Access control by means of speech recognition and its impact on the auditor
- Van Graan, Johan Hendrik Otto
- Authors: Van Graan, Johan Hendrik Otto
- Date: 2012-08-22
- Subjects: Computers - Access control , Automatic speech recognition , Auditing - Data processing
- Type: Mini-Dissertation
- Identifier: uj:3016 , http://hdl.handle.net/10210/6438
- Description: M.Comm. , In recent times access control has become more and more important, largely as a result of changes in society and an increase in the quantity and sensitivity of information being stored on computers. Speech recognition is nothing but communication which occurs when two persons have a conversation and one understands what the other says and means. This process consists of sound waves (analogue signals) that are carried through the air. The sound is converted (digitized) by the ear to impulses. The brain matches these impulses to a meaning (template) to which the person responds by an action. Speaker independent recognition involves converting the spoken word into an electronic signal. The signal is then compared to the computer's vocabulary, which consists of a set of templates which have been chosen to represent the average speaker. Speaker dependent recognition consists of training the computer to recognize a specific word spoken by an individual. This is done by having the speaker say the word several times. The computer then creates an average template for that word for that speaker which is then used for reference. For any speech recognition system that an auditor needs to audit, the following have to be established: What does the system reside on? A mainframe, Mini, PC or LAN. Is the system speaker independent, speaker dependent or both? Is the system used for control of physical access, logical access or both? Is the system used for control of access to high security area/data, low security area/data or both? The answers to the above will place the system in one of the categories of the following risk matrix. At the moment the auditor need not be excessively concerned about speech recognition, as it is mainly confined to access control. Both physical and logical access control can easily be audited using normal audit techniques, with a basic knowledge of speech recognition. The future promises exciting applications for speech recognition, which may even include the ability to communicate with the computer in the same way as one speaks to another human being. The auditor will have to grow with technology and keep up to date with developments.
- Full Text:
- Authors: Van Graan, Johan Hendrik Otto
- Date: 2012-08-22
- Subjects: Computers - Access control , Automatic speech recognition , Auditing - Data processing
- Type: Mini-Dissertation
- Identifier: uj:3016 , http://hdl.handle.net/10210/6438
- Description: M.Comm. , In recent times access control has become more and more important, largely as a result of changes in society and an increase in the quantity and sensitivity of information being stored on computers. Speech recognition is nothing but communication which occurs when two persons have a conversation and one understands what the other says and means. This process consists of sound waves (analogue signals) that are carried through the air. The sound is converted (digitized) by the ear to impulses. The brain matches these impulses to a meaning (template) to which the person responds by an action. Speaker independent recognition involves converting the spoken word into an electronic signal. The signal is then compared to the computer's vocabulary, which consists of a set of templates which have been chosen to represent the average speaker. Speaker dependent recognition consists of training the computer to recognize a specific word spoken by an individual. This is done by having the speaker say the word several times. The computer then creates an average template for that word for that speaker which is then used for reference. For any speech recognition system that an auditor needs to audit, the following have to be established: What does the system reside on? A mainframe, Mini, PC or LAN. Is the system speaker independent, speaker dependent or both? Is the system used for control of physical access, logical access or both? Is the system used for control of access to high security area/data, low security area/data or both? The answers to the above will place the system in one of the categories of the following risk matrix. At the moment the auditor need not be excessively concerned about speech recognition, as it is mainly confined to access control. Both physical and logical access control can easily be audited using normal audit techniques, with a basic knowledge of speech recognition. The future promises exciting applications for speech recognition, which may even include the ability to communicate with the computer in the same way as one speaks to another human being. The auditor will have to grow with technology and keep up to date with developments.
- Full Text:
An audit approach to risks and controls in the virtual enterprise
- Authors: Britz, Charl van Reenen
- Date: 2012-08-22
- Subjects: Electronic data processing - Auditing , Auditing - Data processing , Corporations - Auditing
- Type: Mini-Dissertation
- Identifier: http://ujcontent.uj.ac.za8080/10210/378504 , uj:2936 , http://hdl.handle.net/10210/6364
- Description: M.Comm. , "The convergence of computer networking and telecommunication technologies is making it possible for groups of companies to co-ordinate geographically and institutionally distributed capabilities into a single virtual organisation and to achieve powerful competitive advantages in the process" (Grimshaw & Kwok, 1998:45). To what extent do these developments effect the auditor's approach in determining his audit strategy? According to Jenkins, Cooke and Quest (1992:18), one of the factors that effects the audit strategy is the overall control environment of the business. The objectives of this short dissertation will be: to identify the risks from an audit perspective that are associated with the virtual enterprise; and to identify controls which the management of the auditor's client could implement to minimise these risks. This short dissertation has concentrated exclusively on the investigation of risks and the related controls which are relevant to the auditor in the virtual enterprise. Certain limitations have been necessary in order to remain focused, namely: The so-called teleshopping or telemarketing organisation is excluded from this short dissertation; and Plastic cards and the detail controls under each of the main category of computer controls are also excluded.
