Real-time information integrity = system integrity + data integrity + continuous assurances

Computers and Security

Volumn 24, Issue 8, 2005, Pages 604-613

  Flowerday, Stephen ^a   Von Solms, Rossouw ^a,b,c,d  

^a NELSON MANDELA METROPOLITAN UNIVERSITY   (South Africa)

^b International Federation for Information Processing (IFIP)   (South Africa)

^c Technikon Computer Lecturer's Association (TECLA)   (South Africa)

^d South African Institute for Computer Science and Information Technology (SAICSIT)   (South Africa)

Author keywords

Assurance on demand; Information integrity; Information security management; Internal controls; Risk management

Indexed keywords

COMMUNICATION SYSTEMS; CONTROL SYSTEMS; DATA PROCESSING; INFORMATION SCIENCE; RISK MANAGEMENT; UNCERTAIN SYSTEMS;

ASSURANCE ON DEMANDS; INFORMATION INTEGRITY; INFORMATION SECURITY MANAGEMENT; INTERNAL CONTROLS;

REAL TIME SYSTEMS;

EID: 28044459683     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2005.08.004     Document Type: Article

References (41)

1. AICPA Top Technologies Survey 2005 The American Institute of Certified Public Accountants Available from: http://www.aicpa.org/download/news/2005_0103. pdf [retrieved June 9, 2005]
2. M. Alles, A. Kogan, and M. Vasarhelyi Real time reporting and assurance: has its time come? 2005 Rutgers Business School Available from: http://raw.rutgers.edu/continuousauditing/ [retrieved February 4, 2005]
3. A. Anderson The business reporting model of the future 2005 The American Institute of Certified Public Accountants Available from: http://www.aicpa.org/ pubs/cpaltr/nov2002/supps/edu1.htm [retrieved March 23, 2005]
4. Australian Government Information management office: glossary Available from: http://www.agimo.gov.au/publications/2001/11/ar00-01/glossary 2001 [retrieved May 19, 2005]
5. Basel II The new basel capital accord 2004 Bank for International Settlements Switzerland
6. J.E. Boritz Managing enterprise information integrity: security, control and audit issues 2004 IT Governance Institute USA
7. L. Braiotta Jr. Corporate audit committees: an approach to continuous improvement CPA Journal 73 2 2002
8. M.P. Cangemi, and T. Singleton Managing the audit function: a corporate audit department procedures guide 3rd ed. 2003 John Wiley & Sons, Inc New Jersey, USA
9. T. Carlson Information security management: understanding ISO 17799 2001 Lucent Technologies Worldwide Services Available from: http://www.netbotz.com/ library/ISO_17799.pdf [retrieved February 1, 2004]
10. CICA/AICPA Continuous auditing 1999 The Canadian Institute of Chartered Accountants Ontario, Canada
11. CobiT Control objectives for information and related technology 3rd ed. 2000 IT Governance Institute USA
12. Common Criteria For information technology security evaluation: part 1: introduction and general model, (version 2.2 CCIMB) Available from: http://www.commoncriteriaportal.org/public/files/ccpart1v2.2.pdf [retrieved January 9, 2005]
13. B. Conner, T. Noonan, and R.W. Holleyman II Information security governance: toward a framework for action 2004 Business Software Alliance Available from: http://www.bsa.org/resources/upload/Information-Security- Governance-Toward-A-Framework-for-Action.pdf [retrieved November 11, 2004]
14. F.W. Conner, and A.W. Coviello Information security governance: a call to action 2004 The Corporate Governance Task Force Available from: http://www.cyberpartnership.org/InfoSecGov4_04.pdf [retrieved October 9, 2004]
15. COSO-ERM Enterprise risk management-integrated framework 2004 The Committee of Sponsoring Organizations of the Treadway Commission USA
16. COSO Internal control - integrated framework 1992 Committee of Sponsoring Organizations of the Treadway Commission USA
17. Cox R, Marriott I. Trust and control: the key to optimal outsourcing relationships. Gartner database; 2003 [retrieved March 19, 2004].
18. Dan van Mien A, Green-Armytage J. Moving to transaction incident management for IS security. Gartner database; 2002 [retrieved July 28, 2004].
