SIKS Master Class on Smart Auditing         March 21, 2012, Vught     Top Cycle MiningPhilip Elsas, ComputationalAuditing....
Introduction• Process mining is a technique that takes  business event logs as input and generates  a smart flow chart as ...
Process Mining• References  – Aalst, W. van der (2011). Process Mining:    Discovery, Conformance and Enhancement of    Bu...
Our Approach• Our approach is to strategically position  process mining for the cash-to-cash top cycle  by assessing and a...
• Owner-ordered auditing addresses understatement of profits:  whether revenues are understated and expenses are overstate...
Owner-ordered audit: to check management  to increase credibility that  profits arent understated                         ...
• In the owner-ordered audit tradition the auditor  determines completeness of profits using the  cash-to-cash top cycle• ...
Cash-to-cash top cycle                         8
Top cycle represented as a smart flow chart:transaction, or flow, as a box with adjacent arrows (active),state or stock as...
Top cycle represented as matrices withquantitative aspects (prices & volumes) andqualitative aspects (authorizations by   ...
Top cycle represented as a set of equations with the primaryaudit direction per equation parameter in an owner-ordered aud...
$0           +    $30 * (900+100)   -     $0      => $27,000+$3,000               $0           +    $30 * (900+100)   -   ...
Economic substance of the businesscan be represented by a‘Web of equations’which inevitably includes:   ‘stocks’ and ‘flow...
The complete ‘web of equations’ is indispensableto compose an ‘audit plan’,for all the ‘stocks’ and ‘ flows’.Main question...
The analysis in owner-ordered auditing starts with:testing sales for understatementEquation:Inv[B] + Pur – Inv[E] → SalesB...
The analysis should be pursued for all equations,and there is no need to audit any item, in eitherB/S or P&L, for both und...
The International Standards on Auditing (ISA’s)do not specify audit plans.However, they require that all items in the acco...
One specific challenge in every audit:Equation: Inv[B] + Pur – Inv[E] → Salesis right in terms of quantities (of goods or ...
Mapping out the cash-to-cash top cycle enablesthe auditor to perform:‘comprehensive coherence testing’ (CCT)extensively de...
But: CCT does not discover ‘shop in the shop’:Entire cycle of purchases, sales, payments andreceipts fraudulently omitted ...
System Logging in Our             Approach• Information System (IS) server software is  developed with built in logging ca...
Benefits of the approach• Uses existing logs as a baseline• Allows a critique of existing controls when  combined with the...
Example: Database server logging• Access logging  – Logs data about connections to a data base server:    time stamp, dura...
Full Coverage of Loggings       Access log      Write-ahead log                            24
Logs Mapped to Matrix                        25
Assessment with Top Cycle:     Partial Coverage                             26
Partial CoverageMapped to Matrix                   27
Assessment Part 1Absent logged measures can be corrected in oneof two ways:    1) Increase logging levels and have the    ...
Assessment Part 2• Problems in qualitative design of the system  of segregation of duties would be discovered  by setting ...
http://www.promtools.org/prom5/                                  30
Mining the top cycle business process                                        31
Concluding remarks• Based on existing logs in appropriate segregation of  duties an organization may already be very close...
Upcoming SlideShare
Loading in …5
×

Top Cycle Mining

755 views

Published on

Process mining for top cycle based auditing.

Published in: Business, Economy & Finance
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
755
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
4
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Top Cycle Mining

