Schematic Evaluation of Internal Accounting Control Systems: Kuo-Tay Chen and Ronald M. Lee

EURIDIS Research Monograph
SCHEMATIC EVALUATION OF INTERNAL ACCOUNTING CONTROL SYSTEMS
Kuo-Tay Chen* and Ronald M. Lee#

* Department of Management Purdue University at Calumet Hammond, IN 46323 U.S.A. chenk@pucal.bitnet # Erasmus University Research Institute for Decision and Information Systems (EURIDIS) Erasmus University Rotterdam The Netherlands rlee@fac.fbk.eur.nl
ERASMUS UNIVERSITY RESEARCH INSTITUTE FOR DECISION AND INFORMATION SYSTEMS
Schematic Evaluation of Internal Accounting Control Systems by Kuo-Tay Chen and Ronald M. Lee Monograph No. RM-1992-08-1 (August 11, 1992)
EURIDIS Research Monograph Erasmus University Rotterdam, The Netherlands Kuo-Tay Chen and Ronald M. Lee Permission to copy this monograph without fee is granted provided that (1) the copies are not distributed for the direct commercial purpose and (2) this copyright page including the copyright notice, the EURIDIS monograph number, and date appear.
TABLE OF CONTENTS
CHAPTER 1. INTRODUCTION ...................................... 1 1.1 BACKGROUND .......................................... 1 1.2 MOTIVATION ............................................. 3 1.3 OBJECTIVE OF THE STUDY .......................... 4 1.4 ISSUES OF INTEREST .................................. 6 1.5 SCOPE OF THE STUDY................................. 7 1.6 CONTRIBUTIONS OF THE STUDY .................. 8 CHAPTER 2. DECISION AIDS RESEARCH FOR INTERNAL CONTROL EVALUATION ............................................ 9 2.1 A REVIEW OF PAST APPROACHES................. 9 2.1.1 MATHEMATICAL MODELING ............ 9 2.1.2 SIMULATION ................................. 12 2.1.3 EXPERT SYSTEMS .......................... 14 2.1.4 OTHER COMPUTER DECISION AIDS . . . 15 2.2 SCHEMATIC EVALUATION - THE PROPOSED APPROACH .................................................... 16 2.2.1 SCHEMA-BASED REASONING .......... 16 2.2.2 SCHEMATIC VS. TAXONOMIC KNOWLEDGE ORGANIZATION................. 19 2.2.3 ADVANTAGES OF THE PROPOSED APPROACH ........................................... 21 CHAPTER 3. FORMAL MODELING OF INTERNAL ACCOUNTING CONTROL SYSTEMS ............................. 25 3.1 THE ONTOLOGY OF INTERNAL ACCOUNTING CONTROL SYSTEMS ........................................ 25 3.1.1 DEFINITION AND TYPES OF INTERNAL ACCOUNTING CONTROL ........................ 25 3.1.2 ROLE THEORETIC STRUCTURE......... 28 3.1.3 ACTION THEORETIC BEHAVIOR ....... 33 3.1.3.1 ACTION TYPES OF INTERNAL CONTROL ................................... 34 3.1.3.2 ACCOUNTING TASKS AND ACTION TYPES ............................ 38 3.2 THE REPRESENTATIONAL FORMALISMS - PETRI NETS............................................................. 40 3.2.1 GENERAL PETRI NETS ................... 40 3.2.2 PREDICATE / TRANSITION NETS ....... 43 3.2.3 ADVANTAGES OF PETRI NET MODELING ........................................... 47
3.3 FORMAL MODELING OF INTERNAL ACCOUNTING CONTROL SYSTEMS.................... 50 3.3.1 INTERNAL CONTROL INTERPRETATION OF PETRI NETS ..................................... 50 3.3.2 PETRI NET MODELING OF ACCOUNTING PROCEDURES ....................................... 56 CHAPTER 4. CONTROL PRIMITIVES, CONTROL PATTERNS, AUDIT PATTERNS, AND AUDIT RULES IN THE PURCHASE AND PAYMENT CYCLE .............................................. 57 4.1 A TYPICAL INTERNAL ACCOUNTING CONTROL SYSTEM FOR THE PURCHASE AND PAYMENT CYCLE........................................................... 57 4.2 COMMON CONTROL PATTERNS IN THE PURCHASE AND PAYMENT CYCLE .................... 60 4.2.1 CONTROL PATTERNS OF ACCOUNTING PROCEDURES ....................................... 61 4.2.1.1 CONTROL PATTERNS OF PRECEDENCE RELATION AMONG TASKS ....................................... 65 4.2.1.2 CONTROL PATTERNS OF INFORMATION-TASK RELATION .... 67 4.2.2 CONTROL PATTERNS OF ORGANIZATIONAL STRUCTURE .............. 69 4.3 AUDIT PATTERNS AS DEVIATION OF CONTROL PATTERNS ..................................................... 72 4.3.1 COMMON CAUSES OF FRAUD .......... 72 4.3.2 DERIVATION OF AUDIT PATTERNS . . . 74 4.4 FORMULATION OF AUDIT RULES................. 76 4.4.1 THE GENERAL PROCESS FOR FORMULATIING AUDIT RULES ................ 77 4.4.2 FORMULATION OF WEAKNESS IDENTIFICATION RULES ......................... 79 4.4.3 FORMULATION OF ACTION IDENTIFICATION RULES AND FRAUD IDENTIFICATION RULES ......................... 83 4.5 CONTROL PRIMITIVES AND DOMAIN-SPECIFIC DEDUCTIVE RULES ......................................... 91 CHAPTER 5. VALIDATION OF THE SCHEMA-BASED REASONING APPROACH ............................................ 97 5.1 CASE/EDI -- A GRAPHICAL PROCEDURAL MODELING TOOL ............................................ 97 5.2 IMPLEMENTATION OF THE KNOWLEDGE-BASED SYSTEM......................................................... 99
ii
5.2.1 THE LOGIC-BASED LANGUAGE .......................................................... 10 1 5.2.2 REPRESENTATION OF GENERIC PROCEDURAL CONTROL PRIMITIVES .......................................................... 10 8 5.3 A DEMONSTRATIVE RUN OF THE KNOWLEDGEBASED SYSTEM .................................................................... 10 9 CHAPTER 6. CONCLUSIONS AND FUTURE RESEARCH ............................................................................. 12 3 6.1 GENERAL CONCLUSIONS .................................................................... 12 3 6.2 CONTRIBUTIONS OF THE STUDY .................................................................... 12 4 6.3 LIMITATIONS .................................................................... 12 5 6.4 FUTURE RESEARCH DIRECTIONS .................................................................... 12 6 BIBLIOGRAPHY ............................................................................. 12 9
iii
CHAPTER 1. INTRODUCTION 1.1 BACKGROUND The review and evaluation of internal accounting control systems has always been a major task to auditors and management due to the professional, legal, and economic concerns. The second standard of field work in Generally Accepted Auditing Standards, [SAS No.1 and SAS No. 55] requires the auditor to evaluate the client's internal control by stipulating that "There is to be a proper study and evaluation of the existing internal control as a basis for reliance thereon and for the determination of the resultant extent of the tests to which auditing procedures are to be restricted". This stipulation makes it unprofessional for the auditor to conduct an audit without careful evaluation of internal control systems. It also implies that the audit programs and procedures should not be the same for those companies with strong control as for those with poor control.1 The Statements on Auditing Standards, SAS No.20 as amended by SAS No.30, further require that the auditor communicate to senior management, the board of directors, or the audit committee material weaknesses of internal control. As a result of these professional regulations, the auditors might face civil, even criminal, charges if they fail to identify and report material weaknesses existing in the client's internal control system, and subject to severe loss from lawsuits. In addition to the professional and resultant legal concerns, there is also an economic reason for the auditor to be able to effectively review and evaluate internal accounting control systems. As competition within the auditing industry becomes increasingly intense, maintaining competitive auditing costs is imperative to the survival of any auditing firm. One way to reduce auditing costs is to rely on the internal accounting control systems and decrease the scope of substantive tests. As overall audit risk is determined by the multiplication of inherent risk, control risk, and detecting risk, auditors can take higher detecting risk and decrease the scope of substantive tests, if they can conclude that the internal accounting control system is strong enough to prevent
1 A company with stronger internal control would require less filed work to achieve
the same level of audit risk. 1
CHAPTER 1
or detect errors or irregularities and the control risk is low. Furthermore, if auditors can accurately identify the control weaknesses and strengths, they can focus their efforts on transactions exposed to the risk of control weaknesses without wasting resources on those transactions which are well guarded by control strengths. This strategy becomes even more significant as the size and complexity of the client grows. Activities in a big and complex organization usually are extensive and diversified; thus it is more efficient to examine the internal control system more closely rather than examining more transactions. Other than auditors, the management are also concerned with the adequacy of internal accounting controls. The Statement on Auditing Standards [SAS No.1] asserts "The establishment and maintenance of a system of internal control is an important responsibility of management......The system of internal control should be under continuing supervision by management to determine that it is functioning as prescribed and is modified as appropriate for changes in conditions." This statement stipulates that the responsibility of establishing and maintaining adequate internal control rests upon the management, not the auditor. Furthermore, the Securities Exchange Act of 1934 requires public companies registered with the SEC devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that certain specified objectives are met. This requirement is further amended by the U.S. Securities and Exchange Commission (SEC) in its 1977 pronouncement of the Foreign Corrupt Practice Act. As the result of these federal securities laws, managements of public companies might be civilly and criminally charged for their failure to maintain a sufficient system of internal control. Sufficient internal control is also critical for the prevention of economic losses resulting from embezzlement and fraud. Although there is little available data on the amount of these losses, the estimated figure for white-collar crime in general is at between $4 billion and $40 billion by the United States authorities. It is also found that the seriousness and frequency of occurrence of employee theft, fraud, and embezzlement was ranked No. 2 out of the 25 most commonly committed white-collar crimes [Bologna & Lindquist, 1987]. Therefore, being able to evaluate the effectiveness of the internal accounting control system is essential for the management to fulfill their duty as custodians of the entrusting parties.
INTRODUCTION
1.2 MOTIVATION When conducting an audit, auditors first review the existing or proposed internal accounting control system. Based on this review, they obtain their perceptions of the internal control systems. Auditors would then organize these perceptions and model them through some representation scheme. Thereafter, they would perform reasoning based on this representation to evaluate the control procedures. As a whole, the effectiveness of evaluating internal control systems depends on the performance of reviewing, modeling, and reasoning. In an audit without any external aids, auditors need to rely solely on their own mental capabilities in performing these three tasks. They have to observe the system, construct a mental model of the system, and conduct mental reasoning for the evaluation of the system. Because observing, mental modeling, and mental reasoning require significant cognitive efforts, auditors might commit mistakes due to the limitation of human mental capacity. As a result, several tools have been developed to help auditors mitigate this limitation in modeling and reasoning. Traditionally auditors have used system flowcharts and checklists to help evaluate internal accounting control systems. System flowcharts can help auditors organize their observations, while checklists can enhance auditors' ability in attending to important control issues. Although these two methods are useful, they do not offer a systematic algorithm for system evaluation. Users must rely on their own analytical abilities to evaluate the system. Since humans have only limited analytical capability and research has shown that the evaluation of internal control procedures is an NP-complete problem 2[Bailey et al., 1981a], such unsystematic approaches will very likely result in inaccurate assessment of system reliability or ignorance of crucial control weaknesses. This problem would be even more serious if the system is fairly large or the auditor does not have enough experience. As a consequence, decision aids
2 NP stands for Nondeterministic Polynomial-time. A problem is NP-complete if it
admits only exponential-time solutions. It can be solved in a reasonable amount of computing time only when the problem size is small. Therefore, NP complete problems are considred intractable.
CHAPTER 1
with the capability of helping auditors and/or management evaluate internal accounting control systems are certainly of great value. Four approaches have been undertaken to develop such decision aids: mathematical modeling [Yu & Neter, 1973; Cushing, 1974; Bodnar, 1975; Grinmlund, 1982; Srinidhi & Vasarhelyi, 1985 & 1986], simulation [Burns & Loebbecke, 1975; Weber, 1978; Knechel, 1985], expert systems [Gal 1985; Grudnitski, 1986; Hansen & Messier, 1982 & 1986; Meservy, Bailey & Johnson, 1986], and computer decision aids [Bailey & Whinston et. al., 1981a, 1981b, 1983, 1985a, & 1985b; Gerlach, 1982; Mock & Willingham, 1983; Han, 1989]. Mathematical modeling, simulation, and expert systems approaches have focused on quantitative assessment of overall system reliability without addressing the qualitative problem of identifying specific control weaknesses such as fraud potentials. The computer decision aids can help auditors evaluate system reliability and identify control weaknesses; however, they provide no guidelines for overall evaluation of the internal control system and have no general knowledge of what constitutes control weaknesses. As a result, none of these approaches offer automatic identification of fraud potentials. 1.3 OBJECTIVE OF THE STUDY The objective of this study is to develop a theoretical foundation for building a knowledge-based system, which can accept a model of an internal accounting control system as input and produce the identification of fraud potentials as output. Fraud potentials are defined as the opportunities for an individual or a group of individuals to steal assets without being detected, even though all other individuals in the internal control system strictly follow the prescribed procedure. In view of the importance and complexity of internal control evaluation, such a knowledge-based system can serve as a useful decision aid to auditors and managers. However, before such a system can be built, theoretical issues regarding its three essential ingredients- the domain knowledge, the representation scheme, and the inference regime - must be investigated.
INTRODUCTION
Model of the System Being Audited
Pattern Matching
Identification of Fraud Potentials
Audit Rules Associated Audit Patterns Fraud Potentials
Deductive Rules
Control Primitives
Knowledge Base
Figure 1. A Knowledge-Based System Adopting the Schema-Based Reasoning Approach This study addresses these issues by taking a schema-based reasoning approach. This approach integrates the schema theory of knowledge representation from the cognitive psychology literature [Mandler, 1984] and pattern recognition in artificial intelligence field [Riesbeck and Schank, 1989]. Figure 1 shows the framework of a proposed knowledge-based system which adopts the schema-based reasoning approach. The knowledge base of the system consists of control primitives, audit rules, and deductive rules. Control primitives represent generic basic relationships among tasks, roles, documents, and agents. Audit rules associate fraud potentials with audit patterns. These
CHAPTER 1
audit patterns represent control deficiencies and are comprised of various conditions. When an internal accounting control system is being evaluated, it will first be formally modelled. The knowledge-based system will then take the formal representation of the internal accounting control system as input, match it against the audit pattern in an audit rule, and identify the fraud potentials if the audit pattern is found to be present. The deductive rules are domain-specific inference rules that determine the truth values of conditions constituting the audit patterns based on the presence/absence of instantiations of the control primitives. They are applied when the knowledge-based system attempts to match an audit pattern. 1.4 ISSUES OF INTEREST This study addresses the following three major issues for building the proposed knowledge-based system adopting the schema-based reasoning approach. (1) Design of the representation formalism. The representation formalism is expressive enough for representing the two major components of an internal accounting control system: (a) the plan of organization and (b) the accounting procedures. (2) Extraction of domain knowledge. To facilitate the validation of the proposed approach, this study extracts domain knowledge in the purchasing and payment cycle from the auditing literature. The domain knowledge includes control primitives, audit rules, and domain-specific deductive rules. Control primitives represent basic relationships among tasks, roles, agents, and documents in internal accounting control systems; audit rules identify fraud potentials when particular audit patterns are matched; deductive rules inference about conditions in audit patterns based on control primitives. The reconstructed method [Johnson, 1983; Hansen & Messier, 1986] is used to obtain this domain knowledge. This method involves studying currently available materials including textbooks, CPA firm publications, and professional auditing journals3.
3 The "Internal Auditor" journal has published about 200 fraud cases in its "Fraud
Finding" column.
INTRODUCTION
(3) Validation of the proposed approach. To demonstrate and evaluate the schemabased reasoning approach, this study develops a prototype knowledge-based system for the domain of the purchasing and payment cycle. This prototype system uses and extends the CASE/EDI shell developed by Lee et al. [Lee, Kudva, and Willrich, 1990]. The evaluation involves using past fraudulent cases to test the performance of the prototype system.
1.5 SCOPE OF THE STUDY Three limitations define the scope of this study. First, this study will only address the asset protection function of an internal accounting control system. Although auditors also need to evaluate an internal accounting control system in terms of its effectiveness in assuring reliable accounting data, this is not the concern of this study. Second, this study will address the evaluation of accounting controls without considering administrative controls4. Administrative controls are imposed by planning and control systems such as budgeting, and can certainly affect the effectiveness of accounting control. However, these controls "are not easy to identify or evaluate, primarily because few objective standards for evaluation have been developed, at least from the viewpoint of the auditor's concern for control." Internal accounting controls, on the other hand, have been defined in considerable detail.[Price Waterhouse & Co., 1980]. Third, this study will limit the prototype system to the purchasing and payment accounting cycle in an internal accounting control system. As a result, it will only use this restricted domain to demonstrate and evaluate the schemabased reasoning approach. Although this will affect the external validity of the proposed approach, it will not affect its internal validity.
1.6 CONTRIBUTIONS OF THE STUDY
4 Section 4.2.1 defines both accounting controls and administrative controls.
CHAPTER 1
This study has both theoretical and practical contributions. Theoretically, this study proposes and validates an approach for developing a knowledge-based system for automated identification of fraud potentials. The design of the representation scheme can contribute to formal modeling of internal accounting control systems. This formal modeling is necessary for computer analysis of internal accounting control systems. [Bailey & Whinston, et. al., 1985]. The modeling of internal accounting control systems is distinctive because it needs to represent accounting procedures as well as organization design. Furthermore, a preliminary internal control theory consisting of significant control weaknesses and their fraud ramifications can be acquired through employing such an approach. Practically, a knowledge-based system developed by this approach can serve as a decision aid for both auditors and managers in identifying fraud potentials. The evaluation of internal accounting control systems has always been an important and complex task. A knowledge-based system capable of providing automated identification of fraud potentials can prove to be very valuable. In addition, the system can be used to train novice auditors through its explanation and learning facilities. This kind of systems are still not available at present.
CHAPTER 2. DECISION AIDS RESEARCH FOR INTERNAL CONTROL EVALUATION 2.1 A REVIEW OF PAST APPROACHES Four approaches have been studied to provide decision aids for internal control evaluation. These are mathematical modeling, simulation, expert systems, and other computer decision aids. 2.1.1 MATHEMATICAL MODELING Mathematical modeling represent an internal control system as a network of probabilistic accounting processes interacting in an mechanistic way. All of these models require that the error characteristics of individual processes of the system be specified. These individual error rates are then aggregated by assuming independence or a Markov process among individual processes. Yu and Neter [1973] were the first to develop a stochastic model of internal accounting control systems. The model represents an internal control system as a series of independent probabilistic transformation processes such as branching, merging, and feedback operations. By specifying the error production or elimination behavior of each processes as a Markov matrix, the overall system reliability can then be mathematically derived using the algorithm of Markov chains. Cushing [1974] adopted the engineering methodology of reliability modeling for developing a model of internal control systems. Like Yu and Neter, Cushing purported to use his model for determining the overall system reliability. The model calculates the system reliability by multiplicative combination of the individual reliabilities across sequential, independent control operations intended to prevent and detect many different types of errors. Furthermore, the model explicitly incorporates the costs of system operations, such that cost-optimal systems can be identified through the analysis of this model. Bodnar [1975] extended Cushing's model by considering the human element in an internal control system. He suggested that the human element
9
10
CHAPTER 2
might make mechanical application of classical reliability theory inappropriate in an accounting environment. His major contention is that people are not machines and may cause errors intentionally. This possibility for people to commit fraud or collusion will make the assumption of independence among individual reliabilities unsupportable. He concluded that reliability theory could be used to identify desirable operating configuration; however, behavioral factors must be carefully considered when the configuration is implemented. Grinmlund [1982] extended Yu and Neter's model by combining the distributions of error rates and error magnitudes of individual accounting functions to derive the distribution of resulting errors in account balances. This extension is important because it provides a rigorous interface between accounting system reliability and account balance accuracy. Due to this interface, the model can help auditors in making the materiality judgment of potential errors in various accounts. As a side point, Grinmlund also demonstrated that Yu and Neter's model and Cushing's model are essentially notational variants of the same basic approach. Srinidhi and Vasarhelyi [1985, 1986] also employed reliability theory to develop a quantitative model as a decision aid. However, their focus is on investigating the impact of using the reliability model upon the decision process of internal control evaluation. They defined a three-stage decision process of internal control evaluation: (1) estimation of component reliabilities, (2) aggregation of component reliabilities into system reliability, and (3) interpretation of system reliability for deciding the extent and timing of substantive tests. They posited that the reliability model can provide the greatest help at the aggregation stage. They conducted an experiment to test this proposition and found that (1) auditors could operate easily under the "reliability" framework; (2) unaided human judgment can not recognize the compensatory nature of controls considered by the reliability model; and (3) unaided aggregation led to low consensus of judgment across auditors. Since using the reliability model will certainly improve precision and consensus by removing the effects of human variety at the aggregation state, these conclusions appear to evidence its value. The mathematical models facilitate formal quantitative analysis for estimating system reliability. The basic approach involves taking the reliabilities of individual control units and aggregating their values in a
DECISION AIDS RESEARCH FOR IC EVALUATION
11
particular way to find the overall system reliabilities. However, as a group, they suffer some technical and practical problems. The first weakness is their limited scope of investigation [Knechel, 1983]. Most of the models have failed to encompass the entire internal accounting control system and have been applied on a piecemeal basis. In addition, they do not attempt to link the individual errors occur in processing with the resulting aggregate errors in the account balances. This is a major weakness, because the aggregate error is the ultimate concern.for an auditor making judgment about the fair representation of financial statements. The second major weakness is their reliance on unrealistic and limiting assumptions [Knechel, 1983; Haskins & Nanni, 1987] The assumption of independence between control or processing units is particularly bothersome. Strict independence is unlikely to occur in any accounting system, especially, if "people failures" such as fraud and collusion are considered. Of course, this assumption may be necessary to keep the models analytically tractable, but its appropriateness should be subjected to empirical testing. Knechel [1985a] conducted a simulation study that examined the effects of an independence assumption under conditions where control reliabilities were perfectly negatively dependent. He concluded that, in situations where aggregate error rates are below 10 percent, the assumptions of independence and mutually exclusive errors do not have material effects in the model predication. The third weakness of mathematical models is the difficulty of their implementation [Cushing, 1974]. All the proposed models require many parameter estimates for each system process, since system reliability is derived from individual process reliabilities. Unfortunately, necessary empirical data for estimating process reliabilities are generally not available. Furthermore, these process reliabilities might change over time and make the previous estimates useless. Consequently, auditors might have to provide the reliability estimates. This is problematic because, as shown by behavioral decision theory, humans are not good at probability judgment.
2.1.2 SIMULATION
12
CHAPTER 2
Another alternative for quantitative evaluation of system reliability is through the use of simulation. Compared with the mathematical models, simulation models require fewer restrictive mathematical and statistical assumptions. As a result, some researchers have investigated the use of computerized simulation as a decision aid for systematic evaluation of system reliability. Burns and Loebbecke [1975] initiated this effort by developing computerized simulation aids for assessing the effectiveness and reliability of a control system. They demonstrated how computer simulation could be used to analyze the combined effect of individual processing errors. Stratton [1981] also developed a simulation model to investigate the effects of internal control strengths or weaknesses upon the resulting errors in account balances. He attempted to demonstrate the feasibility of a reliability model by performing sensitivity analysis to determine the effects of internal control weaknesses in a typical raw material purchasing system on ending dollar balances. It was discovered that the receiving count of incoming materials was most critical in its impact on dollar deviations from correct balances, whereas purchase-order preparation and accounts-payable control were less important. Both Burns and Loebbecke's model and Stratton's model dealt with only a small accounting subsystem (i.e., raw material inventory system) and considered only discrete distributions for processing errors. Neither paper developed a rigorous framework for extending the modeling techniques to other components of the entire internal control system. Weber [1978] investigated the usefulness of computer simulation as a decision aid for evaluating overall system reliability. He posited that using simulation decision aid should (1) reduce variability in auditors' decision making, (2) produce more accurate decisions, (3) reduce time for making decisions, (4) make auditors more confident in the accuracy of their decisions, and (5) reduce the size of auditors' audit plan. To verify these propositions, he performed a field study using a simulation decision aid to help auditors in evaluating system reliability. The results confirmed the second, third, and fourth, but not the first and fifth, hypotheses. Based on this experience, Weber suggested that "the current approach to developing the simulation model needs refinement". In particular, he pointed out the time-consuming problem of using programming languages to write simulation code. He claimed that "FORTRAN
13
does not allow fast development of simulation code appropriate to an audit context, and other simulation languages might be better". As to the advantage of using simulation aid, he suggested that it can "provide feedback on the quality of auditor decision making and, through sensitivity analysis, allow the auditor to gain a better understanding of internal control system interactions." Knechel [1985] developed a generalized event-scheduling simulation approach for determining system reliability. He derived the basic components of the simulation model from an analysis of activities common to most accounting systems. Separate program routines are designed to represent each of these basic components corresponding to those common activities. Consequently, these routines are general enough to be organized with a minimum of modification to represent various internal control systems. The model was internally validated by comparing the simulation results of a simplified version with those generated from Cushing's reliability model. Although the simulation models can deal with the scope and assumption problems of mathematical models, they still require the estimates of many input parameters. Furthermore, both mathematical and simulation models are quantitative models. They treat the control processes as black boxes which transform input error rates into output error rates. Their focus is on how these black boxes are interconnected by the input-output relations without specifying the actual methods or activities involved in the processes. In other words, they try to evaluate the average quantitative performance of internal control systems without saying anything about how control is achieved. As a result, these models can not help identify control weaknesses and fraud potentials. 2.1.3 EXPERT SYSTEMS As artificial intelligence became popular, accounting researchers started to build expert systems to assist auditors in the evaluation of internal control systems. Hansen and Messier [1982 & 1986] have been working on the development and testing of the EDP-Xpert system since 1981. This system is intended to help auditors evaluate the reliability and risk of an advanced EDP system by simulating the knowledge and methodology of EDP audit specialists . The project is still in the development process and a peer review of the
14
CHAPTER 2
system by auditors showed an average rating of "good". Meservy, Bailey, and Johnson [1986] developed an expert system for evaluating internal accounting controls and recommending compliance tests for specific controls. Their research addressed the issues of knowledge acquisition and system validation. Through a process utilizing protocols and interviews, they constructed a computational model of an expert's evaluation process. The performance of the expert system was then compared with that of auditors using new cases. The results showed that the system seems to mimic the auditors in how it produces analyses and in the adequacy and completeness of its recommendations. Two other less prominent expert systems are ICA [Gal, 1985] and ICES Grudnitski, 1986] . ICA utilizes auditor knowledge to help users design data models which satisfy internal control requirements. ICES limits its domain to the evaluation of sales and accounting receivables accounting cycle. These expert systems encode heuristic knowledge regarding system evaluation in IF-THEN rules and provide consultation to auditors. The rule bases are organized as a hierarchical-decomposition structure with control objectives broken down to goals-subgoals relationships at various levels. Through interacting with users, the system can evaluate how well a particular control objective is achieved and provide a reliability estimate. As reliability estimate is essential to the implementation of such expert systems, researchers have started investigating different formalisms for computing this estimate. For example, Shafer and Srivastava [1990] have proposed using belief-function formalism as a methodology for evaluating audit evidence. All of these expert systems have focused on the quantitative evaluation of overall system reliability and do not specifically address the problem of identifying fraud potentials. Furthermore, since it is difficult and awkward for the rule-based approach to represent sequence of events [Davis et al., 1977; Riesbeck & Schank, 1989], these systems do not explicitly represent the knowledge of accounting procedures. As accounting procedures are a major consideration in evaluating internal accounting control systems, this inadequacy constitutes a major drawback. 2.1.4 OTHER COMPUTER DECISION AIDS
15
The most significant computer decision aid for modeling internal accounting control procedures is the TICOM project [Bailey & Whinston et. al., 1981a, 1981b, 1983, 1985a, & 1985b; Gerlach, 1982;.Han, 1989]. TICOM provides a language for auditors to model internal accounting control procedures based on the constructs of a system flowchart. It also incorporates an algorithm enabling users to query the referent model about specific control situations such as precedence relationships among accounting tasks, flow of various documents, and pre-conditions of an accounting event. TICOM provides a powerful and rigorous tool to aid auditors in modeling and analyzing internal accounting control systems. However, it "provides no guidelines for overall evaluation of the system and has no general knowledge of what constitutes control weaknesses" [Bailey & Whinston et al., 1985a]. Therefore, TICOM can not automatically identify fraud potentials or assess system reliability for the auditors. Another computer decision aid for internal control evaluation is SEADOC [Mock & Willingham, 1983]. SEADOC is a system designed to help auditors document control by a very simplified form of diagramming. It also helps auditors focus attention on necessary controls at various locations in the diagram. Like TICOM, SEADOC does not automatically provide reliability estimate or identification of fraud potentials to the auditors.
2.2 SCHEMATIC EVALUATION - THE PROPOSED APPROACH 2.2.1 SCHEMA-BASED REASONING As indicated in Section 1.3, this study takes a schema-based reasoning approach in the development of a theoretical foundation for building knowledge-based systems which can automatically identify fraud potentials. This approach integrates schema theory of knowledge organization from the field of cognitive psychology and pattern recognition from the field of artificial intelligence. A knowledge-based system based on this approach will organize its knowledge in terms of atypical deviations of internal accounting control schemas. A schema, as defined by Mandler [1979], "is a spatially and/or
16
CHAPTER 2
temporally organized structure in which the parts are connected on the basis of contiguities that have been experienced in space or time". Schemas "provide stereotyped expectations about what things look like and/or the order in which they occur" [Frederick, 1990]. They are obtained by abstracting typical and essential features from a set of past cases. The most notable concepts of schema include frames [Minsky, 1975], templates [Gibbins, 1984], and scripts [Abelson, 1976; Schank and Abelson, 1977]. The concepts of schemas adopted in this study are similar to those of scripts. cognitive scientists have used the term script or activity schema to refer to a declarative knowledge structure that captures general information about a routine series of events or a recurrent type of social event, such as eating in a restaurant or visiting the doctor. They hypothesized that scripts contain some sorts of information: an identifying name or theme, typical roles, entry conditions, a sequence of goal-directed scenes, and a sequence of actions within each scene [Schank and Abelson, 1977]. This study defines a schema of an internal accounting control system as a stereotypical description of the relationships between tasks, agents, assets, and information repositories involved in an internal accounting control system. We call these schemas control patterns. The auditing literature including textbooks and CPA firm publications has provided numerous examples of such description. For instance, a stereotypical sequence of major tasks within the purchasing and cash disbursement cycle is: REQUISITION, PURCHASING, RECEIVING, ACCOUNTS PAYABLE, CASH DISBURSEMENT, JOURNAL ENTRY AND RECONCILIATION. There is a strong resemblance between scripts and control patterns. Table 1 depicts the resemblance by presenting the corresponding concepts between control patterns and scripts. However, control patterns encompass a broader scope than what scripts incorporate. Scripts represent procedural knowledge of stereotypical sequence of events involving roles, actions, and
17
objects. Its corresponding part of control patterns can be used to represent the accounting procedures essential for internal accounting control systems. Moreover, control patterns also include the component representing the stereotypical relation of authority/duty among agents. This component is important because plan of organization is another important factor for internal control. This way of organizing knowledge in terms of schemas is well supported by research in cognitive psychology and auditing. Studies in cognitive psychology have found that people tend to construct schematic cognitive structures to organize their temporal and/or spatial knowledge about objects, events, and places. These studies also found that people, when encountering a new problem, will (1) invoke a schema, (2) encode and represent the observed data consistent with the schema, and (3) process the schematic information to solve the problem [Rumelhart & Ortony, 1977; Schank & Abelson, 1977; Simon, 1979; Rumelhart, 1980; Taylor and Crocker, 1981; Graesser and Nakamura, 1982].
Scripts
Control Patterns
Script Name (Eating in a restaurant) Typical Roles (Customer) Entry Conditions (Customer is hungry) Goal-directed Scences (Ordering) Actions (Read menu)
Pattern Name (Purchasing) Typical Agents (Purchasing agent) Communicated Information (Purchase Requistion) Tasks (Preparing purchase orders) SubTasks (Fill in quantity)
Table 1. Corresponding Concepts Between Scripts and Control Patterns The position of schematic knowledge representation has also been supported by the auditing literature. For example, Waller and Felix [1984] suggest that auditors assimilate information into their memory using a set of schemas and search for information stored in these schemas when they encounter new information. Ashton et al. [1988] state that the role of schema is
18
CHAPTER 2
particularly relevant in auditing "because the schemata developed by auditors through experience and prior knowledge of client situations may affect the manner in which the auditor perceives the evaluation of assertions and the need to accumulate and interpret evidence about these assertions." Frederick [1990] investigate the characteristics of auditors' retrieval of internal controls knowledge based on two different kinds of knowledge organization: taxonomic vs schematic representation5 . He found that experienced auditors freely recalled more internal controls when they were exposed to internal control knowledge organized in a schematic manner (i.e., transaction flowchart). He further explained that "the temporal affiliations among controls in a schema provide this structure with more effective retrieval guides than are present in a taxonomy." In using schemas to organize knowledge, people tend to use atypical deviations from a schema as a means of memorizing experiences. These studies have found that atypical events and scenes are usually better recognized (and under some circumstances better recalled) than typical ones (Graesser et al.,1979; Smith and Graesser, 1981; Schmidt and Sherman, 1984; Mandler, 1984). The schema-based reasoning approach, as proposed by this study, simulates human's schematic knowledge organization and pattern-driven recognition of atypical scenes and relations by incorporating audit rules. As explained in Section 1.3, these audit rules identify fraud potentials when certain audit patterns are recognized. These audit patterns represent frequently encountered control deficiencies. They are deviations from established or schematic control patterns. As Silvester [1979] has pointed out, these internal control deficiencies are the main reason that an employee fraud will occur and remain undetected. Mautz and Sharaf [1961] also argue that the ability to recognize and diagnose important or significantly inconsistent information is presumably a key element of audit expertise. Choo and Trotman [1991] validates this argument in a study examining the differences in the knowledge structures and judgments of experienced and inexperienced auditors by adopting a schema-based framework. They found that, in the task of going
5 A taxonomic representation of internal control knowledge is typified by categoric checklists, while a schematic representation by system flowcharts. Both types of representation are suggested by various auditing literature.
19
concern evaluation, experienced auditors recalled more atypical than typical items, whereas inexperienced auditors did not. 2.2.2 SCHEMATIC VS. TAXONOMIC KNOWLEDGE ORGANIZATION According to cognitive psychology, people tend to organize their knowledge either schematically or taxonomically. A schematic organization is represented in a hierarchy consisting of part-whole relations, while a taxonomic organization class-inclusion relations. Figure 2(a) presents a schematic organization of internal control for the purchase and payment cycle, while Figure 2(b) a taxonomic organization. Figure 2(a) represents internal controls in terms of transaction flow. It depicts a sequence of events embodied in the purchase and
Purchasing and Payment Cycle
Requesting
Purchasing
Receiving
Accounts Cash Journa Payable Disbursement Entry and Reconciliation
Checks are prenumbered
Supporting documents are required for signing checks
Paid invoices are canceled
Signed checks are mailed directly to the payees
Figure 2(a) A Schematic Organization of Internal Controls
20
CHAPTER 2 Control for Purchase and Payment Cycle
Validity
Authorization
Accurracy
Completeness
Classification
Accounting
Proper Period
Prenumbered vouchers are used and controlled
Prenumbered receiving reports are used and controlled
Prenumbered checks are used and controled
Prenumbered purchase orders are used and controlled
