Transcript Document

Continuous Reporting Query
Issues
Dr. Graham Gal
Isenberg School of Management
Outline
• Continuous Monitoring and Continuous
Reporting
• Defining Continuous Reporting
• Continuous Reporting Audit Issues
• Disclosure Issues
• Security Approaches
• Future Research
WCAS Rutgers University Nov. 7-8th,
2008
Continuous Reporting and
Monitoring
• Continuous Monitoring implies continuous
reporting
• Demand driven
o
o
o
Regulators
Investors
Internal reviewers
• Supply
o
o
Data
Review
• Characteristics of Continuous Reporting
WCAS Rutgers University Nov. 7-8th,
2008
Continuous Reporting
Characteristics
• Information Set
o
Non-GAAP information
• Expanded level of detail
o
Transaction level
• Time Lag
o
Event time versus disclosure time
• Query Language
o
Standard information set versus user defined
set
WCAS Rutgers University Nov. 7-8th,
2008
Issues
• Information use
o
Confirmation vs. initial disclosure
• Adequate disclosure
o
Website availability issues
• Materiality
o
o
Query review
Query versus Database materiality
• Amount of Information Disclosed
o
Sensitive information
WCAS Rutgers University Nov. 7-8th,
2008
Disclosure of Sensitive
• Definition of Information
Sensitive Information
• Learning from Queries
o
Census Data
 Cell perturbation
Physician’s
Salaries
(000s)
Internal
Medicine
County A
County B
County C
totals
$15,000
$14,500
$17,000
$46,500
Oncology
$7,000
$9,000
$2,000
$10,500
$8,500
$19,500
Surgeon
$2,450
$450
$3,200
$4,300
$6,300
$9,950
$24,450
$19,700
$31,800
$75,950
totals
WCAS Rutgers University Nov. 7-8th,
2008
Learning from Query Results
• Time Based Inferences
o
Knowledge of internal events – hiring
• Intersecting Subset Inferences
o
o
Unlimited number of queries
Assisted by knowledge of firm
 Salaries
 Size of departments
• Restricting knowledge as opposed to data
WCAS Rutgers University Nov. 7-8th,
2008
Restriction to Prevent Inferences
• Definition of Sensitive Information
o
o
Level of security – confidence interval
Size of result [k, n-k]
• Inability to perturb the data
• Samples of database can preserve
relationships
• Tracking information disclosed
WCAS Rutgers University Nov. 7-8th,
2008
Inference Channels
• Path to a piece of sensitive information
• Each step in the path is a query
• Encrypted tokens are assigned and
required to traverse the path
• Path of length N – N-1 tokens are
assigned
• Security is preserved by blocking
complete traversal of the channel
WCAS Rutgers University Nov. 7-8th,
2008
Inference Channels
• Problems
o
Public Information
 Collusion Resistance Token Assignment
o
Refunding Tokens
 Length of time information is relevant
 Changes to underlying data
o
Correlated data
 Multiple channels to information
WCAS Rutgers University Nov. 7-8th,
2008
Inductive Learning and Query
History
• Inductive Learning
Asking questions and incorporating information
into a particular model of nature
o Functional relationships
o Passive learner
o
• Query History
What can be learned or inferred from previous
queries
o Dynamic data
o
WCAS Rutgers University Nov. 7-8th,
2008
Inductive Learning and Query
History
• Altering capabilities of query system
o
Restricting characteristics can restrict the
types of inferences that can be made
 Time dependent queries
 Statistical queries
 Certain types of joins
 Recursive queries
WCAS Rutgers University Nov. 7-8th,
2008
Implications
• Understanding goals
o
o
Investor goals
Continuous Reporting supports information
acquisition for investor goals
• Auditors
Definition of Sensitive Information
Implications of Continuous Reporting
Characteristics
o Knowledge versus Data Security
o
o