Minimizing cost of continuous audit: Counting and time dependent strategies

Why do we need to continuously audit databases? The answer to this question depends on several factors, including the users and the applications that have accessed the data, the timing and the type of data modifications such as permissions or schema and so on. Many studies pertain to the technical feasibility of continuous auditing of databases, but do not consider the economic feasibility of such auditing. This paper helps fill this void in the literature. We examine certain strategies that have been suggested in the database auditing literature (see, e.g. [Orman, L.V., 2001. Database audit and control strategies. Information Technology and Management 2(1), 27-51]) with major and minor modifications. Orman studied the counting, periodic and hybrid auditing strategies with the objective of minimizing the number of errors introduced during database access. Unlike Orman whose focus is on assessing the number of errors entering into the system (technical feasibility), we focus on the long run operating cost of running database audit. We use results from regenerative stochastic processes to derive expressions for the long run average cost under the counting and periodic auditing strategies. Future directions for research are also proposed.