SOLUTION

BRIEF

Solution Brief:
Applying Process
Mining in Audit

www.minit.io
Table The Need for Change 1

Audit Procedure is Past its Prime 1

of Contents Trends leading to innovative IT-driven audit approach 1

Audit Innovation through Process Mining 1

Benefits 1

The fit with Auditing 2.0. 2

Audit the actual process reality 2

Test entire data populations 2

Make control processes visible 2

Targeted audits 3

Improve auditing process 3

Add value by delivering business insight 3

The Process Mining Audit Approach in Practice 3

Process Mining use in Different Audit Stages 3

Use Case: Auditing Procure-to-Pay Process with Minit 4

Three Way Match 4

Business Rules 5

Segregation of Duties 7

Five tips to kick-start the integration 9

Conclusion 9

About Minit 10

www.minit.io
The Need for Change
Audit Procedure is Past its Prime
For the last few decades, Audit has remained the same, often relying on Interviews, What-if analyses, and Design reviews
that review the intended but not necessarily the real process.

At its core, it is still based on the individual investigation of each legal entity. This approach is insufficient, compared to the
rapid advances in the way companies operate. At a time when companies are standardizing and centralizing their primary
business processes, this manual approach puts the business at a disadvantage and is rapidly becoming obsolete.

Trends leading to innovative IT-driven audit approach

Companies today are increasingly employing IT systems to support business processes end-to-end. Instead of simply
keeping a record of accounts, purchasing, sales, and finance in an ERP system, modern businesses are automating entire
accounting procedures. They have also started to incorporate eCommerce into their processes and utilize e-shops and
other online tools to communicate with customers and suppliers. Centralization of different IT systems also makes it possible
to integrate large parts of a company at a scale that was previously inconceivable.

Audit Innovation through

Process Mining
Current IT systems contain highly detailed records about the execution of processes – event logs. Process Mining analyses
these event logs to create an accurate visual reconstruction of business processes in the organization.

In contrast to other Computer Aided Audit Tools (CAATs), Process Mining provides an explicit process perspective. It allows
auditors to evaluate all events in a business process while it is still running. Auditors no longer need to rely on a small set of
samples to uncover violations, fraud, and malpractice.

Process Mining software can analyze a log with millions of events from the entire process within moments. Sophisticated
algorithms visualize the actual flow of the business process and help auditors identify compliance issues, process
inefficiencies, exceptions, unusual transactions, bottlenecks, deviations, weaknesses & risks. This allows auditors to gain
complete transparency into purchase-to-pay, order-to-cash, production and logistics processes.

Benefits
Companies can capitalize on the wealth of data available from their own business activities to help internal audit generate
valuable new insights and increase efficiency. Process Mining helps benchmark process execution and set the right focus
upfront for your audit and has its place from preparation to the reporting stage.

www.minit.io 1
REDUCE COMPLIANCE
COSTS
Uncover hidden inefficiencies and
bottlenecks to reduce compliance
costs, as well as the cost of auditing
itself.
INCREASE SPEED
Near real-time monitoring of business
processes and fast access to insights
and root-cause analysis.
HIGHER QUALITY
High precision and full transparency
of all running processes to ensure
every non-compliant process is
caught.

The fit with Auditing 2.0.

Process Mining fits into new trends such as continuous auditing where the use of technology plays a key role. The
Process Mining based audit approach focuses the audit explicitly on exceptions in routine processes. Besides efficiency
gains, experience has shown that the Process Mining Audit approach creates more added value, enabling collaboration
with the organization in identifying opportunities for business improvement.

Audit the actual process reality

Today’s business processes are supported by IT solutions that are too complex to understand but also record detailed
information about the execution of processes. Process Mining can be used to make the actual process (transaction) flows
visible by automatically reconstructing the process from data and by evaluating IT audit trails.

Test entire data populations

To improve effectiveness in search for errors or unusual transactions internal audit should test entire data populations
automatically. Process Mining techniques can be used to verify the compliance with rules (e.g., segregation of duty constraints)
or prescribed procedures based on the actual process execution records.

