Académique Documents
Professionnel Documents
Culture Documents
BRIEF
Solution Brief:
Applying Process
Mining in Audit
www.minit.io
Table The Need for Change 1
Benefits 1
Targeted audits 3
Business Rules 5
Segregation of Duties 7
Conclusion 9
About Minit 10
www.minit.io
The Need for Change
Audit Procedure is Past its Prime
For the last few decades, Audit has remained the same, often relying on Interviews, What-if analyses, and Design reviews
that review the intended but not necessarily the real process.
At its core, it is still based on the individual investigation of each legal entity. This approach is insufficient, compared to the
rapid advances in the way companies operate. At a time when companies are standardizing and centralizing their primary
business processes, this manual approach puts the business at a disadvantage and is rapidly becoming obsolete.
In contrast to other Computer Aided Audit Tools (CAATs), Process Mining provides an explicit process perspective. It allows
auditors to evaluate all events in a business process while it is still running. Auditors no longer need to rely on a small set of
samples to uncover violations, fraud, and malpractice.
Process Mining software can analyze a log with millions of events from the entire process within moments. Sophisticated
algorithms visualize the actual flow of the business process and help auditors identify compliance issues, process
inefficiencies, exceptions, unusual transactions, bottlenecks, deviations, weaknesses & risks. This allows auditors to gain
complete transparency into purchase-to-pay, order-to-cash, production and logistics processes.
Benefits
Companies can capitalize on the wealth of data available from their own business activities to help internal audit generate
valuable new insights and increase efficiency. Process Mining helps benchmark process execution and set the right focus
upfront for your audit and has its place from preparation to the reporting stage.
www.minit.io 1
REDUCE COMPLIANCE INCREASE SPEED HIGHER QUALITY
COSTS
Uncover hidden inefficiencies and Near real-time monitoring of business High precision and full transparency
bottlenecks to reduce compliance processes and fast access to insights of all running processes to ensure
costs, as well as the cost of auditing and root-cause analysis. every non-compliant process is
itself. caught.
www.minit.io 2
Targeted audits
Especially in large organizations audits are still performed based on a yearly audit plan. Conducting audits on a more targeted
basis helps to concentrate on higher-risk areas. But it also requires continuous data analysis and needs to be facilitated by
technology. Process Mining can be leveraged in the context of such a continuous monitoring infrastructure to do quick scans
and bring potential problems to attention to the forefront.
The use of Process Mining analysis makes it possible to control all the transactions in the system. In reviewing paid invoices,
an organization can use three-way and two-way matching to identify the ones that were registered outside tolerances
or entered directly into the accounts, taking into account the segregation of duties. Only a limited number of exceptions
should be investigated further, just enough to test the extent of the pollution and obtain substantive audit evidence (positive
assurance).
www.minit.io 3
P R O C E S S M I N I N G U S E D D U R I N G WA L K T H R O U G H S
Process Mining can be used to minimize time-consuming interviews and meetings with clients to understand their processes.
Process Mining gives an accurate and comprehensive picture of how processes are executed.
Often, different departments only know the part of the process that passes through their department and auditors need to
contact various people to get a relatively complete understanding of the entire process. Furthermore, during walkthroughs,
only very typical ways of performing a process are discussed and, in many cases, exceptions are not captured.
Using Process Mining, this step can be shortened, and the quality of walkthroughs can be drastically improved. An auditor
can see the overview of business processes executed in reality together with all the details and possible exceptions.
Process models discovered during walkthroughs can be used for better and smarter sampling. That is, cases that have higher
operational risk can be detected and used for further analysis.
Using Process Mining, in particular, conformance checking, the deviations from the desired process path or a compliance
rule can be detected. The entire population (100%) of historical data can be checked instead of limited analysis done on
sample data.
1. Invoice, issued by the supplier that is to become a part of Organization’s Accounts Payable once approved
2. Purchase Order created by Organization/Buyer
3. Goods/Service Receipt confirmed by the Recipient/Person responsible
The three-way match concept refers to the matching of these three documents in terms of quantity, price per unit, T&Cs, etc.
