Mieke Jans

A business process mining application for internal transaction fraud mitigation

Corporate fraud these days represents a huge cost to our economy. In the paper we address one specific type of corporate fraud, internal transaction fraud. Given the omnipresence of stored history logs, the field of process mining rises as an adequate answer to mitigating internal transaction fraud. Process mining diagnoses processes by mining event logs. This way we can expose opportunities to commit fraud in the followed process. In this paper we report on an application of process mining at a case company. The procurement process was selected as example for internal transaction fraud mitigation. The results confirm the contribution process mining can provide to business practice.

Internal fraud risk reduction: results of a data mining case study

Corporate fraud represents a huge cost to the current economy. Academic literature has demonstrated how data mining techniques can be of value in the fight against fraud. This research has focused on fraud detection, mostly in a context of external fraud. In this paper, we discuss the use of a data mining approach to reduce the risk of internal fraud. Reducing fraud risk involves both detection and prevention. Accordingly, a descriptive data mining strategy is applied as opposed to the widely used prediction data mining techniques in the literature. The results of using a multivariate latent class clustering algorithm to a case companys procurement data suggest that applying this technique in a descriptive data mining approach is useful in assessing the current risk of internal fraud. The same results could not be obtained by applying a univariate analysis.

The case for process mining in auditing: Sources of value added and areas of application

Process mining aims to extract knowledge from the event logs maintained by a companys ERP system. The objective of this paper is to make the case for why internal and external auditors should leverage the capabilities process mining offers to rethink how auditing is carried out. We do so by identifying the sources of value added of process mining when applied to auditing, which are as follows: 1. process mining analyzes the entire population of data and not just a sample; 2. critically that data consists of meta-data—data entered independently of the actions of auditee—and not just data entered by the auditee; 3. process mining allows the auditor to have a more effective way of implementing the audit risk model by providing effective ways of conducting the required walkthroughs of processes and conducting analytic procedures; 4. process mining allows the auditor to conduct analyses not possible with existing audit tools, such as discovering the ways in which business processes are actually being carried out in practice, and to identify social relationships between individuals. It is our argument that these sources of value have not been fully understood in the process mining literature, which has focused on developing it as a statistical methodology rather than on applying it to audit practice. Only when auditors and audit researchers appreciate what is new and unique about process mining will its acceptance in auditing practice become feasible.

A Process Deviation Analysis – A Case Study

Processes are not always executed as expected. Deviations assure the necessary flexibility within a company, but also increase possible internal control weaknesses. Since the number of cases following such a deviation can grow very large, it becomes difficult to analyze them case-by-case. This paper proposes a semi-automatic process deviation analysis method which combines process mining with association rule mining to simplify the analysis of deviating cases. Association rule mining is used to group deviating cases into business rules according to similar attribute values. Consequently, only the resulting business rules need to be examined on their acceptability which makes the analysis less complicated. Therefore, this method can be used to support the search for internal control weaknesses.

Does Process Mining Add to Internal Auditing? An Experience Report

In this paper we report on our experiences of applying business process mining in a real business context. The context for the application is using process mining for the purpose of internal auditing of a procurement cycle in a large multinational financial institution. One of the targeted outcomes of an internal audit is often the reporting on internal controls over financial reporting (ICFR), since this reporting is mandatory for Sarbanes-Oxley regulated organisations. Our process mining analyses resulted in more identified issues concerning ICFR than the traditional auditing approach. Issues that were identified using process mining analysis concerned violations of the segregation of duties principle, payments without approval, and violations of company specific internal procedures.

A Process Deviation Analysis Framework

Process deviation analysis is becoming increasingly important for companies. This paper presents a framework which structures the field of process deviation analysis and identifies new research opportunities. Application of the framework starts from managerial questions which relate to specific deviation categories and methodological steps. Finally a general outline to detect high-level process deviations is formulated.

Process Mining in Auditing: From Current Limitations to Future Challenges

In the first book on process mining, Wil van de Aalst densely defines the goal of process mining “to use event data to extract process-related information”, like automatically discovering a process model by observing events that are recorded by some information system. This definition is broad, since it addresses the mining of all processes that are supported by an information system, revealing the wide range of possible applications of process mining. With the growing of the digital universe, the recording of events reaches new heights all the time. Given this omnipresence of recorded events and hence the large amount of possibilities to apply process mining, a well-defined focus on an application field is essential. Auditing is such a field. The auditor functions as an independent examiner of financial statements to give reasonable assurance on the accuracy of these statements. That way, the auditor provides ‘trust’ to shareholders and other third parties related to the audited organization. This trust is a crucial element of the economic system.

Retrieving batch organisation of work insights from event logs

Abstract Resources can organise their work in batches, i.e. perform activities on multiple cases simultaneously, concurrently or intentionally defer activity execution to handle multiple cases (quasi-) sequentially. As batching behaviour influences process performance, efforts to gain insight on this matter are valuable. In this respect, this paper uses event logs, data files containing process execution information, as an information source. More specifically, this work (i) identifies and formalises three batch processing types, (ii) presents a resource-activity centered approach to identify batching behaviour in an event log and (iii) introduces batch processing metrics to acquire knowledge on batch characteristics and its influence on process execution. These contributions are integrated in the Batch Organisation of Work Identification algorithm (BOWI), which is evaluated on both artificial and real-life data.

From Relational Database to Event Log: Decisions with Quality Impact

This paper addresses the topic of ‘Remediation approaches for event log quality assurance’. The assumption of having readily minable event logs is often not fulfilled. This paper addresses, from an end-user’s perspective, the quality issues that arise when an event log needs to be built from a relational database. The decisions that are taken when building the event log, have an impact on the quality of the event log. Namely, these decisions impact the suitability of an event log for the planned analyses. The goal of this paper is to provide an overview of the decisions that impact the quality of the event log, along with a realistic running example. Based on this overview of decisions, a procedure is presented. This procedure provides guidance to build the event log in a conscious manner, taking into account all the decisions and their impact on quality. This work relates to other studies on how to build an event log from relational databases, but puts more emphasis on how the technical decisions have a direct impact on the analyses of the practitioner that will use the event log afterwards.

Making Compliance Measures Actionable: A New Compliance Analysis Approach

Process mining can be used to measure the compliance between the actual behavior and the designed process. Traditionally, a single figure expressing the overall process compliance has only limited value to managers trying to improve their processes. This article proposes a new compliance methodology which first clusters the event log into homogeneous groups of event traces and then computes the compliance degree for each cluster separately. Additionally, each cluster is profiled by means of case information, which allows the discrimination between less and more compliant parts of the process. The benefits of this new compliance methodology in a business context are illustrated by means of a case study.