=Paper=
{{Paper
|id=Vol-2574/short21
|storemode=property
|title=The Metaphysics of Internal Controls (short paper)
|pdfUrl=https://ceur-ws.org/Vol-2574/short21.pdf
|volume=Vol-2574
|authors=Graham Gal
|dblpUrl=https://dblp.org/rec/conf/vmbo/Gal20
}}
==The Metaphysics of Internal Controls (short paper)==
<pdf width="1500px">https://ceur-ws.org/Vol-2574/short21.pdf</pdf>
<pre>
                  The Metaphysics of Internal Controls




                          Dr. Graham Gal1[0000-0001-6526-9367]

1
    Isenberg School of Management, University of Massachusetts, Amherst, MA 01003 USA
                               Gfgal@isenberg.umass.edu




                                              222

Copyright © 2020 for this paper by its authors. Use permitted under Creative Commons License
Attribution 4.0 International (CC BY 4.0).
Abstract:

       One issue that continues to plague researchers in the development of a comprehensive
business ontology, concerns the specification of normative business event (sometimes referred to
as tasks) models for business processes. These business events are aggregated into business
processes and can be mapped to state changes within these business processes. There are two
types of review for these business event models. First, are the models designed appropriately,
and second are they operating as designed. These two types of reviews are the basis for
evaluating an organization’s system of internal controls. Thus, a quality internal control system
will result not only in a sufficient design of the business event models, but will also ensure
availability of sufficient information about the actual functioning of these event models. Despite
this relatively straightforward conceptual foundation for a system of internal controls, to date
there are still only descriptions of sufficient results as opposed to necessary conditions for a
quality internal control system. In addition, these sufficient results are not of internal controls,
but concern the quality financial statements created from the corporate information system. This
results in a subjective evaluation of internal controls; are they good enough to provide quality
financial statements? This subjective review may not be consistent from one reviewer to the
next. The purpose of this paper is to examine some possible philosophical issues that may offer
some insight into the nature of business events, their impact on internal controls, and the
evaluation of internal control systems.




1 Introduction
       While internal controls have always been considered important to the proper functioning
of an organization, it is not clear exactly how to evaluate them. Organization’s employees
execute various events. From a state transition perspective, an organization’s state at time t will
transition to a new state at time t+1 as a result of employees executing a task or business event.
An organization with a perfect system of internal control will exhibit two features. First, all




                                                 223
potentially legal (acceptable) business events will be defined.1 Second, the organization’s
information system will capture information about those business events to allow a person to
make a judgement concerning whether actual business events have unfolded according to that
definition. Thus, for a quality internal control system these two features are necessary, defining
state business events and capturing necessary information about those events (PCAOB, 2007).
However, there are some concerns about the possibility of any system exhibiting these features.
Some concerns are practical, while others are philosophical. This paper looks at internal controls
from a nominalist perspective.

2.2 A Nominalist View of an Organization
         Without the perceiving an abstract “perfect” organization one is required to define (not
name) an organization. There are two potential ways to create this definition, depending on how
“organization” is viewed (Whitehead, 1920). One is that organizations are continuants; an object
with stable attributes and characteristics that allows for its recognition at different times. The
other is that an organization is an occurrent; an object in a state of flux that allows it only to be
identified by its location at region of space-time (Sowa, 2000, p. 71). Continuants have the
property of firstness, that is they are actual entities (Whitehead, 1920). Secondness connects
continuants to other continuants. So, “person” can be connected to “organization” as an
employee. Thus, employee (employer) is a category of secondness. Employees are a group of
people that have been hired by a particular company. The process of hiring is a category of
thirdness which brings about the relation of firstness objects (Sowa, 2000, p. 61). The distinction
between a type (person) and a group (employee) is that there is a process which adds the
continuant to a group. A process then is a set of events by which an object is transformed to be a
member of a group. That is a person is transformed to the group employee through the hiring
process. Each of business events in the hiring process, may itself be a result of another set of
business events.2




1
  Herein, defining a business E(vent) implies specification of R(esources) and A(gents) which encompass the
accepted constellation or policy for that event. Because the specification is usually not of instances, it is more
appropriate to discuss these as Resource, Event, and Agent Types. A salesperson makes a sale of finished goods
inventory to a customer, as opposed to Jim makes sale #IV12112 at 11:30am to Jeff of 10 chocolate chip cookies.
2
  Business events are those events that further a business process (McCarthy, Geerts, & Gal, The REA Ontology,
2019).