Once the three-way match validation reveals that the invoice is correct and all necessary approvals are obtained, then it can
be further processed for payment.
www.minit.io 4
T E ST I N G I N T E R N A L C O N T R O L S W I T H M I N I T:
1. Select 0% of Activities 2. Save as new View 3. Process compare the full process
and Paths with the 0%
OUTCOME
Business Rules
A set of pre-defined business rules can optimize and maximize procurement performance. A business rule is a set of specific
criteria that by its definition determine the behavior in a particular activity. For every activity, a decision point must be met in
order to be able to accomplish it. In case of specific activities, e.g., change of price per unit, quantity, etc. an approval from
the responsible person might be necessary.
www.minit.io 5
I D E N T I F Y C A S E S T H AT B Y PA S S A U T H O R I Z E P R I C E A D J U S T M E N T W I T H M I N I T:
OUTCOME
www.minit.io 6
I D E N T I F Y I N C O R R E C T P E R S O N S T H AT A U T H O R I Z E P R I C E A D J U S T M E N T
W I T H M I N I T:
OUTCOME
Segregation of Duties
Segregation of certain key duties is a fundamental element of internal controls. The primary idea of segregation of duties is
that no employee or group of employees should be in a position to commit and conceal mistakes or fraud in a business as
usual situation. The principal incompatible responsibilities which are to be segregated are:
1. Assets custody
2. Authorization of related transactions affecting those assets
3. Recording or reporting of related transactions
4. Execution of the transactions
A person with multiple functional roles has the opportunity to abuse powers. The pattern to minimize risk is to divide the
function into separate steps, each necessary for the function to work or for the power that enables that function to be abused
and assign each step to a different person or organization.
www.minit.io 7
TYPES OF SOD:
C H E C K I N G S E G R E G AT I O N O F D U T I E S ( S O D ) W I T H M I N I T
OUTCOME
www.minit.io 8
Five tips to kick-start the integration
Are you ready to explore Process Mining in internal audit?
These are five tips to get you started.
1. Get the data ready. Organizations have lots of data but do not underestimate the time and effort it takes to prepare the
data for analysis. And you need to build a statistical model.
2. Provide the skill set. The new technological reality requires new skills. To push the analysis to its limits, internal auditors
will need advanced skills – select a vendor who is ready to support your team and help you get started.
3. Select the right tool. Process Mining is not limited to one specific tool, but you do need software to perform it. Make sure
you select the right tool for your internal audit purposes.
4. Define workable tolerance levels. In Process Mining it is important to continuously check assumptions and expected
behavior against the defined tolerance levels. These levels will define where you need to deep-dive in the analysis, which
insights you will generate and which story you will reconstruct.
5. Manage expectations and impact. The new methodology will redefine the spectrum of internal audit. When you find
more exceptions to follow up on, because you focus your effort on the added value outside the tolerance levels, the quality
of audit will increase, but so will the time and the cost involved.
Conclusion
Process Mining technology now makes auditing cheaper and faster. As a result, there is time available to better examine and
understand anomalies. Such investigation did not take place in the past. However, continuous monitoring can also be seen
as continuous auditing; the auditor can provide input throughout the year so as to largely prevent surprises at the end of the
year. This clearly provides more added value and distinguishes the new approach from the old.
Process Mining offers a means to more rigorously check compliance and ascertain the validity and reliability of information
about an organization’s core processes. The objective analytical platform that Process Mining can create is also suited to
perform continuous and cost-effective monitoring of the processes and control procedures and to integrate new types of
analysis such as direct/indirect relationship analysis.
www.minit.io 9
ENSURE LOWER
COMPLIANCE COSTS
SIMPLIFY
OPERA- REDUCE
TIONS RISK
IMPROVE
M A I N TA I N CUSTOMER
SECURITY S AT I S -
FAC TION
ENHANCE
PROCESS IMPROVE
CONSIS- QUALIT Y
TENCY
About Minit
Minit is a robust enterprise-grade Process Mining software with a rich 360-degrees collection of dashboards and process
performance indicators. Minit can maximize the use of data analytics tools such as ACL. Get in touch with our team and
discover the fantastic difference Minit brings to the quality and efficiency of internal audit services at your organization.