Analytical Formulas for Risk Assessment for a Class of Problems where Risk Depends on Three Interrelated Variables

We derive general analytical formulas for assessing risks in a problem domain where the risk depends on three interrelated variables. More specifically, we derive general analytical formulas for propagating beliefs in a network where three binary variables, A, B and C, are related to a fourth binary variable Z through an ‘AND’ relationship. In addition, we assume that variables A, B and C are interrelated in that a change in one variable may affect the value of each of the other two. The analytical formulas derived in this article determine the overall belief and plausibility that Z is true or not true, given that we have beliefs on variables A, B and/or C. To demonstrate the importance of the general results, we use the results to develop models applicable to three real-world situations. The first model can aid external auditors in assessing the quality of an audit client’s internal audit function to determine the extent to which the internal auditor’s work can be relied on in the conduct of a financial audit while the second can aid in assessing the risk of impaired auditor independence when conducting a financial statement audit. The third model can be used to assess the risk of management fraud in financial reporting. Assessment of such risks is of critical importance to external auditors, regulators, and the investing public. Analytical formulas to help address these types of important business and economic problems have not been available prior to these derivations

Bayesian and Belief-Functions Formulas for Auditor Independence Risk Assessment

This is the authors final draft. The publisher's official version is available electronically from: .This paper illustrates two formulas for assessing independence risk based on the Bayesian and belief-functions frameworks. These formulas can be used to assess the role of threats to auditor independence as well as the role of threat-mitigating safeguards. Also, these formulas provide a basis for evaluation of an audit firm’s independence risk and a framework to educate stakeholders about the threats faced by the audit firm and the role of effective safeguards in mitigating these risks. The formulas also provide a means for regulators and lawmakers to evaluate whether they have effective safeguards in place given the existence of threats and for auditors to signal to various stakeholders that they have identified significant threats and have effective safeguards in place. To show the potential usefulness of these analytical models, several illustrations addressing increased transparency and the potential impact of regulations are presented

Tax Compliance: An Investigation Using Individual TCMP Data

In this paper, we analyze the tax compliance behavior of US taxpayers by using a 1979 data set that combines information from a random sample of individual tax returns each of which has been thoroughly audited, IRS administrative records, and sociodemographic data from the Census. We find evidence that both audits and tax code provisions affect compliance. However, the effects are significant for only the low and high income groups. Interestingly, previous research has shown that these groups also participate most actively in underground economic activities, the income from which is not reported on any tax returns. Our results for audits suggest that the "ripple" or general deterrent effect of audits may be many times larger than the direct revenue yield of audits for high income taxpayers. Our results for allowable subtractions from income imply that the 1986 Tax Reform Act changes to lower allowable subtractions may have procompliance effects.

The Dempster-Schafer Theory of Belief Functions for Managing Uncertainties: An Introduction and Fraud Risk Assessment Illustration

This is the author's final draft. The publisher's official version is available electronically from:<http://onlinelibrary.wiley. com/journal/10.1111/%28ISSN%291835-2561>.The main purpose of this paper is to introduce the Dempster-Shafer theory (“DS” theory) of belief functions for managing uncertainties, specifically in the auditing and information systems domains. We illustrate the use of DS theory by deriving a fraud risk assessment formula for a simplified version of a model developed by Srivastava, Mock, and Turner (2007). In our formulation, fraud risk is the normalized product of four risks: risk that management has incentives to commit fraud, risk that management has opportunities to commit fraud, risk that management has an attitude to rationalize committing fraud, and the risk that auditor’s special procedures will fail to detect fraud. We demonstrate how to use such a model to plan for a financial audit where management fraud risk is assessed to be high. In addition, we discuss whether audit planning is better served by an integrated audit/fraud risk assessment as now suggested in SAS 107 (AICPA 2006a, see also ASA 200 in AUASB 2007) or by the approach illustrated in this paper where a parallel, but separate, assessment is made of audit risk and fraud risk

An Introduction to Evidential Reasoning for Decision Making under Uncertainty: Bayesian and Belief Functions Perspectives

The main purpose of this article is to introduce the evidential reasoning approach, a research methodology, for decision making under uncertainty. Bayesian framework and Dempster-Shafer theory of belief functions are used to model uncertainties in the decision problem. We first introduce the basics of the DS theory and then discuss the evidential reasoning approach and related concepts. Next, we demonstrate how specific decision models can be developed from the basic evidential diagrams under the two frameworks. It is interesting to note that it is quite efficient to develop Bayesian models of the decision problems using the evidential reasoning approach compared to using the ladder diagram approach as used in the auditing literature. In addition, we compare the decision models developed in this paper with similar models developed in the literature

An Audit Logic for Accountability

We describe and implement a policy language. In our system, agents can distribute data along with usage policies in a decentralized architecture. Our language supports the specification of conditions and obligations, and also the possibility to refine policies. In our framework, the compliance with usage policies is not actively enforced. However, agents are accountable for their actions, and may be audited by an authority requiring justifications.Comment: To appear in Proceedings of IEEE Policy 200

An Evidential Reasoning Approach to Fraud Risk Assessment under Dempster-Shafer Theory: A General Framework

This paper develops a general framework under Dempster-Shafer theory for assessing fraud risk in a financial statement audit by integrating the evidence pertaining to the presence of fraud triangle factors (incentives, attitude and opportunities), and evidence concerning both account-based and evidence-based fraud schemes. This framework extends fraud risk assessment models in prior research in three respects. 1) It integrates fraud schemes, both account schemes through which accounts are manipulated, and evidence schemes through which frauds are concealed, into a single framework. 2) It incorporates prior fraud frequency information obtained from the Accounting and Auditing Enforcement Releases issued by the Securities and Exchange Commission into an evidential network which uses Conditional OR relationships among assertions. 3) The framework provides a structured approach for connecting risk assessment, audit planning, and evaluation of audit results. The paper uses a real fraud case to illustrate the application of the framework

An Evidential Reasoning Approach to Sarbanes-Oxley Mandated Internal Control Risk Assessment

This is the peer reviewed version of the following article: Mock, T., L. Sun, R. P. Srivastava, and M. Vasarhelyi. " An Evidential Reasoning Approach to Sarbanes-Oxley Mandated Internal Control Risk Assessment under Dempster-Shafer Theory", 2009, ABACUS, Vol. 45, No. 1, pp. 66-87. , which has been published in final form at http://doi.org/10.1016/j.accinf.2008.10.003. This article may be used for non-commercial purposes in accordance with Wiley Terms and Conditions for Self-Archiving.In response to the enactment of the Sarbanes-Oxley Act 2002 and of the release of the Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 5, this study develops a risk-based evidential reasoning approach for assessing the effectiveness of internal controls over financial reporting (ICoFR). This approach provides a structured methodology for assessing the effectiveness of ICoFR by considering relevant factors and their interrelationships. The Dempster-Shafer theory of belief functions is utilized for representing risk. First, we develop a generic ICoFR assessment model based upon a Big 4 audit firm’s approach and apply it to a real-world example. Then, based on this model, we develop a quantitative representation of various levels of ICoFR effectiveness and related risk-assessment as defined by the PCAOB and contrast these representations with levels implied by Auditing Standard No. 5. In doing so, we demonstrate the potential value of formal risk assessment models in both facilitating the assessment of risks in an individual engagement and in assessing the effects of different regulations