Article Preview
TopIntroduction
Belief functions have been used to model audit decision making for over 20 years. More recently they have been used in assessing the strength of internal controls and information systems security. There has been some research on software agents in auditing, particularly in the web search bot area in Nelson et al. (2000). They suggest that the internet provides auditors with the opportunity to provide their clients with potential new services. They break these services into two broad categories: quality and service. Each category is further broken down into sub-categories. This paper demonstrates that software agents can be used to create both quality and service benefits for clients. This research also extends the work of Srivastava and others (Bovee et al., 2007; Srivastava & Shafer, 1992; Srivastava, 1997) in belief functions by showing an example of the use of belief functions in automated environments to evaluate the effectiveness of systems of internal control. Belief functions allow evidence to be evaluated in situations where the state of nature may not be completely known. That is, using a binary example of belief masses, the belief that a state is true is .6, that it is false is .3 and that we are partially ignorant is .1. The belief masses for the entire frame will sum to 1. This paper also looks at the problem of assuring the adequacy of application internal controls in highly automated transaction processing environments where we do not have complete evidence. The research focuses on risk management, systems of internal controls, and transaction processing environments. In this setting, investments in systems of internal controls are justified by their risk reducing properties. By extending the framework reported in Nehmer (2003, 2009) into an application setting, the domain structure is defined in a way to allow the implementation of systems of internal controls as systems of agents which perform control monitoring activities.
There has been a lot of theoretical work done on building stable agent communities. Holland (1995) is a very accessible first pass at some of this work. Fingar (1998) and Farhoodi & Fingar (1997) discuss agent systems from an executive, decision making perspective. However, there have been few formal attempts to define systems of internal controls in the accounting literature. The system defined in this project is based on the risk reducing monitoring activities of a community of software agents.
The research constructs a conceptual model which uses belief functions to determine whether there is sufficient evidence to support the decision to rely on a set of automated application controls. The model defines sufficiency in terms of the output properties of an agent’s belief function. Although interest in using software agents for control of ecommerce applications and continuous auditing has surfaced in recent years, there has not been much formal work on how to apply agent technologies in financial control environments. This research moves this important area forward by providing a software model of the internal control agent community within an automated transaction processing environment.