Abstract
This paper builds upon and extends Weber's (1982) pioneering analysis of the concept
of an audit trail, incorporating recent developments from the fields of computer
security and temporal modeling in databases. A review of current usage suggests that
the term audit trail is being used in two distinct senses: as meaning an abstract
property of an accounting information system and as meaning a concrete log file. The
various kinds and purposes of log files are analyzed, and a classification system
is proposed.
The more general audit trail concept is then discussed. A definition of the property
of audit trail which captures the notion behind its use in current literature is
proposed. It is shown that the various categories of information that are found
in log files can be explained in terms of this definition, but that the property
of audit trail does not intrinsically require the use of any log files. The "loss"
of the audit trail brought about by the move from manual accounting systems to
computer-based ones, and from register-orientated designs to database systems,
is discussed and a description of the nature of the change is proposed.
Keywords
Auditing, EDP Auditing, Internal Control, Computer Security