[
Lists Home |
Date Index |
Thread Index
]
Hi Tom,
It's a very interesting question that you raise.
On the one hand, xml on it's own doesn't really inherently support or
have any association with Audit requirments.
It's a bit like the seperation of the mechanics of the car versus
taking it out on the track for some fast laps... they are quite
different.
I guess your question more relates to xml trading systems where
audit capabilities are very much a neccessity to have.
Of course, different systems have different levels of traceability
some ranging from very little/none through to quite thorough.
As a company, what we do is to provide a packaged trading
system with built in document tracing that provides for easier
auditing of every transaction that has ever occurred.
But custom systems seem to have an infinite amount of
variability in their degree of transaction traceability.
The other very important issue to be aware of is that in many
companies, a lot of xml data is "thrown away". And not retained.
This can often be because the "transaction record" is in the
CRM/Accounting system and no need is seen to keep the
xml record. I don't agree with that myself... but that's often
how it is.
To extend the complication further, some xml data has no
need for retention/tracking. Like product availability requests
and price information. These are completely transient in most
peoples view and are never retained as there is simply never
any need.
Best Regards
David
On Thu, 17 Mar 2005 9:17 am, Vankerkom, Tom wrote:
> Hi all,
>
> I am creating an internal audit paper regarding XML.
>
> I am having troubles finding documents (papers, websites, articles, ...)
> about audit issues related to the usage of XML.
>
> The usage of XML can be as data interchange (EDI), database interfaces,
> content management, etc.
>
> If someone could provide me with some sort of audit programme, that
> would be perfect.
>
> A list of xml related audit issues would be just as great.
>
> Thanks,
>
>
> Tom Vankerkom
> Junior Advisor
>
> KPMG
> Information Risk Management a division of KPMG Advisory
>
> Spoorweglaan 3
>
> 2610 Wilrijk
>
> Tel. +32 (0) 3 821.19.06
> Fax. +32 (0) 3 825.20.25
>
> Mob: +32 485 368648
> e-mail tvankerkom@kpmg.com
> http://www.kpmg.be <http://www.kpmg.be/>
>
>
>
>
> ***************************************************************************
>************************ The information contained in this communication is
> confidential and may be legally privileged. It is intended solely for the
> use of the individual or entity to whom it is addressed. If you are not the
> intended recipient you are hereby notified that any disclosure, copying,
> distribution or taking any action in reliance of the contents of this
> information is strictly prohibited and may be unlawful. Any opinions or
> advice contained in this email is only valid upon your receipt of our
> written confirmation by mail or by telefax and are subject to the terms and
> conditions expressed in the governing KPMG client engagement letter. We
> are neither liable for the proper and complete transmission of the
> information contained in this communication nor for any delay in its
> receipt.
>
> This footnote also confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses. (www.mimesweeper.com)
> However, we still advice you to check this e-mail and any attachments for
> viruses as we can take no responsibility for any computer virus which might
> be transferred by way of this communication.
>
> ***************************************************************************
>************************
--
Computergrid : The ones with the most connections win.
|