Audit risks in a database environment with specific reference to Oracle7
- Authors: Wiid, Liné Cornette
- Date: 2014-02-13
- Subjects: Auditing - Data processing , Financial statements - South Africa , Risk management - Data processing , ORACLE 7 (Computer system)
- Type: Thesis
- Identifier: uj:3954 , http://hdl.handle.net/10210/9314
- Description: M.Com. (Computer Auditing) , The objective of an independent audit of financial statements is to express an opinion on the fair presentation of the financial statements. The auditor should obtain sufficient audit evidence to enable him to draw conclusions to support the content of his report. The auditor should obtain an understanding of the entity's accounting system and related internal controls to assess their adequacy as a basis for the preparation of financial information and to assist in the designing of his audit procedures. If the auditor intends to rely on any internal controls, he should study and evaluate those controls. If a database system is used, it is logical that all the financial data reside in the database. In order for an auditor to express an opinion on the financial statements, he has to determine to what extent he can rely on the integrity of the financial data that resides in the database. The objective of this research was to identify the risks and controls present in a general database environment as well as those present in the Oracle? database management system environment, to develop a comparison table between these environments and to develop an Oracle? internal control questionnaire.
- Full Text:
- Authors: Wiid, Liné Cornette
- Date: 2014-02-13
- Subjects: Auditing - Data processing , Financial statements - South Africa , Risk management - Data processing , ORACLE 7 (Computer system)
- Type: Thesis
- Identifier: uj:3954 , http://hdl.handle.net/10210/9314
- Description: M.Com. (Computer Auditing) , The objective of an independent audit of financial statements is to express an opinion on the fair presentation of the financial statements. The auditor should obtain sufficient audit evidence to enable him to draw conclusions to support the content of his report. The auditor should obtain an understanding of the entity's accounting system and related internal controls to assess their adequacy as a basis for the preparation of financial information and to assist in the designing of his audit procedures. If the auditor intends to rely on any internal controls, he should study and evaluate those controls. If a database system is used, it is logical that all the financial data reside in the database. In order for an auditor to express an opinion on the financial statements, he has to determine to what extent he can rely on the integrity of the financial data that resides in the database. The objective of this research was to identify the risks and controls present in a general database environment as well as those present in the Oracle? database management system environment, to develop a comparison table between these environments and to develop an Oracle? internal control questionnaire.
- Full Text:
The information technology governance disclosures of state-owned entities
- Authors: Vutabwarova, Nancy
- Date: 2018
- Subjects: Auditing - Data processing , Information technology , Public sector
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/272246 , uj:28972
- Description: M.Com. (Computer Audting) , Abstract: Most organisations are now dependent on the use of information technology for their business operations and this has brought about an increase in information technology related spending. For most organisations with this excessive spend on information technology, there are also many unsuccessful information technology projects leading to fruitless expenditure. There is a need for organisations to implement information technology governance effectively. Effective information technology governance will result in beneficial information technology spend and consequently the reduction of unnecessary costs and overruns, and exploitation of information technology to enhance an organisation’s strategy. Information technology governance disclosures in an integrated report are important; they are an effective way for an organisation to communicate to stakeholders how they have implemented information technology governance. Globally state-owned entities (SOEs) contribute 20% to investments. Therefore these entities play a vital part to the South African economy; and thereby making public accountability for money spend by these entities particularly important. SOEs entities also use information technology extensively in their operations, just like their counterparts in the private sector. Information technology governance is therefore of utmost importance in the public sector as well. This study sought to investigate whether listed SOEs have adequately disclosed information technology governance in their integrated reports. This was achieved through a content analysis of the information technology governance disclosures contained in the SOEs’ integrated reports and compared to the principles contained in the King codes. The majority of SOEs do provide some disclosures regarding information technology governance; however, most of these disclosures are not sufficiently detailed. The integrated report disclosures reveal that only one SOE has fully complied with the King III code. Therefore, SOEs have a long way to go in terms of information technology governance disclosure requirements...
- Full Text:
- Authors: Vutabwarova, Nancy
- Date: 2018
- Subjects: Auditing - Data processing , Information technology , Public sector
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/272246 , uj:28972
- Description: M.Com. (Computer Audting) , Abstract: Most organisations are now dependent on the use of information technology for their business operations and this has brought about an increase in information technology related spending. For most organisations with this excessive spend on information technology, there are also many unsuccessful information technology projects leading to fruitless expenditure. There is a need for organisations to implement information technology governance effectively. Effective information technology governance will result in beneficial information technology spend and consequently the reduction of unnecessary costs and overruns, and exploitation of information technology to enhance an organisation’s strategy. Information technology governance disclosures in an integrated report are important; they are an effective way for an organisation to communicate to stakeholders how they have implemented information technology governance. Globally state-owned entities (SOEs) contribute 20% to investments. Therefore these entities play a vital part to the South African economy; and thereby making public accountability for money spend by these entities particularly important. SOEs entities also use information technology extensively in their operations, just like their counterparts in the private sector. Information technology governance is therefore of utmost importance in the public sector as well. This study sought to investigate whether listed SOEs have adequately disclosed information technology governance in their integrated reports. This was achieved through a content analysis of the information technology governance disclosures contained in the SOEs’ integrated reports and compared to the principles contained in the King codes. The majority of SOEs do provide some disclosures regarding information technology governance; however, most of these disclosures are not sufficiently detailed. The integrated report disclosures reveal that only one SOE has fully complied with the King III code. Therefore, SOEs have a long way to go in terms of information technology governance disclosure requirements...
