Method for analyzing effectiveness of internal controls in a model of an accounting system
First Claim
1. A method, operating on a computer having an input means, a memory means, a calculating means and a display device, for quantitatively evaluating internal controls in a model of an accounting system having computerized accounting operations, said method comprising the steps of:
- a) inputting said model by said input means so that at least a portion of said model is stored in said memory means;
b) determining possible accounting failures in processing of transactions in said accounting system which can have an impact on validity of accounts and standing data collections by said calculating means;
c) determining for each internal control in said accounting system, a first subset of said possible accounting failures which each internal control is capable of detecting by said calculating means;
d) determining for each internal control, a second subset of said possible accounting failures which may inhibit each internal control by said calculating means;
e) ascertaining from at least said first subset and said second subset, for each said possible failure, failure impact risk measures, each said failure impact risk measure being a quantitative assessment of the likelihood that each said possible accounting failure, if said possible accounting failure were to occur, would have an impact on the validity of a corresponding account collection and not be detected by an internal control in said computerized accounting system by said calculating means; and
f) outputting whether said failure risk measures exceed preselected thresholds for acceptability on said display means.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is provided for assessing control risk in a model-based reasoning system used for analyzing financial accounting systems by decomposing and quantifying the risk factors in the model so that the risk factors can be used to determine areas in the accounting system where sufficient control is lacking and to determine which controls are key and thus should be subject to detailed testing. Factors quantified are failure impact risk, failure coverage risk, allowable risk, control detection risk, control strength, control defeat factor, attenuation factor, and control contribution. The present invention is used to enhance a hierarchical flow chart generating system, such as the Comet system, by providing risk analysis operative on a particular class of hierarchically structured flow charts.
82 Citations
6 Claims
-
1. A method, operating on a computer having an input means, a memory means, a calculating means and a display device, for quantitatively evaluating internal controls in a model of an accounting system having computerized accounting operations, said method comprising the steps of:
-
a) inputting said model by said input means so that at least a portion of said model is stored in said memory means;
b) determining possible accounting failures in processing of transactions in said accounting system which can have an impact on validity of accounts and standing data collections by said calculating means;
c) determining for each internal control in said accounting system, a first subset of said possible accounting failures which each internal control is capable of detecting by said calculating means;
d) determining for each internal control, a second subset of said possible accounting failures which may inhibit each internal control by said calculating means;
e) ascertaining from at least said first subset and said second subset, for each said possible failure, failure impact risk measures, each said failure impact risk measure being a quantitative assessment of the likelihood that each said possible accounting failure, if said possible accounting failure were to occur, would have an impact on the validity of a corresponding account collection and not be detected by an internal control in said computerized accounting system by said calculating means; and
f) outputting whether said failure risk measures exceed preselected thresholds for acceptability on said display means. - View Dependent Claims (2, 3, 4, 5, 6)
determining a set of key controls from at least said first set of possible failures and said second subset of possible failures.
-
-
3. The method according to claim 2 wherein said key controls determining step comprises generating control detection measures from control strength, from control defeat and from attenuation between control and a corresponding failure which is detected, and generating a control contribution measure for each control detection measure.
-
4. The method of claim 1, wherein said possible failures determining step comprises:
-
identifying, from structure of said model, said accounts;
identifying, from structure of said model, primitive actions which give rise to said possible failures; and
relating, from structure of said model, said accounts to said possible failures.
-
-
5. The method of claim 1, wherein said first subset determining step comprises:
-
identifying, from structure of said model, said internal controls;
identifying, from structure of said model, primitive actions which give rise to said possible failures; and
relating, from structure of said model, said controls to said possible failures.
-
-
6. The method of claim 1, wherein said second subset determining step comprises:
-
identifying, from structure of said model, said internal controls;
identifying, from structure of said model, primitive actions which give rise to said possible failures; and
relating, from structure of said model, said controls to said possible failures.
-
Specification