A quality internal control system has been seen as a remedy for various corporate governance issues. Two pieces of legislation, the Foreign Corrupt Practices Act (FCPA) and the SarbanesOxley Act (SOX) deal with very different corporate governance issues, but each argue for a similar remedy. Both the FCPA and the SOX legislation argue that improved (or proper) internal controls are necessary to root out bribery of foreign officials, in the case of the FCPA, and (in the case of SOX) to support the accurate preparation of financial statements. An issue that has yet to be resolved is that the quality of internal control systems is subject to subjective assessments of the internal control deficiencies and their impact. This paper presents a mathematical model of internals controls based on Gӧdel number of axioms. This results in the representation of quality internal controls in terms of an integer. This approach also allows for inferences about financial statements and various auditing judgements.
Two pieces of legislation, the Foreign Corrupt Practices Act (FCPA) (US Congress, 1977) and the Sarbanes
Oxley Act (SOX) [
Each step (business event) can have various controls applied to it, which should ensure that the event
provides correct information to the system, and that the system provides reliable information. Srinidhi and
Vasarhelyi [
This conceptualization of the company can be represented with axioms which describe the events and the parties that execute these events. An employee type is defined in terms of attributes a1 to an.2 These values for attributes are inserted via a business event which is defined in Equations 2 & 3.
(∀() ⊃ (∃!(!) Ù !(, !)) ∧ :(∃"(") Ù "(, "); … :(∃#(#) Ù #(, #)); ℎ
Where critical attribute # is not Null, i.e. to be a “Cashier” there is a critical event that transforms a non-cashier to a cashier and this event creates a valid value for #. A similar equation can define other objects, i.e. EventTypes and ResourceTypes, such as sales, cash receipts, raw materials, inventory receiving, etc. This would allow for a definition of not just the types of agents but also the economic events and the resources in the organization. In a well-controlled organization one of the numerous EmployeeTypes would be assigned responsibility for executing that particular business event. Therefore, for each EmployeeType a definition of the set of business events that they will be ResponsibleFor is also required.
∀() ⊃ (∃() ∧ (, )) 2 This formulation is based on frame representations from Brachman [6] and Hayes [7].
For each business event at MOF level 1, defined as those events for which an organization’s state changes, an instance of Equation 2 would be required. There would be a separate axiom for all business events defined in the organization. Not all business events insert a specific attribute. Some business events update attributes, i.e. change an employee’s name. Other business events simply view an attribute, i.e. a store manager that is responsible for approving credit may view a credit limit. This means that an axiom is required to represent the possible changes to an attribute. Equation 3 depicts the Alters axiom which defines the relationship between a business event and a particular attribute. Where V = View, C = Change or update, I = Insert, & D = Delete) come from the database operations enumerated by Tsichritzis & Lochovsky (1982, p. 63). The entire set of attributes define each object from the numerous attributes included in Equation 1, so each attribute will have at least one Alters axiom (an Insert) associated with it. In addition, there will also be other instances of Equation 3, describing BusinessEvents which View, Change, and Delete an attribute. These instances of Equation 3 combine with Equation 2 will define not only which EmployeeType can Insert a value for an attribute, but also which EmployeeType can view the attribute.
∀() ⊃ (∃(()∃() ∧ (, , ) ∧ ( = ∨ = ∨ = ∨ = ))
A fourth axiom, depicted in Equation 4, formulates the accountability hierarchy of the firm’s superiorsubordinate structure.
∀∃(()() ⊃ (, ))
Equations 2, 3, and 4 deal specifically with a critical component of effective internal controls, which is the development of an effective organizational structure that includes establishing appropriate roles for people in the organization [8]. Specifically, a perfectly controlled company has a definition of all the employee types, resource types, and event types (Eq 1). Each employee type is responsible for a specific set of business events (Eq 2). Each business event alters a specific attribute (Eq 3). Finally, each employee type is accountable to another employee type (Eq 4).
These equations now define (not name) what are the state changes (Eq 3) who is responsible for this state change (Eq 2), who is accountable for the individual making the state change, and finally the definition (in terms of attributes) the Resources, Events, and Agents (Eq 1). Using these equations, it is possible to define a perfectly-controlled company.
Kurt Gӧdel is recognized as being responsible for two incompleteness theorems [9]–[11]. While the substance of his theorems is beyond this paper, one step in his proofs becomes invaluable for representing and combining internal control axioms into a representation of a perfectly controlled firm. Gӧdel recognized that each component of an axiom can be represented as numbers and sequences of numbers. The EmployeeType axiom expressed in Equation 1 formulated for Cashiers can be converted to a Gӧdel number as shown in Figure 2. (∀(ℎ) ⊃ (∃() Ù !(ℎ, )) ∧ … 2x1 3x2 5x2 7x4 11x5 13x7 17x11 3x2 11x4 13x8
In the same manner all the other MOF level 1 internal control axioms can also be represented as an integer. This results in a definition of a complete set (or perfectly controlled firm) internal controls as an integer as follows: Complete Set of Internal Controls (CSIC) = ET*BE*RF*AC*……
Using a similar approach, a Gӧdel number for all distinct company types can be derived. For example, to determine the definition of a perfectly controlled retail company, the integer representing the axioms related to raw materials (hiring of raw material buyers, conversion processes, responsibility for vetting raw material vendors, and so on) would divided into the CSIC with the result being the CISCretail.
CISCretail= CISC/ Gӧdel number for raw material controls
Additionally, the control state for each company can also be determined as follows. The internal controls present in a company can be represented as a Gӧdel number. The following calculation would indicate whether the company being evaluated has the requisite controls.
Control difference = CISCa / Gӧdel number for target company
It is also important to examine the conclusions or inferences from these axioms to verify and formulate an understanding the ontology. The results of these inferences (or formulae) are obtained from initial formulae through a series of symbolic manipulations [12]. The examination of the inferences can also make it clear what aspects of the ontology’s domain are represented in the axioms.
Participation Eq 2 and Eq 3 Normalization
Eq 1 Salesperson
Sale PK(an) an+1 an+2 an+3 an+4 ... PK(an+800) an+801 an+802 an+803 an+804 an+805 an+806 ……..
an+x
Figure 4 defines the insideParticipate, the Economic Event (Sale) and the Economic Agent (Salesperson) from the Accountability Layer at the M1 level for the Revenue Cycle. The same process described in Figure 4 can be used to derive the other classes and associations of the REA ontology. The axioms can also be used to make conclusions about financial statement objects. Figure 5 shows the formulation of the financial statement balance for Cash. Similar inferences can be used to create balances for other balance sheet amounts. The income statement items can be inferred from the value for the events over a specific date range.
Inference Eq 1 Definition
Eq 3 Alters
Disbursement a1 e1 a2 e2 a3 e3 a4 e4 a5 e5 a6 ... a1000 e6 ... e1000 a1001 …….. e1001 …….. an en
This paper demonstrated that axioms can also be used to create both the classes and association of the REA ontology. Additionally, using the axioms can also infer the organizational economic units. These organizational units and the axioms can also infer whether other controls such as segregation of duties are present. These inferences are critical as they demonstrate that the axioms are equivalent to the REA Ontology and therefore the internal controls are also equivalent the ontology. Previous research has shown that different accounting numbers can be derived from various implementations which used the REA ontology as the framework for the database schema. By showing that the axioms can are integral to the ontology it can be concluded that any implementation that uses these axioms will also include these internal controls. Therefore, the REA ontology is a complete business ontology as it not only includes the objects and associations of the domain, but the internal controls.
[6] R. J. Brachman, “I Lied About the Trees or Defaults and Definitions in Knowledge Engineering,” AI
Magazine, vol. 6, no. 3, pp. 80–93, 1985. [7] P. J. Hayes, “The Logic of Frames,” in Readings in Artificial Intelligence, B. L. Webber and N. J.
Nilsson, Eds. Morgan Kaufmann, 1981, pp. 451–458. [8] Committee of Sponsoring Organizations of the Treadway Commission, “Internal Control - Integrated
Framework,” American Institute of Certified Public Accountants, Durham, NC, 2013. [9] K. Gӧdel, “On Formally Undecidable Propositions of Principia Mathematica and Related Systems,”
Monatshefte für Mathematik und Physik, vol. 38, pp. 173–198, 1931. [10] K. Gӧdel, On Formally Undecidable Propositions on Principia Mathematica and Related Systems.
New York, NY: Dover Publications, 1992. [11] J. van Heihenoort, From Frege to Gӧdel: A Source Book in Mathematical Logic 1879-1931. London
UK: Oxford University Press, 1967. [12] R. B. Braithwaite, “Introduction,” in On Formally Undecidable Propositions of Principia
Mathematica and Related Systems, New York, NY, USA: Dover Publications, 1992, pp. 1–32. [13] United States Congress, Foreign Corrupt Practices Act. 1977.