A Computational Model of Internal Control Testing Plan Selection

Since 1977, the importance of internal control evaluation (ICE) has increased due to passage of the Foreign Corrupt Practices Act, the Federal Deposit Insurance Corporation Improvement Act, and other regulatory initiatives. Traditional audit approaches structure the description and documentation of control systems, but do not provide systematic, precise evaluation of accounting information system (AIS) reliability. Although researchers have developed quantitative evaluation methods that provide precise AIS reliability evaluations, practitioners have not adopted them because they become intractable when applied in practice. This research develops an optimal, mathematical model of an ICE task, internal control testing plan selection, that maintains tractability by solving a part of the overall ICE task and by making simplifying assumptions based on field research. The model selects an optimal controltesting plan given a description of an AIS and the auditor's desired type of assurance in an account balance. The model was validated by comparing its testing plans to both experienced auditors and a professional benchmark. The results indicate that the model's testing plans test sufficient controls to provide auditors with their desired assurance but do so by testing fewer controls than either experienced auditors or the professional benchmark.