Monitoring Organizational Transactions in Enterprise Information Systems with Continuous Assurance Requirements

This work focuses on issues typically encountered in organizations whose core business largely depends on ICT: continuous monitoring, continuous auditing, controlling and assessment of transactions risk. Organizations have been making efforts to implement methods and systems which enable them to increase reliability of their business and, simultaneously, to be in accordance with their organizational objectives and compliant with external regulations. Thus, this work presents and validates an innovative solution to implement Continuous Assurance services in information systems applicable to any organizational transaction, regardless of its type, dimension, business area or even its information system support technology. This last objective is pursued having as support an ontological model at an abstraction level that guarantees that independence. This research culminated with the development of a prototype and consequent results analysis, using data collected from the near-real implementation, allowing us to ensure the feasibility and the effective use of the proposal.

[1]  Miguel Mira da Silva,et al.  Designing a New Integrated IT Governance and IT Management Framework Based on Both Scientific and Practitioner Viewpoint , 2012, Int. J. Enterp. Inf. Syst..

[2]  Miklos A. Vasarhelyi,et al.  A Thought Leadership Paper for the Institute of Chartered Accountants in Australia , 2010 .

[3]  Wen-Lung Shiau,et al.  Improving Firm Performance Through a Mobile Auditing Assistance System , 2014, Int. J. Enterp. Inf. Syst..

[4]  Michael Stonebraker,et al.  Aurora: a new model and architecture for data stream management , 2003, The VLDB Journal.

[5]  Alan D. Smith,et al.  Identity Theft and E-Fraud as Critical CRM Concerns , 2005, Int. J. Enterp. Inf. Syst..

[6]  David T. Goomas,et al.  Business Activity Monitoring: Real-Time Group Goals and Feedback Using an Overhead Scoreboard in a Distribution Center , 2011 .

[7]  Jan L. G. Dietz,et al.  Enterprise ontology based development of information systems , 2011, Int. J. Internet Enterp. Manag..

[8]  Michael Stonebraker,et al.  Load management and high availability in the Medusa distributed stream processing system , 2004, SIGMOD '04.

[9]  Vicky Arnold,et al.  The Impact of Enterprise Systems on Business and Audit Practice and the Implications for University Accounting education , 2007, Int. J. Enterp. Inf. Syst..

[10]  Vernon J. Richardson,et al.  The Consequences of Information Technology Control Weaknesses on Management Information Systems: The Case of Sarbanes-Oxley Internal Control Reports , 2012, MIS Q..

[11]  Martin Hepp,et al.  Organisational Ontology Framework for Semantic Business Process Management , 2009, BIS.

[12]  Marc M. Lankhorst,et al.  Enterprise Architecture at Work - Modelling, Communication and Analysis, 2nd Edition , 2005, The Enterprise Engineering Series.

[13]  Wendy Wang,et al.  A Case Study of a Government-Sponsored Enterprise Resource Planning Project in a Chinese Apparel Company , 2012, Int. J. Enterp. Inf. Syst..

[14]  Tuure Tuunanen,et al.  Design Science Research Evaluation , 2012, DESRIST.

[15]  Michael Stonebraker,et al.  Fault-tolerance in the borealis distributed stream processing system , 2008, ACM Trans. Database Syst..

[16]  José C. Delgado Objective-Oriented Modeling of Enterprises under the Service Paradigm , 2014 .

[17]  L. K. Kirchmayer Planning of Systems , 1964, IEEE Transactions on Military Electronics.

[18]  Said Tabet,et al.  Emerging Standards and Protocols for Governance, Risk, and Compliance Management , 2012 .

[19]  Nijaz Bajgoric,et al.  Continuous Computing Technologies for Improving Performances of Enterprise Information Systems , 2005, Int. J. Enterp. Inf. Syst..

[20]  Rui Pedro Marques,et al.  A Conceptual Model for Evaluating Systems with Continuous Assurance Services , 2013 .

[21]  Przemyslaw Lech Is it Really so 'Strategic'?: Motivational Factors for Investing in Enterprise Systems , 2011, Int. J. Enterp. Inf. Syst..

[22]  Rui Pedro Marques,et al.  An Enterprise Ontology-Based Database for Continuous Monitoring Application , 2013, 2013 IEEE 15th Conference on Business Informatics.

[23]  Jan L. G. Dietz,et al.  Enterprise ontology - theory and methodology , 2006 .

[24]  Shuchih Ernest Chang,et al.  Monitoring Enterprise Applications and the future of Self-Healing Applications , 2008, Int. J. Enterp. Inf. Syst..

[25]  Edward Szczerbicki,et al.  Using Set of Experience in the Process of Transforming Information into Knowledge , 2006, Int. J. Enterp. Inf. Syst..

[26]  Toly Chen,et al.  An Integrated Project Management System for Facilitating Knowledge Learning , 2012, Int. J. Enterp. Inf. Syst..

[27]  João Varajão,et al.  Handbook of Research on Enterprise 2.0: Technological, Social, and Organizational Dimensions , 2013 .

[28]  Michael D. Myers,et al.  Qualitative Research in Information Systems , 1997, MIS Q..

[29]  Saeed Askary,et al.  Improvements in Audit Risks Related to Information Technology Frauds , 2012, Int. J. Enterp. Inf. Syst..

[30]  Rui Pedro Marques,et al.  Organizational transactions with real time monitoring and auditing , 2013 .

[31]  Daniel Gillblad,et al.  Discovering Process Models from Unlabelled Event Logs , 2009, BPM.

[32]  S. Chatterjee,et al.  Design Science Research in Information Systems , 2010 .

[33]  Rainer von Ammon,et al.  Business Activity Monitoring of norisbank Taking the Example of the Application easyCredit and the Future Adoption of Complex Event Processing (CEP) , 2006, 2006 IEEE Services Computing Workshops.

[34]  Bartosz Balis,et al.  Real-time Grid monitoring based on complex event processing , 2011, Future Gener. Comput. Syst..

[35]  Jennifer Widom,et al.  STREAM: The Stanford Data Stream Management System , 2016, Data Stream Management.

[36]  Doug Prawitt Put COSO Update to Work , 2013 .