Figure 2(b). A Taxonomic Organization of Internal Controls
payment cycle. There are six major events: requesting, purchasing, receiving, accounts payable, cash disbursement, and journal entry and reconciliation. Within each event, various control mechanisms are design to obtain sufficient control. For example, paid invoices must be effectively canceled to ensure that no double payment will be made. Note that the relationship between the accounting subcycle and the events is a part-whole relation. Figure 2(b) organizes internal controls in terms of control objectives, which must be achieved to safeguard assets and ensure the reliability of accounting data. There are seven control objectives: validity, authorization, accuracy, completeness, classification, accounting, and proper period [Robertson, 1985]. Various internal control processes could be designed to achieve these objectives. For example, controls such as prenumbered purchase orders, receiving reports, vouchers, and checks could be incorporated in the internal accounting control system to achieve the completeness objective. Note that the relationship between control objectives and control processes is a classinclusion relation. The auditing literature has proposed both schematic and taxonomic organization of internal control knowledge. The most popular schematic
21
organization is control flowcharts, while the most popular taxonomic organization is control objective worksheets or questionnaires. This study adopts the schematic approach because we believe the evaluation of accounting procedures is essential for identifying fraud potentials and schematic organization is more natural for representing accounting procedures. 2.2.3 ADVANTAGES OF THE PROPOSED APPROACH The proposed approach has four distinct advantages over previous approaches. Firstly, the resultant knowledge-based system will incorporate control primitives, audit rules, and domain-specific deductive rules for the evaluation of internal accounting control systems. This is an improvement over previous approaches of mathematical modeling, simulation, and computer decision aids, since none of them have incorporated control knowledge. In addition, audit patterns can provide guidance to auditors for attending to important deficiencies of internal accounting control systems. Secondly, the proposed approach can offer qualitative evaluation of internal accounting control systems, namely identifying fraud potentials. Previous approaches have emphasized quantitative estimates of system reliability; however, identifying control weaknesses such as fraud potentials is essentially a qualitative problem. Computer decision aids enable users to query qualitative questions regarding the internal accounting control system, but they do not provide automatic identification of control weaknesses. Users still need to "(1) identify the likely exposures, (2) hypothesize which questions to ask, (3) interpret the strengths and weaknesses of the various control, and (4) combine the strengths and weaknesses into an overall evaluation of the systems." [Bailey & Whinston et al., 1985a]. Therefore, being able to provide automatic identification of fraud potentials is a major advantage. Thirdly, the proposed approach evaluates internal control systems basing on graphical pattern matching. It employs the concept of visual programming6 to provide user friendly modeling tool. Users can describe an internal accounting control system in a graphical fashion. As a result, users need not to learn a textual prgramming language to model an internal accounting
6 Visual programming can be defined as "the use of meaningful graphic
representations in the process of programming"
22
CHAPTER 2
control system. In addition, the graphical model can be easily matched against audit rules consisting of graphical patterns to identify fraud potentials. The graphical represenation has very close correspondence with scheamtic knowledge organization, as evidenced by the popular usage of system flowcharts by auditors. Fourthly, the proposed approach will incorporate procedural knowledge in its knowledge base. The evaluation of internal accounting control systems requires knowledge about accounting procedures as well as plan of organization. Yet, it is difficult to represent procedural knowledge in an expert system using IF-THEN rules. As pointed out by Davis et al. [Davis et.al., 1977]: "It is not always easy to map a sequence of desired actions or tests into a set of production rules whose goal-directed invocation will provide that sequence." As a result, IF-THEN rules are not a good way to represent experiences consisting of sequences of events [Riesbeck & Schank, 1989; p31]. By employing a procedural modeling formalism, the proposed approach can represent procedural knowledge in the audit patterns and audit rules, and use them to evaluate the system being audited.
CHAPTER 3. FORMAL MODELING OF INTERNAL ACCOUNTING CONTROL SYSTEMS 3.1 THE ONTOLOGY OF INTERNAL ACCOUNTING CONTROL SYSTEMS In order to formally model and evaluate a system, it is important to identify its ontology. The ontology of an internal accounting control system can be partitioned into two major components: structure and behavior. The structure is composed of objects and their relations, while the behavior consists of social actions performed by agents. Based on the structural knowledge and behavioral knowledge, a formal model can thus be developed for evaluating the internal accounting control system. We adopt structural role theory [Oeser & Harary, 1962, 1964; Oeser & O'Brien, 1966] as the underlying framework for the structural knowledge and social action theory [Porn, 1977; Habermas, 1981] for the behavioral knowledge.
3.1.1 DEFINITION AND TYPES OF INTERNAL ACCOUNTING CONTROL The definition of internal control has gone through several revisions by various authoritative institutions. AICPA [AU 320.28] defines internal accounting control as follows: [Internal] Accounting control comprises the plan of organization and the procedures and records that are concerned with the safeguarding of assets and the reliability of financial records. This definition identifies the goals of internal accounting control and the general types of practices included in an accounting system for achieving these goals. As indicated by this definition, the main goals of internal accounting controls include: (1) safeguarding of assets against loss arising from unintentional or intentional errors in processing transactions and handling the
23
24
CHAPTER 3
related assets, and (2) maintaining the reliability of financial records for external reporting purposes. In addition, the definition specifies that a satisfactory internal accounting control system should include: (1) a plan of organization which provides appropriate segregation of functional responsibilities, and (2) a system of authorization and record procedures adequate to provide reasonable accounting control over assets, liabilities, revenues, and expenses. However, an internal control system might incorporate elements beyond the accounting and financial activities to which many accountants think internal control is limited. Such elements include: "budgetary control, standard costs, periodic operating reports, statistical analyses and the dissemination thereof, a training program designed to aid personnel in meeting their responsibilities, and an internal audit staff to provide additional assurance to management as to the adequacy of its outlined procedures and the extent to which they are being effectively carried out. It properly comprehends activities in other fields as, for example, time and motion studies which are of an engineering nature, and use of quality controls through a system of inspection which fundamentally is a production production" [AIA, 1949] These non-accounting control devices are termed administrative control or management control. SAS [AU 320.10] also defines administrative controls as follows: Administrative controls comprise the plan of organization and all methods and procedures that are concerned mainly with operational efficiency and adherence to managerial policies and usually related only indirectly to the financial records. They generally include such controls as statistical analyses, time and motion studies, performance reports, employee training programs, and quality controls. Administrative controls certainly are related to and may affect accounting controls. However, since AICPA has limited the auditor's scope of concern primarily to accounting controls [AU 320.11], this study will deal only with the accounting control of an internal control system. In particular, it will address one goal of accounting control, namely, safeguarding of assets.
FORMAL MODELING OF INTERNAL ACCT CONTROL SYSTEMS
25
In addition to the above general definitions, Mautz and Schlosser have provided an operational definition of internal control. This operational definition specifies how segregation of duties should be accomplished and how pertinent information should be provided. They suggested that an internal control system should satisfied the following operational characteristics: {Mautz and Schlosser, 1960] 1. Authority for the performance of all activities essential to enterprise objectives and responsibility for performance of such activities should be clearly established and specifically prescribed. 1A. Duties requiring performance of acts or operations should be assigned to employees other than those who authorize, record, or review those actions or operations; duties requiring custodianship of or access to property should be assigned to employees other than those who keep records of that property or review or approve discharge of the custodial responsibility. 2. Sufficient reliable and pertinent operating and financial data to permit informed decisions by responsible officers and employees should be supplied on a timely basis. 3. Actions, events, and transactions, both projected (potential) and completed, should be reviewed sufficiently to give reasonable assurance that transactions essential to enterprise objectives are effected and that unauthorized and otherwise irregular transactions are prevented or discovered. 4.Provision should be made for the performance of all necessary activities by employees who are qualified as to training, experience, ability, and integrity for the discharge of their responsibilities, and whose replacement, temporary or permanent, is provided for in case of inability or unwillingness to perform. 5. The risk of loss of valuable assets and records should be reduced by precautionary measures insofar as reasonably possible. Managers can implement many different control mechanisms to achieve the control objectives. There are many ways to classify these various kinds of control mechanisms. One useful way for our study is to classify them as preventive or detective. Preventive controls are those controls that prevent the undesirable errors or irregularities from occurring; detective controls are those controls that detect the undesired errors or irregularities after their occurrence.
26
CHAPTER 3
For example, authorization of inventory release is a preventive control, while physical counting of inventory is a detective control. Preventive controls are more desirable, because none of the costs of undesirable behaviors will be incurred if they are effective. To recover the loss after a fraud is uncovered is extremely difficult. For example, according to a survey article by Steele, only 22.5% of the companies that suffer losses from fraud were able to recover the loss [Steele, 1989]. However, restrictive preventive controls might create a giant bureaucracy. In addition, preventive controls might be impossible for some . 3.1.2 ROLE THEORETIC STRUCTURE Role theory regards an organization as a social system "characterized by partially shared norms, a task structure, an authority structure, and written documents that support the enterprise" [Biddle, 1979]. According to this theory, an organization is a formal role system, which can be formally defined as Definition 1. [Oeser & Harary, 1962, 1964; Oeser & O'Brien, 1966] Definition 1: A tuple FRS = <H, T, P, R0, R1, R2, R3, R4, R5> is a formal role system, where H: a set of persons T: a set of tasks P: a set of positions R0: the set of informal social relations among persons R1: the relation between positions, i.e. organization chart R2: the task precedence relation, i.e.the task layout R3: the relation between persons and positions, i.e. personnel assignment R4: the relation between positions and tasks, i.e. task allocation R5: the induced relation between persons and tasks In a formal role system, persons are assigned to various positions. Each position has its duties and authorities. These duties / authorities are
27
magnified in the performance of certain tasks. These tasks are executed following organizational procedures. Rules of action and interaction are prescribed by organizational policies for exercising these duties. Therefore, by assuming these positions, people play roles in an organization and establish formal relationship through the organization hierarchy to accomplish organizational goals. However, although formal relationship is essential for communication and coordination, informal relationship might be a deciding factor in achieving the organizational goals. Since an internal accounting control system encompasses all the elements in a formal role system, we formally define it by adding another important element: information repositories, namely, documents and records. In Definition 2, R1, R3, R4, and R5 defines the formal plan of organization in an internal accounting control system; R2 and R7 the accounting procedure; and R6 the informal organization. Definition 2: An internal accounting control system can be conceptualized as a tuple IACS = < I, A, T, P, R1, R2, R3, R4, R5, R6, R7, R8 >, where I: a set of information repositories including documents and records A: a set of people T: a set of accounting tasks P: a set of positions R1: the relation between positions, i.e. organization chart R2: the task precedence relation R3: the relation between persons and positions, i.e. personnel assignment R4: the relation between positions and tasks, i.e. task allocation R5: the induced relation between persons and tasks R6: the set of informal social relations among persons R7: the input relation between information repositories and accounting tasks R8: the output relation between information repositories and accounting tasks
28
CHAPTER 3
Ideally, the auditors need to consider all the elements in the definition 2 when evaluating an internal control system. Among these elements, people might be the most significant factor. Mautz and Sharaf pointed out the importance of people in their attempt to formulate a concept of due audit care for the independent auditor's review of internal control: "To borrow a phrase, 'internal control is people.' A system of internal control is made up of people and procedures, procedures in which people are expected to perform and report in a normal fashion. But unknown to the reviewer, the pressures which motivate the people in the system may change sufficiently that they cease to act in an expected fashion, whereupon the internal control procedure loses its effectiveness." [Mautz & Sharaf, 1961]. It is obvious that people are the ultimate deciding factor for the effectiveness of an internal accounting control system. However, people may have limitations or weaknesses in their motivation, ability, or knowledge. These limitations or weaknesses can affect their performance of accounting tasks. For example, motivational limitation might result in employee embezzlement or sabotage; or ability limitation might create processing errors. In order to prevent or detect such undesirable irregularities, persons are assigned to different positions such that the work of one individual is not only independent of, but acts as a check on, the work of another. Through such segregation of duties, it is hoped that undesirable behaviors will be prevented or detected. The assignment of persons to various positions results in the formal plan of organization for an internal control system. This formal plan of organization is the structural expression of rational action. It specifies "individual relationships in the group, all rights, duties, and privileges that are formally assigned to personal and group roles, and rituals and regulations that are created as models of personal and group activity." [Miller and Form, 1964] In addition, the formal organization establishes a formal hierarchy of power structure. This hierarchy specifies the division of power or authority among members of the organization. It is assumed people at higher ranks will control the performance of people at the lower ranks. However, other than the formal organization, the informal organization might affect or compromise the effectiveness of an internal control system. As organization theorists have long realized, "the human actors who fulfill
29
organizational roles rarely can limit themselves merely to the performance of these activities required by the organizational blueprint" [Schein, 1965]. As a result, informal social relations composed of the animosities and friendships might be formed among people who work together. These informal social relations could further develop into primary groups, cliques, and congeniality groups. Members of these groups might behave in according to their own folkway, mores, norms, and values, instead of following policies prescribed by the formal organization. This type of deviating behavior might compromise the effectiveness of internal control specified by formal plan of organization. Within the formal organization, agents assume the responsibilities of executing tasks delegated to their positions. In an internal accounting control system, these tasks include operating tasks and control tasks. Operating tasks perform the basic operations of identifying, documenting, recording, classifying, and summarizing transactions. Control tasks, on the other hand, are designed to ensure that the operating tasks are executed accurately and in accordance with organizational policies and rules. For example, recording a transaction is an operating task, while reconciling records is a control task. The evaluation of internal control is to determine how effective the control tasks can prevent or detect inappropriate performance of operating tasks. The execution of accounting tasks usually follows a prescribed order in an accounting procedure. Ideally, every prior operating task should be reviewed by some control tasks in later steps of the accounting procedures. Since agents responsible for those control tasks usually can not personally observe the performance of operating tasks, they must rely on documentary evidence to determine that prescribed actions have been taken when the operating tasks are performed. As a result, manipulating documents and accounting records is the most effective way to perpetrate a fraud on an organization. Therefore, an effective internal accounting control system must provide sufficient, independent, documentary evidence for agents to carry out the control tasks. Based on the above discussion, we can conclude that the nature of internal control is people control people. Yet, the control is effected through the exchange of information repositories, i.e. documents and records, among tasks. As mentioned above, each operating task must be reviewed by some control tasks. The review usually involves examination or verification of the
30
CHAPTER 3
documents sent by the operating task. In addition, some independent sources must furnish the control agent with supporting documents so that he can determine whether information on the to-be-verified document are accurate and the actions taken by the operating task are legitimate. Figure 3 depicts the control relation between people and documents. Agent 3 is to control agent 2. To accomplish this, he needs to get supporting document from agent 1 to verify the document sent by agent 2. The verification involves not only the accuracy of the information, but also the legitimacy of the actions taken by agent 2. For example, if agent 3 is the accountant responsible for verifying the invoice sent by the vendor ( agent 1), he would need to get receiving report from the receiving clerk (agent 1) to verify the requested amount and the legitimacy of the payment request. After the accuracy and legitimacy of the to-be-verified document are verified, the control agent will certify the document by signing it and may send the certified document to another agent for serving as a supporting document for another task.
Agent 1
Supporting Document Agent 3 To-Be-Verified Document Certified Document Agent 4
Agent 2
Figure 3. Control Relation between People and Documents 3.1.3 ACTION THEORETIC BEHAVIOR As formalized above, in an internal control procedure, accounting tasks have a temporal precedence order and are allocated to agents. The task allocation endows each agent with particular rights and duties. By being assigned accounting tasks, an agent establishes formal relations with other agents and plays a role by exercising the rights and duties with the tasks. In addition, when playing a role, the agent is instructed to follow rules governing the performance of the task and the interactions with other agents. These rules specify the agent's actions regarding how to make decisions, whom to
31
communicate with, and what to communicate. Hence, these norms are intended to achieving the desirable global behavior of the internal control procedure by specifying the desirable local actions of agents. Therefore, it is necessary for auditors to understand these norms in order to evaluate the procedures. However, when evaluating an internal control procedure, auditors need to not only understand the desirable overall behavior but also determine whether the norm structure can guarantee its realization. This is because an internal control procedure has human as well as machine agents. There is a major difference between human and machine agents in following these norms. For machine agents, these norms are established as software programs and hardware connections. They will always perform tasks following the commands in the software program and communicate through fixed channel by sending pre-specified messages. By contrast, human agents might violate these norms intentionally or unintentionally and commit the so-called 'people failure' (Bodnar, 1975). They might falsify the record, embezzle properties, misauthorize transactions, or transmit false information, etc. These local violations will result in errors and irregularities, thus tainting the overall intended behavior of the internal control procedures. An internal control procedure should be strong enough to prevent or detect these local violations to realize its desired overall behavior. Therefore, when trying to review an internal control procedure, auditors have to understand not only its prescribed desirable behavior but also how the norms could be violated. 3.1.3.1 ACTION TYPES OF INTERNAL CONTROL Three types of governed agent actions are inherent in internal control procedures: instrumental acts, evaluative acts, and communicative acts. The execution of accounting tasks involves the performance of these acts. Instrumental acts are human physical actions that change the states of real world entities. They form the object and content of transacting in an internal control procedure. Examples of instrumental acts are "to release 1000 items of inventory x to worker y" or "to prepare the purchase requisition form". Evaluative acts are "mental" actions that determine the legitimacy of other acts. The performance of these acts depends on agents' knowledge about the state of
32
CHAPTER 3
affairs, but the state of affairs will not be changed by their performance. An example of evaluative acts is "to verify the accuracy of invoice". Communicative acts are actions that result in linguistic expressions with a "meaning" to the hearer. An example of communicative acts is "to request 1000 items of inventory x from y". In an internal control procedure, these three types of acts are closely related to each other, with communicative acts being the connecting element. Adopting the information paradigm proposed by Brussaard and Tas [1980], instrumental acts and evaluative acts constitute the "real system" in an accounting procedure. This real system is supported by communicative acts whose manifestations are the transferings of documents from tasks to tasks or the updates of accounting records by a task. These documents or records serve as evidence of the prior performance of instrumental acts or evaluative acts. Thus, control over the execution of instrumental and evaluative acts is realized through the information exchange between various tasks and agents. For instance, a receiving clerk might report (communicative act) the receipt of ordered merchandise by sending a receiving report to an accountant who is in charge of verifying the invoice. The receiving report provides the documentary evidence of receiving (instrumental act) the delivered goods for verifying the accuracy of invoice. Figure 4 depicts the relationship among the three types of acts and documents. As it indicates, new documents are created or accounting records are updated by instrumental act and are reviewed by evaluative acts latter. After the creation, updating, and certification, the documents, thus the information content thereof, are transferred to or accessed by the next instrumental or evaluative acts. Communicative acts are performed when document transfers occur or accounting records are updated.
33
Communicative Act Instrumental Act Transfer or Update Used by Documemt or Record Used by Evaluative Act Certify Evaluative Act Instrumental Act
Create
Figure 4 Relationships Among Three Types of Acts and Documents Communicative acts in an internal control procedure are essentially speech acts as explicated by Austin [Austin, 1962] and Searle [Searle 1969, 1979, 1985]. Austin distinguishes three aspects of a communicative act: locutionary acts, illocutionary acts, and perlocutionary acts [Habermas, 1981]. A locutionary act is the act that an agent perform by uttering an expression to describe states of affairs. The expression is not addressed toward particular hearers and has no implied intentions. The recordings of accounting transactions into accounts are basically locutionary acts. Information reflecting the change of the state of affairs are changed by the account update, but this update of information was not directly addressed to particular users for them to take specific actions. Instead, various users might access the account for different reasons. A locutionary act can be realized in different modes; for instance, recording of inventory release can be performed by writing on paper or typing into computer files. An illocutionary act is the act that an agent perform by uttering an expression with some intention. The expression is addressed to particular hearers and the act involve particular intentions. The act succeeds only when the hearer understands the intention of the act. For instance, one can perform an illocutionary act by uttering "I authorize the release of inventory to John" with the intention to direct Peter to release the inventory to John. When the intention is recognized by Peter, the illocutionary act has been accomplished and the meaning of the uttered expression has been understood. Certainly, the
34
CHAPTER 3
recognition of the intention is decided by the context in which the expression is uttered. In an accounting procedure, the transfer of a document from one task to another usually is accompanied by intention to request or authorize particular agent to take some action. Therefore, the communicative acts manifested by the document transfer are illocutionary acts. Illocutionary acts can be further classified as assertive, commissive, directive, declarative, or expressive. An assertive act tells how the world is; a commissive act commits the speaker to doing something; a directive act tries to get the hearer to do something; a declarative act changes the world by saying so; an expressive act express feelings and attitudes of the speaker about the state of affair [Lehtinen et al., 1986]. For example, reporting the amount of released inventory is an assertive act; issuing an order is a commissive act; invoicing a buyer is a directive act; declaring the ineligibility of a buyer is a declarative act; and expressing gratitude of receiving a payment is an expressive act. A perlocutionary act is an act that produces effects on the feeling, attitudes, and subsequent behavior of the hearer. The act is accomplished only if the intended effect or response are realized. The effect is called perlocutionary effect. An example of perlocutionary acts is "deceiving someone by falsifying the record". As mentioned above, document transfers in an internal control procedure are mainly illocutionary because the communicative acts are specifically directed toward particular agents. However, the communicative acts also have purposes of realizing certain perlocutionary effects, i.e., request or authorize some agents to take some actions. Therefore, document transfers in an internal accounting control system are illocutionary acts intended to be perlocutionary acts, even though document transfers per se can not realize the intended perlocutionary effects. To bridge the gap between document transfers and their intended perlocutionary effects, an internal accounting control system has to specify the authorities and duties of each task in a formal plan of organization. Following the formal organization, an agent has the authority to review a document after receiving it, and has the responsibility to take actions requested by the document if it is valid. For instance, the act that X requests 1000 items of inventory Z from Y can be regarded as an illocutionary act. By this request, X intends to inform Y that the inventory is needed for production. Y might have
35
to verify this claim; however, if he finds that the claim is valid, he has the responsibility to release the inventory to X. Therefore, through the formal specification of duties, it is hoped that the intended perlocutionary effects of document transfers could be realized. However, what an agent is obligated to do is not necessary what he will do. Many factors might affect an agent's willingness to fulfill his responsibility. Informal social relationships with other agents might influence him to violate the organizational policies. Therefore, an effective internal accounting control system should be able to safeguard the realization of desirable perlocutionary effects. As can be seen from the above discussion, there is a means-end ordering between locutionary acts, illocutionary acts, and perlocutionary acts. In essence, illocutionary acts must be performed by locutionary acts [Lehtinen, 1986], while perlocutionary acts must be performed by illocutionary acts [Martin, 1987]. Furthermore, an illocutionary act might be classified into more than one of the five subtypes. For instance, the act of ordering a merchandise can be classified as a directive act and a commissive act. By this act, the buyer directs the supplier to deliver the merchandise; meanwhile, he makes a conditional commitment to pay when the placed order is fulfilled. Table 2 summarize our discussions about communicative acts in an internal accounting control system.
Communicative Acts Definitions Internal Control Manifestations Update of Accounting Records
Locutionary Acts
Acts of uttering expressions to describe state sof affairs without directly addressed torward specific hearers Acts of uttering expressions directed toward particular hearers with some intentions
Illocutionary Acts
Transfer of Documents
Perlocutionary Acts
Acts of uttering expressions that affect the behavior of particular hearers
Formal Structure of Authorities and Duties
Table 2 Communicative Acts in an Internal Control System 3.1.3.2 ACCOUNTING TASKS AND ACTION TYPES In Section 3.1.2 we classified accounting tasks into operating tasks and control tasks. With respect to the type of acts performed in each type of accounting tasks, we can further conclude that operating tasks involve instrumental acts, while control tasks involve evaluative acts. When executing
36
CHAPTER 3
compare data items against some supporting information to verify the validity of documents or records. Therefore, he is performing evaluative acts. Both types of accounting tasks also involve the performance of communicative acts, because the execution of each accounting task will result in either the transfer of documents or the update of accounting records. These transfers or updates serve the function of informing other agents about the current state of affairs. With the performance of this "informing" and its accompanying intentions, illocutionary acts are realized. The most common types of illocutionary acts in an internal accounting control system include request, authorize, approve, deny, etc. For example, after filling up a purchase requisition form, the an agent will sent the form to another agent in charge of approving purchases. By sending the requisition form, the agent informs the other agent that a new purchase is necessary and requests its approval. After performing the evaluative act of reviewing the request, the other agent might authorize the purchase by sending the approved requisition form to inform the purchase agent that the purchase has been approved. Figure 5 depicts the relation between accounting tasks and the act types. Notice that the internal control action of "update record" is classified as both instrumental act and communicative act. This is because the instrumental act of updating accounting records per se is a locutionary act.
Accounting Tasks
Act Types
Internal Control Actions Prepare Documents Update Records
Operating Tasks
Instrumenal Acts
Communicative Acts
Transfer Documents Update Records
Control Tasks
Evaluative Acts
Request Purchase Approve Purchase
Figure 5 Relation between Accounting Tasks and Act Types
37
3.2 THE REPRESENTATIONAL FORMALISMS - PETRI NETS As presented in Definition 2, an internal accounting control system is a socio-technical system. It contains not only mechanical accounting tasks but also human resources, objectives, rules, and authority structure. Furthermore, it can be characterized as being dynamic, concurrent, non-deterministic, and hierarchical. Because of this high complexity, it is desirable to evaluate an internal accounting control system with a formal model [Baiely et al., 1985]. This study proposes the use of Petri Net as the underlying modeling formalism. Petri Nets, as a formal modeling formalism, can incorporate dynamism, concurrency, non-determinism in their models. In addition, they can facilitate qualitative and quantitative evaluation of internal accounting control systems.
s2 s1 t1 s3
t3 t2 s6 t6 s7
s4
t4
s5
t5
Figure 6. An Example of Petri Nets Graph
3.2.1
GENERAL PETRI NETS
Petri Nets are a particular kind of directed graphs comprising a set of nodes and a set of directed arcs. More specifically, Petri Nets are bipartite graphs with two types of nodes: S-elements and T-elements. Arcs connect Selements and T-elements by going either from an S-element to a T-element or from a T-element to an S-element, yielding the flow relation. Depending on the
38
CHAPTER 3
type of Petri nets, the S-elements and T-elements are called differently. Normally, S-elements and T-elements are called places and transitions respectively. In graphical representation, places are drawn as circles, while transitions as bars or boxes. Figure 6 represents a Petri net graph. Note that the arcs always connect nodes of alternating types. It is not accidental; rather, this is a basic property of Petri nets. Definition 3 gives a general mathematical description of general Petri nets: Definition 2: A triple N = (S, T; F) is called a general Petri net iff (1) S T = (S-elements and T-elements are disjoint sets) (2) S T (S-elements and T-elements are non-empty sets) (3) F (S T) (T S ) (The flow relation connecting elements of different types) (4) dom(F) cod(F) = S T (No element of S or T is isolated in terms of F) Using this definition, we can formally describe Figure 8 as follows: S = {s1, s2, s3, s4, s5, s6, s7} T = {t1, t2, t3, t4, t5, t6} F = {(s1, t1), (t1, s2), (t1, s3), (t1, s4), (s3, t2), (s2, t2), (s2, t3), (s4, t4), (t2, s6), (t3,s6), (t4, s5), (s5, t5), (t5, s6), (t6, s7) } The execution of Petri nets is controlled by their markings. A marking is an assignment of tokens to the places of a Petri net. Based on its marking, a Petri net executes by firing transitions. A transition may be fired if it is enabled. A transition is enabled if each of its input places has at least one token in it. After firing a transition, the Petri net removes one token from each input place of the transition and place one token into each output place of the transition. Through the execution of firings, Petri nets are able to model the operational dynamics of practical systems. Figure 7 illustrates such an execution. Figure 7(a) shows an initial marking of the Petri net with s2, s3, and s4 each having one token. According to the initial marking, t2, t3, and t4
39
are enabled since each of their input places have one token. Therefore, t2, t3, and t4 are firable. However, the firing of t2 will conflict with the firing of t3, because firing one of them will disable the other. This represents nondeterminism. Furthermore, the sequence of firing t2 and t4 (or t3 and t4) is not significant, since they will not interfere with each other and the resulted markings will be the same. This means there exists a concurrency between t2 and t4 (or t3 and t4). Assuming t2 and t4 are fired, the resulted marking is depicted in Figure 7(b). Comparing Figure 7(a) with Figure 7(b), we notice that one token is removed from both s2 and s4, while one token is added to s5 and s6. At the new marking, t5 and t6 become enabled while t2, t3, and t4 become disabled.
(a) Initial Marking
(b) After firing t2 and t4 Figure 7. An Example of Petri Nets Execution The basic net model is Condition / Event Nets. It was proposed by Petri as the common reference model of net theory. Other net models have been developed to increase the expressive power of Petri Nets. For instance, Place / Transition Nets allow more than one tokens in a place; high-level Petri
40
CHAPTER 3
nets (i.e. Predicate / Transition Nets, Relation Nets, and Colored Petri Nets) allow individual objects as tokens; and Extended Petri Nets allow different types of places and transitions. All these advanced models can be translated into the basic net model. 3.2.2 PREDICATE / TRANSITION NETS The major characteristics of Predicate / Transition nets are: (1) they incorporate the concept of "individuals with changing properties and relations into net theory"; and (2) they annotate places, transitions, and arcs with logical terms and formulae [Genrich, 1986]. These characteristics are introduced for modeling a dynamic system characterized by a dynamic relational structure. Definition 4: A tuple DRS = (D, Rs, Rv) is a dynamic relational structure, where D: A non-empty set of individuals called the domain of discourse. Rs: A set of static relations rs1,..., rsm among D, the supporting environment Rv: A set of variable relations rv1,..., rvl among D, the dynamic processes As noted in the definition, relations in a dynamic relational structure can be distinguished as static or variable. Static relations are those that remain invariant across all the possible states in the dynamic system; it is the supporting or constraining environment of the dynamic system . In contrast, variable relations are those that change from state to state due to the occurrence of events in the system, which constitutes the the dynamic processes. The supporting environment defines or constraints the operation of the dynamic processes. To be able to model a dynamic system, Predicate / Transition Nets must have two components: the static component and the dynamic component. The static component is for modeling the supporting environment of a dynamic system, while the dynamic component is for the dynamic process. For a Predicate / Transition net, its graphical representation constitute the dynamic
41
component for modeling procedures, while a logic-based language is used to model the supporting environment and annotate the procedures. In using a Predicate / Transition net to model the dynamic processes, its places represent variable relations and its transitions being annotated by static relations and functions. The annotations in the transitions determine how the variable relations change upon the occurrences of the transitions. To annotate the places, transitions, and arcs, Predicate / Transitions nets use a language consisted of first-order predicate logic and a class of simple algebraic expressions for denoting linear combinations. The syntax and semantics of the language are similar to those of first-order predicate logic. The major difference is that it distinguishes static predicates denoting static relations from variable predicates denoting variable relations. Predicate / Transition nets with annotations in a first-order language can then be defined as follows (adapted from [Genrich, 1986]). Note that a sublanguage AN is used for representing the supporting environment. Definition 5: Given a first-order language L, an annotated net MN = (N, A, M) is a Predicate / Transition net, where 1. N is a net , N = (S, T; F) as defined in Definition 1. 2. A is the annotation of N, A = (AN, AS, AT, AF) where (a) AN is the sublanguage of L for representing the supporting environment of MN. It is the kind of legend that annotates the whole net rather than a particular element. (b) AS is a bijection between the set of places, S, and the set of variable predicates Pv. (c) AT is a mapping of the set of transitions, T, into the set of formulae (called transition selectors) that use only function operators FO and static predicates Ps. (d) AF is a mapping of the set of arcs, F, into the set of symbolic sums of tuples of terms of L, such that the length of each tuple is the number of free variables in the predicate that annotates the input / output place of the arc. 3. M is the marking of the places. It is a mapping that assigns to each place a symbolic formal sum of tuples of constants of L, such that the length of each tuple is the number of free variables in the predicate that annotates the place. These tuples are called individual tokens.
42
CHAPTER 3
A transition t in a Predicate / Transition net is enabled when (1) each input place s of the transition contains at least as many tokens as specified by the label on arc (s,t), and (2) the tokens occurring in the input places have values satisfying the inscribed formula in the transition. When a transition t is enabled, it can be fired by removing from each input place si a number of tokens as specified by the label on arc (si,t), and adding to each output place so a number of tokens specified by the label on the arc (t, so). Figure 8 depicts a Predicate / Transition nets model of a library system [Reisig, 1985]. The operations of the library work as follows. Users can access three desks in the library: the request desk, the pick-up desk, and the return desk. A potential borrower requests a book at the request desk by filling out a request order. A clerk looks for the requested book in the shelf. If the book is found, the book and the request order is placed in the delivery stack at the pick-up desk; otherwise, the clerk checks if the book has been borrowed by looking at the file of the index cards of borrowed books and places the request order in the rejection stack at the pick-up desk. After a book is returned, the book together with its index card is placed back into the shelf. In Figure 10, at_request_desk, rejection_stack, at_library_shelf, delivery_stack, borrowed_index and at_return_desk are variable predicates; '=' is a static predicate; call_no is a function, "X", "Y", and "Z" are variables; r1, r2, r3, r4, r 5 , b1 , b2 , b3 , b4 , b5 , b6 , i1 , i2 , i3 , i4 i5 , and i6 , are constants. The interpretation of the variable predicates and constants is as follows: predicate at_request_desk(X): request order X is placed at the request desk. rejection_stack(X): rejected request form X is placed at the request desk. at_library_shelf(X,Y): book X together with its index card Y are at the library shelf. delivery_stack(X, Y): request form X together with the requested book are at the delivery stack. borrowed_index(X): index card X is in the file of borrowed books. at_retun_desk(X): book X has been returned to the return desk. rn: request order n.
43
bn: book n. in: index card n.

