Towards a Generic On Line Auditing Tool (OLAT)

Slides:

Advertisements

Similar presentations

Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.

Advertisements

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Auditing Computer-Based Information Systems

Models vs. Reality dr.ir. B.F. van Dongen Assistant Professor Eindhoven University of Technology

1 Continuous Auditing Implications: Rethinking the Roles of Systems of Internal Controls Presented by Rob Nehmer Berry College at the Fifth Continuous.

1. Research Topics for Continuous Auditing Mike Groomer Professor of Accounting and Information Systems Kelley School of Business Indiana University.

Overview of Databases and Transaction Processing Chapter 1.

1004INT Information Systems Week 10 Databases as Business Tools.

AUDITING INFORMATION TECHNOLOGY USING COMPUTER ASSISTED AUDIT TOOLS AND TECHNIQUES.

History-Dependent Petri Nets Kees van Hee, Alexander Serebrenik, Natalia Sidorova, Wil van der Aalst ?

Functions of a Database Management System. Functions of a DBMS C.J. Date n Indexing n Views n Security n Integrity n Concurrency n Backup/Recovery n Design.

1 Introduction Introduction to database systems Database Management Systems (DBMS) Type of Databases Database Design Database Design Considerations.

Patrick Seto CS157A Section 3 Data Warehouses Presented by Patrick Seto CS157A Section 3.

A university for the world real R © 2009, Chapter 17 Process Mining and Simulation Moe Wynn Anne Rozinat Wil van der Aalst Arthur.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Insuring Sensitive Processes through Process Mining Jorge Munoz-Gama Isao Echizen Jorge Munoz-Gama and Isao Echizen.

5.1 © 2007 by Prentice Hall 5 Chapter Foundations of Business Intelligence: Databases and Information Management.

Update from Business Week Number of Net Fraud Complaints – 2002 – 48,252 – 2004 – 207,449.

Security Architecture

©2010 John Wiley and Sons Chapter 12 Research Methods in Human-Computer Interaction Chapter 12- Automated Data Collection.

Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.

The Audit as a Management Tool Vermont State Auditor’s Office – April 2009.

POVT Managing Authority A sound Internal Control System A challenge for the period.

A Method for Mining Infrequent Causal Associations and Its Application in Finding Adverse Drug Reaction Signal Pairs.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Database Environment Chapter 2. Data Independence Sometimes the way data are physically organized depends on the requirements of the application. Result:

Chapter 9 Database Systems © 2007 Pearson Addison-Wesley. All rights reserved.

A State Perspective Mentoring Conference New Orleans, LA 2/28/2005 RCRAInfo Network Exchange.

 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 13 – 1 Chapter 13 Auditing Information Technology.

Decision Mining in Prom A. Rozinat and W.M.P. van der Aalst Joosung, Ko.

Chapter 1 Overview of Databases and Transactions.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Understanding Data Intensive Systems Using Dynamic Analysis and Visualization Nesrine NOUGHI.

1 Advanced Database Concepts Transaction Management and Concurrency Control.

Data Resource Management Agenda What types of data are stored by organizations? How are different types of data stored? What are the potential problems.

Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.

1 Data Warehousing Data Warehousing. 2 Objectives Definition of terms Definition of terms Reasons for information gap between information needs and availability.

Big Data Security Issues in Cloud Management. BDWG Big Data Working Group Researchers 1: Data analytics for security 2: Privacy preserving 3: Big data-scale.

CS-508 Databases and Data Mining By Dr. Noman Hasany.

Application architectures. Objectives l To explain the organisation of two fundamental models of business systems - batch processing and transaction processing.

Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.

A Generic Approach to Big Data Alarms Prioritization

Plan for Populating a DW

Building Enterprise Applications Using Visual Studio®

Paper Presentation Prepared by Dindar Öz

Auditing Information Technology

Transaction Management and Concurrency Control

Chapter 9 Database Systems

Functions of a Database Management System

Reasons for Auditing There are many reasons for auditing. Some examples of these reasons might be: Requested by the IRB Committee Requested by an IRB.

LATIHAN MID SEMINAR AUDIT hiday.

Knowledge Management.

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 2 Database System Concepts and Architecture.

Chapter 12: Automated data collection methods

Chapter 2 Database Environment Pearson Education © 2009.

Chapter 2 Database Environment.

Data Base System Lecture : Database Environment

Overview of Databases and Transaction Processing

تعریف سیستم مجموعه دو یا چند جز وابسته به هم که برای نیل به یک هدف تعامل دارند. معمولا سیستم ها از زیر سیستمها و سیستمهای.

DATABASE SYSTEM UNIT I.

Decomposed Process Mining: The ILP Case

إستراتيجيات ونماذج التقويم

Types of CAATs Session 3.

Introduction of Week 13 Return assignment 11-1 and 3-1-5

Chapter 2 Database Environment Pearson Education © 2014.

Query Optimization.

Governing Your Enterprise with Policy-Based Management

Chapter 2 Database Environment Pearson Education © 2009.

Chapter 2 Database Environment Pearson Education © 2009.

Presentation transcript:

Towards a Generic On Line Auditing Tool (OLAT) Akhil Kumar, Marc Verdonk (Deloitte) Jan Martijn, Kees, Wil

Performance information Decision-making manager Responsible manager Corrective action Auditor Alarm Online portal Assurance information Alarm Follow-up Audit results Performance information Continuous Auditing Tool Continuous Control Monitoring Tool Assurance Process Management Software Assurance Process Control framework

Requirements for the OLAT Business rules (incl external laws) Business process OLAT Information system Information rules feedback

Requirements for OLAT: context The IS should be the official source of data, all official events are recorded in the IS all decisions or commitments made by people have to be recorded and confirmed by the IS before they are valid The IS should never delete or update a record in the database; only additions with time stamps The OLAT should be independent of the IS, which means: it should be based on the source data of the IS it should evaluate the business rule with its own algorithms

Requirements for the OLAT: assurance Three levels of assurance Detective: the log satisfies the business rules Prospective: detective plus the process model discovered from the log satisfies the business rules Corrective: detective plus (human) correction measures Preventive: controls that prevent events in the real process to avoid business rule violations.

Design of the OLAT: functions The Monitor should record the events with the corresponding data: The input from external sources together with the data presented to them before and after the input. This data will be stored in a event datawarehouse (or log) Three computational functions for auditing: Rule evaluation on the traces in the log by: LogLogic, LTL checker, checker or SQL queries: Detective Discovery of the process model and analysis of potential paths: Prospective History-based Petri nets: transition guards: Preventive

Design: Architecture 5-12-2018

Design: Data model

Challenges for the future Generation of the Event Database Schema from the Business Rules Can we translate all relevant business rules to predicate logic on the model? How generic can we make the Monitor as a service? With the Monitor we can create a learning system: start with a flower net as process model in the information system and by mining we discover business rules that can be used as guards!