- Full Text:
Audit evaluation of the controls in the Adabas database management system
- Authors: Van Schalkwyk, R.
- Date: 2014-02-11
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: uj:3906 , http://hdl.handle.net/10210/9270
- Description: M.Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
- Authors: Van Schalkwyk, R.
- Date: 2014-02-11
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: uj:3906 , http://hdl.handle.net/10210/9270
- Description: M.Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
Evaluation of access control within the Millennium software package
- Authors: Van Rooyen, J.
- Date: 2014-09-23
- Subjects: Auditing - Data processing , Auditing - Access control , Computers - Access control
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/375415 , uj:12372 , http://hdl.handle.net/10210/12156
- Description: M.Com. (Accounting) , Please refer to full text to view abstract
- Full Text:
- Authors: Van Rooyen, J.
- Date: 2014-09-23
- Subjects: Auditing - Data processing , Auditing - Access control , Computers - Access control
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/375415 , uj:12372 , http://hdl.handle.net/10210/12156
- Description: M.Com. (Accounting) , Please refer to full text to view abstract
- Full Text:
Packaged software : security and controls audit review
- Authors: Van Heerden, Chris
- Date: 2015-09-15
- Subjects: Auditing - Data processing , Software protection , Database security
- Type: Thesis
- Identifier: uj:14103 , http://hdl.handle.net/10210/14536
- Description: M.Com. , In recent years large organisations that developed mainframe application software in-house are now purchasing software packages to replace these applications. These advanced packages incorporate a high level of integration and include security and control features to ensure that the integrity of input, processing, output and storage are maintained. Computer auditors are required to evaluate these advanced packaged software to ensure that the security and control features are adequate and comply with organisational standards. Furthermore, they must ensure that the integrity of information systems programs and data are maintained ...
- Full Text:
- Authors: Van Heerden, Chris
- Date: 2015-09-15
- Subjects: Auditing - Data processing , Software protection , Database security
- Type: Thesis
- Identifier: uj:14103 , http://hdl.handle.net/10210/14536
- Description: M.Com. , In recent years large organisations that developed mainframe application software in-house are now purchasing software packages to replace these applications. These advanced packages incorporate a high level of integration and include security and control features to ensure that the integrity of input, processing, output and storage are maintained. Computer auditors are required to evaluate these advanced packaged software to ensure that the security and control features are adequate and comply with organisational standards. Furthermore, they must ensure that the integrity of information systems programs and data are maintained ...
- Full Text:
Access control by means of speech recognition and its impact on the auditor
- Van Graan, Johan Hendrik Otto
- Authors: Van Graan, Johan Hendrik Otto
- Date: 2012-08-22
- Subjects: Computers - Access control , Automatic speech recognition , Auditing - Data processing
- Type: Mini-Dissertation
- Identifier: uj:3016 , http://hdl.handle.net/10210/6438
- Description: M.Comm. , In recent times access control has become more and more important, largely as a result of changes in society and an increase in the quantity and sensitivity of information being stored on computers. Speech recognition is nothing but communication which occurs when two persons have a conversation and one understands what the other says and means. This process consists of sound waves (analogue signals) that are carried through the air. The sound is converted (digitized) by the ear to impulses. The brain matches these impulses to a meaning (template) to which the person responds by an action. Speaker independent recognition involves converting the spoken word into an electronic signal. The signal is then compared to the computer's vocabulary, which consists of a set of templates which have been chosen to represent the average speaker. Speaker dependent recognition consists of training the computer to recognize a specific word spoken by an individual. This is done by having the speaker say the word several times. The computer then creates an average template for that word for that speaker which is then used for reference. For any speech recognition system that an auditor needs to audit, the following have to be established: What does the system reside on? A mainframe, Mini, PC or LAN. Is the system speaker independent, speaker dependent or both? Is the system used for control of physical access, logical access or both? Is the system used for control of access to high security area/data, low security area/data or both? The answers to the above will place the system in one of the categories of the following risk matrix. At the moment the auditor need not be excessively concerned about speech recognition, as it is mainly confined to access control. Both physical and logical access control can easily be audited using normal audit techniques, with a basic knowledge of speech recognition. The future promises exciting applications for speech recognition, which may even include the ability to communicate with the computer in the same way as one speaks to another human being. The auditor will have to grow with technology and keep up to date with developments.