reject <X> call_no(X) = call_no(Y) at_request_desk <r1>, <r2> <X> rejection_desk <r3>
<Y> <X> deliver call_no(X) = call_no(Y) = call_no(Z) <X,Y> delivery_stack <r4, b4>, <r5, b5>
at_library_shelf <b1, i1> <b2, i2>
<Y, Z>
<Y> <Z> borrowed_index re-accept <i3>, <i4>,<i5> <i6>
<Y> <X> <b6> at_return_desk
<X,Y>
call_no(X) = call_no(Y)
Figure 8. Predicate / Transition Nets Model of a Library System Figure 8 shows a particular state of the library system. Two books have been requested and the corresponding request forms are at the request desk. At the delivery desk are two books together with their request forms and a request form whose corresponding book has been borrowed. A book has been returned at the return desk and is waiting for re-shelf. Two books together with their index cards are on the shelf. A change to a new state can be caused by the occurrence of one of the three events: reject, deliver, and reaccept. As in the general net theory, an event occurs when its corresponding transition is enabled and fired. A transition t in a Predicate / Transition net is enabled when (1) each input place s of the transition contains at least as many tokens as specified by the label on arc (s,t), and (2) the tokens occurring in the input places have values satisfying the inscribed formula in the transition. When a transition t is enabled, it can be fired by removing from each input place si a number of tokens as specified by the label on arc (si,t), and adding to each output place so
44
CHAPTER 3
a number of tokens specified by the label on the arc (t, so). For instance, if r1 is for requesting b1, then the "delivery" transition is enabled. The label <X> on the arc (at_request_desk, delivery) can be bound with <r1>, and <Y, Z> on the arc (at_library_shelf, delivery) with <b1, i1>. In addition, the call numbers on r1 , b1, and i1 are the same, which satisfy the annotated formula of the "delivery" transition. After the "delivery" transition is fired, the tokens <r1> and <b1, i1> is removed from their respective places, and a token <r1, b1> is added to the place "delivery_stack" and a token <i1 > to the place "borrowed_index". Note that the same variables on the incoming and output arcs of a transition must be bound with the same individual objects.
3.2.3 ADVANTAGES OF PETRI NET MODELING Petri Nets have their origin from Carl Petri's dissertation in 1962. They "are a model for procedures, organizations, and devices where regulated flows, in particular information flows, play a role." [Reisig, 1985]. They are "particularly directed toward modeling and analyzing information processing systems whose dominant task is to establish a desired pattern of information flow among a collection of concurrently acting human and technical agents" [Genrich, 1980]. Being a powerful graphical and mathematical modeling tools, they have been widely applied to describing and analyzing information processing systems that are characterized as being concurrent, asynchronous, distributed, parallel, nondeterministic, and stochastic [Murata, 1989]. In business domain, these systems include flexible manufacturing/industrial control systems [Martinez et al.,1986; Valette, 1986], office information systems [De Cindio et. al., 1987; Holt, 1986, 1988; Voss, 1986; Zisman, 1977], legal systems [Meldman et al., 1971; Baumgarten et al., 1986], bureaucratic systems [Lee, 1988], etc. The application of Petri nets is through modeling and analysis. A model represents what the modelers regard as important features of the real system for the particular problem they want to solve. By the manipulation of the representation, the modelers hope to obtain knowledge about the real systems without the cost or inconvenience of directly manipulating the real system itself. Petri nets provide not only representational capability for
45
modeling systems but also analytical capability for understanding properties of the systems. In applying Petri net theory, the system is first modeled as a Petri net, and then this model is analyzed. The knowledge resulting from the analysis can be used to modify the original system and model. An analysis can be conducted again based on the new model. Through this iteration, a model with better properties can be obtained. After the modelers are satisfied with the properties, they can then convert the model into an actual working system. Figure 9 describes the process of using Petri nets for the modeling and analysis of systems. Our research is aimed at developing automatic techniques for the modeling and analysis of internal control procedures with Petri nets.
Model System Petri net model
Revise Properties of the system
Analyze
Figure 9 The Use of Petri Nets for the Modeling and Analysis of Systems (Adopted from Petri [1981]) Several major characteristics of Petri nets support their use as a formal modeling and analysis tools for internal control evaluation. Petri nets can represent explicitly causal dependencies and independences among events in a system. Events which are independent of each other are not projected onto an arbitrary linear time scale. Instead, a non-interleaving, partial order relation of concurrency is inherent in the net theory. Concurrency occurs when there is no need to synchronize actions associated with independent entities in a system. Since internal control procedures are distributed control systems with multiple processes occurring concurrently, Petri nets are ideal for their modeling. Another advantage of Petri nets is their ability to represent nondeterminism inherent in dynamic systems. Nondeterminism occurs when several alternative actions can be taken when the same state is present. For instance, in Figure 9, after t1 occurs, either t2 or t3 (but not both) can occurs based on the transition firing rule. Nondeterminism also exists in internal
46
CHAPTER 3
control procedures. For example, a purchase order with an amount beyond a particular limit might require special permission, while one with less amount does not. The third advantage of Petri nets is that they are able to represent systems at different hierarchical levels of abstraction without having to change the description language. The ability results from the fact that an entire net may be replaced by a single place or transition for modeling at a more abstract level (abstraction), or places and transitions may be replaced by subnets to provide more detailed modeling (refinement) [Genrich, 1980; Berthelot, 1986]. This characteristic is useful for modeling large scale internal control procedures. Net representations also make it possible to verify system properties and prove correctness using the theory of formal languages. Petri net languages have been developed for examining the properties of net's structure and its internal operational mechanisms including reachability, deadlock, coverability, preservatives, liveness, and boundedness [Hack, 1975; Keller, 1976]. Linearly representing the behavior of Petri nets by formal languages also enables us to employ the existing algorithms of string processing to analyze the modeled system. For instance, Li et. al. [1991] adapt the algorithm for string pattern matching to check the correctness of dynamic changes in a run-mode system by developing a language called path property. Other characteristics contributing to the wide applicability of Petri net theory include: its ability to model a system with graphical visualization, its ability to provide a complete qualitative as well as quantitative analysis of the system model, and its ability to link directly properties (e.g. liveness, boundedness, connectivity, and consistency) of a Petri net model to certain desirable performance criteria of real-life systems. Compared with state transition diagrams and marked graphs, the two traditional process representation tools, Petri Nets is more powerful and general. State transition diagrams can represent nondeterminism but not concurrency; marked graphs can represent concurrency but not nondeterminism. Marked graphs are not suitable to representing knowledge for problem solving, since they do not explicitly represent states in their process model. On the other hand, state transition diagrams explicitly represent state, but their representation is not efficient. For instance, to represent 20 tasks requires 60 places in a Petri net and 3.5 billion states with a state transition
47
diagram for the same level of information content [Zisman, 1978]. In fact, both state transition diagrams and marked graphs are special cases of Petri Nets. State transition diagrams are Petri nets with single input place and output place for every transition, while marked graphs are Petri nets with single input transition and single output transition for every place. 3.3 FORMAL MODELING OF INTERNAL ACCOUNTING CONTROL SYSTEMS 3.3.1 INTERNAL CONTROL INTERPRETATION OF PETRI NETS When using Petri nets to model systems in some application domain, the modelers must start with a choice of a triple of concepts to define the structural semantics of the nets. In other words, we need to attach semantical meanings to places, transitions, and flow relations in Petri Nets. For example, when applying net theory to modeling an office information system, we can use S-elements to denote channels, T-elements to denote agencies, and F to denote communicating. Certainly, modelers should consider the application domain and the addressed problem when they interpret the Petri net. Table 3 gives a list of fairly well established concept pairs suitable for (S, T) interpretation (adapted from Petri [1984] and Murata [1989]). The meaning of the corresponding relation F is not given in the list. After the meaning of S and T is understood, it is easy to find the meaning of F. Furthermore, in modeling some complex real-world systems, it might be necessary to give more than one interpretations of S and T in the same Petri nets [Voss, 1986]; or, alternatively S and T should be divided into several subclasses with different interpretations [Valavanis, 1990]. The behavioral semantics of a Petri net is derived from its structural semantics. For instance, if we interpret places as conditions and transitions as events, then the input places of a transition would represent the pre-conditions of the corresponding event and the output places the post-conditions of the event. Since a transition must be enabled in order to fire, this means the preconditions must be satisfied for an event to occur. In addition, since firing a transition would remove tokens from the input places and place tokens into the
48
CHAPTER 3
output place, this means after an event occurs the post-conditions become true and the pre-conditions become false. If we further think events as actions taken by agents in the system and conditions describe the state of various parts of the system, then the Petri net is modeling the change of the system states caused by the occurrence of actions.
S T
state-elements states conditions; "places" conditions open singletons structural types logical statements chemical substances languages stations product types countries channels roles pragmatical status (of messages) data resources
transition-elements transitions events facts closed singletons constructions dependencies, deductions, proofs chemical reactions trnslators transfer production activities boundaries agencies activities pragmatical transformations computation tasks or jobs
Table 3. Some Concept Pairs for Applying Net Theory To give an internal control interpretation of Petri nets, we will conceptualize an internal accounting control system as a dynamic relational structure. Definition 6 presents such a conceptualization. As discussed in Section 3.1, R1, R3, R4, and R5 constitute the formal plan of organization in an internal accounting control system, while R6 is the informal organization. On the other hand, R2 , R7 , and R8 form the accounting procedures. The formal and informal organizations specify an authority structure which supports
49
and constraints the execution of accounting procedures. In addition, we can regard the formal and informal organizations as the static part of the internal accounting control system, since the execution of accounting procedures does not change the relations in the organizations. By contrast, we should treat the accounting procedures as the dynamic part, since the execution of tasks will change the status of information repositories. Definition 6: An internal accounting control system IACS = < I, A, T, P, R 1 , R2 , R3, R 4, R5, R6, R7 , R8 > can be conceptualized as a dynamic relational structure DRS = (D, Rs, Rv), where D=IATP Rs = R1 R3 R4 R5 R6 Rv = R2 R7 R8 This study uses the graphical representation of Predicate / Transition nets for modeling the accounting procedures. Definition 7 gives the accounting procedure of a Petri net as to the accounting procedure. As indicated by the definition, we use places in a Petri net to represent information repositories, transitions to represent accounting tasks, and arcs to represent the input/output relations between information repositories and accounting tasks. Definition 7: The accounting procedure interpretation (API) of a Petri net maps a an internal accounting control system IACS = < I, A, T, P, R1, R2, R3, R4, R5, R6, R7, R8 > into a net N = (S, Tr; F) by the following rules: API: I S API: T Tr API: (R7 R8) F In addition to the graphical representation of accounting procedures, we also use a logic-based language to model the organizational aspects of a internal accounting control system and to annotate the Petri net representing the accounting procedure. Logic has been used to investigate human knowledge and reasoning since the ancient Greek period. It can be used as a knowledge representation, inference, and programming tool (Moore, 1985) Logic has
50
CHAPTER 3
extensive expressive power for modelling complex objects and their relationships. Its inference capability and formal semantics make up an ideal knowledge representation scheme for a knowledge based system. In addition, logic programming serves as an excellent computational tool for the implementation of a formal model. In a logic-based language, there are three major components: syntax, semantics and rules of inference. Syntax specifies the rules for formulating well-formed formula. Semantics provides interpretations or meanings of the logical formula. Rules of inference are used to deduce new theorems from axioms. Altogether, these three components provide assertional adequacy to form the kind of theory appropriate to the world knowledge of a system and understand the implication of the theory. However, fundamental to applying these three components in a particular domain is the vocabulary used in that domain. This vocabulary includes the set of predicates, functions, and constants needed to express the domain knowledge. The vocabulary is often called a set of primitives. A good one should enables all the important things to be described clearly and adequately. Picking a good vocabulary is a challenging task. As voiced by Schank and Carboneel[Schank & Carbonell, 1977: "The initial choice of [primitives] to represent Knowledge in a new domain is necessary ad hoc. We make an initial, tentative commitment to a new set...in the new knowledge domain. In the process of codifying new knowledge, using the knowledge in computing programs that process text and answer questions, and in light of new theoretical considerations, we modify change or even replace our original choice....We believe that this method rapidly converges upon a ...set of basic units that organizes the knowledge of the domain in a useful and enlightening way." Perhaps the most important primitives in an accounting control system are the primitive acts for representing the accounting tasks, since control of an accounting information system depends, to a large extent, on an appropriate organization plan. However, in order to design an organization plan with appropriate control, understanding of the behavioral nature of the accounting tasks is required. For example, if we know task A is to request a transaction,
51
and task B is to authorize the same transaction, then task A and task B should not be assigned to the same person; otherwise, fraud could occurs. Therefore, our primitive acts should be able to represent the behavioral nature of the accounting tasks. A common ongoing debate regarding primitive actions is what primitives are appropriate to build into a representation, and at what level. On one hand, we can have a small set of low-level primitives; on the other hand, we may have a larger number of primitives covering a range of levels. Using a small number of primitives enables us to write rules in terms of the primitives, thus representational consistency is easier to achieve. However, it requires tremendous work to break down high-level facts into these low-level primitives. Furthermore, often it is not at all clear what the primitive should be (Rich, 1983).
(a) Branching
(b) Merging
(c) Deciding
(d) Merging
Figure 10. Petri net Representations of Four Basic Procedural Structures Definition 8 presents a set of primitives of the logic-based language used by this study. In modeling accounting procedures, Ci is used for annotating places and Pt for transitions. On the other hand, Ct, Ca, Cp, and Pr are used to describe the organizational aspects. In Chapter 5, we will try to provide the specific vocabulary.
52
CHAPTER 3
Definition 8: The logic-based language L used a groups of primitives for modeling the internal accounting control system: (1) Ci: a set of constants denoting information repositories. (2) Ct: a set of constants denoting accounting tasks. (3) Ca: a set of constants denoting name of agents (4) Cp: a set of constants denoting positions or roles (5) Pt: a set of composition terms {Pos:Tas | Pos Cp and Tas Ct} denoting actions of a role performing a tasks. (6) Pr: a set of predicates denoting the relations R1, R3, R4, R5, R6. 3.3.2 PETRI PROCEDURES NET MODELING OF ACCOUNTING
An accounting procedure is a set of accounting tasks to be done with some partial ordering. The ordering structures of accounting tasks within a procedure include branching, merging, sequencing, and deciding [Yu & Neter, 1973]. An accounting procedures has branching when several copies of the same document are sent to different tasks; merging when several documents produced by different tasks are sent to the same task; sequencing when a document is sent to the only next task; and deciding when a document could be sent to different tasks depending on the situations. These ordering structures can be represented as concurrence, asynchrousness, sequence, and conflict in a Petri net. Figure 10 shows Petri net representations of the four basic procedural structures. Note that we use a bar instead of a square to represent a transition in these graphs. A general algorithm for modeling a accounting procedures can then be described as the followings: (1) Identify accounting tasks comprising the accounting procedure. (2) Identify the input and output information repositories for the task, and the assigned role. (3) Model the branching, merging, sequencing, and deciding as shown in Figure 10. (4) Inscribe the transitions representing accounting tasks with the terms in Pt. (5) Inscribe the places representing information repositories with terms in Ci.
CHAPTER 4. CONTROL PRIMITIVES, CONTROL PATTERNS, AUDIT PATTERNS, AND AUDIT RULES IN THE PURCHASE AND PAYMENT CYCLE As indicated in Section 1.3 the schema-based reasoning approach will take the Petri net model of of an internal accounting control system and apply audit rules to verify whether the model match particular audit patterns. If some of the audit patterns are matched, it will then identify the associated fraud potentials. This chapter discusses derivation of control patterns, audit patterns, audit rules, control primitives, and domain-specific rules using a five-phase process. Firstly, control patterns are derived based on the control objectives to be achieved. Secondly, audit patterns are derived based on the deviations of control patterns. Thirdly, audit rules are formulated by associating audit patterns with fraud potentials. Fourthly, control primitives are identified based on the conditions of audit patterns. Lastly, domain-specific deductive rules for inferencing about the presence/absence of audit pattern conditions are specified. The purchase and payment cycle is used as the demonstrative domain.
4.1 A TYPICAL INTERNAL ACCOUNTING CONTROL SYSTEM FOR THE PURCHASE AND PAYMENT CYCLE A complete internal accounting control system usually include several sub-control systems for various business operating cycles. However, the scope of this study will only use the internal accounting control system for the purchase and payment cycle to demonstrate and validate the schema-based reasoning approach. The author believes that concentrating on a specific business cycle allows us to focus on the viability of the proposed approach without being distracted by the domain differences between various business cycles. As might be suspected, all the internal accounting control systems for the purchase and payment cycle are not the same. Different organizations might adopt different practices in implementing the internal accounting control system. These practical differences include variations in the design, content,
53
54
CHAPTER 4
and flow of documents, task assignment, task order, etc. However, for a particular operating cycle, all internal accounting control systems incorporate basically the same operating tasks, try to achieve the same control objectives, and used the same information provided by documents and accounts. Figure 11 presents a typical accounting procedure showing the major operating tasks and documents in the purchase and payment cycle. As indicated, the purchase and payment cycle involves major operating tasks engaged by agents in an organization. These internal operating tasks include requisitioning, bidding, ordering, receiving, vouchering, paying vendors, and disbursing checks. In addition, some external operating tasks are performed by vendors. They are quoting, delivering, invoicing, and collecting. The operating tasks involves instrumental acts of preparing documents. These documents include purchase requisition, vendor list, bids, shipping documents, receiving report, invoice, voucher, and check. Note that Figure 11 shows the non-determinism of an accounting procedure at the "ordering" task. After a requisition is received, the purchase agent might issue an order based on a preapproved vendor list for the requested product/service. If such pre-approved vendor list does not exist, then the purchase agent would have to initiate a bidding process. An accounting procedure simply incorporating operating tasks is not capable of deterring frauds; it must also include control tasks. These control tasks will verify whether the operating tasks are executed in accordance with organizational policies based on supporting documentary evidence. If the verification precedes the next operating task, the control is a preventive control. On the other hand, the verification might be performed after several operating tasks, thus resulting in detective control. For example, after a purchase requisition is issued, an agent might have to review the requisition to determine if the request is warranted and is issued by an authorized person before a purchase order is placed. This can prevent a purchase order based on illegitimate requisition from being issued. By contrast, the verification might occur after the purchase order is placed. This type of detective control, although it can not prevent the issuance of unwarranted order beforehand, can deter those attempting to issue illegitimate requisition if they know such a verification will be performed later. This variation on the order of operating
CONTROL PRIMITIVES/PATTERNS, AUDIT PATTERNS/ RULES
55
and control tasks is the most significant reason that a large variety of accounting procedures could exist.
store clerk: requisitioning pur. agt: ordering PO'S
VL PR
pur. agt: bidding
vendor: delivering
PR
RFB BID vendor: quoting rec. clerk: receiving pur. agt: ordering
SD
vendor: invoicing
PR: purchase requisition VL: vendor list PO: purchase order BID: bid SD: shipping document I: invoice RR: receiving report V: voucher C: check BFB: request for bid C
vendor: collecting
RR
payable clerk: vouchering treasurer: disbursing cashier: Paying
PR PO RR I V
Figure 11 A Typical Accounting Procedure for Purchase and Payment Cycle without Control Tasks The purpose of each control task is to achieve control over operating tasks such that frauds will not occur. Table 4 presents the control objectives which must be achieved with respect to each operating task. Various control tasks are implemented to achieve these control objectives. In Section 4.2.2, we will discuss these control tasks.
56
CHAPTER 4
Operating Tasks a. Requisitioning b. Bidding c. Quoting d. Ordering
Control Objectives All requisitions are justified and are initiated and approved by authorized individuals. The bidding are conducted following a competitive procedures. All quotes are compared and the vendors are investigated. All orders are based on approved requisitions and are properly placed as to price, quantity, quality, and vendor. All delivered goods and services were ordered and agree all respects with the orignal order. All receivings are performed following the company's acceptance policy. All invoices presents valid payment claims for received goods and service and are accurate as to terms, quantities, prices, and extensiions. All payables recognized are valid and are accurate as to payees and amount All payments are based on supporting documents and are accurate as to payees and amount. All payments are disbursed directly to the payees.
e. Delivering f. Receiving g. Invoicing
h. Vouchering i. Paying j. Disbursing
Table 4 Operating Tasks and Their Control Objectives
4.2 COMMON CONTROL PATTERNS IN THE PURCHASE AND PAYMENT CYCLE Control patterns are stereotypical relationships between agents, tasks, and information repositories. Through experiences, auditors would have developed expectations about these relationships. When evaluating an internal accounting control system, if they do not see the expected relationships, they will become
57
alert to the deviations and suspect some control weakness might exist. Therefore, control patterns serve as screening criteria for auditors to identify control weaknesses. These control patterns are similar to semantic integrity constraints for a database. For a database, semantic integrity constraints specify, based on empirical knowledge, what should be complied by data in the database which represents a part of universe. If a data items do not satisfy the integrity constraints, an error must have existed. Likewise, control patterns in this study constitute the necessary conditions expected to be satisfied by all the internal accounting control systems. If a control pattern is not satisfied, then a control weakness exists. This section discusses the derivation of control patterns based on the control objectives to be achieved over the operating tasks. Section 4.3 discuss the audit patterns based on the deviations of control patterns. We will follow the logical representation of integrity constraints to represent control patterns. Afterward we will use our logic-based language to represent audit patterns and audit rules.
4.2.1 CONTROL PATTERNS OF ACCOUNTING PROCEDURES As discussed in Section 3.1.2, the accounting procedures in an internal accounting control system consist of the precedence relation between accounting tasks and the input/output relation between accounting tasks and information repositories (i.e. documents and records). The accounting tasks include operating tasks and control tasks. The control tasks is to achieve some control objectives over the operating tasks so that fraud can be prevented or detected. Table 5 presents the operating tasks and their corresponding control tasks. It shows that the verification of the operating tasks constitutes the control tasks. These control tasks can be decomposed further into sub-control tasks. These sub-control tasks are usually performed together, but sometimes they might be assigned to different agents. For example, the verification of r e q u i s i t i o n i n g c o n s i s t s o f
