SCAN: A Case-Based Reasoning Model for Generating Information System Control Recommendations

This paper describes SCAN, a case-based reasoning model for generating information system control recommendations. The purpose of the paper is to explain how a case-based reasoner may be used to support inexperienced information system auditors in evaluating controls and proposing audit recommendations. As a case-based reasoner, SCAN functions by reasoning by analogy to similar past cases. SCAN models audit experience as traces of past cases which are stored in a case knowledge base. In addition to a database of past audit cases, SCAN consists of indices for storing and retrieving cases, a similarity metric for measuring case similarity, and rules for using similar cases to generate control recommendations. SCAN uses past cases to remind the user of previous control failures, to set expectations about case features and controls, to use as a pattern against which to compare a client's controls and to help justify or explain its recommendations. SCAN's recommendations were judged to be more like those of an experienced auditor than either a student or a textbook model.

[1]  Kevin D. Ashley,et al.  Compare and Contrast: A Test of Expertise , 1987, AAAI.

[2]  Eric L. Denna,et al.  Case-based reasoning and risk assessment in audit judgment , 1992 .

[3]  Daniel E. O'Leary,et al.  Verification and validation of case-based systems , 1993 .

[4]  Evangelos Simoudis,et al.  Using case-based retrieval for customer technical support , 1992, IEEE Expert.

[5]  Rayman D. Meservy,et al.  Internal Control Evaluation: A Computational Model of the Review Process , 1986 .

[6]  W. Waller,et al.  The auditor and learning from experience: Some conjectures , 1984 .

[7]  David Hinkle,et al.  Applying case-based reasoning to autoclave loading , 1992, IEEE Expert.

[8]  Balakrishnan Chandrasekaran,et al.  Expert Systems: Matching Techniques to Tasks. , 1983 .

[9]  Ekaterini P. Sycara Resolving adversarial conflicts: an approach integration case-based and analytic methods , 1987 .

[10]  Robert Libby,et al.  Accounting and human information processing : theory and applications , 1981 .

[11]  C SchankRoger,et al.  Dynamic Memory: A Theory of Reminding and Learning in Computers and People , 1983 .

[12]  Jr. Robert Lee Simpson,et al.  A computer model of case-based reasoning in problem solving: an investigation in the domain of dispute mediation (analogy, machine learning, conceptual memory) , 1985 .

[13]  Theodore J. Mock,et al.  An Investigation Of Auditor Decision-Processes In The Evaluation Of Internal Controls And Audit Scope Decisions , 1983 .

[14]  Kristian J. Hammond,et al.  Case-Based Planning: Viewing Planning as a Memory Task , 1989 .

[15]  Melody Y. Kiang,et al.  Generalized case-based reasoning system for portfolio management , 1993 .

[16]  Kristian J. Hammond,et al.  Chapter 8 – Case-based Planning , 1989 .

[17]  Phyllis Koton,et al.  Reasoning about Evidence in Causal Explanations , 1988, AAAI.

[18]  Christopher K. Riesbeck,et al.  Experience, Memory and Reasoning , 1986 .

[19]  Ashok K. Goel,et al.  Case-based design support: a case study in architectural design , 1992, IEEE Expert.