Abstract

Abstract A rational risk assessment model, based on the reasoning of fuzzy set theory, is presented. The model would help managers assess risk exposure due to potential threats to internal control in a computer‐based accounting information system. Such risk assessment is essential in making appropriate decisions about establishing new internal control policies and procedures that may be necessary to protect the integrity and security of the information system. Copyright © 2004 John Wiley & Sons, Ltd.