- Full Text:
- Authors: Van Graan, Johan Hendrik Otto
- Date: 2012-08-22
- Subjects: Computers - Access control , Automatic speech recognition , Auditing - Data processing
- Type: Mini-Dissertation
- Identifier: uj:3016 , http://hdl.handle.net/10210/6438
- Description: M.Comm. , In recent times access control has become more and more important, largely as a result of changes in society and an increase in the quantity and sensitivity of information being stored on computers. Speech recognition is nothing but communication which occurs when two persons have a conversation and one understands what the other says and means. This process consists of sound waves (analogue signals) that are carried through the air. The sound is converted (digitized) by the ear to impulses. The brain matches these impulses to a meaning (template) to which the person responds by an action. Speaker independent recognition involves converting the spoken word into an electronic signal. The signal is then compared to the computer's vocabulary, which consists of a set of templates which have been chosen to represent the average speaker. Speaker dependent recognition consists of training the computer to recognize a specific word spoken by an individual. This is done by having the speaker say the word several times. The computer then creates an average template for that word for that speaker which is then used for reference. For any speech recognition system that an auditor needs to audit, the following have to be established: What does the system reside on? A mainframe, Mini, PC or LAN. Is the system speaker independent, speaker dependent or both? Is the system used for control of physical access, logical access or both? Is the system used for control of access to high security area/data, low security area/data or both? The answers to the above will place the system in one of the categories of the following risk matrix. At the moment the auditor need not be excessively concerned about speech recognition, as it is mainly confined to access control. Both physical and logical access control can easily be audited using normal audit techniques, with a basic knowledge of speech recognition. The future promises exciting applications for speech recognition, which may even include the ability to communicate with the computer in the same way as one speaks to another human being. The auditor will have to grow with technology and keep up to date with developments.
- Full Text:
Data warehousing : data integrity risks and solutions through use of CobiT
- Van der Westhuizen, Johannes Carel
- Authors: Van der Westhuizen, Johannes Carel
- Date: 2012-09-12
- Subjects: Data warehousing , Database management , Electronic data processing - Auditing , Auditing - Data processing
- Type: Mini-Dissertation
- Identifier: uj:10098 , http://hdl.handle.net/10210/7482
- Description: M.Comm. , English raises the following question that implies that data integrity problems exist in the data warehouse environment: "If the data in those "corporate" databases is of high quality, why is there a need for all the redundant, private databases that seems to multiply daily?" The purpose of this short dissertation therefore is to investigate the typical integrity control weaknesses in a data warehouse environment. The result of this research will be used to develop a model that may be used to assist auditors, developers and users of the data warehouse to be aware of the data integrity pitfalls that could be expected from the data quality. This short dissertation concentrates exclusively on identifying the data integrity risks in data warehousing through the use of the CobiT (Control Objectives For Information and related Technology) framework.
- Full Text:
- Authors: Van der Westhuizen, Johannes Carel
- Date: 2012-09-12
- Subjects: Data warehousing , Database management , Electronic data processing - Auditing , Auditing - Data processing
- Type: Mini-Dissertation
- Identifier: uj:10098 , http://hdl.handle.net/10210/7482
- Description: M.Comm. , English raises the following question that implies that data integrity problems exist in the data warehouse environment: "If the data in those "corporate" databases is of high quality, why is there a need for all the redundant, private databases that seems to multiply daily?" The purpose of this short dissertation therefore is to investigate the typical integrity control weaknesses in a data warehouse environment. The result of this research will be used to develop a model that may be used to assist auditors, developers and users of the data warehouse to be aware of the data integrity pitfalls that could be expected from the data quality. This short dissertation concentrates exclusively on identifying the data integrity risks in data warehousing through the use of the CobiT (Control Objectives For Information and related Technology) framework.
- Full Text:
Security features in a UNIX internet firewall with specific reference to Gauntlet version 3.1
- Authors: Van den Heever, Wouter
- Date: 2012-09-05
- Subjects: UNIX (Computer file) , Auditing - Access control , Internet - Security measures , Auditing - Data processing , Electronic data processing - Auditing
- Type: Mini-Dissertation
- Identifier: uj:9591 , http://hdl.handle.net/10210/7013
- Description: M.Comm. , Because of the increased number of businesses having access to and conducting business on the Internet, there is a need for security for those businesses conducting business in this way. A way widely accepted and used by organisations all over the world to achieve said security, is to make use of a firewall. In this short dissertation a specific firewall, the GauntletTM Internet Firewall, is studied. A GauntletTM Internet Firewall is not secure by default. There is a need to configure and operate this firewall efficiently in order to utilise its security functions to the fullest. The objective of this short dissertation is to help the auditor in his assessment of the efficiency (from a security point of view) of a GauntletTM Internet Firewall.
- Full Text:
- Authors: Van den Heever, Wouter
- Date: 2012-09-05
- Subjects: UNIX (Computer file) , Auditing - Access control , Internet - Security measures , Auditing - Data processing , Electronic data processing - Auditing
- Type: Mini-Dissertation
- Identifier: uj:9591 , http://hdl.handle.net/10210/7013
- Description: M.Comm. , Because of the increased number of businesses having access to and conducting business on the Internet, there is a need for security for those businesses conducting business in this way. A way widely accepted and used by organisations all over the world to achieve said security, is to make use of a firewall. In this short dissertation a specific firewall, the GauntletTM Internet Firewall, is studied. A GauntletTM Internet Firewall is not secure by default. There is a need to configure and operate this firewall efficiently in order to utilise its security functions to the fullest. The objective of this short dissertation is to help the auditor in his assessment of the efficiency (from a security point of view) of a GauntletTM Internet Firewall.
