated reports. The content analysis specifically focused on the disclosure of IT in the risk management process. The content analysis was performed by using a control sheet that contained specific questions regarding what the company had disclosed regarding IT, risks and risk management. The study found that the companies are mitigating IT related risks and have included IT into the risk management process. The results also found that the awareness around IT risks might be industry driven, as companies operating in an IT driven industry are more likely to be exposed to IT risk than non-industrial companies are. The integrated reports disclosed that the governance of risk and IT governance are two principles that the majority of the companies take seriously and are therefore implementing.
- Full Text:
The relationship between entity related corporate governance factors and the establishment of separate risk management committee in South Africa
- Authors: Sekome, Nkoko Blessy
- Date: 2014-06-10
- Subjects: Auditing - Data processing , Financial risk management - South Africa , Information technology - Risk assessment , Corporate governance - South Africa
- Type: Thesis
- Identifier: uj:11436 , http://hdl.handle.net/10210/11132
- Description: M.Com. (Computer Auditing) , This dissertation aims to explore the entity characteristics associated with the implementation of the board-level stand-alone risk management committee (RMC) in South Africa. We developed a battery of econometric models based on triangulation of corporate governance theories which linked an entity’s decision to set up a separate risk management committee (RMC) in its board structures as a dependent variable and a host of entity-specific factors as independent variables. Data collected from audited annual reports of 181 JSE-listed non-financial entities was analysed using logistics regression estimation procedures. Our results show a strong positive relationship between the likelihood that an entity would establish a separate RMC, on the one hand, and board independence, board size, entity size, and industry type, on the other. Our study fails to find support for the hypothesis that an entity’s characteristics – such as the independence of the board chairman, the use of Big Four audit firms, financial reporting risks, and levels of financial leverage – do influence an entity’s decision to form a separate RMC. Our findings emphasize the role that information asymmetry between executive and non-executive directors, agency cost and potential damage to reputation capital of directors; diversity in background, expertise, and skills of directors; economies of scale in absorbing RMC costs; and industry-specific institutions and norms play in an entity’s decision to form a separate RMC. The implication of our findings is that policy-makers should consider the size and composition of boards and also take cognizance of entity size and industry-specific idiosyncrasies in setting recommended corporate governance practices.
- Full Text:
- Authors: Sekome, Nkoko Blessy
- Date: 2014-06-10
- Subjects: Auditing - Data processing , Financial risk management - South Africa , Information technology - Risk assessment , Corporate governance - South Africa
- Type: Thesis
- Identifier: uj:11436 , http://hdl.handle.net/10210/11132
- Description: M.Com. (Computer Auditing) , This dissertation aims to explore the entity characteristics associated with the implementation of the board-level stand-alone risk management committee (RMC) in South Africa. We developed a battery of econometric models based on triangulation of corporate governance theories which linked an entity’s decision to set up a separate risk management committee (RMC) in its board structures as a dependent variable and a host of entity-specific factors as independent variables. Data collected from audited annual reports of 181 JSE-listed non-financial entities was analysed using logistics regression estimation procedures. Our results show a strong positive relationship between the likelihood that an entity would establish a separate RMC, on the one hand, and board independence, board size, entity size, and industry type, on the other. Our study fails to find support for the hypothesis that an entity’s characteristics – such as the independence of the board chairman, the use of Big Four audit firms, financial reporting risks, and levels of financial leverage – do influence an entity’s decision to form a separate RMC. Our findings emphasize the role that information asymmetry between executive and non-executive directors, agency cost and potential damage to reputation capital of directors; diversity in background, expertise, and skills of directors; economies of scale in absorbing RMC costs; and industry-specific institutions and norms play in an entity’s decision to form a separate RMC. The implication of our findings is that policy-makers should consider the size and composition of boards and also take cognizance of entity size and industry-specific idiosyncrasies in setting recommended corporate governance practices.
- Full Text: