The main purpose of this paper is to introduce the Dempster-Shafer theory (“DS” theory) of belief functions for managing uncertainties, specifically in the auditing and information systems domains. We illustrate the use of DS theory by deriving a fraud risk assessment formula for a simplified version of a model developed by Srivastava, Mock, and Turner (2007). In our formulation, fraud risk is ...

INTRODUCTION The diffusion of CASE tools, along with the ever more pressing problems surrounding the management of the systems development department, has meant that themes related to internal control and audit of a CASE environment are of increasing interest. In fact, the high cost of introducing CASE technology added to the potential improvement in productivity and quality have made it one of...

One of the key aspects of an information systems (IS) audit is ascertaining the maturity of the technologies in use within an organisation or department. In reality, some areas of the business’s use of IT are more mature than others, and this is particularly true of companies that have undergone recent mergers or acquisitions. The Stages of Growth Model for IT systems was developed by Richard L...

OBJECTIVES To develop a systematic method for both summative and formative audit of practice audits, and to use the method to review Oxfordshire practice audits and to plan improvement. DESIGN Development of a coding system for the audit cycle subsequently used prospectively to assess audits reported to medical audit advisory group coordinators on practice visits. SETTING All 85 general pra...

In Greek mythology the song of the Sirens was of such beauty and promise that no sailor could resist steering his ship towards them. Instead of the promised heaven, however, the route led to disaster upon the rocks. Audit has developed rapidly over the past three years in Britain from an activity carried out by only a few enthusiasts'4 to one in which all doctors are enjoined to take part.5 Pro...

OBJECTIVE To determine general practitioners' attitudes to medical audit and to establish what initiatives are already being undertaken; to define future ideas for audit and perceived difficulties in implementing audit in primary care. DESIGN Analysis of responses to a self administered postal questionnaire. SETTING Urban conurbation with a population of about 750,000. PARTICIPANTS 386 ge...

Very many things in our business and auditing environment are changing at an increasing rate. One central theme in auditing is how information technology developments affect the nature of the audit process and the audit skills. Auditors have to ask how to operate in new environments. New information technology support systems for monitoring and controlling operations could be useful. Artificial...

The major aim of this paper is to create awareness of the demand for computer-assisted audit solutions within the European research community. The cause of this demand is twofold; on the one hand, regulatory pressure is increasing through both the reform of the audit sector in the European Union regarding mandatory audit firm rotation and tightened independence requirements. On the other hand, ...

Most intrusion detection systems available today are using a single audit source for detecting all attacks, even though attacks have distinct manifestations in different parts of the system. In this paper we carry out a theoretical investigation of the role of the audit source for the detection capability of the intrusion detection system (IDS). Concentrating on web server attacks, we examine t...

Inadequate audit mechanisms may result in undetected misuse of data in software-intensive systems. In the healthcare domain, electronic health record (EHR) systems should log the creating, reading, updating, or deleting of privacy-critical protected health information. The objective of this paper is to assess electronic health record audit mechanisms to determine the current degree of auditing ...