8 854 PARTY Evidence Evaluation . INTRODUCTION Finally, we discuss how evaluate the cost-effectiveness of controls, MEASURES OF ASSET SAFEGUARDING AND DATA INTEGRITY ‘tegrity has been maintained,sompounds or compensates imate of the te shows & probs ae iy data item. Note how the distribution hich means tat afew pos bids Gicates that possible errors are tage errors lave to the distributions shown in Figures 21-Le and 21 : IIb,856 PART Evidence Evaluation ready because assets errors exist in the ina rr “) ‘ice to management to assist them to discharge thei responsi Also consider the porentia! for losses from failure to safewward ="(CHAPTER 21 Evaluating Aa "9 Asset Sateguarcing and Ostnincagrty 887 ould have ocuted uring the cond ne that ibystem oF the planning subsystems statements —S———S”1m 858 PARTY Evidence Evaluation DETERMINANTS OFAuditor's Knowledge knowledge somes oa oe: the eatin and ‘expetience aecumulited in andit wor sources overlaps to ple. after you have novedge abo, sy, he controls that you however, you need 10 have direct experience of leveloped knowledge of the inherent risks aso mos ce might De peed eros age number offre (pes eae tl= 850 PARTY ‘evaluation judgment, Potentially, many “might bear on auditor judgment processes. Libby and Luft (1993) identify ‘haracterstis, however, that seem to be expecially importatry to make high-gushity judgment egy. A potential ee ease aoe ser ae eee ey ae ee se a oy emp te a a swap aes te ae ie es Ae ery amie mo ors must be min ment can either fail1m 962, PARTY Evi prop Control Matrices ‘One of the earliest technologies developed to assist with th ‘sion are control matrices (see, e.g., Mair, Wood, and Davis {vices can be prepared in various ways. Table 21-1 shows a comet #7 however, using the example ofthe data capture activities assoisted input subaystem belonging 1 an application system,mime pine geez © way of ba der when taking the evaluation decision, factors auditors must cons Deterministic Models Js can be useful when eva sing 2 fits approximation ot ets and maintains data iniegrty. or exat spans in an operating system. Assume we discover an in- ‘ie system at allows hackers, under certain conditions, to Tegrity aw i‘ a 864 PARTY Evidance Evakation rity. TRE ofthe probability di rr containe stochastic elements, In thes ‘ution when they interpret the res ial techniques to estinate the i ofthe pa “Fa mabe of eens ereFait sceding motels inion of hee so, owes, nn mM ees ig pe ter he ope at ey ano sto meg andrea the exe f ssa eine ofthe systemte para ily subsripted. Thus, the reliability Of the platy Iype can be computed as follows: 1 rtiabity ofthe system for ll error oF regularity types follows nella uj = 9 and Ry = 8. ten R= (99(8)—tat i 72 In other “probity that notype of oro regula wil cur868. PARTY Evidencs = Reade) A= RF RMCAIM) = SoHTS + (08525) 8199) = wish R= (}(HE) = (Smsy ash = 95T346 p= (pind (88) = 68time a 2 ‘Jesions. Auditing researchers have been mot iets because they are aware of long-standing re- {humans perform poorly when fa event in fight of new " consider Figure 21-7, fon decision that auditors face. The internal for uireliable, and we can reach a decision, tebiable or to reject i ss woreliable, Clearly, decision when the sytem is reliable and a reject870. PARTY Evidence Evlusion (lavorablejretable) = UFR) = 8 (favorablinrcliable) = PCE|L) = 2models an “ain he developed and solved quickly and Pt an model hey an eae the bebo i rt Sr mht oe a smultion ml quads afutg csi ge it oo oA neon me ig some ability thi icin, Peet fea ropa a ea that a save an crack pasword system, and $0 onan ————874 panty eM (COST-EFFECTIVENE: Sp, Cushing 118) Costs and Benefits of Controls Iniplementing and operating contols ina system inves fe css: 1 tnt stup cos must be inured vo expand implement or Foapie 5% ae876 PARTY Eecence Evaluation spe conumn tol ts el OE WAT cig gna rnuce a avons a ee A redclin oh expested loses ey i ening wpsrng and mating th plea pt atonal coro nace, fe Me eucion i expected lose: wings wil exscea INS Mei shes weer vo dnvermine whet oe a eto oro the controls coo mig be costae = xiv in terms of 2 single exposure bow os not ease tect ailuneexpemares where At ore Ne gat al cadet 8 Pw of he cn. ce expected loses, hts BT ane rows in Table 24-1 for example, we Ie considring Ino gad we consider the impact of his sonra on ae ‘The lobed evaluation apes organization? ‘he amswer to this eesti re ee acon mak a at a ag septa ora on el ea al at ea ese eno ter ns Ne ce a ipa ected he eta to a Oe eo coo Pepe a ey ante he nic sien son en lcd th ig sow are dificult. the optimal sto ihe controls matt, We Controls as an Investment Decision “The design, implementation, operation, and maintenance ofa conttl proves ‘team of bones and costs over is ile. AS discussed previously atthe ot: Set costs are incuted asvociaied with designing and implementing the cont Each year, benefits are then obtained in the form of reduced expected loses from exposures. Each year, costs are also incurred associated wih operating and maining the contol. {n this light, we should conceive ofa contol 353 form ofinvesiment, Atleast conceptually, we should ealelate the net preset ‘ale foreach contol and investi the controt fits net present value i rete than or equal to zero, Where there are competing controls (controls that ‘duce expected foses for the same exposures), we shou! invest in that con} ‘which has the highest net present value. Because the costs of evaluating cach ‘cnirol we might implement are likely to be excessive, we will probably nee 10 focus our evaluation on ase oF spsiem of controls, In ather words, we will Sy ier the set or system of internal controls asthe investment rather than ins "id conto a tenveimen “One illiculty we will face in considering controls as an investments ¢ timate the size ofthe stream of benefits and costs that will ocour during «2 period of the control system's life. Perhaps the more difficult decision WesuMMARY CHAPTER Evatating Ast Staguaring a Ona teary G77 Tag make, ower st dete approprte cau ila nel preset alu lato, Cuenta tool a te BH ould use hou heeled fos oka *) 1. = Gp nt me port ‘the control system w Pte went 1B (UP si ina mt i roe cero pues et me ee nde ee ne of aa acm laity eth mena conto system nd afte they complete Ne qearg of controls and substantive Ate: fa ye uy ft ga Sih ma et. Tc ae ent a conn ame ae Sram te afresh imran te yur we enet te ren megan a re ejoterminstic models, Stats reliability models, enginecring Fliability <5, ins Ou uaa slag pone cng et een th act mim af cost effestiverared withthe design implemen operation, and mainte fs ermal contol ste, FTSY vost also estimate the discount rate ranse of Ft edad ests itor ean then alle stream A they ake ar om to determine wher ita woah the te