Privacy Auditing Standards-Reference-Cited by-同舟云学术

Privacy Auditing Standards

Published:2014-09-01 Issue:3 Volume:34 Page:181-199
ISSN:1558-7991
Container-title:AUDITING: A Journal of Practice & Theory
language:en
Short-container-title:

Author:

Toy Alan¹,Hay David C.¹

Affiliation:

1. Alan Toy is a Ph.D. Student, and David C. Hay is a Professor, both at The University of Auckland.

Abstract

SUMMARY Privacy audits are an area of auditing practice that are becoming increasingly relevant to audit firms as well as to regulators such as privacy commissioners. Privacy audit reports can be a resource for consumers and groups representing them. However, there is limited consistency between the standards applied in privacy audits when compared across different auditors and across different jurisdictions. Inconsistency of standards reduces international comparability of privacy audits, thereby lowering their potential value to the entities subject to audit, and to users of the reports. We suggest a set of fundamental principles for privacy audits drawn from recent proposals for legislative and/or policy reform by leading official bodies in the U.S. and the European Union. We apply this framework to 30 privacy audit reports issued in five countries. The results show that few conform to the proposed fundamental principles. This inconsistency limits their value and effectiveness.

Publisher

American Accounting Association

Subject

Economics and Econometrics,Finance,Accounting

Link

http://meridian.allenpress.com/ajpt/article-pdf/34/3/181/1602929/ajpt-50932.pdf

Reference55 articles.

1. Why do private companies demand auditing? A case for organizational loss of control;Abdel-khalik;Journal of Accounting, Auditing & Finance,1993

2. American Institute of Certified Public Accountants (AICPA). 2006. International Legislative Privacy Developments. Available at: http://www.aicpa.org/interestareas/informationtechnology/resources/privacy/privacyservices/downloadabledocuments/9568b395_intlprivac.pdf (last accessed August 24, 2013).

3. American Institute of Certified Public Accountants (AICPA). 2012. Reporting on Controls at a Service Organization: Relevant to Security, Availability, Processing, Integrity, Confidentiality, or Privacy (SOC 2sm). Updated as of March 1, 2012. New York, NY: AICPA.

4. American Institute of Certified Public Accountants , and Canadian Institute of Chartered Accountants (AICPA and CICA) . 2009. Generally Accepted Privacy Principles: CPA and CA Practitioner Version. Available at: http://www.aicpa.org/InterestAreas/InformationTechnology/Resources/Privacy/GenerallyAcceptedPrivacyPrinciples/DownloadableDocuments/GAPP_PRAC_%200909.pdf

5. Australian Law Reform Commission (ALRC). 2008. For Your Information: Australian Privacy Law and Practice. ALRC Report 108. Canberra, NSW: Paragon Group.

Cited by 12 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Data Privacy Measurement In Local Government Using Metric-Based Evaluation In Surabaya City Government;2023 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT);2023-11-20

2. A Framework for Auditing and Strategizing to Ensure Cloud Privacy;Journal of Information Systems;2019-12-31

3. Protecting a new Achilles heel: the role of auditors within the practice of data protection;Managerial Auditing Journal;2019-09-18

4. Cloud privacy objectives a value based approach;Information & Computer Security;2019-06-12

5. The views of privacy auditors regarding standards and methodologies;Meditari Accountancy Research;2019-06-03