58
CHAPTER 4
Operating Tasks a. Requisitioning
Control Tasks Verify_requestioning Verify_requisition_legitimacy Verify_requested_product Verify_requested_quantity Verify_requestioning_authority Verify_bidding Verify_bidding_vendor Verify_bidding_price Verify_quoting Compare_quoted_price Verify_vendor_qualification Verify_reasonableness_of_price Verify_ordering Verify_ordering_legitimacy Verify_order_price Verify_order_quantity Verify_ordered_product_quality Verify_vendor_eligibility Verify_delivering Verify_delivery_quantity Verify_delivery_quality Verify_receiving Verify_receiving_legitimacy Verify_received_quantity Verify_received_quality Verify_invoicing Verify_invoice_legitimacy Verify_invoice_quantity Verify_invoice_price Verify_invoice_extension Verify_invoice_terms Verify_vouchering Verify_vouchering_legitimacy Verify_vouchered_amount Verify_vouchered_payee Verify_paying Verify_payment_amount Verify_payment_payee Collecting
b. Bidding c. Quoting
d. Ordering
e. Delivering
f. Receiving
g. Invoicing
h. Vouchering
i. Paying j. Disbursing
Table 5 Control Tasks for the Operating Tasks in the Purchase and Payment Cycle
59
sub_verifications of the requested product and quantity, legitimacy of the request, and the requisitioning authority. These verifications are to ensure that the requested products are necessary, the quantity is appropriate, and the requisitioner has the authority to make the request. In other words, they are intended to achieve the control objective over the operating task of requisitioning. These sub_verifications could be separated into several tasks, but are usually performed by the same task. Therefore we will use the top-level control tasks as examples in this study. This simplification will not affect the principle we use to derive the control patterns and audit rules. Since it is difficult for a control agent to directly observe the performance of operating tasks, the verification of operating tasks essentially is consisted of verifying the documents / records generated by these tasks. As discussed in Section 3.1.2, to enable the control agent to successfully perform the verification, some independent sources must furnish the control agent with necessary supporting documents. These supporting documents allow the control agent to determine whether the operating agent, as evidenced by the documents, have taken the legitimate or illegitimate actions. Table 6 presents the control tasks, the documents they intend to verify, and the necessary supporting documents. The supporting documents transferred to control tasks are not only informative but also performative. The informative content such as price, quantity, and quality enable the control agent to verify the accuracy of the document under verification. For example, a verified purchase requisition containing information about the requested amount and specification of a product would allow the control agent in charge of verifying ordering to review the accuracy of the purchase order regarding the product amount and specification. However, verifying ordering involves not only reviewing the accuracy of the purchase order but also its legitimacy; namely, should the purchase order be issued in the first place? This legitimacy verification would have to depend on the performative content of the supporting documents. A document is performative in the sense that an agent is permitted or obliged to take some actions after receiving it. For example, after receiving an approved purchase requisition, a purchase agent is permitted or even obligated to issue a purchase order. On the other hand, any issuance of purchase orders without an approved requisition is prohibited. Therefore, an approved
60
CHAPTER 4
purchase requisition enables the agent in charge of verifying ordering to check the legitimacy of an issued order.
Control Tasks Verify_requisitioning Verify_quoting Verify_bidding Verify_ordering Verify_delivering Verify_receiving Verify_invocing Verify_vouchering Verify_paying
Verified Document Purchase requisition Bids Bids Purchase order Shipping Document Receiving Report Invoice Payable Voucher Check
Supporting Documents Inventory Record Inventory Policy Verified Purchase Requisition Bidding Policy Verified Purchase Requisition Verified Purchase Requisition Verified Bids or Vendo rList Verified Purchase Order Delivered Goods/Services Physical Inspection Verified Purchase Order Verified Shipping Document Verified Receiving Report Verified Purchase Order Verified Receiving Report Verified Purchase Order Verified Invoice Verified Voucher
Table 6 Necessary Supporting Documents for Control Tasks In most organizations, a document becomes performative when an authorized employee signs it to approve the informative content of the document. The signature of the authorized employee hence becomes the manifestation of the performative content. Later in the accounting procedure, if an agent intends to use the performative content of a document to verify the legitimacy of another document, he should verify the signature. Certainly, the approval should result from elaborate verification of the document. Therefore, a document with pure informative content usually turns into one with both informative and performative content through the performance of a control task. An authorized signature signifies that a verification by the control task has been performed and the informative content has been approved.
61
Figure 12 illustrates the chain process of using documents in the performance of control tasks. Note that a document can be used as a supporting document for other control tasks after it is verified by a control task. Through the verification and transfer of documents, a network of control is thus established. This chain process is demonstrated by Table 6. For example, while performing the control task of verifying ordering, the control agent needs the verified purchase requisition to review the accuracy and legitimacy of the purchase order. The verified purchase requisition serves as a supporting document for the control task. After the purchase order is verified and approved with a signature, it is then transferred to the control task of verifying invoicing and is used as a supporting document for that task.
Supporting Document
Informative Content Performative Content (Signature)
Document to Be Verified
Informative Content Accuracy Verification Legitimacy Verification
Verified Document
Informative Content Performative Content (Signature)
Control Task
Figure 12 The Chain Process of Utilizing Documents 4.2.1.1 CONTROL PATTERNS OF PRECEDENCE RELATION AMONG TASKS To successfully achieve control objectives, an accounting procedure must incorporate control tasks as well as arrange an appropriate order of accounting tasks. As indicated in Section 3.1.1, control tasks can be classified into being preventive or detective. If the verification of a document is performed before the document is used for other operating tasks, the verification is a preventive control; otherwise, the verification is a detective control. Therefore, the same control tasks might be performed before or the other operating tasks; however, the control tasks, preventive or detective, must always be performed after the operating tasks over which they are intended to
62
CHAPTER 4
control. If a control task is performed before the operating task, then the operating task can be performed improperly without being detected. The necessity for an accounting procedure to incorporate control tasks over the operating tasks and have them performed after the operating tasks presents us two general control patterns. Following the logical representation of integrity constraints, these two general control patterns can be represented as follows. Under all circumstances, a strong internal accounting control system must satisfy these control patterns. Their deviations constitute control weaknesses. Therefore, the control patterns have normative implication. Control Pattern I task(OpTask) task(ConTask) Reading: Whenever an operating task Optask exists, its corresponding control tasks ConTask must also exist. Control Pattern II task(OpTask) & task(ConTask) follow(OpTask, ConTask) Reading: Whenever an operating task and its corresponding control task exist, the control task must always follow the operating task. Note that the audit pattern I does not assert that a particular operating task and its control task necessarily exist; instead, it only asserts that if an operating task exists, its corresponding control task must also exist. This is an important characteristics because some operating tasks might not exist in an accounting procedure. For example, the operating task of bidding might not exist in all of the accounting procedures, hence the control task of verifying bidding is unnecessary. Also, note that control pattern II specifies that the control task must always be performed after the operating task, but not necessarily immediately follow the operating task. Based on Table 2, instances of the two general control patterns would include: Instance of Control Pattern I: task(ordering) task(verify_ordering). Instance of Control Pattern II:
63
task(OpTask) & task(ConTask) follow(OpTask, ConTask) 4.2.1.2 CONTROL PATTERNS OF INFORMATION-TASK RELATION As discussed in Section 4.2.1, to successfully verify the document produced by an operating task, a control task must be able to access necessary supporting documents. Table 3 presents the necessary supporting documents for each control task in the purchase and payment cycle. These supporting documents must have been verified before they can be used as evidence to verify the legitimacy and accuracy of the document under review. If the supporting documents are not verified before being used as evidence, they must be furnished from independent sources. In other words, they must be transfered from an agent who does not generate the document to be verified. In addition, these verified documents should be transferred directly from the control tasks which had verified them to the control tasks which intend to use them as supporting documents. Silver's study found that a very high percentage (47.7%) of fraud cases involved alteration of otherwise valid documents [Silvester, 1979]. Direct transfer of documentary evidence is crucial for avoiding possible tampering by intermediary agents. We can thus represent the four general control patterns of the relation between information repository and control tasks as follows. Control Pattern III: task(ConTask) furnish(SupDoc, ConTask) Reading: When a control task ConTask exists, it must be furnished with the the supporting documents SupDoc. Control Pattern IV: furnish(SupDoc, ConTask1) pre_verified(SupDoc, ConTask2, ConTask1) Reading: If a control task ConTask1 uses a supporting document SupDoc, the supporting document should have been verified by a previous control task ConTask2. Control Pattern V: furnish(SupDoc, ConTask) & furnish(VerDoc, ConTask) & pre_verified(SupDoc, ConTask2, ConTask)
64
CHAPTER 4
independent(SupDoc, VerDoc) Reading: A supporting document should be generated by a source independent of the source which generates the document to be verified. Control Pattern VI: furnish(SupDoc, ConTask1) doc_direct(SupDoc, ConTask2, ConTask1) Reading: If a control task ConTask1 uses a supporting document SupDoc, the supporting document should be transferred directly from the control task ConTask2 which verified the supporting document. Based on Table 3, instances of the above general control patterns include the following: Instance of Control Patern III: task(verify_inv_proc) furnished(rec_report, verify_inv_proc) Instance of Control Patern IV: furnished(rec_report, verify_invoicing) pre_verified(rec_report, verify_receiving) Instance of Control Patern V: furnished(rec_report, verify_invoicing) & furnished(invoice, verify_invoicing) pre_verified(rec_report, verify_receiving, verify_invoicing) independent(rec_report, invoice) Instance of Control Pattern VI: furnished(rec_report, verify_invoicing) doc_direct(rec_report, verify_receiving,verify_invoicing)
4.2.2 CONTROL STRUCTURE
PATTERNS
OF
ORGANIZATIONAL
In addition to the control patterns of accounting procedures, there are also stereotypical relations regarding task assignments and authority hierarchy among agents. The relation of task assignments among roles/positions is
65
referred by the auditing literature as "segregation of duties". The division of duties in performing accounting tasks exists in all but the smallest companies. A strong segregation of duties would allow one agent to independently check on the work of another agent, hence preventing or detecting errors or intentional irregularities. In dividing the duties of performing accounting tasks among positions, various companies might combine the accounting tasks in many different ways. No matter what the combinations are, to achieve the control objectives, a control task and the operating task it intends to control should not be assigned to the same position. For example, the control task of requisition verification and the operating task of ordering usually are perform by the same purchasing agent. On the other hand, the control task of order verification and the operating task of ordering should always be separated and assigned to different positions. If this two tasks are assigned to the same position, then the agent occupying the position can commit irregularities without being detected by another agent. In addition, if these two tasks are assigned to two different positions, it is necessary that no agent should be allowed to assume these two positions at the same time. The assumption of two incompatible positions, hence performing two incompatible tasks, often happens when one employee is absent and another employee is charged with the additional responsibilities. In assigning accounting tasks to various positions, the formal power hierarchy of these positions must also be taken into consideration. Obviously, a control task should be assigned to a position with higher authority than the position in charge of the operating task to be controlled. If a superior position is assigned with the operating task, the less powerful control agent will be very reluctant to exercise the necessary control. Moreover, the more powerful agent might be able to override the subordinate's decision. Based on the above discussion, we can present three general control patterns of organizational structure in an internal accounting control system as follows. Control Pattern VII: task(OpTask) & task(ConTask) seg_pos(OpTask, ConTask)
66
CHAPTER 4
Reading: A control task ConTask and the operating task OpTask it intends to control should be segregated into two different positions. Control Pattern VIII: task(OpTask) & task(ConTask) seg_agent(OpTask, ConTask) Reading: A control task ConTask and the operating task OpTask it intends to control should be segregated into two different agents. Control Pattern IX: assign(OpTask, Pos1) & assign(ConTask, Pos2) higher(Pos1, Pos2) Reading: The position assigned with a control task ConTask should be higher in the formal power hierarchy than the position of the operating task OpTask to be controlled. All of the above control patterns consider only formal organization. However, informal social relations are also an important factor to consider when an internal accounting control system is under evaluation. For example, assume that an agent is assigned with a control task and another agent the corresponding operating task. This is a good segregation of duties from the perspective of formal organization. However, if the two agents belong to the same social group, the close informal social relation between them might make the control agent ignore his duties. As a result, the control agent might simply omit the verification of the operating task and give the operating agent opportunities to commit illegal actions. Even worse, they might collude with each other. Certainly these informal social relationships are difficult to foresee when an internal accounting control system is being designed. However, when evaluating an internal accounting control system, an auditor should be alert to the informal social relationships between agents. An audit pattern considering informal social relationships can thus be formulated as follows. Control Pattern X: perform(Agent1, ConTask) & perform(Agent2, OpTask) socially_detached(Agent1, Agent2)
67
Reading: The agent Agent1 in charge of a control task ConTask should be socially detached from the agent Agent2 responsible for the corresponding control task. Based on Table 2, instances of the above four general control patterns would include the followings: Instance of Control Pattern VII: task(ordering) & task(verify_ordering) seg_pos(ordering, verify_ordering) Instance of Control Pattern VIII: task(ordering) & task(verify_ordering) seg_agent(ordering, verify_ordering) Instance of Control Pattern IX: assign(ordering, Pos1) & assign(verify_ordering, Pos2) higher(Pos1, Pos2) Instance of Control Pattern X: perform(Agent1, verify_ordering) & perform(Agent2, ordering) socially_detached(Agent1, Agent2)
4.3 AUDIT PATTERNS
PATTERNS
AS
DEVIATION
OF
CONTROL
As discussed in Section 1.3, audit rules associate audit patterns with fraud potentials. Audit patterns are situations involving deviations of control patterns found in an internal accounting control system. They represent control weaknesses existing an internal accounting control system. This section discusses the common causes of fraud and demonstrates the derivation of audit patterns based on the control patterns derived in Section 4.2.
68
CHAPTER 4
4.3.1 COMMON CAUSES OF FRAUD There is a growing concern over the number and magnitude of fraud cases exposed in recent years, especially after the Saving & Loans scandal. These fraud cases involve almost every type of organizations including manufacturing, finance, government, and education. As a result, a new field called forensic accounting or fraud auditing is gaining the attention of auditors and accountants. Public accounting firms are paying more and more attention to fraud auditing because of the litigations filed against them by interest parties suffering losses from the fraud. In fact, one issue of Fortune magazine ranked the job prospect for forensic accounting or fraud auditing as one of the best in the next five years. The importance of fraud auditing is further echoed by the growing number of seminars and conferences held for the topic. There are many reasons how a fraud could occur; however, the most prevalent reason among all the fraud cases might be control weaknesses. These weaknesses can be divided into three broad categories: (1) lack of internal control design, (2) failure to enforce existing internal control, or (3) management override of existing internal control. In fact, the fraud potentials resulting from categories (2) and (3) are equivalent to those from (1), since the occurrences of categories (2) and (3) would result in the lack of appropriate control for some instances of transaction processing, even though original design of the internal control system incorporates such control. The occurrence of categories (2) and (3) usually are due to collusion or negligence. Risks of frauds resulting from collusion and negligence are inherent limitations associated with any internal accounting control system. They can not be prevented by the internal control system per se; rather, they must be contended with an auditing function outside of the system. On the other hand, risks resulting from control deficiencies are more specific in nature and can be remedied if intelligent precaution is taken when the internal control system is designed. When trying to evaluate an internal control system, an auditor should be alert to deficiencies of the control design and possible ramifications of these deficiencies. If all the necessary controls are found to be present in an internal control systems, the auditor would have to verify whether these controls are consistently and effectively enforced. This verification is called
69
compliance auditing, which involves sampling of documents or accounts and is beyond the domain of internal control evaluation. However, by observing the informal organization existing among the agents, the auditors should be able to identify those controls which are likely to be ignored. For example, if a control agent and the operating agent he is supposed to control belong to the same clique, then it is likely that the control agent will not enforce the control if the operating agent has a higher status in the informal group. Most frauds occur because control deficiencies allow the perpetrators to conceal their illegal activities by manipulating various documents and accounts. For example, Silvester found that 76.3% of those fraud cases included in his study involve manipulations of documents, while 8.9% involve manipulations of accounts. He also found that the methods of document manipulation include alteration of valid documents, submission of false documents, submission of illegitimate documents, and double use of valid documents. All these manipulations are able to succeed because control deficiencies prevent other agents from verifying the accuracy and legitimacy of the documents. There are four common types of control deficiencies: inadequate control tasks, improper order of control tasks, inappropriate information flows, and inappropriate segregation of duties. Identifying these four types of control deficiencies is the first step in identifying the fraud potentials. 4.3.2 DERIVATION OF AUDIT PATTERNS Since audit patterns are deviations of control patterns by the internal accounting control system under review, they can be derived based on the logical representation of the control patterns. The derivation process is as follows. (1) The general form of a control pattern is d 1 & d 2 ,..., & d m f meaning that all internal control system should satisfy the condition represented by the formula. (2) Deviations of the control patterns means that the internal control system under review does not satisfy formula.
70
CHAPTER 4
(3) In terms of logical representation, deviation of a condition (i.e. a control deficiency) can be represented by the negation of the formula representing the condition (d 1 & d 2 ,..., & d m f) (4) A clausal form representation of control deficiencies can thus be obtained by logical transformation of the negated formula. (d 1 & d 2 ,..., & d m f) ( (d 1 & d 2 ,..., & d m ) f) (d 1 & d 2 ,..., & d m ) & f Following this derivation process, we can get the following general audit patterns based on the control patterns obtained in Section 4.2. The following shows the corresponding audit pattern for each control pattern. task(OpTask) & task(ConTask) task(OpTask) & task(ConTask) & follow(OpTask, ConTask) Audit Pattern III: task(ConTask) & furnish(SupDoc, ConTask) Audit Pattern IV: furnish(SupDoc, ConTask1) & pre_verified(SupDoc, ConTask2, ConTask1) Audit Pattern V: furnish(SupDoc, ConTask) & furnish(VerDoc, ConTask) & pre_verified(SupDoc, ConTask2, ConTask1) independent(SupDoc, VerDoc) Audit Pattern VI: furnish(SupDoc, ConTask1) & pre_verified(SupDoc, ConTask2, ConTask1) & doc_direct(SupDoc, ConTask1, ConTask2) Audit Pattern VII: task(OpTask) & task(ConTask) & seg_pos(OpTask, ConTask) Audit Pattern VIII: task(OpTask) & task(ConTask) & seg_agent(OpTask, ConTask) Audit Pattern IX: assign(OpTask, Pos1) & assign(ConTask, Pos2) & higher(Pos1, Pos2) Audit Pattern X: perform(Agent1, ConTask) & perform(Agent2, OpTask) & socially_detached(Agent1, Agent2) Audit Pattern I Audit Pattern II
71
Based on the instances of control patterns in Section 4.2, instances of the general audit patterns would include the following formula: Instance of Audit Pattern I: task(ordering) & task(verify_ordering). Instance of Audit Pattern II: task(OpTask) & task(ConTask) & follow(OpTask, ConTask) Instance of Audit Patern III: task(verify_inv_proc) & furnish(rec_report, verify_invoicing) Instance of Audit Pattern IV: furnish(rec_report, verify_invoicing) & pre_verified(rec_report, verify_receiving, verify_inv_proc) Instance of Audit Pattern V: furnish(rec_report, verify_invoicing) & furnish(invoice, verify_invoicing) & pre_verified(rec_report, verify_receiving, verify_invoicing) & independent(rec_report, invoice) Instance of Audit Pattern VI: furnish(rec_report, verify_invoicing) & pre_verified(rec_report, verify_receiving) doc_direct(rec_report, verify_receiving,verify_invoicing) Instance of Audit Pattern VII: task(ordering) & task(verify_ordering) & seg_pos(ordering, verify_ordering) Instance of Audit Pattern VIII: task(ordering) & task(verify_ordering) & seg_agent(ordering, verify_ordering) Instance of Audit Pattern IX: assign(ordering, Pos1) & assign(verify_ordering, Pos2) & higher(Pos1, Pos2)
72
CHAPTER 4
Instance of Audit Pattern X: perform(Agent1, verify_ordering) & perform(Agent2, ordering) & socially_detached(Agent1, Agent2) Audit patterns represent control weaknesses. They act like demons in our proposed knowledge-based system. When the knowledge-based system recognizes their presence in an internal accounting control system, it will trigger the execution of audit rules to identify the fraud potentials exposed by the internal accounting control system. 4.4 FORMULATION OF AUDIT RULES As explained in Section 1.3, audit rules are used to identify fraud potentials when an internal accounting control system match certain audit patterns. We conjecture that when an auditor tries to identify fraud potentials of an internal accounting control system, usually he will use a process consisting of three phases. First, he will identify the audit patterns which deviate from the normal control patterns. Second, he will identify the various illegal actions which could be taken by an agent in charge of an operating tasks due to the existing control deficiencies. Third, he will identify the fraud potentials which could result from various combinations of these illegal actions. Naturally, during this process, he would apply the audit rules he has learned from past experiences if the rules are applicable to the current situation. Otherwise, he would depend on his analytical capability when a new situation is encountered and no applicable audit rules are available. After the same case is experienced several times, new audit rules might be induced. We believe this is a reasonable conjecture and provides a foundation for systematic formulation of audit rules. This section discusses and demonstrates how this process can be applied to derive audit rules for the purchase and payment cycle.
4.4.1 THE GENERAL PROCESS FOR FORMULATIING AUDIT RULES
73
