How active learning and process mining can act as Continuous Auditing catalyst (original) (raw)
Related papers
Auditing 2.0: Using Process Mining to Support Tomorrow's Auditor
The term auditing refers to the evaluation of organizations and their processes. Audits are performed to ascertain the validity and reliability of information about these organizations and associated processes. This is done to check whether business processes are executed within certain boundaries set by managers, governments, and other stakeholders. For example, specific rules may be enforced by law or company policies and the auditor should check whether these rules are followed or not. Violations of these rules may indicate fraud, malpractice, risks, and inefficiencies. Traditionally, an auditor can only provide reasonable assurance that business processes are executed within the given set of boundaries. They check the operating effectiveness of controls that are designed to ensure reliable processing. When these controls are not in place, or otherwise not functioning as expected, they typically only check samples of factual data, often in the 'paper world'. However, today detailed information about processes is being recorded in the form of event logs, audit trails, transaction logs, databases, data warehouses, etc. Therefore, it should no longer be necessary to only check a small set of samples offline. Instead, all events in a business process can be evaluated and this can be done while the process is still running. The availability of log data and advanced process mining techniques enable a new form of auditing: Auditing 2.0. Surely, the availability of process mining techniques and the omnipresence of recorded business events will dramatically change the role of auditors.
Process-mining-enabled audit of information systems: Methodology and an application
Expert Systems with Applications, 2018
Current methodologies for Information Systems (ISs) audits suffer from some limitations that could question the effectiveness of such procedures in detecting deviations, frauds, or abuses. Process Mining (PM), a set of businessprocess-related diagnostic and improvement techniques, can tackle these weaknesses, but literature lacks contributions that address this possibility concretely. Thus, by framing PM as an Expert System (ES) engine, this paper presents a five-step PM-based methodology for IS audits and validates it through a case in a freight export port process managed by a Port Community System (PCS), an open electronic platform enabling information exchange among port stakeholders. The validation pointed out some advantages (e.g. depth of analysis, easier automation, less invasiveness) of our PMenabled methodology over extant ESs and tools for IS audit. The substantive test and the check on the PCS processing controls and output controls allowed to identify four major non-conformances likely implying both legal and operational risks, and two unforeseen process deviations that were not known by the port authority, but that could improve the flexibility of the process. These outcomes set the stage for an export process reengineering, and for revising the boundaries in the process flow of the PCS.
Process Mining of Event Logs in Auditing: Opportunities and Challenges
SSRN Electronic Journal, 2000
In this paper we discuss the value that process mining of event logs can provide to internal and external auditors. Process mining aims to extract knowledge from event logs recorded by an information system. What makes an event log such a unique and potentially invaluable resource for auditing is not only that it provides the auditor with more data to analyze, but also because that additional data is recorded automatically and independently of the person whose behavior is the subject of the audit. In other words, an event log helps achieve the classic audit principle of "four eyes", or in modern parlance, act as the equivalent of a surveillance camera, peering over the auditee"s shoulder. Until recently, the information contained in event logs was rarely used by auditors. In this paper is considered how process mining can add value to auditing, perhaps even to fundamentally transform it.
A Field Study on the Use of Process Mining of Event Logs as an Analytical Procedure in Auditing
The Accounting Review, 2014
There is a large body of accounting research literature examining the use of analytical procedures by auditors and proposing either new types of analytical procedures or more effective ways of implementing existing procedures. In this paper, we demonstrate—using procurement data from a leading global bank—the value added in an audit setting of a new type of analytical procedure: process mining of event logs. In particular, using process mining, we are able to identify numerous transactions that we consider to be audit-relevant information, including payments made without approval, violations of segregation of duty controls, and violations of company-specific internal procedures. Furthermore, these identified anomalies were not detected by the bank's internal auditors when they conducted their examination of that same data using conventional audit procedures, thus establishing the benefits of using process mining to complement existing audit methods. Process mining is a very diff...
