Control Automation to Reduce Costs of Control

Much compliance effort concerns adherence to contracts. Parties to a contract need to make sure that the other parties will deliver. To this end they may require additional controls in the business process to monitor delivery and induce contractual penalties when needed. Controls have costs. In this paper the authors argue that introducing fully automated controls will help to reduce control costs, because i they can prevent misstatements compliance by design or ii they increase the quality of evidence and thereby reduce the audit risk for the external auditor and corresponding audit fees. The line of reasoning is illustrated by a case study of the implementation process of automated controls on the procurement process for public transport services for the elderly and disabled. This is a complex and heavily regulated domain. The case study indicates that control automation makes monitoring compliance to contracts in such complex domains feasible and that using control automation can in fact reduce the costs of control.

[1]  K. Eisenhardt Building theories from case study research , 1989, STUDI ORGANIZZATIVI.

[2]  O. Williamson Transaction-Cost Economics: The Governance of Contractual Relations , 1979, The Journal of Law and Economics.

[3]  J. Laffont,et al.  The Theory of Incentives: The Principal-Agent Model , 2001 .

[4]  Miklos A. Vasarhelyi,et al.  Continuous monitoring of business process controls: A pilot implementation of a continuous auditing system at Siemens , 2006, Int. J. Account. Inf. Syst..

[5]  Guido Boella,et al.  Introduction to the special issue on normative multiagent systems , 2008, Autonomous Agents and Multi-Agent Systems.

[6]  David C. Krehnke Corporate Governance , 2007, Information Security Management Handbook, 6th ed..

[7]  Guido Governatori,et al.  Representing business contracts in RuleML , 2005, Int. J. Cooperative Inf. Syst..

[8]  Gregor Scheithauer,et al.  Modern Software Engineering Concepts and Practices: Advanced Approaches , 2010 .

[9]  Frank Dignum,et al.  Collective Obligations and Agents: Who Gets the Blame? , 2004, DEON.

[10]  Guido Governatori,et al.  Modelling Contracts Using RuleML , 2004 .

[11]  Guido Boella,et al.  Regulative and Constitutive Norms in Normative Multiagent Systems , 2004, KR.

[12]  Alan R. Hevner,et al.  Design Science in Information Systems Research , 2004, MIS Q..

[13]  M. C. Jensen,et al.  Harvard Business School; SSRN; National Bureau of Economic Research (NBER); European Corporate Governance Institute (ECGI); Harvard University - Accounting & Control Unit , 1976 .

[14]  K. Eisenhardt Agency Theory: An Assessment and Review , 1989 .

[15]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[16]  Michael J. Maher,et al.  Representation results for defeasible logic , 2000, TOCL.

[17]  Miklos A. Vasarhelyi,et al.  Innovation and practice of continuous auditing , 2011, Int. J. Account. Inf. Syst..

[18]  Miklos A. Vasarhelyi,et al.  Principles of Analytic Monitoring for Continuous Assurance , 2004 .

[19]  John Krogstie Frameworks for Developing Efficient Information Systems: Models, Theory, and Practice , 2013 .

[20]  W. Robert Knechel,et al.  Auditing: Assurance and Risk , 2000 .

[21]  Stephen Flowerday,et al.  Real-time information integrity [ system integrity D data integrity D continuous assurances , 2005 .

[22]  Steven E. Salterio,et al.  Auditing : assurance & risk , 2007 .

[23]  Henri C. Dekker,et al.  Control of inter-organizational relationships: evidence on appropriation concerns and coordination requirements , 2004 .

[24]  John Wang,et al.  A Comparison and Scenario Analysis of Leading Data Mining Software , 2008, Int. J. Knowl. Manag..

[25]  Guido Governatori,et al.  Norm Compliance in Business Process Modeling , 2010, RuleML.

[26]  Roel Wieringa,et al.  Deontic logic in computer science: normative system specification , 1994 .

[27]  Edgar A. Whitley,et al.  The Construction of Social Reality , 1999 .

[28]  Guido Boella,et al.  Virtual Organizations as Normative Multiagent Systems , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[29]  Mehdi Dastani,et al.  Goal generation in the BOID architecture , 2002 .

[30]  Malcolm Smith,et al.  Research Methods in Accounting , 2003 .

[31]  R. Houston,et al.  The Audit Risk Model, Business Risk and Audit‐Planning Decisions , 1999 .

[32]  Paul W. P. J. Grefen,et al.  Integrity Control in Relational Database Systems - An Overview , 1993, Data Knowl. Eng..

[33]  Shazia Wasim Sadiq,et al.  Modeling Control Objectives for Business Process Compliance , 2007, BPM.

[34]  J. H. Blokdijk Tests of Control in the Audit Risk Model: Effective? Efficient? , 2004 .

[35]  Guido Boella,et al.  A game theoretic approach to contracts in multiagent systems , 2006, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[36]  Guido Boella,et al.  Contracts as legal institutions in organizations of autonomous agents , 2004, Proceedings of the Third International Joint Conference on Autonomous Agents and Multiagent Systems, 2004. AAMAS 2004..

[37]  Ken Orr,et al.  Data quality and systems theory , 1998, CACM.

[38]  Roland F. Speklé,et al.  Explaining management control structure variety: a transaction cost economics perspective , 2001 .

[39]  Kathleen M. Eisenhardt,et al.  Control: Organizational and Economic Approaches , 1985 .

[40]  Robin A. Gandhi,et al.  Semi-Automatic Annotation of Natural Language Vulnerability Reports , 2013, Int. J. Secur. Softw. Eng..

[41]  Joris Hulstijn,et al.  Value-based argumentation for justifying compliance , 2011, Artificial Intelligence and Law.

[42]  Guido Governatori,et al.  The Journey to Business Process Compliance , 2009, Handbook of Research on Business Process Modeling.

[43]  Vera Künzle,et al.  Object-Aware Business Processes: Fundamental Requirements and their Support in Existing Approaches , 2011, Int. J. Inf. Syst. Model. Des..

[44]  Wil M. P. van der Aalst,et al.  Conformance checking of processes based on monitoring real behavior , 2008, Inf. Syst..

[45]  J. H. Blokdijk,et al.  Reflections on auditing theory: a contribution from the Netherlands , 1995 .

[46]  Hans Weigand,et al.  Model-based auditing using REA , 2012, Int. J. Account. Inf. Syst..

[47]  R. Swedberg Economic versus Sociological Approaches to Organization Theory , 2005 .

[48]  Melody Y. Kiang,et al.  Impact of FASB Qualitative Characteristics on the Promulgation of Statements of Financial Accounting Standards , 2006, AMCIS.