As explained in Section 3.1.3, the overall actual performance of an internal accounting control system is determined by the individual agents' behavior. If control is not adequate, an agent might violate the regulations or rules by taking some illegal actions. Therefore, while evaluating an internal accounting control system, an auditor must determine (1) what control weaknesses are present in the system, (2) what kind of illegal actions could be taken, and (3) what are the potential frauds which could result from these illegal actions. In addition, auditors have the responsibility of conveying the control weaknesses to the management and suggest their remedy. We propose three types of audit rules to emulate this evaluation process. The first type suggests the necessary remedies for control weaknesses; the second type associates control weaknesses with possible illegal actions; he third type associates combinations of possible illegal actions with potential frauds. We term the first type action identification rules, the second type fraud identification rules, and the third type weakness identification rules. We also call the fraud identification rules and the weakness identification rules output rules. Using our logic-based language, the general forms of these three types of rules are represented as follows7. Weakness Identification Rules: if CD 1 and CD 2 ... and CD m warning [Message Suggesting Remedy] Reading: If a control weakness represented by CD1, CD2, ..., CDm exists, suggest remedy for the control weakness. Action Identification Rules: possible(Agent, Action) if CD 1 and CD 2 ... and CD m Reading: If a control weakness represented by CD1, CD2, ..., CDm exists, then the illegal action Action could be committed by the agent Agent.
7 Following the syntax of our proposed logic-based language, we have replaced the
logical connectives '& ' and ' ' with 'and' and 'not'.
74
CHAPTER 4
Fraud Identification Rules: if possible(Agent1, Action1) and possible(Agent2, Action2), and possible(Agentn, Actionn) warning [Message Identifying Fraud Potentials] because [Message Explaining Reasons] ,
Reading: If illegal actions Action1, Action2, ..., and Actionn could be taken by agents Agent1, Action2, and Agentn,then identify fraud potentials and give explanation. CD 1 , CD2 , ..., and CDm in the above audit rules are predicates representing the conditions constituting various audit patterns. On the other hand, the predicate possible(A, B) represents that "it is possible for an agent A to commit illegal action B". The fraud identification rules identify and explain fraud potentials, while the weakness identification rules suggest the remedy of control weaknesses. The messages in these output rules are provided by the knowledge-based system to users as the results of automatic evaluation. As indicated by the form of the fraud identification rules, their application will invoke the application of the action identification rules. The antecedents of a fraud identification rule are a combination of various possible illegal actions. To provide the output diagnosis message, these antecedents must be proved to be true. This will in turn apply the action identification rules and require the proof of existence of the causing control weaknesses. 4.4.2 FORMULATION OF WEAKNESS IDENTIFICATION RULES The weakness identification rules associate control weaknesses ( i.e. audit patterns) with their remedies. Each remedy basically is to removed the deviations of control patterns from the audit patterns. Formulation of the weakness identification rules is relatively simple. The remedy of each control weakness is the elimination of its deviation from control patterns. The general
75
remedy audit rules for the ten audit patterns presented in Section 4.3 are as follows. Weakness Identification Rules Type I: if match task(Role1:OpTask) and not match task(Role2: ConTask) warning [ add the control task ConTask ]. Weakness Identification Rules Type II: if match task(Role1: OpTask) and match task(Role2 : ConTask) and not match follow(Role1: OpTask, Role2 : ConTask) warning [ change the order of Optask and ConTask ]. Weakness Identification Rules Type III: if match task(Role:ConTask) and not match furnished(SupDoc, Role:ConTask) warning [ SupDoc should be provided to ConTask ]. Weakness Identification Rules Type IV: if match furnished(SupDoc, Role1:ConTask1) and not match pre_verified(SupDoc, Role2:ConTask2, Role1:ConTask1) warning [ SupDoc should be verified by ConTask2, before ConTask1 use it ]. Weakness Identification Rules Type V: if match furnished(SupDoc, Role: ConTask) and match furnished(VerDoc, Role: ConTask) and not independent(SupDoc, VerDoc) and not match pre_verified(SupDoc, Role2:ConTask2, Role: ConTask) warning [ SupDoc and VerDoc should be from independent sources ] Weakness Identification Rules Type VI: if match furnished(SupDoc, Role2: ConTask2) and match pre_verified(SupDoc, Role1:ConTask, Role2: ConTask2) and not match doc_direct(SupDoc, Role1:ConTask1, Role2: ConTask2) warning [ SupDoc should be sent directly from ConTask1 to ConTask2 ].
76
CHAPTER 4
Weakness Identification Rules Type VII: if match task(Role1:OpTask) and match task(Role2:ConTask) and not seg_pos(OpTask, ConTask) warning [ OpTask and ConTask should be segregated into different positions ] Weakness Identification Rules Type VIII: if match task(Role1:OpTask) and match task(Role2:ConTask) and not seg_agent(OpTask, ConTask) warning [ the position for performing OpTask and that for performing ConTask should not be occupied by the same person ]. Weakness Identification Rules Type IX: if match task(Role1:OpTask) and match task(Role2:ConTask) and not higher(Role2, Role1) warning [ Role2 should be at a higher rank Than Role1 ]. Weakness Identification Rules Type X: if match task(Role1:OpTask) and match task(Role2:ConTask) and occupy(Agent1:Role1) and occupy(Agent2:Role2) not socially_detached(Agent1, Agent2) warning [ ConTask and OpTask should be assigned to socially detached agents ]. Following these general form of each type, the following presents specific instances for each type of the weakness identification rules. Instance of Weakness Identification Rules Type I: If match task(Role1:req) and not match task(Role2:verify_req) warning ['A task of verifying requisitioning should be performed.']. Instance of Weakness Identification Rules Type II:
77
if match task(Role1:receiving) and match task(Role2:verify_rec) and not match follow(Role1:receiving,Role2:verify_rec) warning ['The task of verifying receiving should be performed after the task of receiving.']. Instance of Weakness Identification Rules Type III: if match task(Role2:verify_vch) and not match furnished('PO', Role2:verify_vch) warning ['The task of verifying vouchering should be furnished with purchase order.']. Instance of Weakness Identification Rules Type IV: if match furnished('RR', Role1:verify_inv) and not match pre_verified('RR', Role2:verify_rec, Role1:verify_inv) warning [ 'Receiving reports should be verified before it is used as supporting documents for verifying invoicing']. Instance of Weakness Identification Rules Type V: if match furnished('PR', Role: verify_ord) and match furnished('PO', Role:verify_ord) and not match pre_verified('RR', Role2:verify_rec, Role1:verify_inv) and not match independent('PR', 'PO') warning [ 'Purchase orders and supporting purchase requisitions and should be from independent sources.' ] Instance of Weakness Identification Rules Type VI: if match furnished('PO', Role2: verify_rec) and match pre_verified('PO', Role1:verify_ord, Role2: verify_rec) and not match doc_direct('PO', Role1:verify_ord, Role2: verify_rec)
78
CHAPTER 4
warning [ 'Verified purchase orders should be sent directly to the position who is responsible for verifying receiving.']. Instance of Weakness Identification Rules Type VII: if match task(Role1:ordering) and match task(Role2: verify_ord) and not seg_position(ordering, verify_ord) warning ['The tasks of ordering and verifying ordering should be segregated into two different positions.']. Instance of Weakness Identification Rules Type VIII: if match task(Role1:paying) and match task(Role2:verify_pay) and not seg_agent(paying, verify_pay) warning [ 'The tasks of paying and verifying paying should not be performed by the same person.']. Instance of Weakness Identification Rules Type XI: if match task(Role1:req) and match task(Role2:verify_req) and not higher(Role2, Role1) warning ['The task of verify requisitioning should be assigned to a position at a higher rank than that of the task of requisitioning.']. Instance of Weakness Identification Rules Type X: if match task(Role1:vouchering) and match task(Role2:verify_vch) and occupy(X, Role1) and occupy(Y, Role2) and not socially_detached(X,Y) warning ['The tasks of vouchering and verifying vouchering should not be assigned to two persons who are socially close.'].
79
4.4.3 FORMULATION OF ACTION IDENTIFICATION RULES AND FRAUD IDENTIFICATION RULES To prevent or detect frauds, an internal accounting control system must incorporate adequate control tasks to achieve control objectives over the operating tasks. Ideally every operating task should have a corresponding control task to verify its accuracy and legitimacy. Control pattern I represents this concept of adequate control, while audit pattern I represents its deviation. If the audit pattern is present, the agent in charge of the operating task can take illegal actions without being detected. The general inference audit rule for this type of control deficiencies can thus be represented as follows. Note that a predicate "perform(Agent, OpTask)" is added to the audit pattern of type I. This predicate is not a component of the audit pattern per se; rather, its addition results from the fact that we want to know who can take illegal actions as well as there is a control weakness. The word 'match' in the audit rules indicates that the knowledge-based system will attempt to match the audit patterns against the procedural model of an internal accounting control system when the audit rules are executed. Action Identification Rules Type I: possible(Agent, IlAction) if match task(Role1:OpTask) and not match task(Role2: ConTask) and occupy(Agent, Role1) Reading: If an operating task OpTask does not have a control task to verify it, then the agent Agent in charge of the operating task can possibly take an illegal action IlAction. In a strong internal accounting control system, a control task should be performed after the operating task it is intended to control. Although most internal accounting control systems incorporate this feature, sometime control agents might disregard the appropriate order due to convenience consideration, hence compromising the intended control. For example, an agent might approve a purchase order by signing it before the order was actually issued.
80
CHAPTER 4
This improper order of performing tasks would allow the agent in charge of issuing orders to commit illegal actions without being detected. In other words, it amounts to being without control, even though a signature is present. The control pattern of type II specifies the necessary order of accounting tasks. Its violation, hence a control deficiency, is represented as audit pattern II. A general audit rule associating this control deficiency with possible illegal action can thus be represented as the following formula. Action Identification Rules Type II: possible(Agent, IlAction) if match task(Role1:OpTask) and match task(Role2:ConTask) and not match follow(Role1:OpTask, Role2:ConTask) and occupy(Agent, Role1) Reading: If a control task ConTask does not follow the operating task OpTask it is intended to control, the agent Agent responsible for the operating task can commit illegal action IlAction without being detected. To verify the documentary evidence of an operating task, a control task must receive verified supporting documents directly from independent sources. Control pattern III, IV, and V specify these conditions. Deviations of these control patterns and the general inference audit rules associating these control deficiencies with possible illegal actions can be represented as follows. Action Identification Rules Type III: possible (Agent, IlAction) if match task(Role1:ConTask) and not match furnished(SupDoc, Role2: ConTask) and occupy(Agent, Role) Reading: If a control task ConTask is not furnished with the supporting document SupDoc, then the agent Agent in charge of the operating task OpTask can take illegal action IlAction without being detected. Action Identification Rules Type IV:
81
possible(Agent, IlAction) if match furnished(SupDoc, Role1: ConTask1) and not match pre_verified(SupDoc, Role2 : ConTask2) and generate(Agent, SupDoc) Reading: If a supporting document SupDoc has not been verified, the agent generating the document can commit illegal action IlAction. Action Identification Rules Type V: possible(Agent, IlAction) if match furnished(SupDoc, Role2:ConTask2) and not match pre_verified(SupDoc, Role1 : ConTask1, Role2:ConTask2) and not match independent(SupDoc, VerDoc) and generate(Agent, SupDoc) Reading: If a supporting document is not provided by a resource independent of the source which generate the document to be verified, the agent responsible for generating the documents can commit illegal action IlAction. Action Identification Rules Type VI: possible(Agent, IlAction) if match furnish(SupDoc, Role 2: ConTask2) and match pre_verified(SupDoc, Role1 : ConTask1, Role 2: ConTask2) and not match doc_direct(SupDoc, Role1 : ConTask1, Role 2: ConTask2) and intermediate(Role1 : ConTask1, Role2 : ConTask2, Role 3: Task3, SupDoc) and occupy(Agent, Role3) Reading: if a supporting document is transferred through some intermediate agent, the intermediate agent can commit illegal action IlAction. Appropriate segregation of duties allow one agent to review the work of another. As discussed in Section 4.2.2, four principles of segregation should be followed. Firstly, a control task and the operating task it is intended to control should not be assigned to the same position. Secondly, different agents should perform a control task and the operating task it is intended to
82
CHAPTER 4
control. Thirdly, a control task should be assigned to a higher position than the one assigned with the corresponding operating task. Lastly, control agents and operating agents should be socially detached. Control pattern VII, VIII, IX, and X represent these four principles. Deviations of these control patterns and the resultant general action identification rules are presented as follows. Action Identification Rules Type VII: possible(Agent, IlAction) if match task(Role1 : OpTask) and match task(Role2: ConTask) and not seg_pos(OpTask, ConTask) and occupy(Agent, Role1) Reading: If an control task ConTask and the corresponding operating task are not segregated into two different position, the agent performing these two tasks can committed illegal IlAction Action Identification Rules Type VIII: possible(Agent, IlAction) if match task(Role1: OpTask) and match task(Role2 : ConTask) and not seg_agent(OpTask, ConTask) and occupy(Agent,Role1) Reading: If a control task ConTask and its corresponding operating task OpTask are not segregated into two different agents, then the agent performing these two tasks can commit illegal action IlAction. Action Identification Rules Type IX: possible(Agent, IlAction) if match task(Role1: OpTask) and match task(Role2 : ConTask) and not higher(Role1, Role2) and occupy(Agent, Role1) Reading: If a control task ConTask is assigned to a lower position, the operating agent Agent occupying the higher position might commit illegal action IlAction. if match task(Role1:OpTask) and match task(Role2:ConTask) and occupy(Agent1:Role1) and occupy(Agent2:Role2) not socially_detached(Agent1, Agent2)
83
Action Identification Rules Type X: possible(Agent2, IlAction) if match task(Role1:OpTask) and match task(Role2:ConTask) and occupy(Agent1:Role1) and occupy(Agent2:Role2) not socially_detached(Agent1, Agent2) Reading: If a control agent and an operating agent are not socially detached, the operating agent might be allowed to commit illegal action To formulate the specific action identification rules, for each control weakness, we would identify its resultant specific possible illegal actions. The illegal actions consist of various ways of document manipulation. As discussed in Section 3.1.1, internal control is people control people through the exchange of information repositories among accounting tasks. Therefore, the most effective way of committing frauds is through the manipulation of these information repositories. The existence of various control weaknesses creates the possibility for agents to take such illegal actions without being detected. Table 7 presents the common methods of document manipulation and their example. In formulating the action identification rules, this table can be used to identify the possible illegal actions resulting from each control weakness. The following presents an specific rule for each type of the general inference audit rules.
Methods 1. Issue illegitimate document 2. Provide false information 3. Alter valid document 4. Submit valid docuemnt twice Examples Issue purchase orders without approved purchase request Inflate order price Change requested quantity on the purchase requisition Submit payment voucher twice
84
CHAPTER 4
Table 7 Common Methods of Document Manipulation Instance of Action Identification Rules Type I: possible(Agent, inflate_order_price) if match task(Role1:ordering) and not match task(Role2: verify_ordering) and occupy(Agent, Role1) Instance of Action Identification Rules Type II: possible(Agent, issue_illegitimate_order) if match task(Role1 : ordering) and match task(Role2 : verify_ordering) and not match follow(ordering, verify_ordering) and occupy(Agent, Role1) Instance of Action Identification Rules Type III: possible (Agent, issue_illegitimate_order) if match task(Role:verify_ordering) and not match furnished(purchase_requisition, Role: verify_ordering) and occupy(Agent, Role) Instance of Action Identification Rules Type IV: possible(Agent, issue_illegitimate_order) if match furnished(purchase_requisition, Role1: verify_ordering) and not match pre_verified(purchase_requisition, Role2 : verify_requesting) and generate(Agent, purchase_order) Instance of Action Identification Rules Type V: possible(Agent, issue_illegitimate_order) if match furnished(purchase_requisition, Role: verify_ordering) and match furnished(purchase_order, Role: verify_ordering) and not match pre_verified(purchase_requisition, Role1:verify_requisition, Role: verify_ordering) and not independent(purchase_requisition, purchase_order) and generate(Agent, purchase_order) Instance of Action Identification Rules Type VI:
85
possible(Agent, alter_purchase_order) if match furnished(purchase_order, Role2: verify_invoicing) and match pre_verified(purchase_order, Role1 : verify_ordering, Role2: verify_invoicing) and not match doc_direct(purchase_order, Role2 : verify_ordering, Role1: verify_invoicing) and intermediate(Role1 : verify_ordering, Role2: verify_invoicing, Role3:Task, purchase_order) and occupy(Agent, Role3) Instance of Action Identification Rules Type VII: possible(Agent, use_inegible_vendor) if match task(Role1 : ordering) and match task(Role2: verify_ordering) and not seg_pos(ordering, verify_ordering) and occupy(Agent, Role1) Instance of Action Identification Rules Type VIII: possible(Agent, issue_illegitimate_payment_voucher) if match task(Role1: vouchering) and match task(Role2 : verify_vouchering) and not seg_agent(vouchering, verify_vouchering) & occupy(Agent, Role1) Instance of Action Identification Rules Type IX: possible(Agent, issue_illegitimate_order) if match task(Role1: ordering) and match task(Role2 : verify_ordering) and not higher(Role1, Role2) and occupy(Agent, Role1) Instance of Action Identification Rules Type X: possible(Agent1, inflate_order_price) if match task(Role1:ordering) and match task(Role2:verify_ordering) and occupy(Agent1:Role1) and occupy(Agent2:Role2) not socially_detached(Agent1, Agent2) To formulate the fraud identification rules, various combinations of the possible illegal actions should be considered and their resultant fraud potentials identified. This is a formidable task since the number of combinations could be
86
CHAPTER 4
tremendous. As a result, it is very likely that the original set of these rules is not complete and requires update in the future. The need for updating the rule set will be most obvious when it fails to correctly identify fraud potentials of an internal accounting control system. The following rule presents an example of the fraud identification rules. This rule indicate that the combination of three illegal actions by three different persons can result in a potential collusion fraud. An Example of Fraud Identification Rules: if possible(X, issue_illegitimate_req) and possible(Y, select_bidding_vendors) and possible(vendor, inflate_bid_price) and not socially_detached(X,Y) warning [ X,' and ', Y, 'and vendors might have colluded with each other so that the company might have paid high prices for goods it does not need.'] because [X, 'could issue illegitimate requisition and ', Y, 'limits the bidding to certain vendors, and the vendors will inflate the prices on their bids.']. 4.5 CONTROL PRIMITIVES DEDUCTIVE RULES AND DOMAIN-SPECIFIC
As indicated above, each audit patterns include several conditions. An audit pattern is matched if its constituent conditions are found to be true in an internal accounting control system. Table 8 summarizes those conditions appearing in the audit patterns. The truth values of these conditions can be inferred based on a set of control primitives coupled with a set of domainspecific deductive rules. Control primitives are generic basic relationships among tasks, agents, roles/positions, and information repositories. Table 9 presents a set of these control primitives and their meanings. Note that that some ot the audit pattern conditions are control primitives themselves. We call these audit pattern conditions as primitive conditions and others non-primitive conditions. In addition, we call the control primitives related to accounting procedures procedural control primitives. This kind of control primitives includes:
87
task(Role:Task), follow(Role1:Task1, Role2:Task2), doctask(InDocs, Role:Task, OutDocs), pre_verified(Doc, Role1:Task1, Role2:Task2), and doc_direct(Doc, Role1:Task1, Role2:Task2).
1. task(Role:Task) 2. follow(Role1:Task1, Role2:Task2) 3. furnished(Doc, Role:Task) 4. generate(Agent, Doc) 5. independent(SupDoc, VerDoc) 6. pre_verified(Doc, Role1:Task1, Role2:Task2) 7. doc_direct(SupDoc, ConTask1, ConTask2) 8. perform(Agent, Task) 9. seg_pos(OpTask, ConTask) 10. seg_agent(OpTask, ConTask) 11. higher(Role1, Role2) 12. socially_detached(Agent1, Agent2)
Table 8. Audit Pattern Conditions On the other hand, we will call the control primitives related to plan of organization organizational control primitives. They include: task(Role:Task), occupy(Agent, Role), dir_superior(Role1, Role2), and
88
CHAPTER 4
socially_close(Agent1, Agent2). Note that the control primitive task(Role:Task) is a procedural as well as organizational control primitive. In our knowledge-based system, the procedural control primitives will be represented graphically based on Petri net theory, while the organizational control primitives will be represented by using a logic-based language.
1. task(Role:Task) Meaning: A task Task is assigned to a role Role. 2. follow(Role1:Task1, Role2:Task2) Meaning: A task Task2 is executed after (not necessarily immediately) a task Task1. 3. doctask(InDocs, Role:Task, OutDocs) Meaning: A task Task has documents InDocs as input and documents OutDocs as output. 4. pre_verified(Doc, Role1:Task1, Role2:Task2) Meaning: A document Doc is verified by a task Task1 before it is transferred to a task Task2. 5. doc_direct(Doc, Role1:Task1, Role2:Task2) Meaning: A document Doc is transferred directly from a task Task1 to a task Task2. 6. occupy(Agent, Role). Meaning: An agent Agent occupy a role/position Role 7. dir_superior(Role1, Role2) Meaning: A role Role1 is a direct supervisor of a role Role2. 8. socially_close(Agent1, Agent2) Meaning: An agent Agent1 is socially close to an agent Agent2.
Table 9. A Set of Control Primitives To infer about the truth/falsity of non-primitive conditions based on control primitives, domain-specific deductive rules must be applied. These
89
deductive rules can be described as follows. Note that the conclusions of these rules are non-primitive conditions. Domain-specific deductive rules: Rule 1: furnished(Doc, Role:Task) if doctask(InDocs, Role:Task, OutDocs) and member(Doc, InDocs) Reading: A task Task is furnished with a document Doc, if the task has a set of documents InDocs as input and the document Doc is one of them. Rule 2: generate(Agent, Doc) if doctask(InDocs, Role:Task, OutDocs) and member(Doc, OutDocs) and not member(Doc, InDocs), and occupy(Agent, Role) Reading: An agent Agent generates the document Doc, if the agent occupies the role Role and the role is assigned with the task Task, which has the document as output but not input. Rule 3: independent(SupDoc, VerDoc) if generate(Agent1, VerDoc) and generate(Agent1, VerDoc) and Agent1 <> Agent2 Reading: The agent Agent1 who generate the document VerDoc is different from the agent Agent2 who generate the supporting document SupDoc. Rule 4: intermediate(Role1:Task1, Role2:Task2, Role3:Task3, Doc) if furnished(Doc, Role3:Task3) and follow(Role1:Task1, Role3:Task3) and
90
CHAPTER 4
follow(Role3:Task3, Role2:Task2) Rule 5: perform(Agent, Task) if task(Role:Task) and occupy(Agent, Role) Reading: An agent Agent is permitted to perform the task Task if the task is assigned to a role/position Role and the agent occupy the role/position. Rule 6: seg_position(Task1, Task2) if task(Role1:Task1) and task(Role2:Task2) and Role1 <> Role2. Reading: A task Task1 and another task Task2 are segregated into two different positions if they are assigned to two different positions. Rule 7: seg_agent(Task1, Task2) if perform(Agent1, Task1) and perform(Agent2, Task2) and Agent1 <> Agent2. Reading: A task Task1 and another task Task2 are segregated into two different agents if they are performed by two different agents. Rule 8.1: higher(Role1, Role2) if superior(Role1, Role2) Reading: A role Role1 has higher formal organizational status than another role Role2 if Role1 is a direct superior of Role2. Rule 8.2: higher(Role1, Role2) if superior(Role1, Role3) and higher(Role3, Rolre2)
91
Reading: A role Role1 has higher formal organizational status than a role Role2 if Role1 is a superior of a role Role3 and Role3 has higher formal organizational status than Role2. Rule 9: socially_detached(Agent1, Agent2) if not socially_close(Agent1, Agent2) Reading: An agent Agent1 and another agent Agent2 are socially detached if they are not socially close.
CHAPTER 5. VALIDATION OF THE SCHEMA-BASED REASONING APPROACH To validate the schema-based reasoning approach, this study has developed a prototype knowledge-based system to evaluate thirty internal accounting control systems in which frauds have occurred. CASE/EDI, a procedural modeling tool, is used to build the knowledge-based system8. The control patterns, audit patterns, and audit rules derived in Chapter 4 are incorporated in the knowledge base. 5.1 CASE/EDI -- A GRAPHICAL PROCEDURAL MODELING TOOL CASE/EDI stands for Computer Aided Software Engineering / Electronic Data Interchange. It is a visual programming shell for modeling legal procedures and office procedures. The constructs and algorithms of the shell are based on Petri nets theory. Figure 13 presents the basic modeling constructs of CASE/EDI. Icons (a), (b), (c), and (d) correspond to places in a Petri net,with various semantics. Icon (a) represents a generic control place, (b) a document, (c) goods, and (c) a set of multiple places. Icon (e) corresponds to transition in a Petri net and is used to represent accounting tasks. Icon (h) corresponds to the flow relation in a Peti net and is used to represent information or object flows in an internal accounting control system. Icons (f) and (g) corresponds to subgraphs in a Petri net and are used to represent sub-procedures. Icon (f) represent an sub-procedure with at least one task, while the sub-procedure represented by (g) could include no task at all. Users of the CASE/EDI shell can use these icons to model accounting procedures and primitive procedural constructs. Figure 14 presents the procedural control primitive specifying that a control task must always follow the operating task it is intended to control.
