This article introduces the Dempster-Shafer theory (DS theory) of belief functions for managing uncertainties, specifically in the auditing and information systems domains. The use of DS theory is illustrated by deriving a fraud risk assessment formula for a simplified version of a model developed by Srivastava et al. (2007). In this formulation, fraud risk is the normalised product of four risks: risk that management has incentives to commit fraud; risk that management has opportunities to commit fraud; risk that management has an attitude to rationalise committing fraud; and risk that an auditor's special procedures will fail to detect fraud. The article demonstrates how to use such a model to plan for a financial audit where management fraud risk is assessed to be high. In addition, it discusses whether audit planning is better served by an integrated audit/fraud risk assessment as now suggested in SAS 107 (AICPA 2006a, see also ASA 200 in AUASB 2007) or by the approach illustrated here where a parallel, but separate, assessment is made of audit risk and fraud risk.
- BELIEF FUNCTIONS
- AUDIT RISK