On Auditing Audit Trails.

The current auditing crisis of big business can provide useful lessons and suggestions for improving similar practices within the computer industry. Audit trails, whether computer-based or manually produced, typically form a significant part of the front-line defense for fraud detection and prevention within systems. Many of the security practices revolve around the generation and preservation of authenticated data streams that are to be perused routinely or periodically, as well as in the event of system attack, failure, or other investigations. But these audit trail systems are not necessarily robust, since components can be subverted or ignored. Furthermore, it is the surrounding controls or overriding design-and-use philosophies, that are often discovered to be inadequate or circumvented. Audit trails, whether computer-based or manually produced, typically form a significant part of the front-line defense for fraud detection and prevention within systems. It is incumbent upon us to examine our own auditing practices for their intrinsic vulnerabilities.