Process Mining Techniques in Internal Auditing: A Stepwise Case Study
Palavras-chave:
Process mining, Process Auditing, Conformance CheckingResumo
A business process is a sequence of activities organized in a logical way in order to produce a service or a product that is valued for a particular group of customers. Process auditing in corporate environment aims to assess the degree of compliance of processes and their controls. Due to the volume of information that needs to be analyzed in an audit job, auditing´s cost can be very high. We argue that process mining techniques have the potential to improve this activity, allowing the auditor to meet the short deadlines, as well as bringing greater value to the senior management and reliability in the service provided by the audit. The goal of this paper is to discuss, through a case study, how process mining techniques can optimize and bring agility to the verification of process model compliance against the process actually performed. With this approach, it will be possible to detect errors and/or failures in activities or controls of a running process. The main contribution of this paper is to describe a simple set of steps that could be applied by auditors and experts in order to get introduced and to obtain the first insights in the process mining area.
Downloads
Referências
Barboza, T.M., Santoro, F.M., Revoredo, K.C., Costa, R.M.E.M. (2019). Um Estudo de Caso da Mineração de Processos em Auditoria. SBSI'19: Proceedings of the XV Brazilian Symposium on Information Systems, article no. 32, pp. 1–8.
van der Aalst, W.M.P., van Hee, K.M., van der Werf, J.M., Verdonk, M. (2010). Auditing 2.0: using process mining to support tomorrow’s auditor. Computer 43(3), 90–93 (2010).
van der Aalst, W.M.P, Adriansyah, A., van Dongen, B.F. (2012). Replaying history on process models for conformance checking and performance analysis. WIREs Data Mining and Knowledge Discovery, 2(2), 182-192.
van der Aalst. (2016) Process Mining: Data Science in Action. Springer-Verlag Berlin Heidelberg.
van der Aalst., W.M.P, Reijers, H.A., Weijters, A.J.M.M., van Dongen, B.F., Medeiros, A.K.A.M., Verbeek, H.M.W. (2007). Business process mining: An industrial application. Information Systems, 32 (5), pp. 713-732.
van Dongen, B.F., Borchert, F. (2018) BPI Challenge 2018. Eindhoven University of Technology. Dataset: https://doi.org/10.4121/uuid:3301445f-95e8-4ff0-98a4-901f1f204972.
Stahl, C., van der Aalst, W.M.P. (2011) Modeling Business Processes: A Petri Net-Oriented Approach. MIT Press (MA).
Accorsi, R., Stocker, T. (2012). On the Exploitation of Process Mining for Security Audits: The Conformance Checking Case. ACM Symposium on Applied Computing, Pages 1709-1716.
Attie, W. (2007). Auditoria. 2. ed. São Paulo: Atlas.
Barnawi, A., Awad, A., Elgammal, A., Elshawi, R., Almalaise, A., Sakr, S. (2016). An antipattern-based runtime business process compliance monitoring framework. Framework 7(2), 551–572.
Bukhsh, F.A., Weigand, H., (2017). Compliance Checking of Shipment Request by Utilizing Process Mining Concepts: An Evaluation of Smart Auditing Framework, 2017 International Conference on Frontiers of Information Technology (FIT), Islamabad, pp. 235-240.
Corradini F., Marcantoni F., Morichetta A., Polini A., Re B., Sampaolo M. (2019) Enabling Auditing of Smart Contracts Through Process Mining. In: ter Beek M., Fantechi A., Semini L. (eds) From Software Engineering to Formal Methods and Tools, and Back. Lecture Notes in Computer Science, vol 11865. Springer, Cham.
Chiu, T, Jans, M. (2019) Process Mining of Event Logs: A Case Study Evaluating Internal Control Effectiveness. Accounting Horizons: September 2019, Vol. 33, No. 3, pp. 141-156.
Cunha, P.R., Klann, R.C., Rengel, S., Scarpin, J. (2010). Procedimentos de auditoria aplicados pelas empresas de auditoria independente de Santa Catarina em entidades do Terceiro Setor. Revista de Contabilidade e Organizações, 4(10), 65-85.
Dias, S.V.S. (2006). Auditoria de processos organizacionais. 2. ed. Rio de Janeiro: Atlas, v. 3000. 146p.