- Full Text:
- Authors: Britz, Charl van Reenen
- Date: 2012-08-22
- Subjects: Electronic data processing - Auditing , Auditing - Data processing , Corporations - Auditing
- Type: Mini-Dissertation
- Identifier: http://ujcontent.uj.ac.za8080/10210/378504 , uj:2936 , http://hdl.handle.net/10210/6364
- Description: M.Comm. , "The convergence of computer networking and telecommunication technologies is making it possible for groups of companies to co-ordinate geographically and institutionally distributed capabilities into a single virtual organisation and to achieve powerful competitive advantages in the process" (Grimshaw & Kwok, 1998:45). To what extent do these developments effect the auditor's approach in determining his audit strategy? According to Jenkins, Cooke and Quest (1992:18), one of the factors that effects the audit strategy is the overall control environment of the business. The objectives of this short dissertation will be: to identify the risks from an audit perspective that are associated with the virtual enterprise; and to identify controls which the management of the auditor's client could implement to minimise these risks. This short dissertation has concentrated exclusively on the investigation of risks and the related controls which are relevant to the auditor in the virtual enterprise. Certain limitations have been necessary in order to remain focused, namely: The so-called teleshopping or telemarketing organisation is excluded from this short dissertation; and Plastic cards and the detail controls under each of the main category of computer controls are also excluded.
- Full Text:
Security features in a UNIX internet firewall with specific reference to Gauntlet version 3.1
- Authors: Van den Heever, Wouter
- Date: 2012-09-05
- Subjects: UNIX (Computer file) , Auditing - Access control , Internet - Security measures , Auditing - Data processing , Electronic data processing - Auditing
- Type: Mini-Dissertation
- Identifier: uj:9591 , http://hdl.handle.net/10210/7013
- Description: M.Comm. , Because of the increased number of businesses having access to and conducting business on the Internet, there is a need for security for those businesses conducting business in this way. A way widely accepted and used by organisations all over the world to achieve said security, is to make use of a firewall. In this short dissertation a specific firewall, the GauntletTM Internet Firewall, is studied. A GauntletTM Internet Firewall is not secure by default. There is a need to configure and operate this firewall efficiently in order to utilise its security functions to the fullest. The objective of this short dissertation is to help the auditor in his assessment of the efficiency (from a security point of view) of a GauntletTM Internet Firewall.
- Full Text:
- Authors: Van den Heever, Wouter
- Date: 2012-09-05
- Subjects: UNIX (Computer file) , Auditing - Access control , Internet - Security measures , Auditing - Data processing , Electronic data processing - Auditing
- Type: Mini-Dissertation
- Identifier: uj:9591 , http://hdl.handle.net/10210/7013
- Description: M.Comm. , Because of the increased number of businesses having access to and conducting business on the Internet, there is a need for security for those businesses conducting business in this way. A way widely accepted and used by organisations all over the world to achieve said security, is to make use of a firewall. In this short dissertation a specific firewall, the GauntletTM Internet Firewall, is studied. A GauntletTM Internet Firewall is not secure by default. There is a need to configure and operate this firewall efficiently in order to utilise its security functions to the fullest. The objective of this short dissertation is to help the auditor in his assessment of the efficiency (from a security point of view) of a GauntletTM Internet Firewall.
- Full Text:
Data warehousing : data integrity risks and solutions through use of CobiT
- Van der Westhuizen, Johannes Carel
- Authors: Van der Westhuizen, Johannes Carel
- Date: 2012-09-12
- Subjects: Data warehousing , Database management , Electronic data processing - Auditing , Auditing - Data processing
- Type: Mini-Dissertation
- Identifier: uj:10098 , http://hdl.handle.net/10210/7482
- Description: M.Comm. , English raises the following question that implies that data integrity problems exist in the data warehouse environment: "If the data in those "corporate" databases is of high quality, why is there a need for all the redundant, private databases that seems to multiply daily?" The purpose of this short dissertation therefore is to investigate the typical integrity control weaknesses in a data warehouse environment. The result of this research will be used to develop a model that may be used to assist auditors, developers and users of the data warehouse to be aware of the data integrity pitfalls that could be expected from the data quality. This short dissertation concentrates exclusively on identifying the data integrity risks in data warehousing through the use of the CobiT (Control Objectives For Information and related Technology) framework.
