Professional Documents
Culture Documents
Organization,
Risk Overall IT Function System IT Monitoring
Roles and
Management Monitoring and Organization Characteristics Control
Responsibilities
Table 1: Assessment of control effectiveness and control risk (Hitzig & Jacoby, 1995)
Control effectiveness Control condition Assessed control risk
(1) Organization, roles and responsibilities 0.083 0.036 0.083 0.100 0.100 0.0815
(2) Risk management 0.083 0.107 0.083 0.100 0.100 0.1013
(3) Overall monitoring 0.083 0.107 0.083 0.300 0.300 0.1572
(4) IT function and organization 0.250 0.079 0.150 0.052 0.052 0.1030
(5) System characteristics 0.250 0.194 0.150 0.129 0.129 0.1773
(6) IT monitoring control 0.250 0.478 0.450 0.318 0.318 0.3796
Consistency ratio (0.0) (0.03) (0.0) (0.02) (0.02)
The case adaptation process is to modify the solution as (1) Organization, roles 2.78 2.44
and responsibilities
suggested by the retrieved case to suit and meet the (2) Risk management 1.67 1.67
requirements of the new case. There are two kinds of (3) Overall monitoring 2.57 2.43
adaptation: (1) structural adaptation, where adaptation (4) IT function and organization 2.67 2.78
rules are applied directly to the solution retrieved from the (5) System characteristics 2.81 2.56
most similar case; and (2) derivational adaptation, where (6) IT monitoring control 2.58 2.50
rules which generated the original solution are rerun to The assessed level of control risk – Maximum
generate a new solution appropriate to the new case. This
means parts of the retrieved solution are re-executed rather
than modified directly. Table 5: Summary of validation results (unit: hit ratio, %)
Case adaptation can be system-driven or user-driven. If Set Staff auditor MDA CRAS-CBR
no sufficiently similar cases are found in the case base, then
the user has to help in the adaptation process. If a CBR 1 80.0 93.3 80.0
system finds a relevant case, the system tests the solution to 2 100.0 80.0 93.3
3 100.0 86.7 93.3
decide if the case needs to be adapted to the current 4 86.7 86.7 100.0
problem or if it can be used as it is. If the case can be used as 5 92.3 100.0 100.0
it is, then the solution to the past case becomes the solution 6 100.0 84.6 92.3
to the current problem. The solution is then evaluated, 7 76.9 90.3 100.0
debugged and, if valid, presented to the user. The system 8 69.2 84.6 84.6
9 69.2 84.6 84.6
then learns about the new case. If the solution is 10 58.3 75.0 75.0
unacceptable, the problem-solving process is re-initiated.
Average 83.94 86.58 90.31
In this study, it is suggested that the assessed level of
control risk and the corresponding subsequent audit tests
performed for the most similar case retrieved are adopted
for the new case. recommended that this level of control risk is adopted for
the new case.
The performance of CRAS-CBR is compared with our
benchmark performances, i.e. the multiple discriminant
4. Experimental analysis and results using CRAS-CBR
analysis (MDA) performance and staff auditor perfor-
Evaluating a CBR system is a difficult task, due to the mance. The comparison with staff auditor performance is
subjectivity of expertise. As a result of the difficulties, CBR considered to evaluate the minimum usefulness of CRAS-
systems are evaluated in less formal and more experimental CBR in practice. To measure the staff auditor perfor-
ways. The principal judge of the system’s quality is the mance, five staff auditors who passed the Certified Public
domain expert, who can tell if the results are satisfactory. Accountant examination in Korea were asked to assess the
Potential users can also serve as judges with regard to ease level of control risk for each case. The mode of five
of use, comfortable interface and clarity of explanations. A auditors’ assessments for each case is used to calculate the
common method to evaluate the quality of a CBR system is hit ratio.
to compare its performance with an accepted criterion, Due to the difficulty in collecting a large set of internal
such as a human expert’s decision. Reduction of time control risk assessment cases, this study adopts the k-fold
needed to perform existing tasks without reduction in cross-validation method for the comparison of model
quality can also be a good initial criterion for evaluation of performance. This method reduces the possible bias which
a CBR system. might be caused by a small sample. The average classifica-
In order to validate the performance of CRAS-CBR, 137 tion accuracy of each performance of CRAS-CBR, MDA
Korean companies’ cases were collected and indexed and staff auditors across 10 holdout sets is presented in
out of the actual audit cases for the manufacturing industry Table 5. Table 5 illustrates that our proposed model has
for the year 1999. Using these cases, we analyze the better performance than MDA and staff auditors in
performance of CRAS-CBR for internal control risk average hit ratio.
assessment. Table 4 shows an example of case retrieval Furthermore, we use the difference test between two
and the assessed level of control risk performed for the proportions to examine whether the predictive per-
most similar case retrieved for one new case. It is formance of our proposed model is significantly higher
References
AHA, D.W. (1998) Feature weighting for lazy learning algorithms,
in Feature Extraction, Construction and Selection: A Data Mining
The authors
Perspective, H. Liu and H. Motoda (eds), Norwell, MA: Kluwer.