Dumas, M., La Rosa, M., Mendling, J., Reijers, H.A. (2013). Fundamentals of Business Process Management. Berlin: Springer Heidelberg.
Franco, H., Marra, E. (2000). Auditoria contábil. 3. ed. São Paulo: Atlas.
Gomes, M.A.C. (2000). Uma Contribuição à prevenção de fraudes contra as empresas. Tese de Doutoramento em Contabilidade. FEA/USP, São Paulo.
Günther C.W., van der Aalst W.M.P. (2007) Fuzzy Mining – Adaptive Process Simplification Based on Multi-perspective Metrics. In: Alonso G., Dadam P., Rosemann M. (eds) Business Process Management. BPM 2007. Lecture Notes in Computer Science, vol 4714. Springer, Berlin, Heidelberg.
Günther, C. W., & Rozinat, A. (2012). Disco: discover your processes. In N. Lohmann, & S. Moser (Eds.), Proceedings of the Demonstration Track of the 10th International Conference on Business Process Management (BPM 2012) (pp. 40-44). (CEUR Workshop Proceedings; Vol. 940). CEUR-WS.org.
Jans, M., Alles, M.G., Vasarhelyi, M.A. (2012). The case for process mining in auditing: Sources of value added and areas of application. International Journal of Accounting Information Systems 14 (1), 1-20.
Jans, M., Alles, M.G. Vasarhelyi, M.A. (2014) A Field Study on the Use of Process Mining of Event Logs as an Analytical Procedure in Auditing. The Accounting Review: September 2014, Vol. 89, No. 5, pp. 1751-1773.
Jans, M. (2019) Auditor Choices during Event Log Building for Process Mining. Journal of Emerging Technologies in Accounting: Fall 2019, Vol. 16, No. 2, pp. 59-67.
Jans, M., Hosseinpour, M. (2019) How active learning and process mining can act as Continuous Auditing catalyst. International Journal of Accounting Information Systems, Vol. 32, pp. 44-58.
Kogan, A., Mayhew, B.W., Vasarhelyi, M.A (2019) Audit Data Analytics Research—An Application of Design Science Methodology. Accounting Horizons: September 2019, Vol. 33, No. 3, pp. 69-73.
Lopes, G.N. (2015). Verificação e classificação de não conformidades de processos de negócios na indústria farmacêutica através de técnicas de mineração de processos, Dissertação de mestrado, Rio de Janeiro: UNIRIO.
Net, A.B., Solonca, D. (2007). Auditoria de sistemas informatizados. Palhoça: Unisul Virtual.
Oliveira, F.N. (1989). Técnicas de amostragem utilizadas pelos serviços de auditoria interna de empresas no Brasil – Um estudo de casos. Rio de Janeiro: Fundação Getúlio Vargas.
Riz, G., Portela, E.A., Loures, E.F.R. (2016). Análise de Conformidade na Área de Saúde com o Suporte da Mineração de Processos, Simpósio Brasileiro de Sistemas de Informação, pp. 52-59, Florianópolis, Santa Catarina, Brazil.
Roubtsova E., Wiersma N. (2019) Involvement of Business Roles in Auditing with Process Mining. In: Damiani E., Spanoudakis G., Maciaszek L. (eds) Evaluation of Novel Approaches to Software Engineering. ENASE 2018. Communications in Computer and Information Science, vol 1023. Springer, Cham.
Roubtsova, E. and Wiersma, N. (2018) A Practical Extension of Frameworks for Auditing with Process Mining. In Proceedings of the 13th International Conference on Evaluation of Novel Approaches to Software Engineering. Vol.1, pp. 406-415.
Rozinat, A., van der Aalst, W.M.P. (2008). Conformance checking of processes based on monitoring real behavior. Information Systems, 33(1), 64-95.
Sadiq, S., Governatori, G., Namiri, K. (2007). Modeling control objectives for business process compliance. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 149–164.
Santos, R.C. (2014). Um modelo de apoio à tomada de decisão para análise de similaridade e unificação de processos de negócio, Rio de Janeiro. COPPE - UFRJ.
Werner, M. (2019) Materiality Maps – Process Mining Data Visualization for Financial Audits. Proceedings of the 52nd Hawaii International Conference on System Sciences. Manoa, USA.