Toward modeling constructs for audit risk assessment: Reflections on internal controls modeling

Lecture Notes in Informatics (LNI), Proceedings - Series of the Gesellschaft fur Informatik (GI)

Volumn 171, Issue , 2010, Pages 131-148

  Strecker, Stefan ^a   Heise, David ^a   Frank, Ulrich ^a  

^a UNIVERSITY OF DUISBURG ESSEN   (Germany)

Author keywords

Audit risk assessment; Compliance; Enterprise modeling; Governance; Internal controls; Language design; Risk

Indexed keywords

AUDIT RISK; COMPLIANCE; ENTERPRISE MODELING; GOVERNANCE; INTERNAL CONTROLS; LANGUAGE DESIGN;

FINANCE; RISK ASSESSMENT; RISKS;

MANAGEMENT;

EID: 84867803677     PISSN: 16175468     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (41)

1. P. Alencar, J. E. Boritz, and Carla Carnaghan. The relative merits of diagrammatic ver-sues textual representations: a literature review of theoretical and empirical perspectives. Working paper, University of Waterloo, 2004.
2. P. Alencar, J. E. Boritz, and Carla Carnaghan. Business Modeling to Improve Auditor Risk Assessment: An Investigation of Alternative Representations. In Proceedings of the 14th Annual International Symposium on Audit Research, ISAR 2008, Los Angeles, California, USA, May 30-31, 2008, Los Angeles, CA, May 2008. American Accounting Association.
3. Rakesh Agrawal, Christopher M. Johnson, Jerry Kiernan, and Frank Leymann. Taming Compliance with Sarbanes-Oxley Internal Controls Using Database Technology. In Ling Liu, Andreas Reuter, Kyu-Young Whang, and Jianjun Zhang, editors, Proceedings of the 22nd International Conference on Data Engineering, ICDE 2006, 3-8 April 2006, Atlanta, GA, USA, page 92. IEEE Computer Society, 2006.
4. T. S. Amer, R. F. Lucy, and J. Maris. The effects of system representation on the efficiency and effectiveness of control and maintenance reviews. Technical report, Northern Arizona University, Flagstaff, AZ, 2002.
5. Carla Carnaghan. Business process modeling approaches in the context of process level audit risk assessment: An analysis and comparison. Int J of Account Inf Syst, 7(2): 170-204, 2006.
6. K. T. Chen and Ronald M. Lee. Knowledge-based evaluation of internal accounting control systems - a pattern recognition approach. In Proceedings of the American Accounting Association Conference, Honolulu, HI, 2003.
7. Margaret Crawford and William Stein. Auditing Risk Management: Fine in Theory but who can do it in Practice? International Journal of Auditing, 6(2):119-131, 2002.
8. Marios Damianides. Sarbanes-Oxley and IT Governance: New Guidance on IT Control and Compliance. Inf. Sys. Manage., 22(1):77-85, 2005.
9. Cheryl Lynn Dunn, J. Owen Cherrington, and Anita Sawyer Hollander. Enterprise Information Systems: A Pattern-Based Approach. McGraw-Hill Irwin, Boston, MA, 3. ed., internat. ed. edition, 2005.
10. Cheryl L. Dunn. Business Process Modeling Approaches in the Context of Process Level Audit Risk Assessment: An Analysis and Comparison: Discussion Comments. International Journal of Accounting Information Systems, 7(2):205-207, 2006.
11. Ulrich Frank, David Heise, and Heiko Kattenstroth. Use of a Domain Specific Modeling Language for Realizing Versatile Dashboards. In Matti Rossi et al, editor, Proceedings of the 9th OOPSLA workshop on domain-specific modeling (DSM), 2009.
12. Ulrich Frank. Multi-Perspective Enterprise Modeling (MEMO): Conceptual framework and modeling languages. In Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS), pages 72-82, Honululu, 2002.
13. Ulrich Frank. The MEMO Meta Modelling Language (MML) and Language Architecture. ICB Research Report 24, Institute for Computer Science and Business Information Systems (ICB), Duisburg-Essen University, Germany, 2008. http://www.icb.uni-due.de/flleadmin/ICB/research/research-reports/ICBReport24. pdf.
14. Jens Gulden and Ulrich Frank. MEMOCenterNG. A full-featured modeling environment for organisation modeling and model-driven software development. In Pnina Soffer and Erik Proper, editors, Proceedings of the CAiSE Forum (Short Papers and Tool Demonstrations) of the 22nd International Conference on Advanced Information Systems Engineering (CAiSE'10), 7-11, June 2010, Lecture Notes in Business Information Processing, Berlin, Heidelberg, 2010. Springer. To appear.
15. Guido Governatori, Jörg Hoffmann, Shazia Wasim Sadiq, and Ingo Weber. Detecting Regulatory Compliance for Business Process Models through Semantic Annotations. In Danilo Ardagna, Massimo Mecella, and Jian Yang, editors, Business Process Management Workshops, volume 17 of Lecture Notes in Business Information Processing, pages 5-17. Springer, 2008.
16. Guido Governatori, Zoran Milosevic, and Shazia Sadiq. Compliance checking between business process and business contracts. In Proceedings of the 10th IEEE International Enterprise Distributed Object Computing Conference (EDOC'06), Hong Kong, China, Oct 16, 2006, pages 16-20, Los Alamitos, CA, USA, October 2006. IEEE Computer Society.
