A Generic Model and Architecture for Automated Auditing

  • Hasan
  • Burkhard Stiller
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3775)


Research has been performed in areas of auditing, a.o. security auditing, compliance auditing, financial auditing. In order to increase the efficiency of and to allow for continuous auditing, auditing tasks must be automated, which is only possible if audit data are available digitally and suitable algorithms exist.

Different areas of auditing follow different objectives, thus require different detailed tasks to be performed, yet they share a common auditing model. This is based on the consideration that in general auditing deals with the evaluation or examination of facts against a set of compliance specifications. The objective of this paper is to develop a generic model and architecture for automated auditing, thus providing the basis for the development of auditing work for specific applications. To show its general applicability, the proposed model is applied to different areas including Service Level Agreement (SLA) compliance verification and Intrusion Detection Systems. A full-fledged example is discussed showing in detail how the generic architecture is applied to the SLA compliance verification.


  1. 1.
    ACL Services Ltd.: ACL Tops 2004 Internal Auditor Software Survey (2004) Google Scholar
  2. 2.
    CaseWare IDEA Inc.: IDEA: Product Profile (2004) Google Scholar
  3. 3.
    Daidalos: A4C Framework Design Specification. Deliverable D341 (2004) Google Scholar
  4. 4.
    D’Antonio, S., Esposito, M., Gargiulo, M., Romano, S.P., Ventre, G.: A Component-based Approach to SLA Monitoring in Premium IP Networks. In: First Intl. Workshop on Inter-Domain Performance and Simulation, Salzburg (2003)Google Scholar
  5. 5.
    Denning, D.E.: An Intrusion-Detection Model. IEEE Transactions on Software Engineering SE-13(2), 222–232 (1987)CrossRefGoogle Scholar
  6. 6.
    G-NE GmbH: Konzeptionsansatz: Qualitätssicherung in IT-Outsourcing-Projekten mittels einer unabhängigen Prüfinstanz. Confidential Document (2002) Google Scholar
  7. 7.
    Hasan, Stiller, B.: Auditing Architecture for SLA Violation Detection in QoS-Supporting Mobile Internet. IST Mobile and Wireless Comm. Summit, Aveiro, Portugal, vol. 1 (2003) Google Scholar
  8. 8.
    Hasan, Stiller, B.: Non-repudiation of Consumption of Mobile Internet Services with Privacy Support. In: IEEE Intl. Conf. on Wireless and Mobile Computing, Networking and Communications (to be published), Montreal, Canada (2005)Google Scholar
  9. 9.
    Itellix Software: Wisiba: Datasheet (2003)Google Scholar
  10. 10.
    Keller, A., Ludwig, H.: The WSLA Framework: Specifying and Monitoring Service Level Agreements for Web Services. Journal of Network and Systems Management 11(1), 57–81 (2003)CrossRefGoogle Scholar
  11. 11.
    Lundin, E., Jonsson, E.: Survey of Intrusion Detection Research. Technical Report 02-04, Department of Computer Engineering, Chalmers Univ. of Technology, Göteborg (2002)Google Scholar
  12. 12.
    Rezaee, Z., et al.: Continuous Auditing: Building Automated Auditing Capability. Auditing: A Journal of Practice & Theory 21(1), 147–163 (2002)CrossRefGoogle Scholar
  13. 13.
    Shirey, R.: Internet Security Glossary. IETF, RFC 2828 (2000)Google Scholar
  14. 14.
    Study Group on Communication Systems Security: Compendium of approved ITU-T Security Definitions (2003)Google Scholar
  15. 15.
    Softek Storage Solutions Corporation: SOFTEK EnView: Datasheet (2004)Google Scholar
  16. 16.
    Telemanagement Forum: SLA Management Handbook, V1.5. GB917 (2001)Google Scholar
  17. 17.
    U.S. Committee on National Security Systems: National Information Assurance Glossary (2003) Google Scholar
  18. 18.
    Vasarhelyi, M.A.: Artificial Intelligence in Accounting and Auditing. Towards New Paradigms IV (1997)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2005

Authors and Affiliations

  • Hasan
    • 1
  • Burkhard Stiller
    • 1
    • 2
  1. 1.Computer Engineering and Networks Laboratory TIKETH ZürichSwitzerland
  2. 2.Computer Science Department IFIUniversity of ZürichSwitzerland

Personalised recommendations