- Full Text:
- Authors: Van der Westhuizen, Johannes Carel
- Date: 2012-09-12
- Subjects: Data warehousing , Database management , Electronic data processing - Auditing , Auditing - Data processing
- Type: Mini-Dissertation
- Identifier: uj:10098 , http://hdl.handle.net/10210/7482
- Description: M.Comm. , English raises the following question that implies that data integrity problems exist in the data warehouse environment: "If the data in those "corporate" databases is of high quality, why is there a need for all the redundant, private databases that seems to multiply daily?" The purpose of this short dissertation therefore is to investigate the typical integrity control weaknesses in a data warehouse environment. The result of this research will be used to develop a model that may be used to assist auditors, developers and users of the data warehouse to be aware of the data integrity pitfalls that could be expected from the data quality. This short dissertation concentrates exclusively on identifying the data integrity risks in data warehousing through the use of the CobiT (Control Objectives For Information and related Technology) framework.
- Full Text:
Audit evaluation of the controls in the Adabas database management system
- Authors: Van Schalkwyk, R.
- Date: 2014-02-11
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: uj:3906 , http://hdl.handle.net/10210/9270
- Description: M.Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
- Authors: Van Schalkwyk, R.
- Date: 2014-02-11
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: uj:3906 , http://hdl.handle.net/10210/9270
- Description: M.Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
Audit risks in a database environment with specific reference to Oracle7
- Authors: Wiid, Liné Cornette
- Date: 2014-02-13
- Subjects: Auditing - Data processing , Financial statements - South Africa , Risk management - Data processing , ORACLE 7 (Computer system)
- Type: Thesis
- Identifier: uj:3954 , http://hdl.handle.net/10210/9314
- Description: M.Com. (Computer Auditing) , The objective of an independent audit of financial statements is to express an opinion on the fair presentation of the financial statements. The auditor should obtain sufficient audit evidence to enable him to draw conclusions to support the content of his report. The auditor should obtain an understanding of the entity's accounting system and related internal controls to assess their adequacy as a basis for the preparation of financial information and to assist in the designing of his audit procedures. If the auditor intends to rely on any internal controls, he should study and evaluate those controls. If a database system is used, it is logical that all the financial data reside in the database. In order for an auditor to express an opinion on the financial statements, he has to determine to what extent he can rely on the integrity of the financial data that resides in the database. The objective of this research was to identify the risks and controls present in a general database environment as well as those present in the Oracle? database management system environment, to develop a comparison table between these environments and to develop an Oracle? internal control questionnaire.
- Full Text:
- Authors: Wiid, Liné Cornette
- Date: 2014-02-13
- Subjects: Auditing - Data processing , Financial statements - South Africa , Risk management - Data processing , ORACLE 7 (Computer system)
- Type: Thesis
- Identifier: uj:3954 , http://hdl.handle.net/10210/9314
- Description: M.Com. (Computer Auditing) , The objective of an independent audit of financial statements is to express an opinion on the fair presentation of the financial statements. The auditor should obtain sufficient audit evidence to enable him to draw conclusions to support the content of his report. The auditor should obtain an understanding of the entity's accounting system and related internal controls to assess their adequacy as a basis for the preparation of financial information and to assist in the designing of his audit procedures. If the auditor intends to rely on any internal controls, he should study and evaluate those controls. If a database system is used, it is logical that all the financial data reside in the database. In order for an auditor to express an opinion on the financial statements, he has to determine to what extent he can rely on the integrity of the financial data that resides in the database. The objective of this research was to identify the risks and controls present in a general database environment as well as those present in the Oracle? database management system environment, to develop a comparison table between these environments and to develop an Oracle? internal control questionnaire.
- Full Text:
Computer audit concerns in the client-server environment
- Authors: Streicher, Rika
- Date: 2014-02-13
- Subjects: Client/server computing , Electronic data processing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:3990 , http://hdl.handle.net/10210/9347
- Description: M. Com. (Computer Auditing) , and peer-to-peer have taken the world by storm. Dramatic changes have taken place in the information technology of organisations that have opted to follow this trend in the quest for greater flexibility and access to all those connected. Though technology has already had far-reaching effects on business, many changes are yet to be seen. The threats associated with the continuing developments in computer technology have resulted in many traditional internal control processes changing forever. Although, according to the above, it is fairly common that the client-server technology brings with it new threats and risks with internal control processes having to change to address these threats and risks, not all areas have been addressed yet. It is therefore clear that computer audit has a role to play. The main objective of this short dissertation is to shed some light on the problem described above: How will the changes wrought by the client-server technology affect the traditional audit approach? In other words, how will the computer auditor narrow the gap that has originated between traditional established audit procedures and an audit approach that meets the new challenges of the client-server environment? This will be achieved by pinpointing the audit concerns that arise due to the fundamental differences between the traditional systems environment and the new client-server environment...
