Conceptual model for online auditing

Aalst, Wil M. P. van der; Hee, Kees van; Werf, Jan Martijn E. M. van der; Kumar, Akhil; Verdonk, Marc

doi:10.1016/j.dss.2010.08.014

Cited by 73 publications

(36 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…It originates in explicitly stated regulations and can refer to the individual perspectives of a business process (control flow, data flow, organizational aspects) or a combination of several perspectives. We reviewed existing literature on compliance [4,15,9,14,21,36,19,33,35], collected the rules described in these papers, and categorized them. We found that a single rule usually is not concerned with only one perspective of a process, but with several perspectives.…”

Section: Compliance Rule Frameworkmentioning

confidence: 99%

“…We collected from literature [4,15,9,14,21,36,19,33,35] 55 compliance rules that concern the control flow perspective of a process, and classified them further into 15 categories; see Tab. 1.…”

Section: Control Flow Compliance Rulesmentioning

confidence: 99%

“…Because of tool support for conformance checking [8], we decided to formalize rules as parameterized Limits the occurrence or absence of a given event A within a scope. [4], [15], [9], [14], [21], [36], [33] Bounded Existence (6) Limits the number of times a given event A must or must not occur within a scope. [15], [14] Bounded Sequence (5) Limits the number of times a given sequence of events must or must not occur within a scope.…”

Section: Control Flow Compliance Rulesmentioning

confidence: 99%

“…[15], [33], [14], [36], [9], [19], [21], [4], [33] Chain Precedence (4) Limits the occurrence of a sequence of events A1, . .…”

Section: Control Flow Compliance Rulesmentioning

confidence: 99%

See 3 more Smart Citations

Where Did I Misbehave? Diagnostic Information in Compliance Checking

Ramezani

Fahland

Aalst

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Compliance checking is gaining importance as today's organizations need to show that operational processes are executed in a controlled manner while satisfying predefined (legal) requirements. Deviations may be costly and expose the organization to severe risks. Compliance checking is of growing importance for the business process management and auditing communities. This paper presents a comprehensive compliance checking approach based on Petrinet patterns and alignments. 55 control flow oriented compliance rules, distributed over 15 categories, have been formalized in terms of Petri-net patterns describing the compliant behavior. To check compliance with respect to a rule, the event log describing the observed behavior is aligned with the corresponding pattern. The approach is flexible (easy to add new patterns), robust (the selected alignment between log and pattern is guaranteed to be optimal), and allows for both a quantification of compliance and intuitive diagnostics explaining deviations at the level of alignments. The approach can also handle resource-based and data-based compliance rules and is supported by ProM plug-ins. The applicability of the approach has been evaluated using various real-life event logs.

show abstract

Section: Compliance Rule Frameworkmentioning

confidence: 99%

Section: Control Flow Compliance Rulesmentioning

confidence: 99%

Section: Control Flow Compliance Rulesmentioning

confidence: 99%

“…[15], [33], [14], [36], [9], [19], [21], [4], [33] Chain Precedence (4) Limits the occurrence of a sequence of events A1, . .…”

Section: Control Flow Compliance Rulesmentioning

confidence: 99%

See 2 more Smart Citations

Where Did I Misbehave? Diagnostic Information in Compliance Checking

Ramezani

Fahland

Aalst

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The omnipresence of execution data, coupled with process mining [1] techniques, allows the auditor to perform an audit on the whole business execution, rather than only sample-based [3,4,7,16]. However, boundaries are typically defined on the context data, and not solely based on the execution data [5,17].…”

Section: Context-aware Continuous Auditingmentioning

confidence: 99%

Context-Aware Compliance Checking

Werf

Verbeek

Aalst

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Organizations face more and more the burden to show that their business is compliant with respect to many different boundaries. The activity of compliance checking is commonly referred to as auditing. As information systems supporting the organization's business record their usage, process mining techniques such as conformance checking offer the auditor novel tools to automate the auditing activity. However, these techniques tend to look at process instances (i.e., cases) in isolation, whereas many compliance rules can only be evaluated when considering interactions between cases and contextual information. For example, a rule like "a paper should not be reviewed by a reviewer that has been a co-author" cannot be checked without considering the corresponding context (i.e., other papers, other issues, other journals, etc.). To check such compliance rules, we link event logs to the context. Events modify a pre-existing context and constraints can be checked on the resulting context. The approach has been implemented in ProM. The resulting context is represented as an ontology, and the semantic web rule language is used to formalize constraints.

show abstract

Automating Internal Controls Assessment

2020

Artificial Intelligence for Audit, Forensic Accounting, and Valuation

View full text Add to dashboard Cite

Conceptual model for online auditing

Cited by 73 publications

References 15 publications

Where Did I Misbehave? Diagnostic Information in Compliance Checking

Where Did I Misbehave? Diagnostic Information in Compliance Checking

Context-Aware Compliance Checking

Automating Internal Controls Assessment

Contact Info

Product

Resources

About