A Framework for Internal Fraud Risk Reduction at IT Integrating Business Processes: The IFR² Framework

This paper aims to bridge a gap in the literature by investigating a continuous audit case for anticorruption. The evolution of technology can offer valuable opportunities to integrate legality checks and business processes that are consistent with the growing call to fight corruption at the institutional level. Since the last decade, researchers have proposed conceptual frameworks demonstrating the visible advantages of continuous auditing and data mining, but significant difficulties still exist in practice. This process has been implemented in only a few cases, and the lack of empirical studies implies a need for additional research on this topic. To fill this gap, we adopt the framework proposed by Chan and Vasarhelyi (2011) and identify success factors for the implementation of continuous auditing. For the analysis, we use the research methodology of a single case study and focus on the Italian company Acciai Speciali Terni Spa (AST), the only steelwork company in Europe that has been ISO 37001 certified. This study demonstrates the practical impact of continuous auditing and data mining on strategic risk control by empirically testing the Chan and Vasarhelyi (2011) framework for the specific issue of anticorruption. The results show that effective continuous auditing is centered on an integrative and change management approach and that strategic vision, risk mapping, and a no-corruption culture are among the most influential factors. The AST case demonstrates that technology is currently essential for supporting strategic risk control but only if it is integrated with consistent growth in organizational and managerial capabilities.

show abstract

“…Descriptive process mining requires manual decision-making over the final list of suspicious transactions (Jans et al, 2009).…”

Section: Resultsmentioning

confidence: 99%

Continuous auditing and data mining for strategic risk control and anticorruption: Creating “fair” value in the digital age

2020

View full text Add to dashboard Cite

show abstract

“…The numbers of fraud cases are shocking, with over one-third of all frauds detected indirectly by 'chance' (Jans, Lybaert, & Vanhoof, 2009). ACFE (2012) asserts that initially most frauds are detected through tips as compared to other methods.…”

Section: Fraud Detection Using Benford's Lawmentioning

confidence: 99%

Detecting Accounting Anomalies Using Benford’s Law: Evidence From the Malaysian Public Sector

Aris

Othman

Bukhori

et al. 2017

MAR

View full text Add to dashboard Cite

Fraud is an illegal activity that does not discriminate. It affects the global economy as well as all types of organizations. Surveys and reports by ACFE, Deloitte, KPMG and NFA confirmed that the public sector is more vulnerable to fraud compared to the private sector. Comments in the Auditor General’s (AG) Report 2012 concluded the same findings. Thus, with respect to fraud, detection, investigation, and preventive measures are extremely important. While anomalies or red flags act as indicators for the auditor, management and other responsible parties to investigate whether there is real fraud, auditing and statistics remain the two primary strategies for detecting fraud. Taking this perspective, Benford’s Law is an advanced digital analysis useful in uncovering anomalies. This paper evaluates 500 accounting data from public sector agencies in Malaysia using theFirst-Digit, Second-Digit, First-Two Digit, First-Three Digit and Last-Two Digit tests. Results show that Benford’s analysis is a credible analytical tool in identifying and detecting suspicious accounts for further scrutiny of fraud incidences in the public sector. This study represents an initial effort to derive a tool to monitor and detect potential fraud incidences or trends, thereby enabling organizations to curb tendencies toward fraud and thus pilot an initiative towards an effective management of fraud risk exposure.

show abstract

“…The assignment of the Audit Innovation Award [22] for the effective integration of process mining techniques in the internal auditing procedure and the rise of commercial products on the basis of process mining both underline the present deficits and the future benefits of detective process analysis tools in business risk management. In [27], Jans et al integrated process oriented data mining into their IFR 2 framework for fraud risk reduction whereas in [26] they explicitly included process mining (and discovery) techniques within the internal auditing of a procurement cycle in a financial institution. Besides introductory proposals highlighting the general use of process mining for auditing/security purposes [40,42], there is little academic work addressing the intersection of security analyzes within (internal and external) audits and process discovery.…”

Section: Introductionmentioning

confidence: 99%

On the exploitation of process mining for security audits

Accorsi

Stocker

Müller

2013

Proceedings of the 28th Annual ACM Symposium on Applied Computing

View full text Add to dashboard Cite

This paper reports on the potential of process mining as a basis for security audits of business process and corresponding business process management systems. In particular, it focuses on process discovery as a means to reconstruct process-related structures from event logs, such as the process' control flow, social network and data flows. Based on this information, security analysis to determine the compliance with security and privacy requirements can be automated.

show abstract

A Framework for Internal Fraud Risk Reduction at IT Integrating Business Processes: The IFR² Framework

Cited by 18 publications

References 36 publications

Continuous auditing and data mining for strategic risk control and anticorruption: Creating “fair” value in the digital age

Continuous auditing and data mining for strategic risk control and anticorruption: Creating “fair” value in the digital age

Detecting Accounting Anomalies Using Benford’s Law: Evidence From the Malaysian Public Sector

On the exploitation of process mining for security audits

Contact Info

Product

Resources

About