- Full Text:
- Authors: Streicher, Rika
- Date: 2014-02-13
- Subjects: Client/server computing , Electronic data processing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:3990 , http://hdl.handle.net/10210/9347
- Description: M. Com. (Computer Auditing) , and peer-to-peer have taken the world by storm. Dramatic changes have taken place in the information technology of organisations that have opted to follow this trend in the quest for greater flexibility and access to all those connected. Though technology has already had far-reaching effects on business, many changes are yet to be seen. The threats associated with the continuing developments in computer technology have resulted in many traditional internal control processes changing forever. Although, according to the above, it is fairly common that the client-server technology brings with it new threats and risks with internal control processes having to change to address these threats and risks, not all areas have been addressed yet. It is therefore clear that computer audit has a role to play. The main objective of this short dissertation is to shed some light on the problem described above: How will the changes wrought by the client-server technology affect the traditional audit approach? In other words, how will the computer auditor narrow the gap that has originated between traditional established audit procedures and an audit approach that meets the new challenges of the client-server environment? This will be achieved by pinpointing the audit concerns that arise due to the fundamental differences between the traditional systems environment and the new client-server environment...
- Full Text:
The audit implications of object-oriented programming
- Authors: Murphy, Ninette
- Date: 2014-02-18
- Subjects: Object-oriented programming (Computer science) , Auditing - Data processing
- Type: Thesis
- Identifier: uj:4104 , http://hdl.handle.net/10210/9451
- Description: M.Com. (Computer Auditing) , During the last few decades the hardware of a computer system has undergone repeated revolutions. On the other hand the software development process has remained largely unchanged. The advent of the Information Age has, however, necessitated major improvements in the software development process. Object-Orientated Programming is seen as the vehicle by which this can be achieved. The use of object-orientation involves the auditor in two major areas. Firstly, the auditor may be involved in advising as to which systems engineering process to use and secondly, to assess the influence of the systems engineering process on the control environment of the client's computer system. In this dissertation, both the use of object orientation as a systems engineering methodology and the implications of this methodology on the control environment are discussed. Object-Orientated Programming can be broken down into the three main features, encapsulation, inheritance and interfaces. Encapsulation implies that both the data and processes that are permissible on that data, should be encapsulated as a single entity, known as an object. Inheritance on the other hand can be thought of as a specialisation of objects, to form a hierarchy of objects. Inheritance is, therefore, a way of sharing information between objects but with additional features to change or add certain attributes or methods of other objects. The external powers of an object are completely circumscribed by message passing. The only way in which an object can be addressed is to send a message to the object. This is done by the specific interfaces between the objects.
- Full Text:
- Authors: Murphy, Ninette
- Date: 2014-02-18
- Subjects: Object-oriented programming (Computer science) , Auditing - Data processing
- Type: Thesis
- Identifier: uj:4104 , http://hdl.handle.net/10210/9451
- Description: M.Com. (Computer Auditing) , During the last few decades the hardware of a computer system has undergone repeated revolutions. On the other hand the software development process has remained largely unchanged. The advent of the Information Age has, however, necessitated major improvements in the software development process. Object-Orientated Programming is seen as the vehicle by which this can be achieved. The use of object-orientation involves the auditor in two major areas. Firstly, the auditor may be involved in advising as to which systems engineering process to use and secondly, to assess the influence of the systems engineering process on the control environment of the client's computer system. In this dissertation, both the use of object orientation as a systems engineering methodology and the implications of this methodology on the control environment are discussed. Object-Orientated Programming can be broken down into the three main features, encapsulation, inheritance and interfaces. Encapsulation implies that both the data and processes that are permissible on that data, should be encapsulated as a single entity, known as an object. Inheritance on the other hand can be thought of as a specialisation of objects, to form a hierarchy of objects. Inheritance is, therefore, a way of sharing information between objects but with additional features to change or add certain attributes or methods of other objects. The external powers of an object are completely circumscribed by message passing. The only way in which an object can be addressed is to send a message to the object. This is done by the specific interfaces between the objects.