Involvement of Business Roles in Auditing with Process Mining
E. Damiani et al. (Eds.): ENASE 2018, CCIS 1023, Springer, 2019
Acceptance of novel formal methods-based approaches by businesses depends on involvement of the existing (not imaginary) business roles in the process of their application. This paper presents an extension of frameworks for auditing with process mining with a series of participatory workshops involving three business roles: Business Expert, Audit Expert and IT specialist. Such workshops produce the necessary input to apply frameworks of auditing with process mining: normative business process, audit statements in a controlled natural language and the logs needed for mining of process instances that do not conform audit statements. The proposed extension of frameworks for auditing with process mining has been tested with two case studies of processes in different domains. The case studies show the need of participatory workshops, the percentage of possible audit automation, the advantages of using workshops and possible difficulties, and the types of artifacts needed to apply process mining for audit in organizations. The presented results can be used for expectation management of the businesses attempting an application of auditing with process mining.
On the exploitation of process mining for security audits
Proceedings of the 28th Annual ACM Symposium on Applied Computing, 2013
This paper reports on the potential of process mining as a basis for security audits of business process and corresponding business process management systems. In particular, it focuses on process discovery as a means to reconstruct process-related structures from event logs, such as the process' control flow, social network and data flows. Based on this information, security analysis to determine the compliance with security and privacy requirements can be automated.
A business process mining application for internal transaction fraud mitigation
Expert Systems with Applications, 2011
Corporate fraud these days represents a huge cost to our economy. In the paper we address one specific type of corporate fraud, internal transaction fraud. Given the omnipresence of stored history logs, the field of process mining rises as an adequate answer to mitigating internal transaction fraud. Process mining diagnoses processes by mining event logs. This way we can expose opportunities to commit fraud in the followed process. In this paper we report on an application of process mining at a case company. The procurement process was selected as example for internal transaction fraud mitigation. The results confirm the contribution process mining can provide to business practice. .be (M. Jans), j.m.e.m.v.d.werf@tue.nl (J.M. van der Werf), nadine.lybaert@uhasselt.be (N. Lybaert), koen.vanhoof@uhasselt.be (K. Vanhoof). 1 The remaining five elements concern investor needs for information, the alignment and support of the roles of various stake holders, the auditing profession, reporting and information quality.
Business process mining for internal fraud risk reduction: Results of a case study
2008
Corporate fraud these days represents a huge cost to our economy. Academic literature merely concentrates on the fight against external fraud, while internal fraud also represents a major problem. In this paper we discuss the use of process mining to reduce the risk of internal fraud. Process mining diagnoses processes by mining event logs. This way we can expose opportunities to commit fraud in the process design. We present a framework as a complement to the internal control framework of the COSO and apply this framework in a case company.
Process Mining: Auditing Approach Based on Process Discovery Using Frequency Paths Concept
ASM Science Journal
In the company environment, the management team is responsible for producing normative models. The normative model is considered a standard model that aims at auditing all business processes in the same context. In this regard, the audit operation encompasses four process mining activities, in a hybrid evaluation (offline and online), which are the detect, the check, the compare, and the promote activities. This is still well performed for structured business processes. Otherwise, complex processes may deviate from the initial defined normative model context. Indeed, the latter must be refined for more precise results. Therefore, the combination of human knowledge, control-flow discovery algorithms, and process mining activities is required. To this end, we present a technique for reducing the complexity of unstructured process models (Spaghetti process models) into structured ones (Lasagna process models). This framework outputs a refined normative model for improving the future Bu...
Fraud Audit Based on Visual Analysis: A Process Mining Approach
Applied Sciences, 2021
Among the knowledge areas in which process mining has had an impact, the audit domain is particularly striking. Traditionally, audits seek evidence in a data sample that allows making inferences about a population. Mistakes are usually committed when generalizing the results and anomalies; therefore, they appear in unprocessed sets; however, there are some efforts to address these limitations using process-mining-based approaches for fraud detection. To the best of our knowledge, no fraud audit method exists that combines process mining techniques and visual analytics to identify relevant patterns. This paper presents a fraud audit approach based on the combination of process mining techniques and visual analytics. The main advantages are: (i) a method is included that guides the use of the visual capabilities of process mining to detect fraud data patterns during an audit; (ii) the approach can be generalized to any business domain; (iii) well-known process mining techniques are us...