- Full Text:
Diensleweringsverbetering van 'n interne ouditdepartement deur 'n kliëntebehoeftebepaling
- Authors: Van Biljon., D.P.
- Date: 2014-05-26
- Subjects: Auditing - Data processing , Marketing - Management Case studies , Auditing, Internal
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/385199 , uj:11207 , http://hdl.handle.net/10210/10800
- Description: M.Com. (Business Management) , The sector of the economy in which service providers compete, has undergone much change during tho last two decades. Successful service providers followed specific tactics to ensure that the needs of clients were satisfied. Customer satisfaction became more important as competition increased. Although the internal audit department of ABSA has never had to face competition, this situation is rapidly changing. External audit firms are attempting to expand their businesses by providing the internal and the external audit functions to a company. ABSA's internal audit department is not only faced with the increase in competition but is also under pressure to improve its level of service to clients who no longer receive its service free of charge.
- Full Text:
- Authors: Van Biljon., D.P.
- Date: 2014-05-26
- Subjects: Auditing - Data processing , Marketing - Management Case studies , Auditing, Internal
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/385199 , uj:11207 , http://hdl.handle.net/10210/10800
- Description: M.Com. (Business Management) , The sector of the economy in which service providers compete, has undergone much change during tho last two decades. Successful service providers followed specific tactics to ensure that the needs of clients were satisfied. Customer satisfaction became more important as competition increased. Although the internal audit department of ABSA has never had to face competition, this situation is rapidly changing. External audit firms are attempting to expand their businesses by providing the internal and the external audit functions to a company. ABSA's internal audit department is not only faced with the increase in competition but is also under pressure to improve its level of service to clients who no longer receive its service free of charge.
- Full Text:
Computer audit concerns in the client-server environment
- Authors: Streicher, Rika
- Date: 2014-02-13
- Subjects: Client/server computing , Electronic data processing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:3990 , http://hdl.handle.net/10210/9347
- Description: M. Com. (Computer Auditing) , and peer-to-peer have taken the world by storm. Dramatic changes have taken place in the information technology of organisations that have opted to follow this trend in the quest for greater flexibility and access to all those connected. Though technology has already had far-reaching effects on business, many changes are yet to be seen. The threats associated with the continuing developments in computer technology have resulted in many traditional internal control processes changing forever. Although, according to the above, it is fairly common that the client-server technology brings with it new threats and risks with internal control processes having to change to address these threats and risks, not all areas have been addressed yet. It is therefore clear that computer audit has a role to play. The main objective of this short dissertation is to shed some light on the problem described above: How will the changes wrought by the client-server technology affect the traditional audit approach? In other words, how will the computer auditor narrow the gap that has originated between traditional established audit procedures and an audit approach that meets the new challenges of the client-server environment? This will be achieved by pinpointing the audit concerns that arise due to the fundamental differences between the traditional systems environment and the new client-server environment...
- Full Text:
- Authors: Streicher, Rika
- Date: 2014-02-13
- Subjects: Client/server computing , Electronic data processing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:3990 , http://hdl.handle.net/10210/9347
- Description: M. Com. (Computer Auditing) , and peer-to-peer have taken the world by storm. Dramatic changes have taken place in the information technology of organisations that have opted to follow this trend in the quest for greater flexibility and access to all those connected. Though technology has already had far-reaching effects on business, many changes are yet to be seen. The threats associated with the continuing developments in computer technology have resulted in many traditional internal control processes changing forever. Although, according to the above, it is fairly common that the client-server technology brings with it new threats and risks with internal control processes having to change to address these threats and risks, not all areas have been addressed yet. It is therefore clear that computer audit has a role to play. The main objective of this short dissertation is to shed some light on the problem described above: How will the changes wrought by the client-server technology affect the traditional audit approach? In other words, how will the computer auditor narrow the gap that has originated between traditional established audit procedures and an audit approach that meets the new challenges of the client-server environment? This will be achieved by pinpointing the audit concerns that arise due to the fundamental differences between the traditional systems environment and the new client-server environment...
- Full Text:
A model for the evaluation of risks and control features in ORACLE 7
- Authors: Snyman, Elisna
- Date: 2015-09-08
- Subjects: ORACLE 7 (Computer system) , Database management , Auditing - Data processing
- Type: Thesis
- Identifier: uj:14059 , http://hdl.handle.net/10210/14475
- Description: M.Com. , The proliferation of computers and the advances in technology introduced a number of new and additional management and control considerations. The inherent complexity of these environments has also increased the need to evaluate the adequacy of controls from an audit perspective. Due to the increasing use of database management systems as the backbone of information processing applications and the inherent complexities and diversity of these environments, the auditor is faced with the challenge of whether and to what extent reliance may be placed on the data contained in these databases...