- Full Text:
Internal control and systems software, including analysis of MVS/XA SP 2.2
- Boessenkool, Marnix Guillaume
- Authors: Boessenkool, Marnix Guillaume
- Date: 2014-03-27
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: uj:4536 , http://hdl.handle.net/10210/9872
- Description: M.Com. (Computer Auditing) , In this chapter the actual topic will be presented. The reason for this study will be motivated with reference to current audit developments. This chapter will also highlight the constraints of the study. This is necessary to clearly identify the application of this essay in practice. The reader of this essay should be able to identify the relevance and possible applications of this study after having read chapter 1. In the past few years substantial attention has been given to auditing aspects of system software. The way system software operates and interacts, and the impact on the auditability of computer based systems were issues discussed in the EDP auditing environment. Auditors are now concentrating on using technology to assist in the performance of their audit procedures. The reasons for this are multiple, but for the purposes of this document only the major reasons will be highlighted.
- Full Text:
- Authors: Boessenkool, Marnix Guillaume
- Date: 2014-03-27
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: uj:4536 , http://hdl.handle.net/10210/9872
- Description: M.Com. (Computer Auditing) , In this chapter the actual topic will be presented. The reason for this study will be motivated with reference to current audit developments. This chapter will also highlight the constraints of the study. This is necessary to clearly identify the application of this essay in practice. The reader of this essay should be able to identify the relevance and possible applications of this study after having read chapter 1. In the past few years substantial attention has been given to auditing aspects of system software. The way system software operates and interacts, and the impact on the auditability of computer based systems were issues discussed in the EDP auditing environment. Auditors are now concentrating on using technology to assist in the performance of their audit procedures. The reasons for this are multiple, but for the purposes of this document only the major reasons will be highlighted.
- Full Text:
A taxonomy of risks in rapid application development (RAD) projects
- Authors: Dunseith, Roy H.
- Date: 2014-04-16
- Subjects: Auditing - Data processing , Computer auditing
- Type: Thesis
- Identifier: uj:10786 , http://hdl.handle.net/10210/10294
- Description: M. Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
- Authors: Dunseith, Roy H.
- Date: 2014-04-16
- Subjects: Auditing - Data processing , Computer auditing
- Type: Thesis
- Identifier: uj:10786 , http://hdl.handle.net/10210/10294
- Description: M. Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
The impact on information systems controls within an organisation when making use of an EDI VAN
- Authors: Rorbye, Trevor Wayne
- Date: 2014-05-08
- Subjects: Electronic data processing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:10944 , http://hdl.handle.net/10210/10517
- Description: M.Com. (Computer Auditing) , The implementation of EDI into South Africa business has only started in the recent past. The main reason for this is the fact that the huge benefits in terms of faster processing of business transactions, reduced costs of processing and the formation of strategic business alliances with key business partners, is only now being accepted by management. The other reason is due to the fact that large, commercially operated Value Added Networks (VANs) have only been in existence in this country during the last two years. The primary objective of this short dissertation can be summarised as follows: a) To provide a brief overview of the developments which are currently taking place in South Africa in the Electronic Data Interchange (EDI) environment and the Value Added Network (VAN) environment; b) To highlight how EDI is currently being implemented in South Africa; c) To develop a simplistic framework of key information systems controls which an auditor should consider when evaluating the information systems at a client; and d) To apply this controls framework to the EDI and VAN environments in order to derive lists of the information systems controls which should be reviewed by the auditor when their client makes use of an EDI VAN.
- Full Text:
- Authors: Rorbye, Trevor Wayne
- Date: 2014-05-08
- Subjects: Electronic data processing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:10944 , http://hdl.handle.net/10210/10517
- Description: M.Com. (Computer Auditing) , The implementation of EDI into South Africa business has only started in the recent past. The main reason for this is the fact that the huge benefits in terms of faster processing of business transactions, reduced costs of processing and the formation of strategic business alliances with key business partners, is only now being accepted by management. The other reason is due to the fact that large, commercially operated Value Added Networks (VANs) have only been in existence in this country during the last two years. The primary objective of this short dissertation can be summarised as follows: a) To provide a brief overview of the developments which are currently taking place in South Africa in the Electronic Data Interchange (EDI) environment and the Value Added Network (VAN) environment; b) To highlight how EDI is currently being implemented in South Africa; c) To develop a simplistic framework of key information systems controls which an auditor should consider when evaluating the information systems at a client; and d) To apply this controls framework to the EDI and VAN environments in order to derive lists of the information systems controls which should be reviewed by the auditor when their client makes use of an EDI VAN.
- Full Text:
Diensleweringsverbetering van 'n interne ouditdepartement deur 'n kliëntebehoeftebepaling
- Authors: Van Biljon., D.P.
