Security Patterns for Automated Continuous Auditing

  • Authors:

  • Bob Kearney;Theodore Tryfonas

  • Affiliations:

  • Professional Services, Gamma Enterprise Technologies, Woodland Hills, CA, USA;Information Security Research Group, Faculty of Advanced Technology, University of Glamorgan, Wales, United Kingdom

  • Venue:
  • Information Security Journal: A Global Perspective
  • Year:
  • 2008

Quantified Score

Hi-index 0.00

Visualization

Abstract

In the light of recent global corruption scandals (e.g., Enron), the requirement for corporate governance and responsibility has emerged as a management priority. The explicit externalization of this requirement, as expressed through the recent regulatory environment (e.g., Sarbanes-Oxley Act) has made several research topics in the area of audit to emerge. The need for explicitly demonstrated assurance of the financial and accounting information at any time has given interest to emerging concepts and in particular to the one of continuous auditing. Despite the multiple perspectives on continuous auditing, a common understanding that it can be achieved through audit automation is developing among scholars and practitioners alike. Information technology audit is a set of recurring tasks by nature that face challenges repeatedly and hence, the use of design patterns seems a viable proposal for an audit automation substrate, capable of providing for continuous auditing. In this article we use the concept of security patterns to guide the implementation of audit automation mechanisms that are required to support continuous auditing within application systems.