8 CASE/EDI is a proprietary software developed by Dr. Ronald M. Lee. The author would like to express the most sincere thanks to Dr. Lee for the tremendous efforts he has spent on modifying the program to suit the needs of this study. 93
94
CHAPTER 5
In addition to the graphical interface for modeling accounting procedures, CASE/EDI also allows the incorporation of a logic-based language for modeling the plan of organization of an internal accounting control system. This is possible because CASE/EDI is developed by using PROLOG, programming language based on logic. Section 5.2.1 discusses the syntax and informal semantics of the language.
Figure 13. Modeling Constructs of CASE/EDI
Figure 14. CASE/EDI Representation of A Control Primitive
VALIDATION OF THE SCHEMA-BASED REASONING APPROACH
95
5.2 IMPLEMENTATION SYSTEM
OF
THE
KNOWLEDGE-BASED
As discussed in Section 1.3, a knowledge-based system adopting the schema-based reasoning approach has three components: (1) a representational formalism for modeling internal accounting control systems, (2) a knowledge base including audit rules associating audit patterns with fraud potentials, (3) and a pattern matching mechanism for matching audit patterns against formally represented internal accounting control systems. For the representational formalism, our knowledge-based system provides the graphical interface of CASE/EDI for users to model accounting procedures. The use of CASE/EDI constructs follows the accounting procedure interpretation of Petri nets as presented by Definition 7 in Section 3.3.1. In addition, the knowledge-based system also incorporates a logicbased language for representing plan of organization. The knowledge base includes the audit rules, control primitives, and domain-specific deductive rules derived in Chapter 4. The audit rules are production rules with their antecedents being audit patterns. These audit patterns represent situations which encompass deviations of control patterns. They serve as demons for triggering the invocation of audit rules. When the knowledge-based system recognizes their existence, it will apply the audit rules to identify the potential illegal actions. The recognition of those audit patterns are realized through a pattern matching mechanism. This pattern matching mechanism involves the applications of deductive rules and control primitives to determine whether an audit pattern has been matched by an internal accounting control system. The two types of control primitives, procedural and organizational, are represented differently from the users' perspective. Procedural control primitives are represented graphically, while organizational control primitives are represented using the logic-based language. However, the graphical representations of procedural control primitives must be compiled into a linear internal representations before they can be used to match against an internal accounting control system.
96
CHAPTER 5
Users Model Accounting Procddures Using Graphical Representation and Model Plan of Organization Using the Logic-Based Language
System
Compiles the Graphical Representation into Linear Internal Representation
Model of the Internal Accounting Control System
Matches Audit Patterns Against the Internal Accounting Control System
Fraud Potentials and Explanations
Applies Audit Rules with the Recognized Audit Patterns to Identify Fraud Potentials
Figure 15. Operation of the Knowledge-Based System Figure 15 presents the operation of the knowledge-based system when it is used to automatically identify fraud potentials of an internal accounting control system. First, the users will model the accounting procedure using the graphical constructs provided by CASE/EDI. They will also use the logicbased language to model the plan of organization. After the modeling process is completed, the graphical representation of the accounting procedure is compiled into a linear internal representation. The users can then invoke the pattern matching mechanism to match audit patterns against the internal accounting control system. If certain audit patterns are recognized to be present, the audit rules with the audit patterns as antecedents are then applied to
97
identify the associated fraud potentials. The identification will include an explanation of why the conclusions are derived. While matching audit patterns against the internal accounting control system, the system applies deductive rules to determine the truth of conditions constituting the audit patterns based on the presence/absence of control primitives. 5.2.1 THE LOGIC-BASED LANGUAGE The knowledge-based system provides a logic-based language for representing audit rules and deductive rules, annotating accounting procedures, and modeling plan of organization. Using the Backus-Naur Form (BNF), the syntax of the language can be described as the followings. Note that there are three types of audit rules: weakness identification rules, fraud identification rules and action identification rules. The weakness identification rules point out the control weaknesses; the fraud identification rules identify the fraud potentials and explain how they could occur; the action identification rules are used to reason about the antecedent conditions of the explaining audit rules. The action identification rules will be applied when the proof of fraud identification rules invokes their applications. The use of these three types of rules will be demonstrated in Section 5.3. A. Syntax for representing audit rules and deductive rules <audit_rule> ::= <output_rule> | <action_identification_rule> <output_rule> ::= <weakness_identification_rule> | <fraud_identification_rule> <weakness_identification_rule> ::= if <conditions> warning <text> <fraud_identification_rule> ::= if <poss_conditions> warning <text> because <text> <action_identification_rule> ::= <poss_cond> if <conditions> <poss_conditions> ::= <poss_condition> and <poss_conditions> | <poss_condition>
98
CHAPTER 5
<poss_condition> ::= possible(agent_term, action_term) <domain_deductive_rule> ::= <derived_cond> if <conditions> <derived_cond> ::= <proc_derived> | <organ_derived> <conditions> ::= <condition> and <conditions> | <condition> <condition> ::= match <proc_primitive> | not match <proc_primitive> | <cond_predicate> <proc_primitive> ::= task(<role_term> : <task_term>) | follow(<role_term> : <task_term>, <role_term> : <task_term>)| doctask(<doc_terms>, <role_term> : <task_terms>, <doc_term>) verified(<doc_term>, <role_term> : <task_term>, <role_term> : <task_term>) direct(<doc_term>, <role_term> : <task_term>, <role_term> : <task_term>) <cond_predicate> ::= <proc_derived> | <organ_primitive> | <organ_derived> <proc_derived> := furnish(<doc_term>, <role_term> : <task_term>) generate(Agent, Doc) independent(<doc_term>, <doc_term>) <organ_primitive> ::= occupy( <agent_term>, <role_term) dir_superior( <role_term> , <role_term >) socially_close( <agent_term>, <agent_term>) <organ_derived> ::= higher(<role_term>, <role_term>) socially_detached(<agent_term>, <agent_term>) seg_pos(<task_term>, <task_term>) seg_agent(<task_term>, <task_term>) <role_term> ::= <variable> | <constant>
99
<task_term> :: = <variable> | <task_constant> <task_constant> ::= req | verify_req | bidding | quoting | verify_quo | verify_bid | ordering | verify_ord | delivering | verify_del | receiving | verify_rec | invoicing | verify_inv vouchering | verify_vouchering | paying | verify_paying disbursing | collecting <doc_terms> ::= [<doc_term>, <doc_term>,...<doc_term>] <doc_term> ::= <variable> | <doc_constant> <doc_constant> ::= pr | bid | vl | po | sd | rr | iv | pv | ck | rfb <agent_term> ::= <variable> | <constant> <action_term> ::= <variable> | <constant> B. Syntax for annotating accounting procedures <place_annotation> ::= [ <place_term>, <place_terms> ] <place_terms> ::= <place_term>, <place_terms> | <place_term> <place_term> ::= <doc_term> | goods | services <tran_anotation> ::= <role_term> : <task_term> C. Syntax for modeling plan of organization <role_relation> ::= superior( <role_term> , <role_term >) <occupy_relation> ::= occupy( <agent_term>, <role_term) <social_relation> ::= socially_close( <agent_term>, <agent_term>) In the above syntax description, primitive constants and predicates are represented by words with bold characters. The informal semantics of those primitive are as follow. task(Role:Task) : A task Task is assign to a role Role.
100
CHAPTER 5
follow(Role1:Task1, Role2:Task2): A task Task1is followed by another task Task2. doctask(InputDoc, Role:Task, OutputDoc): A task Task receive input document InpuDoc, and produce output document OutputDoc. furnish(Doc, Role:Task): A document Doc is furnished the task Task. independent(Doc1, Doc2): the document Doc1 and the document Doc2 are from different sources. pre_verified(Doc, Role1:Task1, Role2:Task2): Document Doc has been verified by the task Task direct(Doc, Role1:Task1, Role2:Task2): The document doc is transferred directly from task Task1 to task Task2. seg_pos(Task1, Task2): The task Task1 and the task Task2 are segregated into two different positions/roles. seg_agent(Task1, Task2): The task Task1 and the task Task2 are segregated into two different agent. perform(Agent, Task): The task Task is performed by an agent Agent. assign(Task, Role): The task Task is assigned to the role Role. occupy(Agent, Role): The agent Agent occupies the role Role. higher(Role1, Role2): The role Role1 is at a higher level than the role Role2 in the formal organizational hierarchy. socially_detached(Agent1, Agent2): The agent Agent1 and the agent Agent2 are socially detached from each other.
101
req: The act of requesting the purchase of goods or services verify_req: The act of reviewing the legitimacy, quality, quantity, and authority of a purchase request. quoting: The act of submitting bids for a contract. verify_quo: The act of comparing bidding prices and verify their reasonableness. bidding: The act of soliciting bids from supplies. verify_bid: The act of reviewing the qualification of bidding suppliers and the bidding price. ordering: The act of placing order to purchase products from suppliers. verify_ord: The act of reviewing the legitimacy, price, quantity, quality, and vendor eligibility of a purchase order. delivering: The act of physically delivering goods or services. verify_del: The act of verifying the quantity and quality of the delivered goods/serices. receiving: The act of physically inspecting, counting, and accepting the goods or services. verify_receiving: The act of reviewing the legitimacy, quantity, and quality of the received goods or services. invoicing: The act of requesting the payment for delivered goods or services. verify_inv: The act of verifying the invoice price, term, quantity, and legitimacy.
102
CHAPTER 5
vouchering: The act of recognizing payables for purchases. verify_vouchering: The act of reviewing the legitimacy, amount, and payee of vouchered payable. paying: The act of discharging the liability of purchase payables verify_paying: The act of reviewing the amount and payee of the payment. disbursing: The act of distributing the payment to vendors. collecting: The act of collecting payments from buyers. pr: The document for requesting purchases. rfb: The document for soliciting bids. bid: The document submitted by vendors to bid for purchases. vl: The document incorporating pre-approved vendors, their products, and their prices. po: The document for ordering products from vendors. sd: The documents accompanying the delivery of goods, such as bill of ladding, packaging list, etc. rr: The document specifying the quantity, quality and vendor of delivered goods or services. iv: The document requesting the payment for delivered goods or services. pv: The document recognizing the purchase payable
103
ck: The document issued to discharge payable liabilities. goods: The delivered merchandises. services: The delivered work. superior( Role1, Role2): The role Role1 is a direct supervisor of the role Role2.according to formal organization. socially_close(Agent1, Agent2): The agent Agent1 is socially close to the agent Agent2. control(ConTask, OpTask): The task ConTask is a control task for the operating task OpTask. The above primitive constants and predicates are closed vocabulary of the logic-based language. Users can also extend the vocabulary by adding constants representing roles/positions, documents, or accounting tasks. In addition, users can also use general deduction rules to reason about whether individual conditions constituting audit patterns are true. The syntax for adding general deduction rules and constants are as follows, where bold words represents the system commands. D. Syntax of general deductive rules <condition> if <conditions> E. Syntax of adding role constants role <constant> F. Syntax of adding document constants doc <constants>
104
CHAPTER 5
G. Syntax of adding task constants act <constants>
5.2.2 REPRESENTATION CONTROL PRIMITIVES
OF
GENERIC
PROCEDURAL
In Section 4.4, we have specified five generic procedural control primitives. Matching of audit patterns essentially involves matching instantiations of these primitives against an internal accounting control system. These procedural control primitives include: A. task(Role:Task) B. follow(Role1:Task1, Role2:Task2): C. doctask(InDocs, Role:Task, OutDocs) D. pre_verified(Doc, Role1:Task1, Role2:Task2) E. doc_direct(Doc, Role1:Task1, Role2:Task2):
This study has graphically represented these five generic procedural control primitives in the knowledge base. Figure 16 presents their graphical representations. To use these control primitives in pattern matching, their graphical representations are compiled into internal logical representations. These internal representations are transparent to the users; the users do not have to read them and understand their meanings in order to use the knowledgebased system. Table 10 shows the internal representation of the control primitive pre_verified(Doc, Role1:Task1, Role2:Task2). Other procedural control primitives have similar representations.
105
5.3 A DEMONSTRATIVE RUN OF THE KNOWLEDGE-BASED SYSTEM To demonstrate the working of the knowledge-based system, this Section describes a step-by-step operation of the system to evaluate an internal accounting control system. The internal accounting control system has been reported to allow a fraud to occur [Steele, 1987]. Note that, before the knowledge-based system is used, it has incorporated procedural control primitives, audit rules, domain-specific deductive rules, common accounting tasks, and common documents in the knowledge-based. This knowledge base is built by knowledge engineers, who might have acquired the knowledge from experts or literature. In Chapter 4, we have adopted a five-phase process to derive such a knowledge base. It is incorporated into our prototype knowledge-based system. The following shows the included knowledge base. Since the number of the audit rules are very large, we only include those rules relevant to this case.
106
CHAPTER 5
Figure 16. Graphical Representation of the Five Primitive Procedural Control Primitives
107
GRAPH ELEMENTS: calltrans_node('Audit: pre_verified(Doc, X:A, Y:B)', c1, ''). doc_node('Audit: pre_verified(Doc, X:A, Y:B)', d1, ['Doc'], []). doc_node('Audit: pre_verified(Doc, X:A, Y:B)', d2, ['Doc'], []). doc_node('Audit: pre_verified(Doc, X:A, Y:B)', d3, ['Doc'], []). docin('Audit: pre_verified(Doc, X:A, Y:B)', link1, d1, t1). translistin('Audit: pre_verified(Doc, X:A, Y:B)', link2, p1, t1). docout('Audit: pre_verified(Doc, X:A, Y:B)', link3, t1, d2). calldocin('Audit: pre_verified(Doc, X:A, Y:B)', link4, d2, c1). translistout('Audit: pre_verified(Doc, X:A, Y:B)', link5, t1, p2). calldocout('Audit: pre_verified(Doc, X:A, Y:B)', link6, c1, d3). docin('Audit: pre_verified(Doc, X:A, Y:B)', link7, d3, t2). transout('Audit: pre_verified(Doc, X:A, Y:B)', link8, t2, s1). node_list('Audit: pre_verified(Doc, X:A, Y:B)', p1, []). node_list('Audit: pre_verified(Doc, X:A, Y:B)', p2, []). place_node('Audit: pre_verified(Doc, X:A, Y:B)', s1, []). trans_node('Audit: pre_verified(Doc, X:A, Y:B)', t1, 'X':'A'). trans_node('Audit: pre_verified(Doc, X:A, Y:B)', t2, 'Y':'B'). TRANS ASSERTIONS: audittrans('Audit: pre_verified(Doc, X:A, Y:B)', c1, [[d2, [], ['Doc']]], [[d3, [], ['Doc']]], [], skip(1)). audittrans('Audit: pre_verified(Doc, X:A, Y:B)', t2, [[d3, [], ['Doc']]], [[s1, [], []]], [], 'Y':'B'). audittrans('Audit: pre_verified(Doc, X:A, Y:B)', t1, [[d1, [], ['Doc']], nodelist(p1)], [[d2, [], ['Doc']], nodelist(p2)], [], 'X':'A'). GRAPH PROGRAM: pre_verified(_2625, _2605:_2606, _2637:_2638) ==> [ audittrans(_2611, _2545, [[_2595, [], [_2625]]], [[_2619, [], [_2625]]], [], skip(1)), audittrans(_2611, _2578, [[_2585, [], [_2625]]|_2584], [[_2595, [], [_2625]]|_2594], [], _2605:_2606), audittrans(_2611, _2612, [[_2619, [], [_2625]]], [[_2629, [], []]], [], _2637:_2638), ] :true.
Table 10. Internal Representation of The Pre_verified Primitive
108
CHAPTER 5
/* Domain-Specific Deductive Rules */ furnished(Doc, Role:Task) if match doctask(InDocs, Role:Task, OutDocs) and doc_member(Doc, InDocs). generate(Agent, Doc) if match doctask(InDocs, Role:Task, OutDocs) and doc_member(Doc, OutDocs) and not doc_member(Doc, InDocs). independent(SupDoc, VerDoc) if generate(Agent1, VerDoc) and match verified(SupDoc, Role1:Task1, Role2:Task2) and occupy(Agent2, Role1) and Agent1 <> Agent2. perform(Agent, Task) if match task(Role:Task) and occupy(Agent, Role). seg_position(Task1, Task2) if match task(Role1:Task1) and match task(Role2:task2) and Role1 <> Role2. seg_agent(Task1, Task2) if perform(Agent1, Task1) and perform(Agent2, Task2) and Agent1 < > Agent2. higher(Role1, Role2) if superior(Role1, Role2). higher(Role1, Role2) if superior(Role1, Role3) and higher(Role3, Role2).
109
socially_detached(Agent1, Agent2) if not socially_close(Agent1, Agent2).
/* Relevant Audit Rules */ if match task(Role1:ordering) and not match task(Role2:verify_ord) warning ['A task of verifying ordering should be added.']. if match task(Role1:receiving) and not match task(Role2:verify_rec) warning ['A task of verifying receiving should be added.']. possible(X, iss_illegitimate_order) if match task(Role1:ordering) and not match task(Role2:verify_ord) and occupy(X, Role1). possible(X, iss_false_rec_report) if match task(Role1:receiving) and not match task(Role2:verify_rec) and occupy(X, Role1).
if possible(X, iss_illegitimate_order) and possible(X, iss_false_rec_report) warning [X, 'might have embezzled goods'] because [X, 'could issue illegitimate order and false receiving report'].
/* Task Declaration */ act req. % requisitioning act verify_req. % verify_requisitioning
110
CHAPTER 5
act act act act act act act act act act act act act act act act
bidding. % bidding verify_bid. % verify_bidding ordering. % ordering verify_ord. % verify_ordering delivering. % delivering receiving. % receiving verify_rec. % verify_receiving invoicing. % invoicing inv_pro. % invoice_processing verify_inv_pro. % verify_invoice_processing vouchering. % vouchering verify_vch. % verify_vouchering paying. % paying verify_pay. % verify_paying disbursing. % disbursing inv_rec. % inventory recording
/* Document Declarations */ doc 'PR'. % purchase requisition doc 'IR'. % inventory record doc 'BID'. % bid doc 'PO'. % purchase order doc 'VL'. % vendor list doc 'SD'. % shipping document doc 'IV'. % invoice doc 'RR'. % receiving report doc 'PV'. % payable voucher doc 'CK'. % check doc goods. % delivered goods To use the knowledge-based system, the users will follow the following steps:
111
Step 1. Declarations of Roles/Positions. User would use the role command to add the positions/roles involved in the internal accounting control system. Since different companies have different titles for their positions, we treat the vocabulary of roles as open vocabulary. These roles are declared as the following for this case.
/* Role Declarations */ role inv_clerk. % inventory clerk role inv_mgr. % inventory manager role pur_agt. % purchase agent role pur_mgr. % purchase manager role vendor. % vendor role rec_clerk. % receiving clerk role ware_clerk. % warehouse clerk role pay_clerk. % payable clerk role pay_mgr. % payable manager role acct. % accountant role cashier. % cashier role treasurer. % treasurer Step 2. Modeling the accounting procedure. Users use graphical representation for this modeling. Figure 17 presents the graphical representation of the accounting procedure in the example internal accounting control system. After the graphical representation is completed, it is compiled into an internal representation. Like the procedural control primitives, the internal representation is necessary for pattern matching, but the users do not need to understand its meaning in order to use the knowledge-based system. Step 3. Modeling the organizational aspect. Users use organizational control primitives to represent the organizational aspects of an internal accounting control system. Recall that the the organizational control primitives include task(Role:Task), occupy(Agent, Role), dir_superior(Role1, Role2), and socially_close(Agent1, Agent2). These primitive relations can be found in the organizational chart and position descriptions, or from direct observations. For the example, the organizational knowledge is represented as the following.
112
CHAPTER 5
Note that the task(Role:Task) relations have been included in the graphical representation of the accounting procedures. /* Modeling of Organizational Aspects */ occupy(george, inv_clerk). occupy(eric, inv_mgr). occupy(john, pur_agt). occupy(mary, pay_clerk). occupy(gary, acct). occupy(jenny, pay_mgr). occupy(laura, cashier). occupy(tom, treasurer). dir_superior(inv_mgr, inv_clerk). dir_superior(inv_mgr, pur_mgr). dir_superior(pay_mgr, pay_clerk). dir_superior(pay_mgr, acct). dir_superior(treasurer, cashier). socially_close(pay_mgr, treasurer).
113
Figure 17. Graphical Representation of the Accounting Procedure in the Internal Accounting Control System. Step 4. Evaluate the modelled internal accounting control system. After modeling both the procedural and organizational aspects of an internal accounting control system, the users can invoke the "audit check" command to
114
CHAPTER 5
evaluate the system. When the audit command is issued, the knowledge-based system will try to match the audit patterns incorporated in audit rules against the model of the internal accounting control system. A control weakness is identified when an audit pattern is matched. Matching of audit patterns essentially involves matching instantiations of control primitives against an internal accounting control system. Applying the audit rules, the knowledgebased system points out the weakness, identify the associated fraud potentials, and explain the reasons. These evaluation results are provided as outputs to the users. To use our example to explain the evaluation process, we have identified the relevant audit rules in the followings. Note that Rule1 and Rule 2 are warning audit rules, Rule 5 an explaining audit rule, and Rule 3 and Rule 4 inference audit rules. Recall that the inference audit rules are applied when the application of explaining audit rules invokes their applications. After the "audit check" command is issued, the knowledge-based system first tries to prove whether the antecedents of Rule 1 are true. These antecedents comprises an audit pattern. Accordingly, it tries to match the clauses task(Role1:ordering) and task(Role2:verify_ord) against the internal accounting control system. These two clauses are instantiations of the control primitive task(Role:Task). If the clause task(Role1:ordering) is found to be true and the clause task(Role:verify_ord) is not, then the audit pattern is matched. The Knowledge-based system will then provide a warning message "A task of verifying ordering should be added." to the users. The application of Rule 2 follows the same process. The application of Rule 5 requires the proof of its antecedent conditions, which in turn invokes the applications of Rule 3 and Rule 4. Using our example, we can explain the process of pattern matching and fraud potentials identification as follows. In Rule 1, the audit pattern is consisted of task(Role1:ordering) and not task(Role2:verify_ord) Therefore, it includes two formulas: t a s k ( R o l e 1 : o r d e r i n g ) and task(Role2:verify_ord). Since these two formula are partial instantiations of the procedural control primitives task(Role:Task), they can be represented graphically. Figure 18 shows the graphical representation of the generic control primitive and the two formula. In essence, when conducting the pattern matching, the knowledge-based system will attempt to match the graphical
115
representation of these conditions against the graphical model of the accounting procedure presented in Figure 17. Since the graph representing t a s k ( R o l e : o r d e r i n g ) is matched and the graph representing task(Role:verify_order) is not, the audit pattern is recognized to be present in the internal control system. As a result, the warning message "A task of verifying ordering should be added" is provided to the user. The application of other rules would follow the same process. /* Relevant Audit Rules */ Rule 1: if match task(Role1:ordering) and not match task(Role2:verify_ord) warning ['A task of verifying ordering should be added.']. Rule 2: if match task(Role1:receiving) and not match task(Role2:verify_rec) warning ['A task of verifying receiving should be added.']. Rule 3: possible(X, iss_illegitimate_order) if match task(Role1:ordering) and not match task(Role2:verify_ord) and occupy(X, Role1). Rule 4: possible(X, iss_false_rec_report) if match task(Role1:receiving) and not match task(Role2:verify_rec) and occupy(X, Role1).
116
CHAPTER 5
Rule 5: if possible(X, iss_illegitimate_order) and possible(X, iss_false_rec_report) warning [X, 'might have embezzled goods'] because [X, 'could issue illegitimate order and false receiving report'].
Figure 18. The Generic Control Primitive Task(Role:Task) and Its Two Instantiations
/* The Evaluation Results */ WARNING: A task of verifying ordering should be added. WARNING: A task of verifying receiving should be added.
WARNING: john might have embezzled goods. BECAUSE: john could issue illegitimate order and false receiving report.
117
CHAPTER 6. CONCLUSIONS AND FUTURE RESEARCH 6.1 GENERAL CONCLUSIONS The evaluation of internal accounting control systems is an important and complicated task to auditors and managers. This study has proposed and validated a schema-based reasoning approach for automatically identifying fraud potentials exposed by an internal accounting control system. The proposed approach integrates the schema theory for knowledge representation and pattern recognition for inferencing. It is intended to emulate how auditors evaluate internal accounting control systems. Based on previous studies in cognitive science and auditing, we posit that experienced auditors organize tend to use atypical deviations from a schema as a means of memorizing experiences. When evaluating an internal accounting control system, they would recognize those atypical deviations as control weaknesses and deliberate on their consequent risks. Rules associating control weaknesses with control risks are usually applied during the evaluation process. These rules might be acquired from previous auditing experiences or auditing literature. A prototype knowledge-based system is developed to validate the approach. The knowledge-based system takes a model of an internal accounting control system as input, matches it against audit patterns, and identifies fraud potentials associated with matched audit patterns. Thirty past fraudulent cases are used for the validation. It was found that the knowledgebased system is able to identify the frauds potentials which have indeed occurred in these cases. To facilitate the development of the knowledge-based system, we have dealt with the issues of representational formalism, knowledge extraction, and pattern driven inferencing. Firstly, we adopt Predicate/Transition nets as the formalism for representing an internal accounting control system. The graphical constructs of Predicate/Transition Petri nets is used for modeling accounting procedures, while a logic-based language is designed for modeling the plan of organization and annotating the accounting procedures. The appropriate ontology deemed necessary for the model is specified based on structural role theory and social action theory.