- Date: 2014-05-26
- Subjects: Auditing - Data processing , Marketing - Management Case studies , Auditing, Internal
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/385199 , uj:11207 , http://hdl.handle.net/10210/10800
- Description: M.Com. (Business Management) , The sector of the economy in which service providers compete, has undergone much change during tho last two decades. Successful service providers followed specific tactics to ensure that the needs of clients were satisfied. Customer satisfaction became more important as competition increased. Although the internal audit department of ABSA has never had to face competition, this situation is rapidly changing. External audit firms are attempting to expand their businesses by providing the internal and the external audit functions to a company. ABSA's internal audit department is not only faced with the increase in competition but is also under pressure to improve its level of service to clients who no longer receive its service free of charge.
- Full Text:
- Authors: Van Biljon., D.P.
- Date: 2014-05-26
- Subjects: Auditing - Data processing , Marketing - Management Case studies , Auditing, Internal
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/385199 , uj:11207 , http://hdl.handle.net/10210/10800
- Description: M.Com. (Business Management) , The sector of the economy in which service providers compete, has undergone much change during tho last two decades. Successful service providers followed specific tactics to ensure that the needs of clients were satisfied. Customer satisfaction became more important as competition increased. Although the internal audit department of ABSA has never had to face competition, this situation is rapidly changing. External audit firms are attempting to expand their businesses by providing the internal and the external audit functions to a company. ABSA's internal audit department is not only faced with the increase in competition but is also under pressure to improve its level of service to clients who no longer receive its service free of charge.
- Full Text:
The relationship between entity related corporate governance factors and the establishment of separate risk management committee in South Africa
- Authors: Sekome, Nkoko Blessy
- Date: 2014-06-10
- Subjects: Auditing - Data processing , Financial risk management - South Africa , Information technology - Risk assessment , Corporate governance - South Africa
- Type: Thesis
- Identifier: uj:11436 , http://hdl.handle.net/10210/11132
- Description: M.Com. (Computer Auditing) , This dissertation aims to explore the entity characteristics associated with the implementation of the board-level stand-alone risk management committee (RMC) in South Africa. We developed a battery of econometric models based on triangulation of corporate governance theories which linked an entity’s decision to set up a separate risk management committee (RMC) in its board structures as a dependent variable and a host of entity-specific factors as independent variables. Data collected from audited annual reports of 181 JSE-listed non-financial entities was analysed using logistics regression estimation procedures. Our results show a strong positive relationship between the likelihood that an entity would establish a separate RMC, on the one hand, and board independence, board size, entity size, and industry type, on the other. Our study fails to find support for the hypothesis that an entity’s characteristics – such as the independence of the board chairman, the use of Big Four audit firms, financial reporting risks, and levels of financial leverage – do influence an entity’s decision to form a separate RMC. Our findings emphasize the role that information asymmetry between executive and non-executive directors, agency cost and potential damage to reputation capital of directors; diversity in background, expertise, and skills of directors; economies of scale in absorbing RMC costs; and industry-specific institutions and norms play in an entity’s decision to form a separate RMC. The implication of our findings is that policy-makers should consider the size and composition of boards and also take cognizance of entity size and industry-specific idiosyncrasies in setting recommended corporate governance practices.
- Full Text:
- Authors: Sekome, Nkoko Blessy
- Date: 2014-06-10
- Subjects: Auditing - Data processing , Financial risk management - South Africa , Information technology - Risk assessment , Corporate governance - South Africa
- Type: Thesis
- Identifier: uj:11436 , http://hdl.handle.net/10210/11132
- Description: M.Com. (Computer Auditing) , This dissertation aims to explore the entity characteristics associated with the implementation of the board-level stand-alone risk management committee (RMC) in South Africa. We developed a battery of econometric models based on triangulation of corporate governance theories which linked an entity’s decision to set up a separate risk management committee (RMC) in its board structures as a dependent variable and a host of entity-specific factors as independent variables. Data collected from audited annual reports of 181 JSE-listed non-financial entities was analysed using logistics regression estimation procedures. Our results show a strong positive relationship between the likelihood that an entity would establish a separate RMC, on the one hand, and board independence, board size, entity size, and industry type, on the other. Our study fails to find support for the hypothesis that an entity’s characteristics – such as the independence of the board chairman, the use of Big Four audit firms, financial reporting risks, and levels of financial leverage – do influence an entity’s decision to form a separate RMC. Our findings emphasize the role that information asymmetry between executive and non-executive directors, agency cost and potential damage to reputation capital of directors; diversity in background, expertise, and skills of directors; economies of scale in absorbing RMC costs; and industry-specific institutions and norms play in an entity’s decision to form a separate RMC. The implication of our findings is that policy-makers should consider the size and composition of boards and also take cognizance of entity size and industry-specific idiosyncrasies in setting recommended corporate governance practices.
