Creator of Knowledge
Information Resources Management Association
Advancing the Concepts & Practices of Information Resources Management in Modern Organizations

Access Control for Auditors in Corporate Collaboration

Access Control for Auditors in Corporate Collaboration
View Free PDF
Author(s): Timon C. Du (The Chinese University of Hong Kong, Hong Kong), Vincent S. Lai (The Chinese University of Hong Kong, Hong Kong), Charles Chou (The Chinese University of Hong Kong, Hong Kong) and Richard Hwang (California State University, USA)
Copyright: 2006
Pages: 2
Source title: Emerging Trends and Challenges in Information Technology Management
Source Editor(s): Mehdi Khosrow-Pour, D.B.A. (Information Resources Management Association, USA)
DOI: 10.4018/978-1-59904-019-6.ch093
ISBN13: 9781616921286
EISBN13: 9781466665361


To respond to the fast-changing environment, corporations are under pressure to form collaboration within and among organizations. There are many reported examples of how collaboration can be implemented. One of the most mentioned case is the vendor-managed inventories (VMI) model that moves the duty of product replenishment from the retailers to the wholesalers or from the wholesalers to the manufacturers, by allowing the vendor (the wholesalers or the manufacturers) to manage the inventories for the buyers (the retailers or the wholesalers). Under the system, a continuous replenishment program (CRP) allows the suppliers to regularly monitor the point-of-sales (POS) data and determine the replenishment period. To facilitate the collaboration, it is essential to share the ERP data or warehouse data among organizations. Of course, organization may decide to deepen the degree of collaboration by adopting advanced planning and scheduling (APS) which takes the plant capacity and material availability of both the suppliers and the manufacturers into collaborative scheme. Similarly, managers could consider using collaborative forecasting and replenishment (CFAR) so that the demands of retailers and wholesalers can be examined to trig the production activities. Moreover, an integrated approach of APS and CFAR, called collaborative planning, forecasting, and replenishment (CPFR) allows collaborators to manage simultaneously the relationships between retailers and wholesalers and between wholesalers and manufacturers. Internal auditors appraise the level of efficiency of a firm’s operations and the level of its compliance to the existing regulations. On the other hand, external auditors provide assurance to the reliability of a client’s financial and non-financial information reported in the quarter and annual financial statements. To fulfill their responsibilities, both internal and external auditors need to evaluate the efficiency and effectiveness of an organization’s internal controls. Since internal auditors involve in the entity’s daily operations and are independent of business activities, they are the most qualified groups of individuals who can assist the external auditors to conduct an audit engagement. Regardless which format chosen, internal and external auditors of collaborative organizations should have access to the data stored in (and owned by) the various organizations. In this case, it is apparent that an access control to an organization’s data is critical to protect the integrity and proprietary information among collaborators. As one may aware, the roles and tasks performed by internal and external auditors are quite different. To the external auditors, their primary responsibility is to examine whether a company’s financial statements (balance sheet, income statement, and statement of cash flows) are prepared based on generally accepted accounting principles (GAAP). As part of professional responsibilities, external auditors need to develop a high-level understanding of client’s operations, so they can express a professional opinion on a client’s financial statements objectively and confidently. On the other hand, internal auditors are in charge of the operational audit and the compliance audit. When performing an operational audit, internal auditors review the efficiency and effectiveness of a firm’s operational procedures. Such an audit includes, but not limited to, an examination of transactions process and the evaluation of less quantifiable information like the degree of customer satisfaction. Moreover, internal auditors are responsible for compliance audit to determine whether the company practice follows the regulations promulgated by authorities such as environmental protection agency (EPA) and Federal Depository Insurance Commission (FDIC). Traditionally, the external auditors examine the historical data periodically. Since the growth of information technology and the dynamics of the business world, external auditors have gradually shifted their focuses from periodical examination to real-time assurance. Since most internal auditors perform operational and compliance audits on continuous basis, their inputs to the external audit processes are imperative to yield high quality financial audit reports. Therefore, it is essential for the external auditors to work closely with a company’s internal audit department during the course of an audit engagement. While working closely, both internal auditors and external auditors share the same concern over the implementation of computer control and information security under the real-time and continuous assurance environment when data is transferred electronically (Rezaee, Sharbatoghlie, Elam, and McMickel, 2002; Elliot, 2002; Daigle and Lampe, 2002). Although we all aware the existence of information risk when one makes decisions under uncertainty. Such a risk may have indeed increased in an electronic business environment. For example, the bullwhip effect may exist in the supply chain, where the information could be twisted during propagation (Chopra and Meindl, 2001). Moreover, the biases of the information provider and complex data exchanges in the corporate collaboration may raise the level of information risks. To alleviate such a risk and to provide timely information to the public, all audits, including operational, compliance and financial, have to be conducted on a continuous and real-time basis, particularly when an organization engages in collaborative commerce. Such an inter-organization arrangement leads to the need for designing access controls for auditors. The purpose of the study is to propose a model of data access control for external auditors when clients involve in the corporate collaboration.

Body Bottom