（2005）Real-time information integrity = system integrity + data integrity + continuous assurances.pdfVIP

Computers Security (2005) 24, 604e613 /locate/cose Real-time information integrity [system integrity Ddata integrity Dcontinuous assurances Stephen Flowerday 1, Rossouw von Solms* Department of Information Technology, Faculty of Engineering, Nelson Mandela Metropolitan University, P.O. Box 77000, Port Elizabeth 6031, South Africa KEYWORDS Abstract A majority of companies today are totally dependent on their information Information integrity; assets, in most cases stored, processed and communicated within information sys- Internal controls; tems in digital format. These information systems are enabled by modern information Risk management; and communication technologies. These technologies are exposed to a continuously Information security increasing set of risks. Yet, management and stakeholders continuously make impor- management; tant business decisions on information produced in real-time from these information Assurance on demand systems. This information is unaccompanied by objective assurances as the current auditing procedures provide assurances months later. Therefore, risk management, including a system of internal controls, has become paramount to ensure the informa- tion’s integrity. A system of internal controls, including IT controls at its core, help limit uncertainty and mitigate the risks to an acceptable level. Auditors play an in- creasingly important role in providing independent assurances that the information system’s infrastructure and data maint