Audit and Remediation Strategies in the Presence of Evasion Capabilities

In this paper, we explore how to uncover an adverse issue that may occur in organizations with the capability to evade detection. To that end, we formalize the problem of designing efficient auditing and remedial strategies as a dynamic mechanism design model. In this setup, a principal seeks to uncover and remedy an issue that occurs to an agent at a random point in time and that harms the principal if not addressed promptly. Only the agent observes the issue’s occurrence, but the principal may uncover it by auditing the agent at a cost. The agent, however, can exert effort to reduce the audit’s effectiveness in discovering the issue. We first establish that this setup reduces to the optimal stochastic control of a piecewise deterministic Markov process. The analysis of this process reveals that the principal should implement a dynamic cyclic auditing and remedial cost-sharing mechanism, which we characterize in closed form. Importantly, we find that the principal should randomly audit the agent unless the agent’s evasion capacity is not very effective, and the agent cannot afford to self-correct the issue. In this latter case, the principal should follow predetermined audit schedules.

Funding: This work was supported by the Deutsche Forschungsgemeinschaft (German Research Foundation) [“Audit Schedules in the Presence of Concealing Effort”; Grant 387250733].

Supplemental Material: The computer code and data that supports the findings of this study and the online appendix are available within this article’s supplemental material at https://doi.org/10.1287/opre.2022.0289.