论文信息 - A Modelling Framework to Support Internal Control

A Modelling Framework to Support Internal Control

This paper presents a modelling framework to support Internal Control. The proposed framework is intended to be used for the design and evaluation of internal controls by organisations and their auditors. One component of the framework is a modelling language and the other is a process to establish internal controls. The proposed modelling language is based on Secure Tropos modelling language. It extends Secure Tropos in several ways in order to conceptualize some aspects of internal controls in which organisational structure and relationships between major stakeholders are taken into account. In this paper we describe the proposed framework by presenting an internal control model and show how risks can be analysed in the models according to the proposed process.

Haralambos Mouratidis | Nobukazu Yoshioka | Kokichi Futatsugi | Kenji Taguchi | Takafumi Komoto

[1] Haralambos Mouratidis,et al. Secure Tropos: a Security-Oriented Extension of the Tropos Methodology , 2007, Int. J. Softw. Eng. Knowl. Eng..

[2] Haralambos Mouratidis,et al. When security meets software engineering: a case of modelling secure information systems , 2005, Inf. Syst..

[3] Haralambos Mouratidis,et al. Adapting Secure Tropos for Security Risk Management in the Early Phases of Information Systems Development , 2008, CAiSE.

[4] Michiharu Kudo,et al. Checking assignments of controls to risks for internal control , 2008, ICEGOV '08.

[5] Paolo Giorgini,et al. Modelling Risk and Identifying Countermeasure in Organizations , 2006, CRITIS.

[6] Fausto Giunchiglia,et al. The tropos software development methodology: processes, models and diagrams , 2002, AAMAS '02.

[7] Nenad Stojanovic,et al. A Model-driven Approach for Internal Controls Compliance in Business Processes , 2007, SBPM.

[8] Fausto Giunchiglia,et al. The Tropos Software Development Methodology: Processes, Models and Diagrams , 2002, AOSE.

[9] Shazia Wasim Sadiq,et al. Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[10] Haralambos Mouratidis,et al. Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems , 2003, CAiSE.

[11] Eric Yu,et al. Modeling Strategic Relationships for Process Reengineering , 1995, Social Modeling for Requirements Engineering.