OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help



   Re: [xml-dev] Xml in audit

[ Lists Home | Date Index | Thread Index ]


We are seeing more use of XML for audit purposes, i.e. keeping records 
as XML. This makes sense but it can create a lot of data that is 
difficult to manage.

Our involvement has been that DeltaXML is being used in this area to 
trace changes to data (often an important aspect of audit trails). It 
would also be possible to reduce data to the 'variable elements' by 
differencing with a standard - the delta then represents just the 
variable elements. That way the data is smaller but the original can 
always be re-constructed.

There's a bit more about this at [1].

[1] http://www.deltaxml.com/use-cases/xml-audit-trail.html

David Lyon wrote:
> Hi Tom,
> It's a very interesting question that you raise.
> On the one hand, xml on it's own doesn't really inherently support or
> have any association with Audit requirments.
> It's a bit like the seperation of the mechanics of the car versus
> taking it out on the track for some fast laps... they are quite
> different.
> I guess your question more relates to xml trading systems where
> audit capabilities are very much a neccessity to have.
> Of course, different systems have different levels of traceability
> some ranging from very little/none through to quite thorough.
> As a company, what we do is to provide a packaged trading
> system with built in document tracing that provides for easier
> auditing of every transaction that has ever occurred.
> But custom systems seem to have an infinite amount of
> variability in their degree of transaction traceability.
> The other very important issue to be aware of is that in many
> companies, a lot of xml data is "thrown away". And not retained.
> This can often be because the "transaction record" is in the
> CRM/Accounting system and no need is seen to keep the
> xml record. I don't agree with that myself... but that's often
> how it is.
> To extend the complication further, some xml data has no
> need for retention/tracking. Like product availability requests
> and price information. These are completely transient in most 
> peoples view and are never retained as there is simply never
> any need.
> Best Regards
> David
> On Thu, 17 Mar 2005 9:17 am, Vankerkom, Tom wrote:
>>Hi all,
>>I am creating an internal audit paper regarding XML.
>>I am having troubles finding documents (papers, websites, articles, ...)
>>about audit issues related to the usage of XML.
>>The usage of XML can be as data interchange (EDI), database interfaces,
>>content management, etc.
>>If someone could provide me with some sort of audit programme, that
>>would be perfect.
>>A list of xml related audit issues would be just as great.
>>Tom Vankerkom
>>Junior Advisor
>>Information Risk Management a division of KPMG Advisory
>>Spoorweglaan 3
>>2610 Wilrijk
>>Tel. +32 (0) 3 821.19.06
>>Fax. +32 (0) 3 825.20.25
>>Mob: +32 485 368648
>>e-mail tvankerkom@kpmg.com
>>http://www.kpmg.be <http://www.kpmg.be/>
>>************************ The information contained in this communication is
>>confidential and may be legally privileged. It is intended solely for the
>>use of the individual or entity to whom it is addressed. If you are not the
>>intended recipient you are hereby notified that any disclosure, copying,
>>distribution or taking any action in reliance of the contents of this
>>information is strictly prohibited and may be unlawful. Any opinions or
>>advice contained in this email is only valid upon your receipt of our
>>written confirmation by mail or by telefax and are subject to the terms and
>>conditions expressed in the governing KPMG client engagement letter. We 
>>are neither liable for the proper and complete transmission of the
>>information contained in this communication nor for any delay in its
>>This footnote also confirms that this email message has been swept by
>>MIMEsweeper for the presence of computer viruses. (www.mimesweeper.com)
>>However, we still advice you to check this e-mail and any attachments for
>>viruses as we can take no responsibility for any computer virus which might
>>be transferred by way of this communication.

-- ---------------------------------------------------
Robin La Fontaine    DeltaXML: "Change control for XML, in XML"
Email: robin@deltaxml.com      http://www.deltaxml.com
Free XML comparison service http://compare.deltaxml.com


News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS