A bayesian approach for on-line max and min auditing

In this paper we consider the on-line max and min query auditing problem: given a private association between fields in a data set, a sequence of max and min queries that have already been posed about the data, their corresponding answers and a new query, deny the answer if a private information is inferred or give the true answer otherwise. We give a probabilistic definition of privacy and demonstrate that max and min queries, without “no duplicates”assumption, can be audited by means of a Bayesian network. Moreover, we show how our auditing approach is able to manage user prior-knowledge

Costly risk verification without commitment in competitive

Cet article analyse l'équilibre d'un marché d'assurances où les individus qui souscrivent une police d'assurance ont une obligation de bonne foi lorsqu'ils révèlent une information privée sur leur risque. Les assureurs peuvent, à un certain coût, vérifier le type des assurés qui présentent une demande d'indemnité et ils sont autorisés à annuler rétroactivement le contrat d'assurance s'il est établi que l'assuré avait présenté son risque de manière incorrecte lorsqu'il avait souscrit la police d'assurance. Toutefois les assureurs ne peuvent s'engager sur leur stratégie de vérification du risque. L'article analyse la relation entre l'optimalité de Pareto de second rang et l'équilibre concurrentiel du marché de l'assurance dans un cadre de théorie des jeux. Il caractérise les contrats offerts à l'équilibre, les choix de contrat par les individus ainsi que les conditions d'existence de l'équilibre.

Imperfect Certification

This paper proposes a model for a certification market with an imperfect testing technology. Such a technology only assures that whenever two products are tested the higher quality product is more likely to pass than the lower quality one.When only one certifier with such testing technology is present in the market, it is found that this monopoly certifier can be completely ignored in equilibrium, in contrast to the prediction of a model with perfect testing technology. A separating equilibrium is also supported in which only relatively high quality types (products) choose to pay for the certification service. It is true that in such an equilibrium having a certificate is better than not. The exact value of a certificate, however, depends both on the prior distribution of product quality and the nature of the testing technology.Welfare accounting shows that the monopolistic certifier’s profit maximizing conduct can lead to under or over supply of certification service depending on model specification. Optimal certification fee is always positive and such that it makes all positive types choose to test. In the case of two competing certifiers with identical testing technologies, the intuition of Bertrand competition does not necessarily hold. Segmentation equilibrium in which higher seller types choose the more expensive certification service and not so high types choose the less expensive service can be supported. As an application, we argue that the fee differentiation between major and non-major auditing firms need not be a result of any differences in their auditing technologies.Asymmetric information, imperfect certification

Regulatory Practices and the Impossibility to Extract Truthful Risk Information

We consider a regulator providing deposit insurance to a bank with private information about its investment portfolio. Following current regulatory practices, we assume that the regulator does not commit to audit and sanction after any risk report from the bank. We show that, in absence of commitment, the socially optimal contract leads a high-risk bank to misreport its risk with positive probability in most cases. We also isolate cases when truthful risk report is optimal. We thus establish that extraction of truthful risk information is not socially optimal in most cases given current regulatory practices.Banking Regulation, Partial Commitment, Asymmetric Information, Adverse Selectio

XRay: Enhancing the Web's Transparency with Differential Correlation

Today's Web services - such as Google, Amazon, and Facebook - leverage user data for varied purposes, including personalizing recommendations, targeting advertisements, and adjusting prices. At present, users have little insight into how their data is being used. Hence, they cannot make informed choices about the services they choose. To increase transparency, we developed XRay, the first fine-grained, robust, and scalable personal data tracking system for the Web. XRay predicts which data in an arbitrary Web account (such as emails, searches, or viewed products) is being used to target which outputs (such as ads, recommended products, or prices). XRay's core functions are service agnostic and easy to instantiate for new services, and they can track data within and across services. To make predictions independent of the audited service, XRay relies on the following insight: by comparing outputs from different accounts with similar, but not identical, subsets of data, one can pinpoint targeting through correlation. We show both theoretically, and through experiments on Gmail, Amazon, and YouTube, that XRay achieves high precision and recall by correlating data from a surprisingly small number of extra accounts.Comment: Extended version of a paper presented at the 23rd USENIX Security Symposium (USENIX Security 14