- Full Text:
A control model for the evaluation and analysis of control facilities in a simple path context model in a MVS/XA environment
- Authors: Damianides, Marios
- Date: 2014-07-28
- Subjects: Computer security , Computers - Access control , Auditing - Data processing
- Type: Thesis
- Identifier: uj:11839 , http://hdl.handle.net/10210/11571
- Description: M.Com. (Computer Auditing) , The need to evaluate today's complex computer environments from an audit perspective has increased, particularly in viewof the disappearance of a paper audit trail and the inefficiencies of auditing "around" the computer in these environments. By making use of the Access Path and the Path Context Models, it was possible to carry out an evaluation of the MVS/XA environment. This evaluation was carried out using the methodology developed in this research essay. This methodology may have universal applicability in the evaluation of computer security. The concept of each layer in the access path being a "net", which only allows authorised users to drop to the next layer, was applied. It was found that each systems software component had sufficient facilities to meet the control objectives. The operating system itself, however, was found to present the installation with more risk factors than controls. It was therefore concluded that an external access control software package needs to be implemented to supplement the controls in this environment, if the control objectives are to be met. It was also concluded that the implementation of this package would not, in itself, solve all the security issues, and that the matrices developed should be used in the implementation of this package. This is a further indication of the usefulness of the model and the methodology. The applicability of the Access Path and the Path Context Models in the evaluation of the predefined environment has therefore been established.
- Full Text:
- Authors: Damianides, Marios
- Date: 2014-07-28
- Subjects: Computer security , Computers - Access control , Auditing - Data processing
- Type: Thesis
- Identifier: uj:11839 , http://hdl.handle.net/10210/11571
- Description: M.Com. (Computer Auditing) , The need to evaluate today's complex computer environments from an audit perspective has increased, particularly in viewof the disappearance of a paper audit trail and the inefficiencies of auditing "around" the computer in these environments. By making use of the Access Path and the Path Context Models, it was possible to carry out an evaluation of the MVS/XA environment. This evaluation was carried out using the methodology developed in this research essay. This methodology may have universal applicability in the evaluation of computer security. The concept of each layer in the access path being a "net", which only allows authorised users to drop to the next layer, was applied. It was found that each systems software component had sufficient facilities to meet the control objectives. The operating system itself, however, was found to present the installation with more risk factors than controls. It was therefore concluded that an external access control software package needs to be implemented to supplement the controls in this environment, if the control objectives are to be met. It was also concluded that the implementation of this package would not, in itself, solve all the security issues, and that the matrices developed should be used in the implementation of this package. This is a further indication of the usefulness of the model and the methodology. The applicability of the Access Path and the Path Context Models in the evaluation of the predefined environment has therefore been established.
- Full Text:
Auditing database integrity with special reference to relational and relationallike database management systems
- Authors: Johnston, Hester Nicolette
- Date: 2014-09-23
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: uj:12359 , http://hdl.handle.net/10210/12144
- Description: M.Com. (Accounting) , Please refer to full text to view abstract
- Full Text:
- Authors: Johnston, Hester Nicolette
- Date: 2014-09-23
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: uj:12359 , http://hdl.handle.net/10210/12144
- Description: M.Com. (Accounting) , Please refer to full text to view abstract
- Full Text:
Die funksie van die eksterne ouditeur in die veranderende ouditsituasie meegebring deur die elektronieseverwerking van handelsdata met spesiale verwysing na die indeling van interne beheerpunte
- Pretorius, Jacobus Petrus Steyn
- Authors: Pretorius, Jacobus Petrus Steyn
- Date: 2014-09-23
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/380265 , uj:12389 , http://hdl.handle.net/10210/12171
- Description: M.Com. (Auditing) , Please refer to full text to view abstract
- Full Text:
- Authors: Pretorius, Jacobus Petrus Steyn
- Date: 2014-09-23
- Subjects: Auditing - Data processing
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/380265 , uj:12389 , http://hdl.handle.net/10210/12171
- Description: M.Com. (Auditing) , Please refer to full text to view abstract
- Full Text:
Evaluation of access control within the Millennium software package
- Authors: Van Rooyen, J.
- Date: 2014-09-23
- Subjects: Auditing - Data processing , Auditing - Access control , Computers - Access control
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/375415 , uj:12372 , http://hdl.handle.net/10210/12156
- Description: M.Com. (Accounting) , Please refer to full text to view abstract
- Full Text:
- Authors: Van Rooyen, J.