                                                     220224
         Two such views are appropriate. First, there is a possibility of decomposing an event into
more and more detail. For example, interviewing a prospective candidate can be decomposed
into, entering the office, sitting in a chair, offering a drink, etc. This decomposition can be
continued to a potentially absurd level, moving the chair the first inch, the second inch, and so
on. A general rule for this decomposition is to the level management wishes to plan, control, and
evaluate (David, 1997) (Denna, Cherrington, Andros, & Hollander, 1993; International
Standards Organization (ISO/IEC), 2007) A second approach, which has potentially more salient
issues for internal controls, is the association of business events with another set of business
events. For example, before a person is a salesperson, they must be hired, and then there may be
a set of events (a business process) to train the person on the characteristics of the firm’s
products. There could be a requirement that this training be done by a product manager; a person
that has been hired, has gone through salesperson training, has gone through a product training
process, and so on. Thus, there are a set of events which describe these many processes. The set
can be described as {e1, e2, e3 e4, e5, …, en}. These events, or occurrents, will take place at a
particular time, so each event must also have a subscript for time {e1t, e2t, e3t e4t, e5t, …, ent}. Hiring
a person to be a salesperson would include a proper subset of all the organization’s possible
events. The hiring function operates on this proper subset Fhiring (ea, eb, ec, …, em), i.e m<n. To test
whether Joe Jones was hired is to test whether the critical event3, em – the final event in the chain
of hiring events, has occurred. To test whether Joe was hired correctly is to determine whether
each of the events assigned to the Fhiring.Joe has an associated time; have all the events been
completed. From an evaluation of internal controls, the evaluation of whether hiring is designed
correctly (AS5’s process design (PCAOB, 2007)) is to determine that the Fhiring (ea, eb, ec, …, em)
includes all the necessarily events. For Joe to be a salesperson two critical events must have
occurred, i.e. the critical event for hiring and the critical event for salespersoning. Thus, these
critical events are sufficient to be a hired salesperson. To be hired and promoted to salesperson
correctly requires all the events in Fsalesperson.Joe(Fhiring.Joe(eat, ebt, ect, …, emt), ezt, eaat, ebbt, …, eqqt) to




3
  A critical event is that event which allows an accounting entry (McCarthy, Geerts, & Gal, The REA Ontology,
2019). For this discussion I have extended the definition to the more general case of an even which concludes a
business process. So, entry of Joe Jones in the table of current employees is the critical event for hiring as Joe Jones
is now an employee.

                                                           225
have a time.45 In addition to the hiring function, there would also be a function which establishes
the process of creating the hiring function, and another which establishes the function which
establishes those responsible for creating this function, and so on. At any point in time in the
organization’s temporal self, different events will either have taken place or not. Because the
organization is different before and after any hiring process it has distinct temporally related
parts. As the whole organization does not exist completely at any point in time, it has only
components which persist through time (Lewis, 1986).

         There are two main theories about objects as the traverse time. Endurantists consider
objects as wholly existing three-dimensionally. In contrast Perdurantists consider objects to be
four-dimensional with subsets existing at each moment (Balashov, 1999; Hales, 2003; Merricks,
1999). It would seem that organizations map better to perdurantist objects. For our purposes, it
may not be necessary to come down completely on the side of either view, but we must consider
how to describe what aspects about the organization exists at each point in time. To say that an
organization exists requires a definition of what makes the organization exist or what exists
about an organization. An organization has a current state that is defined by the events which
occur at that state in time. Its state at time t changes to a new state at time t+1 based on the
events which are defined as those events which change the organization. While this might be
considered a circular definition, events which change the organization’s state are those which we
define as those events that change the state, it raises some issues to contemplate.

         The first issue concerns the consideration a current state. If we view an organization as a
                                                                                         𝑡
function of its events then its current state can be viewed as an integral: ∫0 𝑓(𝑒1 , 𝑒2 , 𝑒3 , … , 𝑒𝑛 ).
The events to be included are idiosyncratic just as is the definition of the organization. For
example, Campbell (1997) argued that organizations should be more socially responsible and
therefore should consider a broader group of stakeholders. This would result in more events
being considered as defining the organization’s current state. In contrast, Friedman (1970; 1962)
argued that organizations only social responsibility is to increase profits, and therefore other


4
  The subscript t could also have subscripts indicating, which is probably the case, that the events cannot happen at
the same time. For example, the event – Fill out employment form, must occur before the HR manager reads the
form.
5
  The hiring function could be called recursively as the person training Joe must have also been hired and trained,
and their trainer was hired and trained, and so on.

                                                         226
events are not necessary to define the current organization’s current state. Other events that
might be considered tangential by some would be considered central to others. The
predisposition of a buyer to purchase only products from vendors of a certain ethnicity could be
considered central to the current state of the organization, and certainly may impact the
company’s future buying events. This raises a second issue; the prediction of future states.

