Securing Big Data Provenance for Auditors: The Big Data Provenance Black Box as Reliable Evidence

Abstract

ABSTRACT The purpose of this article is to highlight a main issue regarding reliable audit evidence derived from Big Data—that of secure data provenance. Traditionally, audit evidence external to the client has been regarded as superior to other forms of evidence. However, regarding external “messy” Big Data sources that may be material to aspects of the audit, these sources may lack provenance and verifiability. That is, the origins of the data may be unclear and its log files incomplete. According to the standards, such evidence should be considered as less reliable for audit evidence. External auditors, as outsiders of the client, should be able to reproduce the data lifecycle or transaction path, which may not be possible in an electronic environment with incomplete provenance. Furthermore, this mapping or provenance of the data origins and history should be securely maintained so that it cannot be thwarted. This need for secure data provenance has been largely ignored by the business community in its haste to utilize Big Data, but has been acknowledged by extant systems research as being an area that requires attention. This paper contributes to the discussion of Big Data provenance through the lens of public company auditing, where the provenance and reliability of data sources and audit evidence are of paramount importance. This paper also proposes a system of secure provenance collection, the Big Data Provenance Black Box, which is derived from several streams of extant research.