International versus Domestic Auditing of Bank Solvency

This paper examines alternative ways to prevent losses from bank insolvencies. It is widely viewed that transparency in reporting bank balance sheets is a key element in reducing such losses. It is, however, unclear just how such transparency would be achieved. Current approaches to avoiding insolvencies generally involve international enforcement mechanisms. Among these are the sovereign debt restructuring mechanism (SDRM), and, more generally, an international bankruptcy court. We develop a model that compares two alternative institutions for bank auditing. Neither of these institutions would require as much enforcement capability as an international bankruptcy court, hence they would be easier to introduce. The first of these is a system of central bank auditing of national banks. The second type of auditing is carried out by an international agency that collects risk information on banks in all countries and then provides it to depositors. Using a game- theoretic approach, we compare the informativeness of the disclosure rule in the symmetric Perfect Bayesian equilibrium in each of the two different auditing institutions. We show that the international auditor generally performs at least as well, and sometimes better than, auditing by either central banks, which, in turn, perform better than voluntary disclosure by the banks themselves. The results do not assume any informational advantages of the international auditor, nor is the international auditor somehow less "corrupt" than the central banks. Rather, the international auditor's credibility comes from the simple fact that its incentives are not distorted by a sovereignty bias that plagues the central banks.Bank Insolvency, Auditing, International Auditing.

A Bayesian partial identification approach to inferring the prevalence of accounting misconduct

This paper describes the use of flexible Bayesian regression models for estimating a partially identified probability function. Our approach permits efficient sensitivity analysis concerning the posterior impact of priors on the partially identified component of the regression model. The new methodology is illustrated on an important problem where only partially observed data is available - inferring the prevalence of accounting misconduct among publicly traded U.S. businesses

Audit, tax compliance and undeclared work: an empirical analysis

To encourage tax compliance towards the Italian tax contributive system, the Italian Social Security Institute (INPS) develops a number of audits intothe Italian firms. The aim of these inspections is to detect possible evasions and to threaten cheating enterpreneurs with penalties, if necessary. In our case "to cheat" means to hide a part of the labor forces to the authority, underdeclaring their real dimensions and thus to evade a certain amount of social-insurance taxes. In this paper we particularly focus on showing how it is possible to use individual audit data to better understand the relation between inspections and tax compliance, and consequently the relation between the policy of auditing and undeclared work. A new source of data was built for this purpose, merging information about firms with individual audit data. Our analysis is developed as follow: after a brief introduction, we describe the dataset and we give some details on the procedures used by inspectors. Then we show a simple model of auditing in order to enlighten relation between audit policy and work force declaration. The second part of the analisys, mainly empirical, attempts to explain how to estimate undeclared work starting from our new source of data, after that, we assess two microeconometric policy evaluation analysis. Our aim is to nderstand the relation that lies between the policy of auditing and a) the propensity to declare workers; b) the number of black workers implied in the labour market.Audit, undeclared work, sample selection, microdata.

International versus Domestic Auditing of Bank Solvency

This paper examines alternative ways to prevent losses from bank insolvencies. It is widely viewed that transparency in reporting bank balance sheets is a key element in reducing such losses. It is, however, unclear just how such transparency would be achieved. Current approaches to avoiding insolvencies generally involve international enforcement mechanisms. Among these are the sovereign debt restructuring mechanism (SDRM), and, more generally, an international bankruptcy court. We develop a model that compares two alternative institutions for bank auditing. Neither of these institutions would require as much enforcement capability as an international bankruptcy court, hence they would be easier to introduce. The first of these is a system of central bank auditing of national banks. The second type of auditing is carried out by an international agency that collects risk information on banks in all countries and then provides it to depositors. Using a game-theoretic approach, we compare the informativeness of the disclosure rule in the symmetric Perfect Bayesian equilibrium in each of the two di.erent auditing institutions. We show that the international auditor generally performs at least as well, and sometimes better than, auditing by either central banks, which, in turn, perform better than voluntary disclosure by the banks themselves. The results do not assume any informational advantages of the international auditor, nor is the international auditor somehow less "corrupt" than the central banks. Rather, the international auditor's credibility comes from the simple fact that its incentives are not distorted by a sovereignty bias that plagues the central banks.Bank Insolvency, Auditing, International Auditing.