Presentation is loading. Please wait.

Presentation is loading. Please wait.

12/9-10/2009 TGDC Meeting Auditing concepts David Flater National Institute of Standards and Technology

Published byBrianna Morgan Modified over 9 years ago

Similar presentations

Presentation on theme: "12/9-10/2009 TGDC Meeting Auditing concepts David Flater National Institute of Standards and Technology"— Presentation transcript:

1 12/9-10/2009 TGDC Meeting Auditing concepts David Flater National Institute of Standards and Technology http://vote.nist.gov

2 12/9-10/2009 TGDC Meeting Auditing vs. auditing Auditability from the Software Independence perspective Establish high confidence in the authenticity and completeness of vote records Verifiability of each and every vote Seeking alternatives that preserve these properties without VVPAT Vs. general external auditing concepts Statistical sampling Material error Audit risk Now discussing the latter Page 2 12/9-10/2009 TGDC Meeting

3 Goals of election audits As identified by participants in an ASA-hosted working meeting, 2009-10: "To verify that the election outcomes implied by the reported vote totals are correct" "To provide data for process improvement: specifically, to identify and quantify various causes of discrepancies between voter intentions and the originally reported vote totals" Note careful wording An audit will not necessarily demonstrate that the reported vote totals are correct It may suffice to estimate the uncertainty of the "measurement" No impact on outcome, no "material effect" Page 3 12/9-10/2009 TGDC Meeting

4 Auditability made simple Keep good records Complete (everything you will need) Identifiable Readable (usable for audits) Authenticated Archival Secure Conformant with U.S. generally accepted principles & standards Don't throw away information Redundant information isn't (auditors check for consistency) Cannot predict what might turn out to be critically relevant Better to have and not need than to need and not have Unfortunate conflicts with privacy, secrecy, election laws—this is what makes it complicated Page 4 12/9-10/2009 TGDC Meeting

5 Auditability and Software Independence Discrepancies may be attributable to software, firmware, hardware, people, processes, configuration, calibration, documentation, … A system can be software-independent without being auditable E.g., software-free system that reports totals but does not create records for cross-checking A system can be auditable without being software-independent By definition, not software-independent → possible to have undetectable change in election outcome Possible does not mean probable, or practically doable Concept of audit risk Internal controls Page 5 12/9-10/2009 TGDC Meeting

6 Auditing and election administration Management is responsible for: Presenting results fairly Adopting sound policies Establishing and maintaining internal control Preventing and detecting fraud An auditor's ability to compensate for inadequate internal control is limited Page 6 12/9-10/2009 TGDC Meeting

Download ppt "12/9-10/2009 TGDC Meeting Auditing concepts David Flater National Institute of Standards and Technology"

Similar presentations

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.

OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
A technical analysis of the VVSG 2007 Stefan Popoveniuc George Washington University The PunchScan Project.

A technical analysis of the VVSG 2007 Stefan Popoveniuc George Washington University The PunchScan Project.
VVPAT BY KRISTEN DUARTE & JESSICA HAWKINS. WHAT IS VVPAT? An add-on to electronic voting machines that allows voters to get a printed version of their.

VVPAT BY KRISTEN DUARTE & JESSICA HAWKINS. WHAT IS VVPAT? An add-on to electronic voting machines that allows voters to get a printed version of their.
OHT 2.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 Software Quality assurance (SQA) SWE 333 Dr Khalid Alnafjan

OHT 2.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 Software Quality assurance (SQA) SWE 333 Dr Khalid Alnafjan
Auditing Concepts.

Auditing Concepts.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Preserving Cloud Information Bruce R. Barkstrom & John J. Bates NCDC.

Preserving Cloud Information Bruce R. Barkstrom & John J. Bates NCDC.
TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL

TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
Observation of e-enabled elections Jonathan Stonestreet Council of Europe Workshop Oslo, 18-19 March 2010.

Observation of e-enabled elections Jonathan Stonestreet Council of Europe Workshop Oslo, March 2010.
Topic 4 Environmental Management Systems

Topic 4 Environmental Management Systems
Spreadsheet Management. Field Interviews with Senior Managers by Caulkins et. al. (2007) report that Spreadsheet errors are common and have been observed.

Spreadsheet Management. Field Interviews with Senior Managers by Caulkins et. al. (2007) report that Spreadsheet errors are common and have been observed.
Overview Lesson 10,11 - Software Quality Assurance

Overview Lesson 10,11 - Software Quality Assurance
Configuration management. Reasons for software configuration management  it facilitates the ability to communicate  status of documents, coding, changes.

Configuration management. Reasons for software configuration management  it facilitates the ability to communicate  status of documents, coding, changes.
School of Computing, Dublin Institute of Technology.

School of Computing, Dublin Institute of Technology.
12.The Chi-square Test and the Analysis of the Contingency Tables 12.1Contingency Table 12.2A Words of Caution about Chi-Square Test.

12.The Chi-square Test and the Analysis of the Contingency Tables 12.1Contingency Table 12.2A Words of Caution about Chi-Square Test.
2. Introduction to Redundancy Techniques Redundancy Implies the use of hardware, software, information, or time beyond what is needed for normal system.

2. Introduction to Redundancy Techniques Redundancy Implies the use of hardware, software, information, or time beyond what is needed for normal system.
Purpose of the Standards

Purpose of the Standards
ISO 9000 Certification ISO 9001 and ISO 9000.3.

ISO 9000 Certification ISO 9001 and ISO
QMS ISO 9001:2008 Introduction to QMS 9001:2008 and system auditing.

QMS ISO 9001:2008 Introduction to QMS 9001:2008 and system auditing.

Similar presentations

Ads by Google