Evidential Reasoning for WebTrust Assurance Services

This is the author's final draft. The publisher's official version is available from: http://www.jmis-web.orgThis study looks at two aspects of assurance services. The first deals with the type(s) of evidential networks that will allow a professional accountant to provide assurance. Here, we develop an evidential network model for “WebTrust Assurance,” a service being provided by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA). Our model augments the AICPA/CICA approach and provides goals, sub-goals and evidence relevant to the overall assurance to be provided. The aggregation of evidence and the resolution of uncertainties follow the belief-function approach of Srivastava and Shafer. Next we develop a decision theoretic model for the assurance-planning problem. Our approach is based on estimating the expected value of providing various levels of assurance and is illustrated with several different scenarios that may be faced in practice. We also consider the role of ambiguity in decision situations such as planning WebTrust engagements and calculate bounds in expected value based on whether auditors are conservative or not in their approach to risk

An Information Systems Security Risk Assessment Model Under Dempster- Schafer Theory of Belief Functions

This is the author's final draft. The publisher's official version is available from:.This study develops an alternative methodology for the risk analysis of information systems security (ISS), an evidential reasoning approach under the Dempster-Shafer theory of belief functions. The approach has the following important dimensions. First, the evidential reasoning approach provides a rigorous, structured manner to incorporate relevant ISS risk factors, related counter measures and their interrelationships when estimating ISS risk. Secondly, the methodology employs the belief function definition of risk, that is, ISS risk is the plausibility of information system security failures. The proposed approach has other appealing features, such as facilitating cost-benefit analyses to help promote efficient ISS risk management. The paper both elaborates the theoretical concepts and provides operational guidance for implementing the method. The method is illustrated using a hypothetical example from the perspective of management and a real-world example from the perspective of external assurance providers. Sensitivity analyses are performed to evaluate the impact of important parameters on the model’s results

Applications of Belief Functions in Business Decisions: A Review

This is the author's final draft. The publisher's official version is available from: .In this paper, we review recent applications of Dempster-Shafer theory (DST) of belief functions to auditing and business decision-making. We show how DST can better map uncertainties in the application domains than Bayesian theory of probabilities. We review the applications in auditing around three practical problems that challenge the effective application of DST, namely, hierarchical evidence, versatile evidence, and statistical evidence. We review the applications in other business decisions in two loose categories: judgment under ambiguity and business model combination. Finally, we show how the theory of linear belief functions, a new extension of DST, can provide an alternative solution to a wide range of business problems

An Evidential Reasoning Approach to Fraud Risk Assessment under Dempster-Shafer Theory: A General Framework

This paper develops a general framework under Dempster-Shafer theory for assessing fraud risk in a financial statement audit by integrating the evidence pertaining to the presence of fraud triangle factors (incentives, attitude and opportunities), and evidence concerning both account-based and evidence-based fraud schemes. This framework extends fraud risk assessment models in prior research in three respects. 1) It integrates fraud schemes, both account schemes through which accounts are manipulated, and evidence schemes through which frauds are concealed, into a single framework. 2) It incorporates prior fraud frequency information obtained from the Accounting and Auditing Enforcement Releases issued by the Securities and Exchange Commission into an evidential network which uses Conditional OR relationships among assertions. 3) The framework provides a structured approach for connecting risk assessment, audit planning, and evaluation of audit results. The paper uses a real fraud case to illustrate the application of the framework

Conceptualization of Relational Assurance Mechanisms - A Literature Review on Relational Assurance Mechanisms, Their Antecedents and Effects

Assurance mechanisms are an important element of relational governance and frequently used in information systems (IS) research; still missing in this field, however, is a coherent and interrelated structure to organize available knowledge. In this study, we provide a first step towards development of a conceptualization framework of relational assurance mechanisms to enable their further investigation. From our analysis of existing literature, we discover two gaps in assurance research: (1) a fragmentation of assurance research and (2) a lack of conceptual consensus on relational assurance mechanisms. We provide a theoretical framework consisting of a conceptualization of identified relational assurance mechanisms, their antecedents and effects as a means of advancing theory in this area. Several possibilities for future research are discussed