19. M. Greenstein, and M. Vasarhelyi Electronic commerce: security, risk, management and control 2nd ed. 2002 McGraw-Hill New York
20. GTAG Global technology audit guide: information technology controls 2005 The Institute of Internal Auditors USA
21. T.R. Horton, C.H. Le Grand, W.H. Murray, W.J. Ozier, and D.B. Parker Information security management and assurance: a call to action for corporate governance 2000 The Institute of Internal Auditors Available from: http://www.theiia.org/download.cfm?file=22398 [retrieved October 6, 2003]
22. J.E. Hunton, S.M. Bryant, and N.A. Bagranoff Core concepts of information technology auditing 2004 John Wiley & Sons, Inc USA
23. ISO/IEC 17799 Information technology - security techniques - code of practice for information security management 2000 International Organization for Standards Available from: http://www.iso.org/iso/en/ISOOnline.frontpage
24. King II Report King Report on corporate governance for South Africa 2002 Institute of Directors in Southern Africa South Africa
25. B. Lev Intangibles: management, measurement, and reporting 2001 Brookings Institute Press Washington D.C., USA Available from: http://www.icgrowth.com/ resources/documents/Brookings-Lev-Intangibles-01.02.20.pdf [retrieved February 10, 2004]
26. Lindberg D. Corporate governance - the role of the audit committee. Available from: http://www.cob.ilstu.edu/katie/WorkingPapers/CorporateGoverance- Paper1%5B1%5D.isu.doc [retrieved July 9, 2005].
27. NIST 800-12 Handbook An introduction to computer security 1995 National Institute of Standards and Technology. US Department of Commerce Available from: http://www.csrc.nist.gov/publications/nistpubs/index.html
28. NIST 800-53 Publication Information security 2005 National Institute of Standards and Technology. US Department of Commerce Available from: http://www.csrc.nist.gov/publications/nistpubs/index.html
29. R.L. Onions Towards a paradigm for continuous auditing 2003 University of Salford UK Available from: http://www.continuousauditing.org/index.htm [retrieved November 21, 2004]
30. E.J. Oud The value to IT of using international standards Information Systems Control Journal 3 2005
31. T.R. Peltier Information security risk analysis 2001 CRC Press LLC USA
32. Sarbanes-Oxley Act United States of America 107th congress 2002 US Congress Available from: http://www.sec.gov/about/laws/soa2002.pdf
33. G. Spafford Control framework misconceptions. IT management: network & systems management Available from: http://itmanagement.earthweb.com/ netsys/article.php/3439901 2004 [retrieved July 12, 2005]
34. M.F. Sullivan Flunking the duty of care, the four most common mistakes made by directors Available from: http://www.bricker.com/Publications/articles/ 157.asp 2000 [retrieved June 1, 2005]
35. Texas A&M University 2005 The Center for Continuous Auditing Available from: http://raw.rutgers.edu/continuousauditing/ SummaryofTheCenterForContinuousAuditing.htm [retrieved July 19, 2005]
36. Turnbull Report Internal control: guidance for directors on the combined code 1999 The Institute of Chartered Accountants in England &Wales UK
37. M.A. Vasarhelyi The electronization of business 2003 Rutgers Business School Available from: http://raw.rutgers.edu/ecommerce2/ [retrieved November 5, 2004]
38. J. Ward, and J. Peppard Strategic planning for information systems 2002 John Wiley & Sons Ltd England
39. J.R. Westby Information security: responsibilities of boards of directors and senior management Available from: http://www.reform.house.gov/ UploadedFiles/Westby1.pdf 2004 [retrieved May 29, 2005]
40. B. Wilson Internal controls assurance: a guide to board level reporting 2002 National Housing Federation UK
41. J. Woodroof, and D. Searcy Continuous audit: model development and implementation within a debt covenant compliance domain 2001 Rutgers Business School Available from: http://raw.rutgers.edu/continuousauditing/ [retrieved October 14, 2004]