ARRINGTON, C.E., W. HILLISON and R.E. JENSEN (1984) An Sung-Sik Hwang
application of analytic hierarchy process to model expert
judgment in analytic review procedures, Journal of Accounting Sung-Sik Hwang is a partner and territory leader of Global
Research, 22, 298–312. Risk Management Solution practice of Pricewaterhouse-
ASHLEY, K. and E. RISSLAND (1987) Compare and contrast: a test
of expertise, Proceedings of AAAI-87, Seattle, WA: AAAI Press, Coopers in Korea. He obtained his BA and MA degrees in
273–278. business administration from Seoul National University
BAGRANOFF, N.A. (1989) Using an analytic hierarchy approach to and is in the course of a PhD degree in management
design internal control systems, Journal of Accounting and EDP, information systems in Korea Advanced Institute of
4 (4), 37–41. Science and Technology. He has been a member of the
BARLETTA, R. (1991) An introduction to case-based reasoning, AI
Expert, 6 (8), 43–49. Korea Institute of Certified Public Accountants and the
BROWN, C.E. and U.G. GUPTA (1994) Applying case-based American Institute of Certified Public Accountants. His
reasoning to the accounting domain, International Journal of experience has included financial statements audit, con-
Intelligent Systems in Accounting, Finance and Management, 3, sulting services for internal controls and corporate
205–221. governance and enterprise risk management, BPR of
Cognitive Systems (1992) ReMind Developer’s Reference Manual,
Boston, MA. financial functions etc. He is also the vice-chairman of
Committee of the Sponsoring Organizations of the Treadway the Managerial Accounting Association in Korea and
Commission (1992) Internal Control – Integrated Framework, chairman of the Working Group of XBRL Korean
New York: American Institute of CPA. Jurisdiction.
CRONBACH, L.J. (1951) Coefficient alpha and the internal structure
of tests, Psychometrika, 31, 93–96.
HANSEN, J.V., R.D. MESERVY and L.E. WOOD (1995) Case-based Taeksoo Shin
reasoning: application techniques for decision support, In-
telligent Systems in Accounting, Finance and Management, 4,
137–146. Taeksoo Shin is an assistant professor in the Department of
HITZIG, N.B. and J.E. JACOBY (1995) Control procedures and risk Management Information Systems at Yonsei University,
assessment – making SAS No. 55 user-friendly, The CPA Wonju, Korea. He received his BA and MA degrees in
Journal, 65 (4), 46–50. business administration from Yonsei University and his
KOLODNER, J. (1991) Improving human decision making through
case-based decision aiding, AI Magazine, 12 (2), 52–68. PhD degree in management information systems from
KOLODNER, J. (1993) Case-Based Reasoning, San Mateo, CA: Korea Advanced Institute of Science and Technology. His
Morgan-Kaufmann. current research interests include intelligent decision
LEE, S. and I. HAN (1998) The design of EDI controls using case- support systems, data mining, and artificial intelligence
based reasoning: EDICBR, International Journal of Intelligent applications in accounting and finance. He has published
Systems in Accounting, Finance and Management, 7 (3), 135–152.
MORRIS, B.W. (1994) SCAN: a case-based reasoning model for numerous papers, which have appeared in Expert Systems
generating information system control recommendations, Inter- with Applications, The Journal of MIS Research, Korean
national Journal of Intelligent Systems in Accounting, Finance and Journal of Intelligent Information Systems, Korea Manage-
Management, 3 (1), 47–63. ment Review, The Journal of Productivity etc.
NUNNALLY, J.L. (1978) Psychometric Theory, 2nd edn, New York:
McGraw-Hill.
RIESBECK, C.K. and R.S. SCHANK (1989) Inside Case-Based Ingoo Han
Reasoning, Hove, East Sussex: Lawrence Erlbaum.
SAATY, T.L. (1988) Multicriteria Decision Making: the Analytic
Hierarchy Process, revised edn, Pittsburgh, PA: University of Ingoo Han is a professor at the Graduate School of
Pittsburgh. Management, Korea Advanced Institute of Science and
SHIMAZU, H., A. SHIBATA and K. NIHEI (1994) Case-based retrieval Technology. He received a BA in international economics
interface adapted to customer-initiated dialogues in help desk from Seoul National University, an MS in management
operations, Proceedings of the 12th National Conference on
Artificial Intelligence, Seattle, WA: AAAI Press, 513–519. science from Korea Advanced Institute of Science and
SLADE, S. (1991) Case-based reasoning: a research paradigm, AI Technology, and a PhD in accounting information systems
Magazine, 12 (2), 42–55. from the University of Illinois at Urbana-Champaign. His