Representation of Interrelationships among Binary Variables under Dempster-Shafer Theory of Belief Functions

This is the peer reviewed version of the following article: Srivastava, R. P., L. Gao, and P. Gillett. " Representation of Interrelationships among Binary Variables under Dempster-Shafer Theory of Belief Functions" (pre-publication version), 2009, International Journal of Intelligent Systems, Volume 24 Issue 4, pp. 459 - 475, which has been published in final form at http://doi.org/10.1002/int.20347. This article may be used for non-commercial purposes in accordance with Wiley Terms and Conditions for Self-Archiving.This paper presents an algorithm for developing models under Dempster-Shafer theory of belief functions for categorical and 'uncertain' logical relationships among binary variables. We illustrate the use of the algorithm by developing belief-function representations of the following categorical relationships: 'AND', 'OR', 'Exclusive OR (EOR)' and 'Not Exclusive OR (NEOR)', and 'AND-NEOR' and of the following uncertain relationships: 'Discounted AND', 'Conditional OR', and 'Weighted Average'. Such representations are needed to fully model and analyze a problem with a network of interrelated variables under Dempster-Shafer theory of belief functions. In addition, we compare our belief-function representation of the 'Weighted Average' relationship with the 'Weighted Average' representation developed and used by Shenoy and Shenoy8. We find that Shenoy and Shenoy representation of the weighted average relationship is an approximation and yields significantly different values under certain conditions

An Introduction to Evidential Reasoning for Decision Making under Uncertainty: Bayesian and Belief Functions Perspectives

The main purpose of this article is to introduce the evidential reasoning approach, a research methodology, for decision making under uncertainty. Bayesian framework and Dempster-Shafer theory of belief functions are used to model uncertainties in the decision problem. We first introduce the basics of the DS theory and then discuss the evidential reasoning approach and related concepts. Next, we demonstrate how specific decision models can be developed from the basic evidential diagrams under the two frameworks. It is interesting to note that it is quite efficient to develop Bayesian models of the decision problems using the evidential reasoning approach compared to using the ladder diagram approach as used in the auditing literature. In addition, we compare the decision models developed in this paper with similar models developed in the literature

An Evidential Reasoning Approach to Sarbanes-Oxley Mandated Internal Control Risk Assessment

This is the peer reviewed version of the following article: Mock, T., L. Sun, R. P. Srivastava, and M. Vasarhelyi. " An Evidential Reasoning Approach to Sarbanes-Oxley Mandated Internal Control Risk Assessment under Dempster-Shafer Theory", 2009, ABACUS, Vol. 45, No. 1, pp. 66-87. , which has been published in final form at http://doi.org/10.1016/j.accinf.2008.10.003. This article may be used for non-commercial purposes in accordance with Wiley Terms and Conditions for Self-Archiving.In response to the enactment of the Sarbanes-Oxley Act 2002 and of the release of the Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 5, this study develops a risk-based evidential reasoning approach for assessing the effectiveness of internal controls over financial reporting (ICoFR). This approach provides a structured methodology for assessing the effectiveness of ICoFR by considering relevant factors and their interrelationships. The Dempster-Shafer theory of belief functions is utilized for representing risk. First, we develop a generic ICoFR assessment model based upon a Big 4 audit firm’s approach and apply it to a real-world example. Then, based on this model, we develop a quantitative representation of various levels of ICoFR effectiveness and related risk-assessment as defined by the PCAOB and contrast these representations with levels implied by Auditing Standard No. 5. In doing so, we demonstrate the potential value of formal risk assessment models in both facilitating the assessment of risks in an individual engagement and in assessing the effects of different regulations