[
Lists Home |
Date Index |
Thread Index
]
Tom Venkerkom wrote:
> I am having troubles finding documents (papers, websites, articles, ...) about
audit issues related to the usage of XML.
Michael Kay replied:
< I think you would have similar difficulties finding papers about audit issues
related to the usage of the telephone, for the same reason.
Hmm.... I've not heard of anyone recording telephone conversations in order to
comply with the security, controls, record processing and retention provisions
of legislation such as Sarbanes-Oxley (SOX), Basel II, the UK Companies Bill, or
HIPAA.
The CPA/IS auditor who wrote this article about SOX section 302 and 404
compliance also wrote about XML a few years ago:
http://www.sqlsummit.com/sox.htm
If I remember correctly, the primary concern she stated about XML (for example,
modeling e-business transactions on the exchange of XML documents) was
security -- the need for authentication, encryption, digital signatures, certs
and so on. On the plus side, with easily-understood schemas and tags, XML is
useful for archiving records that must be retained for years/decades (an issue
if you have to comply with regulations mentioned above).
She mentioned data analysis, data mining and pattern recognition being done for
SOX. Detecting patterns of fraud by analyzing XML documents is easier than
trying to detect fraud by analyzing waveform audio of multiple speakers
(different accents, dialects, jargon).
======== Ken North ===========
www.WebServicesSummit.com
www.SQLSummit.com
www.GridSummit.com
|