119
120
CHAPTER 6
Secondly, a five phase process is adopted for deriving control patterns, audit patterns, and audit rules, control primitives, and domain-specific deduction rules. Control patterns are stereotypical relations between tasks, information repositories, agents, and positions. Audit patterns are abnormal relations indicating control weakness. Audit rules associate audit patterns with fraud potentials. Control primitives are basic general relations among elements in an internal accounting control system. Domain-specific deductive rules are rules for inferencing about the constituting conditions of audit patterns. Three sources of knowledge serve as the basis for deriving these auditing domain knowledge: first order theory of speech acts, reconstructive expertise from auditing literatures, and case studies. Speech act theory is used to explicate the nature of acts and documents inherent in an internal accounting control system. Textbooks and auditing journals provide general principles for appropriate relations among internal control elements. Case studies identify fraud potentials exposed by various control weaknesses. Thirdly, a pattern matching algorithm is used for matching the graphical representation of audit pattern conditions against those of accounting procedures to detect control weaknesses existing in an internal accounting control system. After the control weaknesses are recognized, their resultant fraud potentials are pointed out. Before the matching, the graphical representations are first converted into logical internal representations. However, these logical internal representations are transparent to the users. 6.2 CONTRIBUTIONS OF THE STUDY Over the past several decades, various researchers have attempted to develop new methodologies and technologies for helping auditors and managers evaluate internal accounting control systems. This study has provided both theoretical and practical contributions to this endeavor. Theoretically, we have proposed and validated an approach for designing a knowledge-based system for automatic evaluation of internal accounting control system. We have theorized the ontology of an internal internal accounting control system, explored the nature of its elements, and discussed their appropriate relations for achieving control objectives. We have also designed a formal representation scheme, allowing auditors or managers to formally model
CONCLUSIONS AND FUTURE RESEARCH
121
internal accounting control systems. In addition, we have proposed a five phase process for deriving a domain knowledge for identifying fraud potentials. Using this methodology, we have compiled a preliminary internal control theory consisted of various audit rules, which are validated through past fraudulent cases. Practically, the knowledge-based system proposed and prototyped by this study has provided a useful decision aid for helping auditors or managers evaluate internal accounting control systems. The graphical interface provided by the knowledge-based system is easy for the auditors/managers to learn and use, since they have been used to drawing system flowcharts of accounting procedures. In addition, since the logic-based language has a small set of vocabulary and simple forms of expressions, auditors should be able to use it to model plan of organization and formulate audit rules. As the evaluation of internal accounting control systems is a demanding task, the knowledge-based system will prove to be very valuable, economically and competitionally. 6.3 LIMITATIONS This study has several limitations. Firstly, the knowledge-based system proposed by this study is not intended to completely replace human judgment. Evaluation of internal accounting control system is a complicated task. It is very unlikely that a knowledge base is able to include all the necessary audit rules to detect all possible control weakness and identify all the fraud potentials, since there are so many ways to violate implemented controls. This is like designing a program for detecting viruses; it is impossible to design a program in advance for detecting all potential schemes of virus programs. As a result, the audit rules have to be refined whenever a new fraud is discovered and the causing control weaknesses are identified. Meanwhile, when using the knowledge-based system for evaluating internal accounting control systems, user must exercise their own judgment to compensate for this drawback. Secondly, the proposed approach does not incorporate administrative controls. Administrative controls might be able to compensate the weaknesses existing in an internal accounting control system. Therefore, it is likely that a knowledge-based system based on this approach will identify some fraud potentials, which in fact could have been prevented by some administrative
122
CHAPTER 6
controls. This should not be a problem for the auditors/managers, since they would rather be more cautious. In addition, the clients or system designers will be eager to point out such administrative controls, since they do not like to take the undue criticism. Thirdly, this study provide only an informal semantics, instead of a formal one, for the vocabulary denoting accounting tasks and information repositories. Therefore, it relies on the users' ability to identify these accounting tasks and information repositories based on the informal semantics. Sometime, the identification of these accounting tasks and information repositories might be obscure. For example, users will have to recognize that a shipping document signed by the receiving clerk is a receiving report if it serves the same purposes as a separate receiving report. 6.4 FUTURE RESEARCH DIRECTIONS Several extensions to the current study might be possible. First, the scope of the domain could be extended to other accounting cycles other than the purchase and payment cycle. The control patterns, audit patterns, and audit rules could be derived for these cycles. The derivation should be relatively straightforward following the five phase process proposed in Chapter 4. Second, the proposed approach can be extended to address the data reliability issue. An internal accounting accounting control system has two main functions: assurance of reliable accounting data and protection of organizational assets. This study only addresses the asset protection aspect of an internal accounting control system. As the data reliability issue is also a major concern for an auditor or manager, the incorporation of this issue in the proposed approach is deemed necessary. Third, the knowledge-based system could be extended to include the consideration of administrative controls. Most administrative controls are not imbedded in accounting procedures and plan of organizations. Instead, they involve the application of quantitative methods for planning and controlling. For example, statistical methods might be used to prepare purchase budget and evaluate the necessity of purchases based on the budget. Their incorporation might requires extension of the representation scheme proposed by this study.
CONCLUSIONS AND FUTURE RESEARCH
123
Fourth, empirical studies could be conducted to compare the performance of the proposed knowledge-based system against that of expert auditors. In addition, human behavior research could be performed to investigate whether expert auditors takes the schema-based reasoning approach in their evaluation of internal accounting control systems. Previous auditing studies have found that auditors do organization their knowledge in terms of schemas; however, none of them have investigated the role of pattern recognition in the process of internal control evaluation. Several issues could be addressed by this type of studies. These issues include :(1) whether and how expert auditors derive audit patterns, (2) how they organize the audit patterns, and (3) whether and how they match the audit patterns against an internal accounting control system to recognize control weaknesses.
BIBLIOGRAPHY Albrecht, W.S., Howe, K.R., and Romney, M.B., 1984, Deterring Fraud: The Internal Auditor's Perspective, The Institute of Internal Auditors Research Founcation, Altamonte Springs, Florida. American Institute of Accountants, 1949, Internal Control, New York, N.J. American Institute of Certified Public Accountants, 1973, Report of conclusions by the commission on Auditors' Responsibilities. Commerce Clearing House, Inc, Chicago, IL. American Institute of Certified Public Accountants,1973, Statement on auditing standards (No. 1). Commerce Clearing House, Inc. Chicago, IL. Ashton, R. H., & Brown, P. R., 1980, "Descriptive modeling of auditors' internal control judgments: replication and extension". Journal of Accounting Research, 18, 269-277. Ashton, R. H., 1974, "An experimental study of internal control judgments". Journal of Accounting Research, 12,143-157. Austin, J. L., 1962, How to Do Things with Words. Harvard University Press, Cambridge, MA. Bailey, A. D., Duke, G. L., Gerlach, J., Ko, C., Meservy, R. D., and Whinston, A. B., 1985a. "TICOM and the analysis of internal controls". Accounting Reviews, 186-201. Bailey, A. D., Gerlach, J. H., Whinston, A. B., 1985b, Office Systems: Technology and Organizations, Reston Publishing Company, Inc, Reston, VA. Bailey, A. D., McAfee, R. P., and Whinston, A. B., 1981, "Application of Complexity Theory to the Analysis of Internal Control System," Auditing: A Journal of Practice and Theory, Vol. 1, No. 1, pp. 38-52.
125
126
BIBLIOGRAPHY
Bailey, A.D., Gerlach, J., McAfee, R. P., and Whinston, A. B., 1981, "Internal Accounting Controls in the Office of the Future," IEEE Computer, pp. 59-70. Bailey, A.D., Whinston, A.B., and Zacarias, P.T., 1989, "Knowledge Representation Theory and the Design of Auditable Office Information Systems", Journal of Information Systems, Spring 1989, pp. 128. Bailey, A.D., McAfee, R. P., and Whinston, A. B., 1983 "An OIS Model for Internal Accounting Control Evaluation," ACM Transactions on Office Information Systems, Vol. 1, No. 1, pp. 25-44. Barbic, F., S. Ceri, and G. Bracchi, 1985 "Modeling and Integrating Procedures in Office Information Systems Design", Information Systems, Vol. 10, No. 2, pp 149-168. Baumgarten, H., Burkhardt, H., Ochsenschlager, P., and Prinoth, R., "The Signing of a Contract - a Tree-Structured Application Modelled with Petri Net Building Blocks," in Lecture Notes in Computer Science, Vol. 254, pp. 1-18, Springer-Verlag. Bodnar, G., 1975, "Reliability Modeling of Internal Control Systems," The Accounting Review, October, pp., 747-756. Bologna, J., 1984, Corporate Fraud: The Basics of Prevention and Detection, Butterworth Publishers, Boston, MA.
Borgida, A., 1985, "Features of Languages for the Development of Information Systems at the Conceptual Level", IEEE Software, January. Brauer, W., Reising, W., and Rozenberg, G., ed., 1986, Petri Nets: Central Models and Their Properties, Advances in Petri Nets 1986, Part 1, Proceedings of an Advanced Course, Bad Honnef, September 1986.
BIBLIOGRAPHY
127
Brodie, M. L., Mylopoulos, J., and Schmidt, J. W., 1982, On Conceptual M o d e l l i n g : Perspectives from Artificial Intelligence, Databases, and Programming Languages.. Burns, D. and J, Loebbecke, 1975, "Internal Control Evaluation: How the Computer Can help," Journal of Accountancy, August 1975, pp. 60-70. Chang, C. L., 1985, Introduction Techniques, JMA Press, Taiwan. to Artificial Intelligence
Charniak, E., and McDermott, D., 1985, Introduction to Artificial Intelligence, Addison-Wesley, Reading, MA. Choo, F. and Trotman, K. T., 1991, "The Relationship Between Knowledge structure and Judgments for Experienced and Inexprienced Auditors", The Accounting Review, Vol. 66, No. 3, pp. 464-485. Christ, Mary Y., Attention and Encoding During Audit Planning: An Experimental Study Using a Schematic Framework, Ph.D. Dissertation, University of Texas at Austin, 1988. Colantoni, C. S., Manes, R. P., and Whinston, A. B., "A Unified approach to the Theory of Accounting and Information Systems", The Accounting Review, pp. 90-102. Commoner, F. and Holt, A., 1971, "Marked directed graphs, " Journal of Computer and System Science, Vol. 5, pp. 511-523. Cushing, B. E., 1974,"A mathematical approach to the analysis and design of internal control systems", Accounting Reviews, 49, 24-41. Davis, R., Buchanan, B.G., and Shortliffe, E.H., "Production Rules as a representation for a knowledge-based consultation system," Artificial Intelligence Vol.8, pp.15-45, 1977. Davis, R., "Diagnostic Reasoning Based on Structure and Behavior", Artificial Intelligence, 24, PP. 347-410, 1984.
128
BIBLIOGRAPHY
DeCindio, F., DeMichelis, G., Simone, C., 1986,"GAMERU: A Language for the analysis and design of human communication pragmatics within organizational systems", Proc. of the 7th European Workshop on Application and Theory of Petri Nets, Oxford, June/July. Ellis, C. A., 1979,"Information Control Nets: A Mathematical Model of Office Information Flow, " ACM Proc. Conf. Simulation, Modeling and Measurement of Computer Systems, August, PP. 225-240. Ellis, C. A., and Nutt, G. J., 1980,"Office Information Systems and Computer Science," ACM Computer Surveys, Vol. 12, No. 1, March, PP. 2760. Ellis, C.A., and Gibbons, R., and Morris, P., 1979,"Office Streamlining," Proc. International Workshop Integrated Office Systems, November. Everest, G. C., and Weber, R., 1977, "A Relational Approach to Accounting Models", The Accounting Review, April , pp.340-59. Feigenbaum, E.A. and Feldman, J., eds. 1963, Computer and Thought, New York, McGraw-Hill. Felix, W. and Niles, M., "Research in Internal Control Evaluation," Auditing: A Journal of Practice & Theory, Vol. 7, No.2, pp. 4360, Spring 1988. Findler, N. V., ed. 1979, Associative Networks: Representation and Use of Knowledge by Computers, Academic Press, New York. Frederick, David M., Auditors' Representation and Retrieval of Knowledge in Internal Control Evaluation, Ph.D. Dissertation, University of Michigan, 1986. Gal, G., 1985, Using Auditor Knowledge to Formulate Data Model Constraint: Expert Systems for Internal Control Evaluation, Unpublished Ph.D. Dissertation, Michigan State University. Genrich, H., and Lautenbach, 1981, "System Modelling with High-Level Petri Nets", Theoretical Computer Science, Vol 13, 109-136.
BIBLIOGRAPHY
129
Genrich, H., and Lautenbach, 1986, "Predicate/Transition Nets," in Lecture Notes in Computer Science, Vol. 254, pp. 207-249. Genrich. H. and Lautenbach, K., 1979, "The Analysis of Distributed Systems by Means of Predicate/Transition Nets," in Lecture Notes in Computer Science, Vol. 70, pp. 123-146. Gerlach, J. H., Internal Accounting Control Design, Evaluation and Implementation in Automated Office Information Systems, Unpublished Ph.D. Dissertation, School of Management, Purdue University, 1982. Graesser, A. C., and Nakamura, G. V., 1982, "The impact of schema on comprehension and memory", The Psychology of Learning and Motivation, 16, pp. 60-109. Graeser, A. C., Gordon, S. E., and Sawyer, J.D., 1979, "Recognition memory for typical and atypical actions in scripted activities: Tests of a script pointer + tag hypothesis", Journal of Verbal Learning and Verbal Behavior 18 (June), pp. 319-32. Graeser, A. C., Woll, S. B., Kowalski, D. J., abd Smith, D.A., 1980, "Memory for typical and atypical actions in scripted activities", Journal of Experimental Psychology: Human Learning and Memory, 6 (September), pp. 503-15. Grudnitski G., A Prototype of an Internal Control Expert System for the Sales Accounting Receivable Application, University of Texas at Austin Working Paper, 1986. Habermas, J., 1981, The Theory of Communicative Action (Vol. 1): Reason and the Rationalization of Society, Boston, MA. Hamilton, R. E. & Wright, W. F., 1982, "Internal control judgments and effects of experience: replications and extensions", Journal of Accounting Research, 20, 756-765. Hamlen, S. S., 1980, "A chance-constrained mixed integer programing model for internal control design", Accounting Review, 55, 578-593.
130
BIBLIOGRAPHY
Hammner, M., and McLeod, 1981, "Database Description with SDM: A Semantic Database Model," ACM Transactions on Database Systems, Vol. 6, No. 3, September. Hammond, K., 1987, "Explaining and Repairing Plans that Fail," in the Proceedings of the IJCAI-87. Han, K. S., 1989, A Formal Algorithmic Model Compatible with Accounting Information Systems, Unpublished Ph.D. dissertation, Purdue University. Hansen, J.V., and Messier, W. F. Jr., "A Preliminary Test of EDP-Expert", Auditing: A Journal of Practice and Theory, 6, Fall 1986, pp. 109-112. Hansen, J.V., and Messier, W. F. Jr., "Expert Systems for Decision Support in EDP Auditing", International Journal of Computer and Information Sciences, 1982, pp. 357-379. Haseman, W. D., and Whinston, A. B. 1977, Introduction to Data Management, Richard D. Irwin. Haseman, W. D., and Whinston, A. B., 1976, "Design of a Multi-dimensional Accounting System", The Accounting Reviews, January, pp. 65-79. Haskins, Mark E. & Nanni, Afred J., "Toward Attribute Models of Accounting Control Systems: Qualitative versus Quantitative Approaches", Journal of Accounting Literature, Vol. 6, 1987, pp. 111-130. Hewitt, C. E., 1971, "PLANNER: A Language for Proving Theorems in Robots", Proc. International Joint Conference on Artificial Intelligence, Washington, D.C., August . Holt, A., 1986, "Coordination technology and Petri Nets," in Lecture Notes in Computer Science, Vol. 222, pp. 278-296, 1986. Holt, A., 1988, "Diplan: A New Language for the Study and Implementation of Coordination", ACM Transactions on Office Information Systems, Vol. 6, No. 2, April, pp. 109-125.
BIBLIOGRAPHY
131
Huber, P., Jensen, A., Jensen, L., and Jensen, K., 1986, "Reachability trees for high-level Petri nets," Theoretical Computer Science, Vol. 45, pp. 261-292. Jensen, K., 1986, "Coloured Petri Nets," in Lecture Notes in Computer Science, Vol. 254, pp. 248-299. Johnson, P.E., "What kind of Expert Should a System Be?" Journal of Medicine and Philosophy, 1983. Kimbrough, S., Lee, R., & Ness, D., 1984, "Performative, Informative and Emotive Systems: The First Piece of the Pie", Proceedings of ICIS, 1984. Knechel, W. R., 1985a, "An analysis of alternative error assumptions in modeling the reliability of accounting systems," Journal of Accounting Research, Spring, 194-212. Knechel, W. R., 1985b, "A simulation model for evaluating accounting system reliability", Auditing: A Journal of Practice & Theory, 4, 38-62. Kolodner J.L. and Riesbeck, C.K. , 1986, Experiences, Memory and Reasoning. Lawrence Erlbaum Associates, Hillsdale, N.J. Kolodner J.L., 1983a, "Maintaining Organization in a dynamic long-term memory", Cognitive Science, Vol.7, No.4, pp. 243-280. Kolodner J.L., 1983b, "Reconstructive memory: A computer model", Cognitive Science, Vol.7, No.4, pp. 281-328. Kolodner, J.L., 1984, Retrieval and Organizational Strategies in Conceptual Memory, Lawrence Erlbaum Associates, Hillsdale, N.J. Kolodner, J.L., 1987, "Capitalizing on failure through case-based inference," in the Proceedings of the Ninth Annual Conference of the Cognitive Science Society, Lawrence Erlbaum Associates, Hillsdale, N.j.
132
BIBLIOGRAPHY
Lee, R. M., 1988, "Bureaucracies as deontic systems",ACM Transactions on Office Information Systems, Special Issues on LanguageAction Perspectives, Vol. 6, No.2, 87-108. Lee, R. M., Kudva, L., and Willrich, C., 1990, The CASE/EDI Shell User Documentation. Lehtinen, E., & Lyytinen, K., 1986, "Action Based Model of Information System", Information Systems, 11, 299-317. Lieberman, A. Z., and Whinston, A. B., 1975, "A Structuring of an EventsAccounting Information System", The Accounting Review, April , pp. 246-58. Martinez, J. , Alla, H. , and Silva, "Petri nets for the specification of flexible manufacturing systems" in Modeling and Design of Flexible Manufacturing Systems. New York, Elsevier Science Publication, pp. 389-406. Mautz, R. K., and Sharaf, H. A., 1961, The Philosophy of Auditing., Sarasota, FL: AAA. McCarthy, W.E., 1977, "An Entity-Relationship View of Accounting Models", The Accounting Review, October, pp.667-86. McCarthy, W.E., 1982, "The REA Accounting Model: A Generalized Framework for Accounting Systems in a shared Data Environment", The Accounting Review, July, pp.554-78. Meldman, J., and Holt, A., 1971, "Petri nets and legal systems," Jurimetrics journal, Vol. 12, No. 2, pp. 65-75. Meservy, R., Bailey, A., and Johnson, P., "Internal Control Evaluation: A computational Model of the Review Process," Auditing: A Journal of Practice & Theory, Vol. 6, No. 1, pp. 44-74. Murata, T., 1989, "Petri Nets: Properties, Analysis and Applications", Proceedings of The IEEE, Vol. 77, No. 4.
BIBLIOGRAPHY
133
Mylopoulos, J., and Levesque, H. J., 1982, "An Overview of Knowledge Representation", in (Brodie et. al., 1982). Nutt, G. J., and Ricci, P. A., 1981, "Quinalt: An Office Modeling System," IEEE Computer, May, PP. 41-57. O'Keefe, R.M., Balci, O., and Smith, E.P., 1987, "Validating Expert System Performance", IEEE Expert, Winter 1987, pp.81-90. O'Leary, D.E., 1987, "Validation of Expert Systems-With Applications to Auditing and Accounting Expert Systems", Decision Sciences, Vol. 18, Summer 1987, 468-486. Oeser, O. A., and Harary, F., 1962, "A Mathematical Model for Structural Role Theory, I", Human Relations, 14, pp. 89-109. Oeser, O. A., and Harary, F., 1964, "A Mathematical Model for Structural Role Theory, II", Human Relations, 16, pp. 3-17. Oeser, O. A., and O'Brien, G., 1966, "A Mathematical Model for Structural Role Theory, III", Human Relations, 16, pp. 83-97. Pagnoni, A., 1988, "Stochastic Nets and Performance Evaluation", in Lecture Notes in Computer Science, Vol. 340 , pp. 460-478, SpringerVerlag. Peterson, J. L. , 1981, Petri Net Theory and Modeling of Systems, Prentice-Hall Inc., Englewood Cliffs, NJ. Peterson, J. L., 1977, "Petri Nets", Computing Surveys, 9, 224-252. Petri, C., 1980, "Introduction to general net theory", in Lecture Notes in Computer Science, Vol. 84, pp. 1-20, Springer-Verlag. Porn, I., 1977, Action Theory and Social Science: Some Formal Models, D. Reidel Publishing Company, Dordrecht, Holland. Reisig, W., 1985, "Petri nets with individual tokens," Theoretical Computer Science, 41, 185-213. Reisig, W., 1985, Petri Nets: An Introduction, Springer-Verlag, Berlin.
134
BIBLIOGRAPHY
Rich, C., 1982, "Knowledge Representation Languages and Predicate Calculus: How to Have Your Cake and Eat it Too," Proc. AAAI National Conference, Pittsburg, Penn.. Rich, E., 1983,Artificial Intelligence, McGraw-Hill, Inc.. Robertson, J. C., and Davis, F. G., 1985, Auditing, 4th edition, Business Publication Inc., Plano, TX. Rumelhart, D. E., 1980, "Schemata: The Building Blocks of cognition", in Theoretical Issues in Reading Comprehension, edited by R. J. Spiro et al., Hillsdale, NY, Erlbaum. Rumelhart, D. E. and Ortony, A., 1977, "The representation of knowledge in memory," in Schooling and the Acquisition of Knowledge, edited by Anderson, R. et al., Hillsdle, NJ: Erlbaum. Schank, R. C. , ed., 1975, Conceptual Information Processing, NorthHolland, Amsterdam. Schank, R. C. , and Abelson, R., 1977, "Scripts, Plans, and Knowledge," in Thinking: Reading in Cognitive Science, Edited by Johnson_laird, P. N. and P.C. Wason, Cambridge: Cambridge University Press. Schank, R. C. , and Abelson, R., 1977, Scripts, Plans, Goals and Understanding, Hillsdale, NJ: Erlbaum. Schmidt, D. F., and Sherman, R.C., 1984, "Memory for persuasive messages: A test of a schema-copy-plus-tag model", Journal of Personality and Social Psychology, Vol 47 [July], pp.17-25. Searle, J. and Vanderveken, D., 1985, Foundations of Illocutionary Logic. Cambridge University Press, London. Searle, J., 1969, Speech Acts--An Essay in the Philosophy of Language. Cambridge University Press, London. Searle, J., 1979, Expression and Meaning--Studies in the Theory of Speech Acts. Cambridge University Press, London.
BIBLIOGRAPHY
135
Seebass, G. and Tuomela, R., eds.., 1985, Social Action, D. Reidel Pub. Co., Dordrecht, Holland. Silvester, W. H., 1979, Analysis of Fraud Cases - Aids to the Auditors, Unpublished Ph.D. dissertation, University of Missouri. Simon, H. A., 1979, "Information Processing Models of Cognition," Annual Review of Psychology, pp. 363-396. Srinidhi, B. N., 1988, "Mathematical formulation of the task segregation problem in internal control system design", Decision Sciences, 19, 116. Smith, D.A., and Graesser, A.C., 1981, "Memory for actions in scripted activities as a function of typicality, retention, interval, and retrieval task.", Memory and Cognition, 9, pp. 550-59. Steele, Hilliard T., "Business Fraud as Reported by Internal Aucitors in the Internal Auditor," Internal Auditor, June 1989, pp. 67-69. Stratton, W. O., 1981,"Accounting systems: the reliability approach to internal control evaluation", Decision Sciences, 12, 51-67. Taylor, S. E., and Crocker, J., 1981, "Schematic bases of social information processing", in Social Cognition, the Ontario Symposium, edited by E. T. Higgins et al., Hillsdale, NJ, Erlbaum. Tuominen, H., 1988, "Elementary Net Systems and Dynamic Logic", Proceeding of the 9th European Workshop on Application and Theory of Petri Nets, Venice, Italy, June, 1988. Turner, Roy M., "Case-based and Schema-based Reasoning for Problem Solving," in Proceedings of a Workshop on Case-Based Reasoning, 1989. Turner, Roy M., "Opportunistic use of schemata for medical diagnosis," in Proceedings of the tenth Annual Conference of the Cognitive Science Society, 1988a.
136
BIBLIOGRAPHY
Turner, Roy M., "Using Schemata for diagnosis," in Proceedings of the Twelfth Annual Symposium on Computer Appliance in Medical Care, 1988b. Valavnis, K., 1990, "On the Hierarchical Modeling Analysis and Simulation of Flexible Manufacturing Systems with Extended Petri Nets", IEEE Transactions on Systems, Man, and Cybernetics, Vol. 20, No. 1, pp.94-110. Valette, R., 1986, "Nets in Production Systems", in Lecture Notes in Computer Science, Vol. 254, pp. 191-217, Springer-Verlag. Vasarhelyi, M., 1980, "A Taxonomization of Internal Controls and Errors for Audit Research," Proceedings of the 1980 Touche Ross / University of Kansas Symposium on Auditing Problems, Lawrence, Kansas, pp. 41-60. Voss, K., 1986, "Nets in Office Automation", in Lecture Notes in Computer Science, Vol. 254, pp. 235-257, Springer-Verlag. Voss, K., 1987, "Nets in office automation", in Petri Nets: Central Models and their Applications, edited by Brauer, W., Reising, W., and Rosenberg, G., Springer-Verlag. Waller, W.S., and Felix, W. L. Jr. 1984, "Cognition and the auditor's opinion formulation process: A schematic model of interactions between memory and current audit evidence." in Decision Making and Accounting: Current Research, edited by S. Mopriarity and E. Joyce. Norman, PK: The University of Oklahoma. Weber, R., 1978, "Auditor Decision Making on Overall System Reliability: Accuracy, Consensus and the Usefulness of a Simulation Aid," Journal of Accounting Research, Autumn, pp. 368-88. Weber, R., 1982, EDP Auditing, McGraw-Hill, Englewood Cliffs, N.J.. Yu, S., & Neter, J., 1973, "A stochastic model of the internal control system", Journal of Accounting Research, 11, 273-295.
BIBLIOGRAPHY
137
Zisman, M., 1977, "Representation, specification and automation of office procedures", Ph.D. thesis, University of Pennsylvania. Zisman, M., 1978, "Use of Production Systems for Modeling Asynchronous, Concurrent Processes", in D.A. Waterman and F. Hayes-Roth (eds..) Pattern Directed Inference Systems, pp. 53-68, Academic Press, NY.