  1. 1. SIKS Master Class on Smart Auditing March 21, 2012, Vught Top Cycle MiningPhilip Elsas, ComputationalAuditing.com Hans Blokdijk, Limperg Institute Robert Nehmer, Oakland University 1
  2. 2. Introduction• Process mining is a technique that takes business event logs as input and generates a smart flow chart as output• The business case for process mining: – Automatically generated flow chart – Flow chart is not documentation-only 2
  3. 3. Process Mining• References – Aalst, W. van der (2011). Process Mining: Discovery, Conformance and Enhancement of Business Processes. Springer Verlag, Berlin (ISBN 978-3-642-19344-6). – Jans, M., van der Werf, J.M., Lybaert, N., Vanhoof, K. (2011) A business process mining application for internal transaction fraud mitigation, Expert Systems with Applications, 38 (10), 13351-13359 – http://www.processmining.org/ 3
  4. 4. Our Approach• Our approach is to strategically position process mining for the cash-to-cash top cycle by assessing and assuring completeness of loggings• The cash-to-cash cycle is central in the integrated owner-ordered and management-ordered audit approach – To Be modality (Soll) – As Is modality (Ist) 4
  5. 5. • Owner-ordered auditing addresses understatement of profits: whether revenues are understated and expenses are overstated As an owner you want assurance that management, who you entrusted your money, is not making profits while keeping parts of it unstated, since profits are the basis of your dividends and stock quotation• Management-ordered auditing addresses overstatement of profits As management you want to attract investment capital by increasing your credibility that the profits you state are all real, not overstated, and so you hire the independent auditor to provide this assurance• Managements illegitimate interest (overstating or understating profits) determines the direction of the audit from a market-driven value-adding perspective 5
  6. 6. Owner-ordered audit: to check management to increase credibility that profits arent understated OwnersMoney-inflow formanagementmaximize equity Management Money-inflow for owners long-term ROI Potential Owners Management-ordered audit: to attract new investors to increase credibility that profits arent overstated 6
  7. 7. • In the owner-ordered audit tradition the auditor determines completeness of profits using the cash-to-cash top cycle• Quantitative: enterprise-level spanning reconciliation checks (also known as: comprehensive coherence tests): central norm connecting: - ‘buy side’ and ‘sell side’ transaction volumes - generated ‘gross profit’ margins• Qualitative: enterprise-level segregation of duties: non-identical and preferably opposite interests in top cycle logging locations 7
  8. 8. Cash-to-cash top cycle 8
  9. 9. Top cycle represented as a smart flow chart:transaction, or flow, as a box with adjacent arrows (active),state or stock as a circle (passive) 9
  10. 10. Top cycle represented as matrices withquantitative aspects (prices & volumes) andqualitative aspects (authorizations by agents/departments: S,B,F,D,C,W) 10
  11. 11. Top cycle represented as a set of equations with the primaryaudit direction per equation parameter in an owner-ordered audit:overstatement (overlining in dark orange color) orunderstatement (underlining in light orange color) 11
  12. 12. $0 + $30 * (900+100) - $0 => $27,000+$3,000 $0 + $30 * (900+100) - $0 => $27,000+$3,000 0 + 900+100 - 0 => 900+100 0 + 900+100 - 0 => 900+100 $0 + $18,000+$2,000 - $0 => $20 * (900+100) $0 + $18,000+$2,000 - $0 => $20 * (900+100) $0 + $27,000+$3,000 - $9,000+$1,000 => $18,000+$2,000 $0 + $27,000+$3,000 - $9,000+$1,000 => $18,000+$2,000 recording + omitted recording reality + omitted reality 12unstated revenues, spanning reconciliation checks & detectability
  13. 13. Economic substance of the businesscan be represented by a‘Web of equations’which inevitably includes: ‘stocks’ and ‘flows’ outside of the basic cash-to-cash top cycle, such as transactions regarding: - fixed assets; - financing; - general expenses. 13
  14. 14. The complete ‘web of equations’ is indispensableto compose an ‘audit plan’,for all the ‘stocks’ and ‘ flows’.Main question:Should a particular ‘stock’ or ‘flow’ be tested- for: overstatement,- or: understatement?Requires different auditing techniques. 14
  15. 15. The analysis in owner-ordered auditing starts with:testing sales for understatementEquation:Inv[B] + Pur – Inv[E] → SalesBut then, testing Sales for understatement means:testing Inv[E] for overstatement! 15
  16. 16. The analysis should be pursued for all equations,and there is no need to audit any item, in eitherB/S or P&L, for both under- and overstatement.The general result is:test all debits for overstatements (assets inthe B/S and expenditures in the P&L),andtest all credits for understatements (liabilities inthe B/S and revenues in the P&L). 16
  17. 17. The International Standards on Auditing (ISA’s)do not specify audit plans.However, they require that all items in the accountsare tested both for over- and understatements.But this does not generally require two differenttests on an item:if a debit is tested for overstatement, thecorresponding credit is implicitly tested foroverstatement as well!Double-entry bookkeeping. 17
  18. 18. One specific challenge in every audit:Equation: Inv[B] + Pur – Inv[E] → Salesis right in terms of quantities (of goods or services),not in terms of money, like all the other equations!The difference: ‘Gross Profit’,which is to be audited for understatement.Main challenge to be solved in every audit. 18
  19. 19. Mapping out the cash-to-cash top cycle enablesthe auditor to perform:‘comprehensive coherence testing’ (CCT)extensively described in‘Reflections on Auditing Theory’, chapter 3(Kluwer Bedrijfswetenschappen,Limperg Instituut, 1995). 19
  20. 20. But: CCT does not discover ‘shop in the shop’:Entire cycle of purchases, sales, payments andreceipts fraudulently omitted from the accountingrecords.To be prevented by segregation of duties.Mapping out the top cycle enables the evaluationof internal controls. 20
  21. 21. System Logging in Our Approach• Information System (IS) server software is developed with built in logging capabilities and default log levels• Log levels specify the amount of details logged• The IS function uses logs to help control day-to-day operations and maintenance• Auditors can mine existing logs for audit evidence in our approach 21
  22. 22. Benefits of the approach• Uses existing logs as a baseline• Allows a critique of existing controls when combined with the top cycle approach• IS personnel are already familiar with logging and require little or no additional training 22
  23. 23. Example: Database server logging• Access logging – Logs data about connections to a data base server: time stamp, duration, user ID, table accessed, etc. This data can be used to test separation of duties and appropriate access from the audit perspective.• Write-ahead logging – Logs transaction details for transactions still in volatile areas of the system. Used to recover data in case of system failure but can be mined for transaction details. This data can include purchase cost, direct labor, and overhead details. 23
  24. 24. Full Coverage of Loggings Access log Write-ahead log 24
  25. 25. Logs Mapped to Matrix 25
  26. 26. Assessment with Top Cycle: Partial Coverage 26
  27. 27. Partial CoverageMapped to Matrix 27
  28. 28. Assessment Part 1Absent logged measures can be corrected in oneof two ways: 1) Increase logging levels and have the built in logging capture the measures 2) Write a custom system to capture the measures• In either case, costs are determinable and comparable with the value of the missing measures 28
  29. 29. Assessment Part 2• Problems in qualitative design of the system of segregation of duties would be discovered by setting expectation for access to the database and that necessary transactions are occurring.• The logs can be checked to make sure these access points exist and are being routinely used. 29
  30. 30. http://www.promtools.org/prom5/ 30
  31. 31. Mining the top cycle business process 31
  32. 32. Concluding remarks• Based on existing logs in appropriate segregation of duties an organization may already be very close to boost audit power by process mining• Additionally required logging detail or additional segregation of duties is systematically identified using the cash-to-cash top cycle from the proven owner-ordered audit tradition 32

×