| Resumo: | The current highly regulated business environment has imposed organisations to increase their effort to monitor and manage their control mechanisms. This awareness has been propelled by the increasing emergence of new regulatory requirements on continuous monitoring and continuous auditing of organisational transactions. Furthermore, the successive well-known scandals in organisations, which have resulted in a very negative impact on their operational performance and also on their corporate image, have shown that the traditional audit process is not sufficient to meet the organisations’ needs. Thus, organisations have been looking for solutions to improve and strengthen their risk control structures so as to provide greater security in the effectiveness of risk management of their activities, namely on controlling, monitoring and auditing of organisational transactions. Then, the concept of Continuous Assurance has emerged because it is the set of services which, making use of technology, uses the information immediately from organisational transactions and produces audit results simultaneously or within a short period of time after the occurrence of relevant events. Hence, this thesis focuses on the implementation of continuous assurance services in information systems in order to determine the degree of reliability with which transactions are carried out, mitigating the organisational risk. Therefore, this thesis aims to contribute to a new vision of organisational auditing focused on assurance services in transactions executed and supported exclusively in a digital format according to an ontological model of organisational transactions. The motivation and objective of this thesis led to some research challenges: Validate a set of characteristics that any information system with continuous assurance services must provide. The literature on this topic is not very explicit upon the metrics which should be taken into consideration during the evaluation of this type of information systems. Thus, the Delphi method was used to validate a set of essential and very important characteristics for information systems with continuous assurance. In addition, this work contributes with a model comprising dimensions and metrics, which allows it to be used as a tool or as a set of guidelines to evaluate information systems with embedded control. Ensure the feasibility of development and the effective use of an information system with full continuous assurance services, having as support an ontological model, and which is considerably flexible and adaptable in order to be applicable to any organisational transactions. Following the Design Science methodology, a proposal of a solution is presented. This proposal includes requirements, a modular architecture and the development of a prototype. All these steps were supported by an ontological model of organisational transactions so that they could be represented in a very detailed, objective and comprehensive way. Furthermore, the solution was implemented in a simulated organisational environment and its results allow to conclude that the presented architecture is an effective solution since it provides continuous assurance to any organisational transactions, having as support an ontological model. Moreover, this work demonstrates that a repository which allows the instantiation of execution patters (risk profiles) for each organisational transaction is an important element in information systems with continuous assurance services, as a source of references to support continuous monitoring, auditing and controlling of the risk associated with the execution of organisational transactions. |