Schematic Evaluation of Internal Accounting Control Systems: Kuo-Tay Chen and Ronald M. Lee

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Schematic Evaluation of Internal Accounting Control Systems: Kuo-Tay Chen and Ronald M. Lee

Enviado por

Direitos autorais:

Formatos disponíveis

EURIDIS Research Monograph

SCHEMATIC EVALUATION OF INTERNAL ACCOUNTING CONTROL SYSTEMS

Kuo-Tay Chen* and Ronald M. Lee#

ERASMUS UNIVERSITY RESEARCH INSTITUTE FOR DECISION AND INFORMATION SYSTEMS

the same level of audit risk. 1

Model of the System Being Audited

Identification of Fraud Potentials

Audit Rules Associated Audit Patterns Fraud Potentials

1.6 CONTRIBUTIONS OF THE STUDY

4 Section 4.2.1 defines both accounting controls and administrative controls.

DECISION AIDS RESEARCH FOR IC EVALUATION

DECISION AIDS RESEARCH FOR IC EVALUATION

DECISION AIDS RESEARCH FOR IC EVALUATION

DECISION AIDS RESEARCH FOR IC EVALUATION

DECISION AIDS RESEARCH FOR IC EVALUATION

Purchasing and Payment Cycle

Accounts Cash Journa Payable Disbursement Entry and Reconciliation

Checks are prenumbered

Supporting documents are required for signing checks

Paid invoices are canceled

Signed checks are mailed directly to the payees

Figure 2(a) A Schematic Organization of Internal Controls

CHAPTER 2 Control for Purchase and Payment Cycle

Prenumbered vouchers are used and controlled

Prenumbered receiving reports are used and controlled

Prenumbered checks are used and controled

Prenumbered purchase orders are used and controlled

Figure 2(b). A Taxonomic Organization of Internal Controls

DECISION AIDS RESEARCH FOR IC EVALUATION

representations in the process of programming"

FORMAL MODELING OF INTERNAL ACCT CONTROL SYSTEMS

FORMAL MODELING OF INTERNAL ACCT CONTROL SYSTEMS

FORMAL MODELING OF INTERNAL ACCT CONTROL SYSTEMS

Supporting Document Agent 3 To-Be-Verified Document Certified Document Agent 4

FORMAL MODELING OF INTERNAL ACCT CONTROL SYSTEMS

FORMAL MODELING OF INTERNAL ACCT CONTROL SYSTEMS

FORMAL MODELING OF INTERNAL ACCT CONTROL SYSTEMS

Acts of uttering expressions that affect the behavior of particular hearers

Formal Structure of Authorities and Duties

Internal Control Actions Prepare Documents Update Records

Transfer Documents Update Records

Request Purchase Approve Purchase

Figure 5 Relation between Accounting Tasks and Act Types

FORMAL MODELING OF INTERNAL ACCT CONTROL SYSTEMS

Figure 6. An Example of Petri Nets Graph

GENERAL PETRI NETS

FORMAL MODELING OF INTERNAL ACCT CONTROL SYSTEMS

(a) Initial Marking

FORMAL MODELING OF INTERNAL ACCT CONTROL SYSTEMS

FORMAL MODELING OF INTERNAL ACCT CONTROL SYSTEMS

bn: book n. in: index card n.

at_library_shelf <b1, i1> <b2, i2>

<Y> <Z> borrowed_index re-accept <i3>, <i4>,<i5> <i6>

<Y> <X> <b6> at_return_desk

FORMAL MODELING OF INTERNAL ACCT CONTROL SYSTEMS

Revise Properties of the system

FORMAL MODELING OF INTERNAL ACCT CONTROL SYSTEMS

FORMAL MODELING OF INTERNAL ACCT CONTROL SYSTEMS

FORMAL MODELING OF INTERNAL ACCT CONTROL SYSTEMS

CONTROL PRIMITIVES/PATTERNS, AUDIT PATTERNS/ RULES

pur. agt: bidding

payable clerk: vouchering treasurer: disbursing cashier: Paying

Operating Tasks a. Requisitioning b. Bidding c. Quoting d. Ordering