- Full Text:
- Authors: Snyman, Elisna
- Date: 2015-09-08
- Subjects: ORACLE 7 (Computer system) , Database management , Auditing - Data processing
- Type: Thesis
- Identifier: uj:14059 , http://hdl.handle.net/10210/14475
- Description: M.Com. , The proliferation of computers and the advances in technology introduced a number of new and additional management and control considerations. The inherent complexity of these environments has also increased the need to evaluate the adequacy of controls from an audit perspective. Due to the increasing use of database management systems as the backbone of information processing applications and the inherent complexities and diversity of these environments, the auditor is faced with the challenge of whether and to what extent reliance may be placed on the data contained in these databases...
- Full Text:
The impact of cloud computing security on business operations
- Sikhosana, Bongani H.S., Cloud computing - Security measures
- Authors: Sikhosana, Bongani H.S. , Cloud computing - Security measures
- Date: 2015
- Subjects: Auditing - Data processing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/54858 , uj:16251
- Description: Abstract: Cloud computing is a novel platform which affords users the opportunity to exploit the best that Information Technology (IT) infrastructure, platforms and software offer at a fraction of the cost to acquire such resources. Cloud computing has three delivery models, firstly, Infrastructure as a Service, secondly, Platform as a Service, and lastly, Software as a Service. Furthermore, cloud computing has four basic deployment models, namely, public, private, community and hybrid clouds. With all the opportunities presented by cloud computing as a business process, there are nonetheless potential risks associated with the process, especially in the area of security. The aim of this paper is to determine whether or not it is secure for businesses to utilise the services of cloud computing as part of their daily operations to meet the needs of their customers and to ultimately achieve their business objectives. Evidence was gathered through a detailed content analysis of existing research on the subject of cloud computing and cloud security. The paper concludes that with adequate security controls in place, cloud computing is a secure and efficient platform for businesses to utilise for their daily operations. , M.Com. (Computer Auditing)
- Full Text:
- Authors: Sikhosana, Bongani H.S. , Cloud computing - Security measures
- Date: 2015
- Subjects: Auditing - Data processing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/54858 , uj:16251
- Description: Abstract: Cloud computing is a novel platform which affords users the opportunity to exploit the best that Information Technology (IT) infrastructure, platforms and software offer at a fraction of the cost to acquire such resources. Cloud computing has three delivery models, firstly, Infrastructure as a Service, secondly, Platform as a Service, and lastly, Software as a Service. Furthermore, cloud computing has four basic deployment models, namely, public, private, community and hybrid clouds. With all the opportunities presented by cloud computing as a business process, there are nonetheless potential risks associated with the process, especially in the area of security. The aim of this paper is to determine whether or not it is secure for businesses to utilise the services of cloud computing as part of their daily operations to meet the needs of their customers and to ultimately achieve their business objectives. Evidence was gathered through a detailed content analysis of existing research on the subject of cloud computing and cloud security. The paper concludes that with adequate security controls in place, cloud computing is a secure and efficient platform for businesses to utilise for their daily operations. , M.Com. (Computer Auditing)
- Full Text:
The relationship between entity related corporate governance factors and the establishment of separate risk management committee in South Africa
- Authors: Sekome, Nkoko Blessy
- Date: 2014-06-10
- Subjects: Auditing - Data processing , Financial risk management - South Africa , Information technology - Risk assessment , Corporate governance - South Africa
- Type: Thesis
- Identifier: uj:11436 , http://hdl.handle.net/10210/11132
- Description: M.Com. (Computer Auditing) , This dissertation aims to explore the entity characteristics associated with the implementation of the board-level stand-alone risk management committee (RMC) in South Africa. We developed a battery of econometric models based on triangulation of corporate governance theories which linked an entity’s decision to set up a separate risk management committee (RMC) in its board structures as a dependent variable and a host of entity-specific factors as independent variables. Data collected from audited annual reports of 181 JSE-listed non-financial entities was analysed using logistics regression estimation procedures. Our results show a strong positive relationship between the likelihood that an entity would establish a separate RMC, on the one hand, and board independence, board size, entity size, and industry type, on the other. Our study fails to find support for the hypothesis that an entity’s characteristics – such as the independence of the board chairman, the use of Big Four audit firms, financial reporting risks, and levels of financial leverage – do influence an entity’s decision to form a separate RMC. Our findings emphasize the role that information asymmetry between executive and non-executive directors, agency cost and potential damage to reputation capital of directors; diversity in background, expertise, and skills of directors; economies of scale in absorbing RMC costs; and industry-specific institutions and norms play in an entity’s decision to form a separate RMC. The implication of our findings is that policy-makers should consider the size and composition of boards and also take cognizance of entity size and industry-specific idiosyncrasies in setting recommended corporate governance practices.