Make control processes visible

Built-in controls such as authorization steps are usually reviewed on a design level. For example, there are tools that verify
whether people currently have conflicting access roles that may put the organization at risk (but not whether there are
conflicting roles at different points in time). An automatic mining of the control processes can help to audit the effectiveness
of these controls by making visible when these built-in controls take place, who performed them, when controls lead to
rejection, etc.

www.minit.io 2
Targeted audits
Especially in large organizations audits are still performed based on a yearly audit plan. Conducting audits on a more targeted
basis helps to concentrate on higher-risk areas. But it also requires continuous data analysis and needs to be facilitated by
technology. Process Mining can be leveraged in the context of such a continuous monitoring infrastructure to do quick scans
and bring potential problems to attention to the forefront.

Improve the auditing process

To improve the efficiency and quality of the auditing process itself, there are several tools that support the auditor’s workflow
and make sure that all tasks are done, and found issues are resolved. By analyzing the logs of these audit support systems,
one can go a step further and evaluate the efficiency and quality of the audit process objectively.

Add value by delivering business insight

Internal auditors are independent of the operational side and often report directly to the CEO of the company. But although
their role is also to monitor the efficiency of operations, actual business insight is usually only delivered on an ad-hoc basis.
Process Mining can be used to detect bottlenecks and other inefficiencies in the actual business processes, which can then
be shared with the relevant stakeholders to expand the overall value of the audit function.

The Process Mining Audit

Approach in Practice
A Process Mining audit approach is very efficient and effective. It is efficient because maximum use is made of automated
controls and segregation of duties. Its effectiveness is due to the exposure of non-segregated duties and/or poorly functioning
controls by means of data analysis.

The use of Process Mining analysis makes it possible to control all the transactions in the system. In reviewing paid invoices,
an organization can use three-way and two-way matching to identify the ones that were registered outside tolerances
or entered directly into the accounts, taking into account the segregation of duties. Only a limited number of exceptions
should be investigated further, just enough to test the extent of the pollution and obtain substantive audit evidence (positive
assurance).

Process Mining use in Different Audit Stages

Process Mining can be used during different stages of the audit:
1. during walkthroughs
2. used as a basis for sampling
3. used for compliance checking

www.minit.io 3
P R O C E S S M I N I N G U S E D D U R I N G WA L K T H R O U G H S

Process Mining can be used to minimize time-consuming interviews and meetings with clients to understand their processes.
Process Mining gives an accurate and comprehensive picture of how processes are executed.

Often, different departments only know the part of the process that passes through their department and auditors need to
contact various people to get a relatively complete understanding of the entire process. Furthermore, during walkthroughs,
only very typical ways of performing a process are discussed and, in many cases, exceptions are not captured.

Using Process Mining, this step can be shortened, and the quality of walkthroughs can be drastically improved. An auditor
can see the overview of business processes executed in reality together with all the details and possible exceptions.

PROCESS MINING USED FOR SAMPLING

Process models discovered during walkthroughs can be used for better and smarter sampling. That is, cases that have higher
operational risk can be detected and used for further analysis.

PROCESS MINING USED FOR COMPLIANCE CHECKING

Using Process Mining, in particular, conformance checking, the deviations from the desired process path or a compliance
rule can be detected. The entire population (100%) of historical data can be checked instead of limited analysis done on
sample data.

Use Case: Auditing Procure-to-Pay

Process with Minit

Three Way Match

The purpose of using the three-way match procedure is to avoid performing the payment of incorrectly issued or even
fraudulent invoices. This verification technique ensures that a supplier invoice is valid. In this process, three documents are
involved:

1. Invoice, issued by the supplier that is to become a part of Organization’s Accounts Payable once approved
2. Purchase Order created by Organization/Buyer
3. Goods/Service Receipt confirmed by the Recipient/Person responsible

The three-way match concept refers to the matching of these three documents in terms of quantity, price per unit, T&Cs, etc.
Once the three-way match validation reveals that the invoice is correct and all necessary approvals are obtained, then it can
be further processed for payment.

www.minit.io 4
T E ST I N G I N T E R N A L C O N T R O L S W I T H M I N I T:

1. Select 0% of Activities 2. Save as new View 3. Process compare the full process
and Paths with the 0%

OUTCOME

◻ Cases that bypass three-way match internal controls are identified

Business Rules
A set of pre-defined business rules can optimize and maximize procurement performance. A business rule is a set of specific
criteria that by its definition determine the behavior in a particular activity. For every activity, a decision point must be met in
order to be able to accomplish it. In case of specific activities, e.g., change of price per unit, quantity, etc. an approval from
the responsible person might be necessary.

