KPMG/UQBS CEO Dinner: Cyber Security and the CEO

This is a presentation I gave for the UQ Business School (in conjunction with Stan Gallo of KPMG) at the Urbane Restaurant to a group of Queensland CEO/C-Suite people. These dinners are part of UQ’s engagement with the business community – a relationship we value. Internet marketing services are essential for promoting your business and reaching a wider audience online. This engagement ensures we don’t get all locked up in our ivory tower.

This was a good night last night, I really enjoyed discussing cyber security/data governance issues with CEOs. This is going to be an increasingly important issue for Australian businesses – particularly as mandatory data breach notification takes hold.

The trend is certainly not toward ‘letting the data go wild’. It’s more a paddock-and-fences kind of situation.

AMCIS 2012: “Continued use of intelligent decision aids and auditor knowledge: qualitative evidence”

So, I submitted a paper to AMCIS 2012, an academic conference to be held in Seattle this year (  The paper was accepted (“I also think that this should generate some interesting discussion and hopefully receive further guidance to help the authors publish their work in a journal”) and so I am off to Seattle in August.

This paper was written solely by myself, without revision by supervisors, so I am quite happy about that.  It is also based on my phd, which is very helpful, and of course reviewer comments are very good to help with this process.

Anyway as I haven’t blogged in a while – here is the abstract of my paper “Continued use of intelligent decision aids and auditor knowledge:  qualitative evidence”:

The Theory of Technology Dominance proposes that continued use of intelligent decision aids (IDAs) relates to a decrease in auditors’ decision making skills, or deskilling. Prior research has considered deskilling in terms of auditor declarative knowledge. This research considers deskilling in relation to auditor declarative and procedural knowledge through an extended research model. A novel, rigorous and repeatable qualitative research method using automated text analysis (Leximancer) is developed for the analysis of significant bodies of text. Nineteen senior auditors in three audit offices were interviewed, and the transcripts analyzed. The findings indicate strong support for the hypothesized negative relationships between three constructs (the extent an IDA performs routine and time-intensive tasks, the dependence of an auditor on the IDA, and the auditor’s time with an IDA), and an auditor’s declarative and procedural knowledge. The results indicate avenues for future research, and provide guidance to practitioners in the use of IDAs. 

Once it is published I will put a link to the paper on this blog entry. 

Academic submission to a conference on Information Systems.

The past week or so of my professional life (it’s all a blur) has been taken up with writing a paper for submission to an upcoming conference.  If you’ve ever wondered about the process, it’s been painful.  If you are interested, read on to read the abstract of what is now a 12 page paper (it started out at 16 pages – cutting down is annoying).

If you aren’t interested – move along, nothing to see here.

Abstract (I’ll leave the title out as it’s A: long and B: it’s meant to be a double-blind review.  Suffice to say it’s about auditing and accounting standard reforms, BIS and IT audit).

Information systems are key components of the internal control system that ensure the business entity complies with the requirements of the financial reporting regulatory framework. This regulatory framework consists primarily of accounting and auditing standards. As the regulatory framework changes, so too do the functional requirements of information systems. Compliance with the regulatory framework is essential to the long-term business success.

This paper is a report of a  review of the effect of Australian reforms to auditing standards (the ‘audit risk’ and ‘black-letter law’ reforms) and accounting standards (the ‘A-IFRS’ reforms) upon business information systems and information systems audit. This analysis is verified with audit professionals and the final results reported as an exploratory study. The results identify seven significant computer-based registers for businesses to manage in complying with the financial regulatory framework, and identifies the significant relationships between accounting and auditing standards and information systems audit.

The audit and accounting profession requires a deep understanding of the implications of the financial reporting regulatory framework for business information systems design and the role of information systems audit. This paper provides a valuable contribution to this professional need through considered analysis  of the auditing and accounting standards.

Keywords: IFRS, ISA, IS Audit, business information systems

This research is a part of the output of my Australian Research Council Project.

A letter to my blog

Dear Blog

It has been some time since we last spoke. To let you know, I have taken up motorcycling. It is mostly an attractive pastime – except I know that on Saturday we spent four hours by the side of the road trying to fix a motorbike (the 2.5 year old one, not the 30 year old one – being mine). A picture of my motorcycle is shown below. It is a 1980 Honda CX500 and it’s been very reliable overall, and lots of fun to pull it altogether. Since the photo below was taken I have taken off the Ventura Gearsack at the back, and replaced the indicators with standard ones. I’ll find a new photo to send you soon.

Last week I was in Wellington – here’s a bad photo of me and Wellington’s parliament house from that trip:

I was over there to speak to Audit New Zealand as part of my phd research. If you’re not careful, I’ll tell you all about my phd… oh wait, I already did that.