- Full Text:
- Authors: Sekome, Nkoko Blessy
- Date: 2014-06-10
- Subjects: Auditing - Data processing , Financial risk management - South Africa , Information technology - Risk assessment , Corporate governance - South Africa
- Type: Thesis
- Identifier: uj:11436 , http://hdl.handle.net/10210/11132
- Description: M.Com. (Computer Auditing) , This dissertation aims to explore the entity characteristics associated with the implementation of the board-level stand-alone risk management committee (RMC) in South Africa. We developed a battery of econometric models based on triangulation of corporate governance theories which linked an entity’s decision to set up a separate risk management committee (RMC) in its board structures as a dependent variable and a host of entity-specific factors as independent variables. Data collected from audited annual reports of 181 JSE-listed non-financial entities was analysed using logistics regression estimation procedures. Our results show a strong positive relationship between the likelihood that an entity would establish a separate RMC, on the one hand, and board independence, board size, entity size, and industry type, on the other. Our study fails to find support for the hypothesis that an entity’s characteristics – such as the independence of the board chairman, the use of Big Four audit firms, financial reporting risks, and levels of financial leverage – do influence an entity’s decision to form a separate RMC. Our findings emphasize the role that information asymmetry between executive and non-executive directors, agency cost and potential damage to reputation capital of directors; diversity in background, expertise, and skills of directors; economies of scale in absorbing RMC costs; and industry-specific institutions and norms play in an entity’s decision to form a separate RMC. The implication of our findings is that policy-makers should consider the size and composition of boards and also take cognizance of entity size and industry-specific idiosyncrasies in setting recommended corporate governance practices.
- Full Text:
The role of information technology (IT) in the risk management of businesses in South Africa
- Authors: Schutte, Belinda
- Date: 2017
- Subjects: Risk management - South Africa , Information technology - South Africa , Auditing - Data processing , Information technology - Security measures - South Africa
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/245943 , uj:25485
- Description: M.Com. , Abstract: Information Technology (hereafter IT) is an ever changing discipline and has dramatically changed the way in which businesses operate today. The IT systems that organisations use within their business operations give rise to IT risks that can affect the organisation. Because of these IT risks, organisations now have to make certain that IT is incorporated into the risk management process within an organisation to ensure that there are mitigation strategies in place to mitigate these risks. Organisations should fully understand the role that IT will play in the risk management process to make sure the benefits linked to incorporating IT into this process are enjoyed. The study investigated the role of IT in the risk management process of businesses in South Africa by conducting a comprehensive literature study on the risk management process of businesses and establishing how IT is incorporated into the organisations risk management process. The literature study focused on the type of IT risks and threats affecting organisations, the principles of IT governance and the governance of risk in terms of the King III Code on Corporate Governance. The literature study was performed by researching and reading relevant sources to obtain evidence on risk, IT and risk management to support the objectives of the study. The study used content analysis to comprise an empirical study on the Top 40 Johannesburg Securities Exchange (hereafter JSE) listed companies' integrated reports. The content analysis specifically focused on the disclosure of IT in the risk management process. The content analysis was performed by using a control sheet that contained specific questions regarding what the company had disclosed regarding IT, risks and risk management. The study found that the companies are mitigating IT related risks and have included IT into the risk management process. The results also found that the awareness around IT risks might be industry driven, as companies operating in an IT driven industry are more likely to be exposed to IT risk than non-industrial companies are. The integrated reports disclosed that the governance of risk and IT governance are two principles that the majority of the companies take seriously and are therefore implementing.
- Full Text:
- Authors: Schutte, Belinda
- Date: 2017
- Subjects: Risk management - South Africa , Information technology - South Africa , Auditing - Data processing , Information technology - Security measures - South Africa
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/245943 , uj:25485
- Description: M.Com. , Abstract: Information Technology (hereafter IT) is an ever changing discipline and has dramatically changed the way in which businesses operate today. The IT systems that organisations use within their business operations give rise to IT risks that can affect the organisation. Because of these IT risks, organisations now have to make certain that IT is incorporated into the risk management process within an organisation to ensure that there are mitigation strategies in place to mitigate these risks. Organisations should fully understand the role that IT will play in the risk management process to make sure the benefits linked to incorporating IT into this process are enjoyed. The study investigated the role of IT in the risk management process of businesses in South Africa by conducting a comprehensive literature study on the risk management process of businesses and establishing how IT is incorporated into the organisations risk management process. The literature study focused on the type of IT risks and threats affecting organisations, the principles of IT governance and the governance of risk in terms of the King III Code on Corporate Governance. The literature study was performed by researching and reading relevant sources to obtain evidence on risk, IT and risk management to support the objectives of the study. The study used content analysis to comprise an empirical study on the Top 40 Johannesburg Securities Exchange (hereafter JSE) listed companies' integrated reports. The content analysis specifically focused on the disclosure of IT in the risk management process. The content analysis was performed by using a control sheet that contained specific questions regarding what the company had disclosed regarding IT, risks and risk management. The study found that the companies are mitigating IT related risks and have included IT into the risk management process. The results also found that the awareness around IT risks might be industry driven, as companies operating in an IT driven industry are more likely to be exposed to IT risk than non-industrial companies are. The integrated reports disclosed that the governance of risk and IT governance are two principles that the majority of the companies take seriously and are therefore implementing.
