Munir Majdalawieh

Intra/inter process continuous auditing (IIPCA), integrating CA within an enterprise system environment

Purpose – The pressure is on organizations to go beyond automating their internal audit activities and develop and integrate internal auditing into business processes of the enterprise. This paper aims to propose a “full power” continuous auditing (CA) model with three key components: electronic audit evidence functions; intra‐process auditing; and inter‐process auditing.Design/methodology/approach – This paper follows a design science approach by identifying relevant problems from the current literature, defining the objectives of the study, designing and developing the “full power” CA model, and evaluating the model. The model supports business process‐centric auditing and enhances the business monitoring capacities of organizations enabling the fulfillment of increasingly stringent compliance requirements with internal policies as well as external regulations.Findings – This work has attempted to fill the gap between the enterprise solutions offered by enterprise system providers and a structured appro...

Paradigm shift in information systems auditing

Purpose - This paper seeks to identify change factors within the various elements of the IS audit universe aiming to give practitioners and management insight about the state of the IS audit profession and its future directions, especially within the United Arab Emirates (UAE) context. Design/methodology/approach - Potential change factors that are taking place in IS audit were initially identified based on a literature review and the experience of the authors within the field. These changes were then categorized within one of the elements of the IS audit universe. To validate the IS audit change factors, a questionnaire was chosen as a data collection tool. The survey was sent to relevant practitioners in the subject matter within the UAE and was completed by 62 respondents. Findings - The study concluded that the role of IS auditors in lessening in applications and infrastructures audits and is strengthening in the arena of IT management audits. Practical implications - The implication of study for IS audit practitioners is that they need to be better equipped to conduct IT management audits and to contribute value to their organization as part of IT governance endeavors rather than focusing on infrastructure and application audits. On the other hand, the implication for management is that they should be aware of the capabilities of IS audit and set their biggest value expectations in the area of IT management assurance and governance. Originality/value - The paper makes a contribution by identifying change factors within the various elements of the IS audit universe aiming to give practitioners insight about the state of the profession and its future directions.

RBAC Model for SCADA

This paper focuses on recommending the usage of the Role-Based Access Control (RBAC) model to define the users’ security roles, permissions, authorization, and role hierarchy to access the SCADA system. Achieving the desired level of authorization and access control will involve integrating the secur ity system with SCADA operations and building role based access control capabilities in the application level.

Megaprojects and risk management: Emaar Properties

Companies in a variety of industries must be cognisant of the risks associated with project management, but organisations implementing megaprojects must actively identify, analyse, mitigate, monitor and control for a variety of potential challenges that could impact on project schedule, cost, and quality. In addition to managing risks within projects, large enterprises must also consider their exposure to market events and other situations beyond their control. This paper identifies several challenges associated with large projects and examines how Emaar Properties manages risks across markets by spreading projects geographically and by diversification across industries.

Tejari and E-procurement: Moving to Paperless Business Processes

Abstract Purchasing departments have not traditionally been thought of as sources of business innovation, but much has happened in the world of procurement over the past few years. Solution providers have helped both buyers and suppliers move from traditional paper-based business processes to the basic procurement transaction functionality offered by enterprise resource planning (ERP) applications and on to web-based e-procurement applications. Tejari, a leader in the Business- to-Business marketplace in the Middle East, has helped several companies make this transition. This paper will discuss the traditional procurement process, and then explain the e-procurement components, followed by a review of the Tejari e-procurement model and finally a discussion of implementation issues, costs and benefits for the purchasing activities of two of Tejari’s clients.

Enterprise systems requirement analysis for process-centric continuous monitoring

Continuous auditing requires that information systems (IS) are developed not only to fulfill business requirements but also to continuously monitor transactions and fulfill compliance and pervasive control requirements. The integration of enterprise systems and their controls within a process-centric logic necessitates a likewise integration of their development processes. Subsequently existing tools and techniques for requirements analysis need to be recast within a hybrid and integrated approach dubbed requirement analysis for process-centric continuous monitoring or RA-PCCM, which consists of the concurrent analysis of operational systems, IS, the control system and the management system. RA-PCCM offers a working model for the concurrent development of enterprise systems and their internal controls, hence ensuring the continuous monitoring of transaction processing and compliance with pervasive controls. Consequently, auditing assumes the role of control monitoring assurance rather than the substantive testing of enterprise system process and output.

DNPSec Simulation Study

The main objective of this simulation study is to investigate the performance effects of adding the DNPSec functionality to SCADA DNP3 protocol.