| Abstract: | This article introduces the Dempster‐Shafer theory (DS theory) of belief functions for managing uncertainties, specifically in the auditing and information systems domains. The use of DS theory is illustrated by deriving a fraud risk assessment formula for a simplified version of a model developed by Srivastava et al. (2007). In this formulation, fraud risk is the normalised product of four risks: risk that management has incentives to commit fraud; risk that management has opportunities to commit fraud; risk that management has an attitude to rationalise committing fraud; and risk that an auditor's special procedures will fail to detect fraud. The article demonstrates how to use such a model to plan for a financial audit where management fraud risk is assessed to be high. In addition, it discusses whether audit planning is better served by an integrated audit/fraud risk assessment as now suggested in SAS 107 (AICPA 2006a, see also ASA 200 in AUASB 2007) or by the approach illustrated here where a parallel, but separate, assessment is made of audit risk and fraud risk. |