- Full Text:
The impact on information systems controls within an organisation when making use of an EDI VAN
- Authors: Rorbye, Trevor Wayne
- Date: 2014-05-08
- Subjects: Electronic data processing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:10944 , http://hdl.handle.net/10210/10517
- Description: M.Com. (Computer Auditing) , The implementation of EDI into South Africa business has only started in the recent past. The main reason for this is the fact that the huge benefits in terms of faster processing of business transactions, reduced costs of processing and the formation of strategic business alliances with key business partners, is only now being accepted by management. The other reason is due to the fact that large, commercially operated Value Added Networks (VANs) have only been in existence in this country during the last two years. The primary objective of this short dissertation can be summarised as follows: a) To provide a brief overview of the developments which are currently taking place in South Africa in the Electronic Data Interchange (EDI) environment and the Value Added Network (VAN) environment; b) To highlight how EDI is currently being implemented in South Africa; c) To develop a simplistic framework of key information systems controls which an auditor should consider when evaluating the information systems at a client; and d) To apply this controls framework to the EDI and VAN environments in order to derive lists of the information systems controls which should be reviewed by the auditor when their client makes use of an EDI VAN.
- Full Text:
- Authors: Rorbye, Trevor Wayne
- Date: 2014-05-08
- Subjects: Electronic data processing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:10944 , http://hdl.handle.net/10210/10517
- Description: M.Com. (Computer Auditing) , The implementation of EDI into South Africa business has only started in the recent past. The main reason for this is the fact that the huge benefits in terms of faster processing of business transactions, reduced costs of processing and the formation of strategic business alliances with key business partners, is only now being accepted by management. The other reason is due to the fact that large, commercially operated Value Added Networks (VANs) have only been in existence in this country during the last two years. The primary objective of this short dissertation can be summarised as follows: a) To provide a brief overview of the developments which are currently taking place in South Africa in the Electronic Data Interchange (EDI) environment and the Value Added Network (VAN) environment; b) To highlight how EDI is currently being implemented in South Africa; c) To develop a simplistic framework of key information systems controls which an auditor should consider when evaluating the information systems at a client; and d) To apply this controls framework to the EDI and VAN environments in order to derive lists of the information systems controls which should be reviewed by the auditor when their client makes use of an EDI VAN.
- Full Text:
An audit perspective of data quality
- Authors: Ramabulana, Territon
- Date: 2014-11-20
- Subjects: Database management , Database security , Auditing - Data processing
- Type: Thesis
- Identifier: uj:13087 , http://hdl.handle.net/10210/12965
- Description: M.Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
- Authors: Ramabulana, Territon
- Date: 2014-11-20
- Subjects: Database management , Database security , Auditing - Data processing
- Type: Thesis
- Identifier: uj:13087 , http://hdl.handle.net/10210/12965
- Description: M.Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
An evaluation of information technology security threats : a case study of the University of Johannesburg
- Authors: Rama, Pranisha
- Date: 2016
- Subjects: Information technology - Security measures , Auditing - Data processing , Cyberterrorism
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/237303 , uj:24314
- Description: M.Com. (Computer Auditing) , Abstract: This research investigated the different information technology (IT) security threats that the university faces and the concept of IT security awareness. The research has become increasingly relevant because IT plays an important role to prevent the interruption of a university network in the event of a cyber-attack. Thus, universities must consider the importance of creating IT security awareness. However, IT risks such as phishing, hacking, viruses and stolen passwords often expose universities to cyber-attacks. As a consequence of these ongoing IT security risks, universities must fully understand the importance of IT security and the impact it could have on the institution. To achieve the research objective, the research followed an empirical study and a quantitative method that consisted of a questionnaire distributed to BCom Accounting second year students at the University of Johannesburg. Using a literature review on IT security threats and IT security awareness programmes at universities had also produced a significant findings on IT security threats. Thus, the study found that that the majority of students are not aware of IT security threats affecting a university. Although the majority of the students perceive IT security threats as a negative implication, it was found that universities are not placing enough focus on IT security awareness. It was evident that there is a need for improvement in the way universities address IT security threats. Arising from the analysis, the study recommends that an effective and adequate IT security awareness should be in place to address IT security threats
- Full Text:
- Authors: Rama, Pranisha
- Date: 2016
- Subjects: Information technology - Security measures , Auditing - Data processing , Cyberterrorism
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/237303 , uj:24314
- Description: M.Com. (Computer Auditing) , Abstract: This research investigated the different information technology (IT) security threats that the university faces and the concept of IT security awareness. The research has become increasingly relevant because IT plays an important role to prevent the interruption of a university network in the event of a cyber-attack. Thus, universities must consider the importance of creating IT security awareness. However, IT risks such as phishing, hacking, viruses and stolen passwords often expose universities to cyber-attacks. As a consequence of these ongoing IT security risks, universities must fully understand the importance of IT security and the impact it could have on the institution. To achieve the research objective, the research followed an empirical study and a quantitative method that consisted of a questionnaire distributed to BCom Accounting second year students at the University of Johannesburg. Using a literature review on IT security threats and IT security awareness programmes at universities had also produced a significant findings on IT security threats. Thus, the study found that that the majority of students are not aware of IT security threats affecting a university. Although the majority of the students perceive IT security threats as a negative implication, it was found that universities are not placing enough focus on IT security awareness. It was evident that there is a need for improvement in the way universities address IT security threats. Arising from the analysis, the study recommends that an effective and adequate IT security awareness should be in place to address IT security threats
