Cart
[Home] [By Thread] [By Date] [Recent Entries]
Tom Venkerkom wrote: > I am having troubles finding documents (papers, websites, articles, ...) about audit issues related to the usage of XML. Michael Kay replied: < I think you would have similar difficulties finding papers about audit issues related to the usage of the telephone, for the same reason. Hmm.... I've not heard of anyone recording telephone conversations in order to comply with the security, controls, record processing and retention provisions of legislation such as Sarbanes-Oxley (SOX), Basel II, the UK Companies Bill, or HIPAA. The CPA/IS auditor who wrote this article about SOX section 302 and 404 compliance also wrote about XML a few years ago: http://www.sqlsummit.com/sox.htm If I remember correctly, the primary concern she stated about XML (for example, modeling e-business transactions on the exchange of XML documents) was security -- the need for authentication, encryption, digital signatures, certs and so on. On the plus side, with easily-understood schemas and tags, XML is useful for archiving records that must be retained for years/decades (an issue if you have to comply with regulations mentioned above). She mentioned data analysis, data mining and pattern recognition being done for SOX. Detecting patterns of fraud by analyzing XML documents is easier than trying to detect fraud by analyzing waveform audio of multiple speakers (different accents, dialects, jargon). ======== Ken North =========== www.WebServicesSummit.com www.SQLSummit.com www.GridSummit.com
|
