1 / 8

An Evidential Reasoning Approach to Sarbanes-Oxley Mandated Internal Control Assessment

An Evidential Reasoning Approach to Sarbanes-Oxley Mandated Internal Control Assessment. Lili Sun, Rutgers University Rajendra Srivastava, The University of Kansas David Vun Kannon Theodore Mock, The University of Southern California Miklos Vasarhelyi, Rutgers University.

bortz
Download Presentation

An Evidential Reasoning Approach to Sarbanes-Oxley Mandated Internal Control Assessment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Evidential Reasoning Approach to Sarbanes-Oxley Mandated Internal Control Assessment Lili Sun, Rutgers University Rajendra Srivastava, The University of Kansas David Vun Kannon Theodore Mock, The University of Southern California Miklos Vasarhelyi, Rutgers University

  2. Developing The Next Generation Of Internal Control Tools Using CA • First generation of 404 implementation: • Focus on documentation of controls • Filling gaps in COSO framework • Highly labor intensive • Second generation of 404 implementation: • More cost efficient and effective • More systematic assessment of controls • Focus on identifying material control weaknesses and audit automatically rather than manually

  3. Evidential Reasoning: Systematic, Higher Value IC Assessment Tool • Evidential reasoning: a process of risk assessment where several assertions when combined together inform about the effectiveness of an internal control procedure and the overall internal control system. • Decompose risk assessment into individual evidence level. • Provide a rigorous algorithm to aggregate human beliefs. • Provides systematic way to represent the interrelationships among multiple key components for the evaluation of IC. • Help discipline Auditors’ thought process in estimating risk • Serve as a decision aid for auditors.

  4. Create A Systematic Representation Of KPMG Model Of Risk Assessment • Financial reporting model • Parent company • Subsidiary • Financial statement • Significant accounts • Business process model • Business process • Objective • Risk • Control • Evaluation procedures

  5. Control nis effective. Control mis effective. & & & & Generic Evidential Reasoning Model Of Internal Control Assurance Financial reporting Model Business Process Model The system of IC/FR for Account j on BSiseffective Process jis protected fromIC risk i. The system of IC for Process i iseffective. Control k Control i A1: IC/FR for the consolidated entity iseffective IC/FR for subsidiary i iseffective IC/FR for Account i on BSiseffective IC for Process j iseffective Process jis protected fromIC risk j. OR Control j Control environment

  6. Application of Evidential Reasoning Approach into A Real Case

  7. Automate The Aggregation Of Control Evaluations • Input: • auditors’ evaluation on the effectiveness of individual control procedure • Output: • Quantitative assessment of control effectiveness on multiple layers of the hierarchy: from the individual control level to the overall financial statement level • Evidential reasoning a useful decision aid for KPMG auditors because of its: • Clarity • Practicability of use • Completeness • Adaptability

  8. Continuing Work • Validate model against a real audit case • Explore issues related to the application of the proposed approach • Refine the quantitative representation of internal control effectiveness. • How to better elicit belief inputs from auditors.

More Related