Finally, today it was my pleasure to speak to an audit delegation from China with my Supervisor, Professor Peter Green. I’m sure you’re glad I have no photos of that experience – I will say though it was interesting presenting a quite technical presentation to a non-English speaking audience and waiting for the interpreter to translate. I could tell those of the delegation that could speak English – they laughed at my jokes before the interpreter had translated them.

Oh, and I got to go to the Ashes last week, for the opening day of the test. Here’s a video of Peter Siddle getting his hat trick (caution: strong language – not mine!):

That’s something for the bucket list – seeing a hat trick live in the Ashes at the Gabba.


Micheal Axelsen

PS: I have a mammoth blog post I’ll copy over to here that I wrote for CPA Australia. My favourite visual metaphor: “There are dangers to think about though when it comes to telecommuting. Maybe not the same dangers as skydiving into an apiary wearing only beachwear and honey-scented deodorant, but there are challenges to think about such as team cohesion, security, and that all-elusive ‘work-life balance’.”

The implications of NGERS and CPRS on information systems

Last week I was invited to present to the CPA Australia Carbon Pollution Reduction Scheme Discussion Group as part of the CitySmart Innovation Festival, along with Danny Powers, Michele Chelin, and Andrew Rogers.

It was an informative night and I think the audience appreciated what we did, as usual.  At any rate, I did promise I’d put up my slides; they’re attached below as Slideshare.  If you’d like the originals for your own purposes please feel free to email me.


Points noted in the presentation

  • Compliance with the reporting requirements (National Greenhouse and Energy Reporting Act 2007) means the development or implementation of major information systems.
  • NGERS is independent of the CPRS – and captures more companies than the CPRS.
  • The current proposed delay of one year has some impact on the carbon pricing models, but compliance efforts by NGER reporting entities will need to continue.
  • Reporting entities (entities producing > 125KT in 2008/2009, through to > 50kt CO2 equivalents by 2010/2011) will need to report emissions by one of four methodologies:
    • Method 1: the National Greenhouse Accounts default method
    • Method 2: a facility-specific method using industry sampling and listed Australian or international standards or equivalent for analysing fuels and raw materials
    • Method 3: a facility-specific method using Australian or international standards or equivalent for sampling and analysing fuels and raw materials
    • Method 4: direct monitoring of emission systems, on either a continuous or periodic basis
  • Methods 1-3 are estimates of emissions based upon increasingly accurate emissions factors. Method 4 monitors actual emissions.
  • A single annual emissions report is required by 31 October each year under NGER Act.
  • Information that should be kept – electronically or in paper-based form – includes:
    • a list of all sources monitored
    • the activity data used for calculation of greenhouse gas emissions for each source
    • categorised by process and fuel or material type
    • documentary evidence relating to calculations – e.g. receipts, invoices & payment methods
    • documentation of the methods used for greenhouse gas emissions and energy estimations
    • documents justifying selection of the monitoring methods chosen
    • documentation of the collection process for activity data for a facility and its sources
    • records supporting business decisions, especially for high-risk areas relating to reporting coverage and accuracy.
  • AS ISO 15489 (the Australian and international standard for record management) provides guidance – but not all documents are records!
  • Management of information over the lifecycle is a challenge due to potential changing definitions and criteria
  • Under the CPRS, liable entities whose emissions exceed 125K tonnes per annum (‘Large Emitters’) must have their emissions independently audited. For all other entities under NGERS and the CPRS, they may be subject to audit on suspicion of non-compliance or on a risk-management basis.
  • As report identifies actual CO2 equivalent emissions, and thus the number of permits surrendered, business must ensure its calculation is accurate, and that people understand the report and data they are producing.
  • To support auditable systems, the information systems of liable entities will need to address asset safeguarding, data integrity, system effectiveness and system efficiency concerns.
  • Systems will need to be reliable and timely (“95% confident”) having regard to:
    • Transparency
    • Comparability
    • Accuracy
    • Completeness
  • Extensions or integrations to accounting information systems are likely.
  • There are important factors for a business to address if it is going to create an auditable information system to support its emissions report.
  • 50kt of CO2 emissions is the equivalent of, for example, the operation of 15 data centres with 1000 servers over one year – so, not a small business!
  • As for SME’s, they are less affected from an information systems perspective.
  • Similar concerns exist though for ensuring that the integrity of, for example, price estimation models is accurate (given, for example, electricity cost increases of 18% and gas cost increases of 12%).
  • It is likely that you will need to estimate and select prices based upon a rigorous method, or potentially attract the attention of the ACCC.
  • SME’s that supply liable entities and/or entities that have ‘green’ purchasing policies may especially need to understand the impact of the scheme on their future demand
  • ‘Very Large’ SME’s and large corporations that are currently outside of the CPRS, but could be caught in potential future expansions of the definition, should consider implementing greenhouse gas emissions reporting information systems to inform future lobbying efforts and by way of advance preparation.