www.minit.io 5
I D E N T I F Y C A S E S T H AT B Y PA S S A U T H O R I Z E P R I C E A D J U S T M E N T W I T H M I N I T:

1. Click on the path between

the Adjust PO to Send Final PO

2. Create a sequence filter

3. Add attribute filter on Price
deviation greater than 10%

4. In details select Role in attributes

OUTCOME

◻ Only procurement in the 2 cases above 10%

www.minit.io 6
I D E N T I F Y I N C O R R E C T P E R S O N S T H AT A U T H O R I Z E P R I C E A D J U S T M E N T
W I T H M I N I T:

1. Create filter discounts larger than 10%

2. Go to Details and select Role to see who approved them

OUTCOME

◻ Three different groups – Head of Procurement, Head of Accounting, Accounting Team

Segregation of Duties
Segregation of certain key duties is a fundamental element of internal controls. The primary idea of segregation of duties is
that no employee or group of employees should be in a position to commit and conceal mistakes or fraud in a business as
usual situation. The principal incompatible responsibilities which are to be segregated are:
1. Assets custody
2. Authorization of related transactions affecting those assets
3. Recording or reporting of related transactions
4. Execution of the transactions

A person with multiple functional roles has the opportunity to abuse powers. The pattern to minimize risk is to divide the
function into separate steps, each necessary for the function to work or for the power that enables that function to be abused
and assign each step to a different person or organization.

www.minit.io 7
TYPES OF SOD:

◻ sequential separation (two signature principle)

◻ Individual separation (four eyes principle)
◻ Spatial separation (separate action in separate locations)
◻ Factorial separation (several factors involved from above or others)

C H E C K I N G S E G R E G AT I O N O F D U T I E S ( S O D ) W I T H M I N I T

Go to filters – create conflict of interest filter

a) 1st activity – Approve Invoice
b) 2nd activity – Payments
c) Both events equal value – Role

d) Go to details and Role to see the result

OUTCOME

◻ 5 times Head of Accounting approved both

www.minit.io 8
Five tips to kick-start the integration
Are you ready to explore Process Mining in internal audit?
These are five tips to get you started.

1. Get the data ready. Organizations have lots of data but do not underestimate the time and effort it takes to prepare the
data for analysis. And you need to build a statistical model.

2. Provide the skill set. The new technological reality requires new skills. To push the analysis to its limits, internal auditors
will need advanced skills – select a vendor who is ready to support your team and help you get started.

3. Select the right tool. Process Mining is not limited to one specific tool, but you do need software to perform it. Make sure
you select the right tool for your internal audit purposes.

4. Define workable tolerance levels. In Process Mining it is important to continuously check assumptions and expected
behavior against the defined tolerance levels. These levels will define where you need to deep-dive in the analysis, which
insights you will generate and which story you will reconstruct.

5. Manage expectations and impact. The new methodology will redefine the spectrum of internal audit. When you find
more exceptions to follow up on, because you focus your effort on the added value outside the tolerance levels, the quality
of audit will increase, but so will the time and the cost involved.

Conclusion
Process Mining technology now makes auditing cheaper and faster. As a result, there is time available to better examine and
understand anomalies. Such investigation did not take place in the past. However, continuous monitoring can also be seen
as continuous auditing; the auditor can provide input throughout the year so as to largely prevent surprises at the end of the
year. This clearly provides more added value and distinguishes the new approach from the old.

Process Mining offers a means to more rigorously check compliance and ascertain the validity and reliability of information
about an organization’s core processes. The objective analytical platform that Process Mining can create is also suited to
perform continuous and cost-effective monitoring of the processes and control procedures and to integrate new types of
analysis such as direct/indirect relationship analysis.

www.minit.io 9
 ENSURE LOWER
COMPLIANCE COSTS

SIMPLIFY
OPERA- REDUCE
TIONS RISK

IMPROVE
M A I N TA I N CUSTOMER
SECURITY S AT I S -
FAC TION

ENHANCE
PROCESS IMPROVE
CONSIS- QUALIT Y
TENCY

About Minit
Minit is a robust enterprise-grade Process Mining software with a rich 360-degrees collection of dashboards and process
performance indicators. Minit can maximize the use of data analytics tools such as ACL. Get in touch with our team and
discover the fantastic difference Minit brings to the quality and efficiency of internal audit services at your organization.

Discover more at www.minit.io