European Journal of Business and Management

This study examines a mathematical model to determine the timing and consequently volume of transactions to be audited in a continuous audit system to detect potentially fraudulent transactions. The interactions between the audit system and a potential fraudster are modeled as Continuous Time Markov Chain and the transition probabilities from one state to another are determined using game theoretic approach. We believe that such a model has the potential to be deployed in an audit system to detect potentially fraudulent or malicious transactions. In this research, the information system is modeled as a continuous time Markov chain (CTMC), where the transition from one state to another occurs due to actions of a person with malicious intent. The present state of the system depends only on the past state. At each state, the fraudster can either continue with the next step in the fraud or can cease and desist from the fraud. The interaction between the actions of the audit module and fraudster is modeled as a two-player simultaneous zero-sum game and the probability of transition from one state to another is derived from the payoff table. This payoff will be decided by the outcome of a game theoretic model. A sensitivity analysis showed that when an organization has strong anti-fraud controls, the probability of fraud decreases and the need for frequent audit decreases. The limitations of the model are that, the game theory model assumes a zero-sum game where the payoffs are known and certain.

Keywords: Continuous Audit Systems, Game Theory, Audit Timing, Fraud prevention, Sensitivity analysis.