An Analysis of the Effects of Continuous Monitoring Controls Uday S. Murthy |
ABSTRACT: This research investigates the effects on ecommerce system performance of alternative types of application controls that continually monitor transaction-processing activity. The three categories of controls examined were relatively simple controls involving calculations, more complicated controls requiring database lookups, and the most intensive controls involving the use of aggregate statistical functions. A test ecommerce platform comprising a sales order entry application was programmed using Active Server Pages (ASP) technology. The system, running on a Windows 2000 Server platform with the data in a SQL Server 2000 database, was stress tested using Microsoft's Web Application Stress tool. To gauge the performance of the system under low, medium, and high load conditions, various statistics were gathered including processor utilization, ASP requests per second, SQL Server transactions per second, ASP requests queued, and time to last byte of the main order processing script. Results revealed that calculation controls could easily be accommodated by the ecommerce system, regardless of system load. Lookup controls had a detrimental effect on system performance only when they were heavily used. Aggregate function controls had a dramatic negative impact on system performance. The results of this study are useful for both capacity planning and capacity management and provide support for both internal and external auditors requesting the inclusion of continuous monitoring controls in modern ecommerce systems. Key words: Continuous monitoring, ecommerce system, system performance, stress testing, application controls Data availability: Contact the author I thank Kaushal Chari, Dale Lunsford, DeWayne Searcy, the associate editor, and the anonymous reviewers for helpful comments on this paper. Financial support for this research was provided in part by a grant from the Dell Computer Corporation, which is gratefully acknowledged. |