- Full Text:
Information technology internal audit departments in South African national government departments
- Authors: Radingoana, Kenny Selume
- Date: 2016
- Subjects: Auditing - Computer programs , Auditing - Data processing , Auditing, Internal , Information technology - Auditing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/237300 , uj:24313
- Description: M.Com. (Computer Auditing) , Abstract: Please refer to full text to view abstract
- Full Text:
- Authors: Radingoana, Kenny Selume
- Date: 2016
- Subjects: Auditing - Computer programs , Auditing - Data processing , Auditing, Internal , Information technology - Auditing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/237300 , uj:24313
- Description: M.Com. (Computer Auditing) , Abstract: Please refer to full text to view abstract
- Full Text:
Die funksie van die eksterne ouditeur in die veranderende ouditsituasie meegebring deur die elektronieseverwerking van handelsdata met spesiale verwysing na die indeling van interne beheerpunte
- Pretorius, Jacobus Petrus Steyn
- Authors: Pretorius, Jacobus Petrus Steyn
- Date: 2014-09-23
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/380265 , uj:12389 , http://hdl.handle.net/10210/12171
- Description: M.Com. (Auditing) , Please refer to full text to view abstract
- Full Text:
- Authors: Pretorius, Jacobus Petrus Steyn
- Date: 2014-09-23
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/380265 , uj:12389 , http://hdl.handle.net/10210/12171
- Description: M.Com. (Auditing) , Please refer to full text to view abstract
- Full Text:
Information technology audit approach for the assessment of software patch management
- Authors: Oosthuizen, Deon
- Date: 2015
- Subjects: Auditing - Data processing , Information technology - Auditing , Computer software - Development
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/54885 , uj:16254
- Description: Abstract: Computer software is ubiquitous and is driven extensively by our information-based society. However, little consideration is given to the complex task of developing software, which may involve conflicting objectives. Developing software that is free from material defects is the ultimate goal for software developers; however, due to its cost and complexity, it is a goal that is unlikely to be achieved. As a consequence of the inevitable defects that manifest within computer software, the task of software patch management becomes a key focus area for software companies, IT departments, and even end users. Audit departments, as part of their responsibilities, are required to provide assurance on the patching process and therefore need to understand the various decisionmaking factors. The task of patching software to rectify inherent flaws may be a simple operation on computer systems that are of low significance, but is far more complex and critical on high-risk systems. Software flaws that exist within computer systems may put confidential information at risk and may also compromise the availability of such systems. One of the environments that is extremely susceptible to software flaws is the South African banking system, where not only is confidentiality a critical imperative, but also where high system availability is expected by the banking public. The study investigated the recommended approaches for the task of software patching, with a view to balancing the sometimes conflicting requirements of security and system availability. The reasons for software patching, the discipline of risk management relating to IT and software patching are also identified as fundamental to the audit approach for assessing the process. The study found that there are a number of key aspects that are required to ensure a successful patching process and that the internal auditors of the ‘big four’ South African banks considered most of these factors to be important. Despite these organisations being extremely mature from a risk management perspective, the auditors believed that the patching process may benefit from an increased focus on risk management. , M.Com. (Computer Auditing)
- Full Text:
- Authors: Oosthuizen, Deon
- Date: 2015
- Subjects: Auditing - Data processing , Information technology - Auditing , Computer software - Development
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/54885 , uj:16254
- Description: Abstract: Computer software is ubiquitous and is driven extensively by our information-based society. However, little consideration is given to the complex task of developing software, which may involve conflicting objectives. Developing software that is free from material defects is the ultimate goal for software developers; however, due to its cost and complexity, it is a goal that is unlikely to be achieved. As a consequence of the inevitable defects that manifest within computer software, the task of software patch management becomes a key focus area for software companies, IT departments, and even end users. Audit departments, as part of their responsibilities, are required to provide assurance on the patching process and therefore need to understand the various decisionmaking factors. The task of patching software to rectify inherent flaws may be a simple operation on computer systems that are of low significance, but is far more complex and critical on high-risk systems. Software flaws that exist within computer systems may put confidential information at risk and may also compromise the availability of such systems. One of the environments that is extremely susceptible to software flaws is the South African banking system, where not only is confidentiality a critical imperative, but also where high system availability is expected by the banking public. The study investigated the recommended approaches for the task of software patching, with a view to balancing the sometimes conflicting requirements of security and system availability. The reasons for software patching, the discipline of risk management relating to IT and software patching are also identified as fundamental to the audit approach for assessing the process. The study found that there are a number of key aspects that are required to ensure a successful patching process and that the internal auditors of the ‘big four’ South African banks considered most of these factors to be important. Despite these organisations being extremely mature from a risk management perspective, the auditors believed that the patching process may benefit from an increased focus on risk management. , M.Com. (Computer Auditing)
- Full Text: