Author(s)

B. G. Raggad

Abstract

This paper furnishes an analytical model for the generation of a risk-driven financial assurance program capable of preventing, detecting, and responding to financial incidents (FAPG) for a general support system. Risk is defined in the paper as a basic belief assignment. The study reviews a single general support system with a known basic risk, integrating ids evidence and meta-evidence obtained from security management, in order to estimate the current system security risk position. The study shows the functioning of the FAPG, by generating a risk-driven financial assurance program, for a relatively small general support system in a firm in the financial services industry. This study is focused on financial incidents induced by Internet-based attacks but introduces a framework for further research. Keywords: financial assurance, Internet, risk, security, World Wide Web. 1 Background The story of financial fraud that affects consumers and firms is abundant in the literature. Forensic audits in general continue to indicate earnings overstated by millions if not billions of dollars in the United States. There is no doubt that corporate fraud in the United States has affected market values of firms, public pension funds, and consumer savings plans. Firms globally however continue to engage in a diversity of illegal and non-ethical accounting schemes. Effectiveness and timeliness of auditors in identifying fraud are of concern to industry internationally. It is important to discern what a firm can do if auditors fail to detect fraud. Is a computer information system capable of examining financial statements and detecting financial fraud? Efforts from investors and

Keywords

financial assurance, Internet, risk, security, World Wide Web.