The independent verification of the right applications of business rules in an information system is a task for auditors. The increasing complexity of information systems, and the high risks associated with violations of business rules, have created the need for on line auditing tools. In this paper we sketch a conceptual design for such a tool. The components of the tool are described briefly. The focus is on the database and the conformance checker, which are described in detail. The approach is illustrated with an example and some preliminary case studies from industry. Keywords: information assurance; auditing; architecture; conceptual model; constraints; business rules; conformance checking.