17. Ulric J. Gelinas, Steve G. Sutton, and Jane Fedorowicz. Business processes and information technology. South-Western Thomson Learning, Mason, Ohio, 2004.
18. Information Systems Audit and Control Association. IS Standards, Guidelines and Procedures for Auditing and Control Professionals. Rolling Meadows, 2009.
19. IT Governance Institute, editor. CobiT 4.1: Framework, Control Objectives, Management Guidelines, Maturity Models. IT Governance Institute of the Information Systems Audit and Control Association, Rolling Meadows, 2007.
20. L. Kirchner. Cost Oriented Modelling of IT-Landscapes: Generic Language Concepts of a Domain Specific Language. In J. Desel and U. Frank, editors, Proceedings of the Workshop on Enterprise Modelling and Information Systems Architectures (EMISA 2005), pages 166-179, 2005.
21. Dimitris Karagiannis, John Mylopoulos, and Margit Schwab. Business Process-Based Regulation Compliance: The Case of the Sarbanes-Oxley Act. In Requirements Engineering, pages 315-321. IEEE, 2007.
22. M. Lankhorst. Enterprise Architecture at Work: Modelling, Communication and Analysis. Springer, Berlin, 2005.
23. Ruopeng Lu, Shazia Wasim Sadiq, and Guido Governatori. Measurement of Compliance Distance in Business Processes. Inf. Sys. Manag., 25(4):344-355, 2008.
24. Steven Maijoor. The Internal Control Explosion. International Journal of Auditing, (4): 101-109, 2000.
25. W. E McCarthy. An entity-relationship view of accounting models. The Accounting Review, 54(4):667-686, 1979.
26. W. E McCarthy. The REA accounting model: A generalized framework for accounting systems in a shared data environment. The Accounting Review, 57(3):554-578, 1982.
27. Robert R. Moeller. Sarbanes-Oxley Internal Controls: Effective Auditing with AS5, CobiT and ITIL. John Wiley & Sons, Hoboken, NJ, 2008.
28. Kioumars Namiri and Nenad Stojanovic. Applying Semantics to Sarbanes Oxley Internal Controls Compliance. In Rainer Koschke, Otthein Herzog, Karl-Heinz Rödiger, and Marc Ronthaler, editors, Gl Jahrestagung, volume 109 of Lecture Notes in Informatics, pages 222-226. Gl, 2007.
29. Jens Pitthan and Mathias Philipp. Einsatz von Petri-Netzen für die Aufnahme, Dokumentation und Analyse Interner Kontrollsysteme im Rahmen der Jahresabschlußprüfung. In W. Stucky and U. Winand, editors, Petri-Netze zur Modellierung verteilter DV-Systeme-Erfahrungen im Rahmen des DFG-Schwerpunktprogramms "Verteilte DV-Systeme in der Betriebswirtschaft", number 350, pages 87-104. Institut für Angewandte Informatik und Formale Beschreibungssprachen (AIFB), Universität Karlsruhe (TH), Karlsruhe, Germany, March 1997.
30. P. Rikhardsson, P. Best, P. Green, and M. Rosemann. Business Process Risk Management, Compliance, and Internal Control: A Research Agenda. Technical report, Department of Business Studies, Management Accounting Research Group, Aarhus School of Business, Aarhus, Denmark, 2006.
31. A.-W. Scheer. Architecture of Integrated Information Systems: Foundations of Enterprise Modelling. Springer, Berlin, 1992.
32. A.-W. Scheer. ARIS: Business Process Modeling. Springer, Berlin, Heidelberg, 3 edition, 2000.
33. Shazia Wasim Sadiq, Guido Governatori, and Kioumars Namiri. Modeling Control Objectives for Business Process Compliance. In Gustavo Alonso, Peter Dadam, and Michael Rosemann, editors, BPM 2007, volume 4714 of Lecture Notes in Computer Science, pages 149-164, Berlin, 2007. Springer.
34. Stefan Strecker, David Heise, and Ulrich Frank. RiskM: A multi-perspective modeling method for IT risk assessment. Information Systems Frontiers. Accepted for publication in the Special Issue on Governance, Risk and Compliance Applications in Information Systems, 2010.
35. Amadou Sienou, Elyes Lamine, Achim Karduck, and Hervé Pingaud. Conceptual Model of Risk: Towards a Risk Modelling Language. In Mathias Weske, Mohand-Said Hacid, and Claude Godart, editors, WISE Workshops, volume 4832 of Lecture Notes in Computer Science, pages 118-129. Springer, 2007.
36. L. F Spira and M. Page. Risk Management - The reinvention of internal control and the changing role of internal audit. Accounting, Auditing & Accountability Journal, 16(4):640-661, 2002.
37. The Committee of Sponsoring Organizations of the Treadway Commission. Internal Control - Integrated Framework, September 1992.
38. The Committee of Sponsoring Organizations of the Treadway Commission. Enterprise Risk Management - Integrated Framework (Executive Summary), September 2004.
39. The Committee of Sponsoring Organizations of the Treadway Commission. Guidance on Monitoring Internal Control Systems: Introduction. http://www.coso.org, 2009.
40. The Committee of Sponsoring Organizations of the Treadway Commission. What is internal control? http://www.coso.org/resources.htm, September 2010.
41. M. zur Muehlen and M. Rosemann. Integrating Risks in Business Process Models. In Proceedings of the 16th Australasian Conference on Information Systems (ACIS 2005), pages 62-72, 2005.