       If an organization wholly exists at time t, and is a constellation of the events which
brought it to point t, then it is appropriate to consider how it will get to time t+1. What will it
look like at t+2 and so on? From the perspective of internal controls, is it possible to that the
current state will lead to the collection of x amount of accounts receivable at t+1. Is it also
possible to predict that at time t+x the company will have an internal control breach? When
viewed as a function on all (relevant) events up to point t then the organization’s future state can
               𝑑𝑓
be viewed as        or as its organizational path.
               𝑑𝑡




                                         Figure 1 Expected Future States



       This organization path can be used to formulate a belief as to the potential for the
organization to reach a future state. For example, Figure 1 indicates that its path from the current
state, does not include a future state which where invoice #12112a is collected. It also indicates
that the organizational path does include a material breach of internal controls. This has always
been a question in internal control evaluation; When was it apparent that there was to be a

                                                     227
serious problem with internal controls? Organizations build elaborate event-based models which
predict problems with cash flows, but not internal control concerns.

        A final consideration concerns whether a control can be considered intrinsic versus
extrinsic to a process. An intrinsic explanation is one that appeals only to facts that are intrinsic
to the world and are independent of mathematical entities (Milne, 1986).6 The view of an
organization in terms of function of events allows for description of certain controls as being
intrinsic as future states are necessarily conditional on certain events. For example, for
organization A to create a car certain event (states) are necessary. It is not possible for a car to
be built if the events which deliver tires, engines, axles.,,, have not occurred. Thus any system
which produces a state where a car exists without these delivery states to have occurred is not
possible. It is an intrinsic fact about physical space that a car cannot be built if its components
do not occupy the same (or proximate) physical space. There other controls which are extrinsic
or not required by physical laws. For example, all the hiring events do not necessarily have to
take place for a person to become an employee. The application does not necessarily have to be
filled out or reviewed. There is only a sufficient state; they are provided access to areas of the
firm restricted to employees, for example. This distinction between intrinsic and extrinsic
controls or restricted states allows for evaluation of internal controls using different methods.
For violations of intrinsic controls, car created without components, then the system of capturing
information is flawed. In contrast violation of extrinsic controls, person hired without going
through the defined process, then the business process itself requires an examination.

3 Conclusion
        Researchers, auditors, managers, standard setters, etc. have attempted to develop
frameworks of internal controls which could be used to evaluate their quality. Internal controls
have at their core the restriction of future states of the organization. There future states are
achieved through events. Therefore, it is necessary to agree upon the universe of future events
which can impact the organization. Even if these future events are reduced to those that impact
financial position some questions still arise. A Universalist position would argue that there is a
Platonic form which can be used to compare the organization to what it should be. This paper


6
  Field (1980, p. 47) provides an example by considering geometric laws which are formulated on distance and are
intrinsic facts about physical space.

                                                       228
takes the nominalists’ viewpoint that an organization is not a universal and therefore this
comparison is entirely idiosyncratic. If we try to develop some universal model of controls we
are not only barking up the wrong tree, we are barking up a tree that does not exist.

References
Balashov, Y. (1999). Relativistic Objects. Noûs, 33(4), 644-662.

Campbell, A. (1997). Stakeholders: The Case in Favour. Long Range Planning, 446-449.

David, J. S. (1997). Three 'Events' That Define a REA Methodology for Systems Analysis,
       Design, and Implementation. Proceedings of the Annual Meeting of the American
       Accounting Association. American Accounting Association.

Denna, E., Cherrington, J., Andros, D., & Hollander, A. S. (1993). Event-Driven Business
       Solutions:Today's Revolution in Business and Information Technology. Homewood, IL:
       Irwin.

Field, H. H. (1980). Science Without Numbers:A Defence of Nominalism. Princeton: Princeton
       University Press.

Friedman, M. (1962). Capitalism and Freedom. Chicago, IL: The University of Chicago Press,
       Ltd.

Friedman, M. (1970, September). The Social Responsibility of Business is to Increase its Profits.
       New York: The New York Times Magazine.

Hales, S. D. (2003). Endurantism, Perdurantism and Special Relativity. Philosophical Quarterly,
       53(213), 524-539.

International Standards Organization (ISO/IEC). (2007). ISO/IEC 15944-4 - Information
       Technology - Business Operational View - Part 4: Business Transaction Scenarios -
       Accounting and Economic Ontology. Geneva, CH: International Standards Organization/
       International Electrotechnical Commission.

Lewis, D. (1986). On the Plurality of Worlds. Oxford: Basil Blackwell Ltd.

Merricks, T. (1999). Persistence, Parts, and Presentism. Noûs, 33(3), 421-438.


                                                229
Milne, P. (1986). Harty Field on Measurement and Intrinsic Explanation. The British Journal for
       the Philosophy of Science, 37(3), 340-346.

PCAOB. (2007). Auditing Standard No. 5 – An Audit of Internal Control Over Financial
       Reporting that is Integrated with an Audit of Financial Statements. Washington, DC:
       Public Company Accounting Oversight Board.

Sowa, J. F. (2000). Knowledge Representation: Logical, Pholosophical, and Computational
       Foundations. Pacific Grove, CA: Brooks/Cole.

Whitehead, A. N. (1920). The Concept of Nature. Cambridge: Cambridge University Press.




                                              230

</pre>