A Stochastic Model of the Internal Control System
The primary purpose of incorporating a set of internal controls in the financial information system is to enhance the system's reliability-i.e., to maintain a high probability of preventing, detecting, and eliminating errors, irregularities, and fraud in the financial information system. The demonstrated reliability of the system provides evidence as to the quality of the output of the system. It is well accepted that the effectiveness of internal controls must be taken into account in determining the extent and nature of the audit procedures appropriate in a given examination.' The more reliable the system, the less extensive the tests the auditor need conduct. Recognizing this inverse relationship between effectiveness of internal control and audit scope, the American Institute of CPAs requires all auditors to initially evaluate the reliability of internal controls as a matter of audit standards.2 Recently, the Committee on Auditing Procedures of the AICPA released several statements on the subject of internal controls which re-emphasize the importance of the study of their reliability.3 But, despite this emphasis, the auditor currently does not possess a means to objectively evaluate the reliability of the internal control system. Conventionally, the auditor uses questionnaires, flow charts, and tests of transactions for evaluation pur-