- Date: 2014-09-23
- Subjects: Auditing - Data processing , Auditing - Access control , Computers - Access control
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/375415 , uj:12372 , http://hdl.handle.net/10210/12156
- Description: M.Com. (Accounting) , Please refer to full text to view abstract
- Full Text:
The need for the external auditor to rely on internal E.D.P. auditors in complex computerised environments (with particular reference to financial institutions)
- Authors: Ford, John Charles
- Date: 2014-09-23
- Subjects: Auditing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:12358 , http://hdl.handle.net/10210/12143
- Description: M.Com. (Accounting) , Please refer to full text to view abstract
- Full Text:
- Authors: Ford, John Charles
- Date: 2014-09-23
- Subjects: Auditing , Auditing - Data processing
- Type: Thesis
- Identifier: uj:12358 , http://hdl.handle.net/10210/12143
- Description: M.Com. (Accounting) , Please refer to full text to view abstract
- Full Text:
An audit perspective of data quality
- Authors: Ramabulana, Territon
- Date: 2014-11-20
- Subjects: Database management , Database security , Auditing - Data processing
- Type: Thesis
- Identifier: uj:13087 , http://hdl.handle.net/10210/12965
- Description: M.Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
- Authors: Ramabulana, Territon
- Date: 2014-11-20
- Subjects: Database management , Database security , Auditing - Data processing
- Type: Thesis
- Identifier: uj:13087 , http://hdl.handle.net/10210/12965
- Description: M.Com. (Computer Auditing) , Please refer to full text to view abstract
- Full Text:
Information technology audit approach for the assessment of software patch management
- Authors: Oosthuizen, Deon
- Date: 2015
- Subjects: Auditing - Data processing , Information technology - Auditing , Computer software - Development
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/54885 , uj:16254
- Description: Abstract: Computer software is ubiquitous and is driven extensively by our information-based society. However, little consideration is given to the complex task of developing software, which may involve conflicting objectives. Developing software that is free from material defects is the ultimate goal for software developers; however, due to its cost and complexity, it is a goal that is unlikely to be achieved. As a consequence of the inevitable defects that manifest within computer software, the task of software patch management becomes a key focus area for software companies, IT departments, and even end users. Audit departments, as part of their responsibilities, are required to provide assurance on the patching process and therefore need to understand the various decisionmaking factors. The task of patching software to rectify inherent flaws may be a simple operation on computer systems that are of low significance, but is far more complex and critical on high-risk systems. Software flaws that exist within computer systems may put confidential information at risk and may also compromise the availability of such systems. One of the environments that is extremely susceptible to software flaws is the South African banking system, where not only is confidentiality a critical imperative, but also where high system availability is expected by the banking public. The study investigated the recommended approaches for the task of software patching, with a view to balancing the sometimes conflicting requirements of security and system availability. The reasons for software patching, the discipline of risk management relating to IT and software patching are also identified as fundamental to the audit approach for assessing the process. The study found that there are a number of key aspects that are required to ensure a successful patching process and that the internal auditors of the ‘big four’ South African banks considered most of these factors to be important. Despite these organisations being extremely mature from a risk management perspective, the auditors believed that the patching process may benefit from an increased focus on risk management. , M.Com. (Computer Auditing)
- Full Text:
- Authors: Oosthuizen, Deon
- Date: 2015
- Subjects: Auditing - Data processing , Information technology - Auditing , Computer software - Development
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/54885 , uj:16254
- Description: Abstract: Computer software is ubiquitous and is driven extensively by our information-based society. However, little consideration is given to the complex task of developing software, which may involve conflicting objectives. Developing software that is free from material defects is the ultimate goal for software developers; however, due to its cost and complexity, it is a goal that is unlikely to be achieved. As a consequence of the inevitable defects that manifest within computer software, the task of software patch management becomes a key focus area for software companies, IT departments, and even end users. Audit departments, as part of their responsibilities, are required to provide assurance on the patching process and therefore need to understand the various decisionmaking factors. The task of patching software to rectify inherent flaws may be a simple operation on computer systems that are of low significance, but is far more complex and critical on high-risk systems. Software flaws that exist within computer systems may put confidential information at risk and may also compromise the availability of such systems. One of the environments that is extremely susceptible to software flaws is the South African banking system, where not only is confidentiality a critical imperative, but also where high system availability is expected by the banking public. The study investigated the recommended approaches for the task of software patching, with a view to balancing the sometimes conflicting requirements of security and system availability. The reasons for software patching, the discipline of risk management relating to IT and software patching are also identified as fundamental to the audit approach for assessing the process. The study found that there are a number of key aspects that are required to ensure a successful patching process and that the internal auditors of the ‘big four’ South African banks considered most of these factors to be important. Despite these organisations being extremely mature from a risk management perspective, the auditors believed that the patching process may benefit from an increased focus on risk management. , M.Com. (Computer Auditing)
- Full Text: