Evaluating RiskRatliff, Richard; Hanks, Steven
1992 Managerial Auditing Journal
doi: 10.1108/02686909210017883
Auditors need to assess organizations risktaking behaviour in thechanging marketplace. Discusses strategic risk with a specificregard to the product market and its dangers to the organization withoutthe correct techniques. Looks at the two types of risk actionand inaction risk and goes on to clarify their importance tofirms. Examines various techniques and strategies to eliminate risk forcompanies and these are listed and discussed. Concludes that there areseveral implications for managerial auditors regarding riskbearingstrategies.
Audit Risk ModellingWoodhead, A.D.
1992 Managerial Auditing Journal
doi: 10.1108/02686909210017856
Until recently, the formal model for the estimation of audit riskwas relatively straightforward. There were two major approaches thefamiliar multiplicative planned risk model in the USA and UK and theCanadian Bayesian posterior risk model. Recent work has substantiallychanged the framework for estimating audit risk. Aims to evaluate theseproposals and to develop a single framework for the measurement ofplanned and posterior risk.
Auditors and MaterialityGin Chong, H.
1992 Managerial Auditing Journal
doi: 10.1108/02686909210017865
There are many definitions of materiality and such differences indefinition show that there is great concern about the applicability ofmateriality in the auditing profession. Various materiality guidelineshave been recommended by both academic researchers and accountingbodies, but the Auditing Practices Board in the UK has yet to recommenda guideline of its own. Looks at the recommendations put forward bythose researchers and accounting bodies and the implications andpossible pros and cons of having structured guidelines by the auditingprofession in the UK. Concludes with a recommended materiality guidelinewhich the Auditing Practices Board should seriously consider and thepossibility of applying computerbased decision aids as a tool toimprove efficiency and effectiveness of decision making by the auditors.
Auditing and Recent Developments in ITWilliams, Bernard C.
1992 Managerial Auditing Journal
doi: 10.1108/02686909210017874
Selects two of the recent developments in information technology,and those expected in the near future, which suggest major advances inboth humancomputer and computercomputer communications. Explores theinternal control and auditing issues which surround two suchtechnologies enduser computing and electronic data interchangeone from each of these categories respectively. Notes the growth ofenduser computing, together with the need to balance control againstthe trust and creativity which it fosters. This implies the need for aless instrumental and more organizational approach to audit and control.Electronic data interchange provides the opportunity for the furtherdevelopment of paperminimal systems and the resulting legal, as well asaudit and control, problems are discussed. Concludes by suggesting thatthere may be a need for a review of audit methodologies which, inprinciple, remain focused on the large bureaucratic paperbased systemsof the early 1950s.
PCsecurity EvaluationGollmann, Dieter; Wichmann, Peer
1992 Managerial Auditing Journal
doi: 10.1108/02686909210017892
Reports on the evaluation of a set of commercial PCsecurityproducts. Argues how, and why, this analysis differs from the kind ofsecurity evaluation described in the IT security evaluation criteriapublished recently by some national security agencies. Draws on anindepth examination down to the hardware level, based on the actualexecutable code and covers even attack scenarios where the attacker canmanipulate the hardware of the PC. Summarizes the major findings,pointing out some frequent design faults in PCsecurity systems.