Alrefai, Abdulrahman. Audit focused process mining: the evolution of process mining and internal control. Retrieved from https://doi.org/doi:10.7282/t3-7zhk-y459
DescriptionProcess mining has been introduced as an auditing tool to aid auditors in examining the business processes effectively and efficiently. This dissertation will demonstrate in three essays how auditors can utilize process mining in their audits. Specifically, the focus of the dissertation and its contribution will be on applications of process mining to internal controls. The first essay develops a methodology that illustrates how process mining can be used to test internal controls to provide an overall risk assessment of the internal control system for a business process. Regulatory compliance requirements in the area of Internal Controls such as the Sarbanes Oxley Act force firms to report on the effectiveness of their internal controls. Auditors are required to assess the effectiveness of the firm’s internal control system and issue an opinion. Traditionally, auditors use qualitative methods to complete this process. However, this is far from an objectively efficient method to measure controls consistently and effectively. Moreover, considering the consequences of the failure to accurately measure the effectiveness of internal controls and assess its risk, auditors should be eager to embrace a more formal internal control assessment process with quantitative outcomes. This conceptual framework was tested on a set of data that relates to the procurement process obtained from a national not-for-profit organization. The results have found several internal controls to be lacking in different areas of the procurement process.
With the large number of transactions being executed on a daily basis, auditors are facing increasingly difficult challenges in detecting and investigating anomalies and exceptions. The second essay proposes a methodology that provides auditors with guidance on the use of process mining in conjunction with existing analytical procedures to identify exceptional transactions that would require further investigation. This solution allows auditors to focus on process instances that are likely to be considered high-risk, reduce the risk of failing to detect material misstatement, and enhance audit effectiveness. Furthermore, the identification and prioritization of such risky process instances help with the problems that result from population testing, such as information overload.
The third essay proposes a conceptual methodology that illustrates how a rule-based process mining technique can be used to provide continuous monitoring of controls for a business process. The periodic nature of auditing and monitoring creates a time-delay between the occurrence of important business events and the analysis of the events. Advances in technology provides opportunities to reduce the time delay between the occurrence and analysis of a business process event. By significantly reducing the time- delay, the created information becomes more valuable since it allows for additional management control and assurance activities. The conceptual framework is demonstrated using event logs from the procurement process obtained from a national not-for-profit organization. The continuous monitoring layer of the framework has the capability to detect and prevent multiple violations.