Towards Automated Analysis of Business Processes for Financial Audits - PDF

Please download to get full document.

View again

of 15
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Information Report
Category:

Gadgets

Published:

Views: 21 | Pages: 15

Extension: PDF | Download: 0

Share
Related documents
Description
Towards Automated Analysis of Business Processes for Financial Audits Michael Werner 1, Nick Gehrke 2, and Markus Nüttgens 1 1 University of Hamburg, Germany {michael.werner,
Transcript
Towards Automated Analysis of Business Processes for Financial Audits Michael Werner 1, Nick Gehrke 2, and Markus Nüttgens 1 1 University of Hamburg, Germany {michael.werner, 2 NORDAKADEMIE, Elmshorn, Germany Abstract. Financial audits play a significant role in the economy by safeguarding the correctness of published financial information. Public auditors face the challenge to audit financial statements that are created by increasingly integrated and complex information systems. This paper addresses a specific problem in the auditing process. A major challenge in this process is the analysis and audit of business processes that produce financial entries. We illustrate results from applying business process mining techniques to extensive test and real life data and discuss gained insights from the application for the development of automated business process analysis methods in the context of financial audits. Keywords: Process Mining, Financial Audits, Business Process Analysis 1 Introduction Financial audits play a significant role in modern economies. Companies publish financial statements in order to inform relevant stakeholders. For preventing misinformation of the addressees financial statements are subject to audits that are mandated by law and specified in regulatory requirements. The audits are carried out by public auditors who follow specific audit approaches for planning and executing their audits. Audit standards require that auditors consider and test relevant business processes during the audit [1]. The requirement derives from the assumption that well controlled transaction processing will lead to valid entries on the balance sheet and profit and loss statements. When business transactions are carried out in a correct and controlled manner they will most likely lead to complete and accurate journal entries. With increasing integration of the execution of business processes in information systems and the accompanied progress in automation of transaction processing it becomes more and more challenging to audit these processes. Contemporary audit approaches take into account the relevance of business processes, supporting information systems and internal control frameworks, but they basically rely on manual audit procedures to analyze and test them. The manual procedures primarily include interviews for obtaining information and manual test activities for evaluating relevant controls. With increasing integration of information systems for supporting and auto th International Conference on Wirtschaftsinformatik, 27 th February 01 st March 2013, Leipzig, Germany mating transaction processing audit activities like interviews and manual audit activities become inefficient or even ineffective due to the increasing complexity and the mere volume of processed transactions [2]. An alternative would be the application of automated analysis and audit procedures as a business intelligence tool that supports the auditor in the auditing process. [3] conceptually illustrate how process mining methods can be combined with automated application control testing methods for designing automated audit methods. A requisite for such a development are methods that allow an automated analysis of business processes. The analysis results can then be used for automated testing purposes. When information systems are used to support or automate the transaction processing they also provide information that can be used for an automated analysis. By using process mining techniques [4] and specific mining algorithms for financially relevant business processes [5] executed process instances can be mined, reconstructed and analyzed. In this paper we focus on the aspect of automated analysis. We apply an existing mining algorithm for financially relevant business processes to test data and real life data. The aim of this research is to evaluate which insights can be derived by analyzing the application of the implemented algorithm. We statistically analyze the mined business processes instances that are reconstructed from the available data to identify which further research and improvement is needed on the path towards automated analysis methods. We start with an illustration of related work in section two, followed by a brief description of the applied research methodology in section three. The mined process instances are represented as Petri nets. The used representation, the chosen mining method and the experimental setup are explained in section four. Section five provides the results from analyzing the process instances that were mined from the test and real life data. A discussion of the gained results and an illustration of identified limitations followed by a brief summary and conclusion close the paper. 2 Related Work Of particular interest for the research laid out in this paper are publications from the field of process mining. Research on process mining started in the late 1990s by [6] and has gained extensive attention in the last decades. Significant research work has been published by van der Aalst et al. leading to a comprehensive basic publication on process mining that covers major aspects of the research domain [4]. From a financial accounting and auditing perspective requirements are outlined in relevant audit standards. The major international standard setting body is the International Auditing and Assurance Standards Board (IAASB) which publishes the International Standards on Auditing (ISA). The ISA 315 (Revised) Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment outlines the requirement to consider business processes and related internal controls in order to assess the risk for material misstatement (ISA ) [1]. 376 The role of information systems for accounting is well researched but few authors address the role of information systems in the context of auditing. [7] describes techniques to audit enterprise resource planning (ERP) systems, but the exploitation of information that is available in information systems for the purpose of automated analyses is a relatively novel field of research as illustrated by [8]. Specific research on process mining for auditing purposes has gained increased attention over the last two to three years. [9] offers an overview of current limitations and future challenges of process mining in the context of audits whereas [10] illustrates opportunities of online auditing. [11 13] focus on fraud and outline possibilities of process mining for fraud detection and auditing thereby highlighting the potential of process mining as a new toolkit for internal audits. [5], [14] developed a mining algorithm that is able to exploit the structure of financial journal entries for the purpose of process mining in the context of financial audits. [15] Further introduce automated audit methods for testing application controls in ERP systems. [2], [3] finally conceptually describe how process mining techniques for financially relevant business processes can be combined with methods for automated control testing. For the purpose of the research work of this paper we implemented the mining algorithm introduced by [5], [4]. Their mining technique includes the extraction of financially relevant information of journal entry values that are relevant for the purpose of auditing. An alternative approach is used by [16]. They provide an interesting case study about the examination of mined instances of a procurement process. Their approach differs from the research presented in this paper as they actually perform a deviation analysis of the mined process instances with a manually evaluated ideal process. They base their analysis on a predefined set of process instances. The aim of the research work illustrated in this paper does not focus on providing a case study for auditing mined business processes but intends to reveal general possibilities and limitations to discover and analyze business processes from event log data without further knowledge of the underlying processes in the context of financial audits. As illustrated in [3] the ultimate aim is to develop methods that show which processes are mirrored in the available logs and how they affect the financial statements. For analyzing mined process instances these need to be modeled in a purposeful modeling language. [17] Suggest using a BPMN representation for mined process instances in the context of financial audits. Although BPMN process models might be easier to interpret for end users we have chosen Petri nets as a modeling language for the research presented in this paper. On the one hand a broad variety of the aforementioned research work from the field of process mining relies on Petri nets as the choice of modeling language [18]. And referring to Petri nets opens up the opportunity to incorporate these already existing research results and techniques for the purpose of mining and analyzing. On the other hand Petri nets have a mathematical foundation and offer a formal graphical notation. These characteristics allow the development of sophisticated analysis methods. They therefore constitute the preferred modeling language for the research outlined in this paper. In the context of this paper we primarily refer to the publications of [19] and [20] concerning the theoretical foundation for the application of Petri nets. 377 3 Research Methodology The research presented in this paper follows a design science approach [21 23]. A common critic in the academic arena refers to the perceived lack of rigor concerning design science oriented research. In order to address this aspect we have obtained extensive test and real life data for testing the designed artifacts. Actually the key aspect of this paper is to illustrate the results of evaluating already designed methods against this data. The illustrated work follows a research process as suggested by [23] consisting of the phases analysis, design, evaluation and diffusion. The requirements for an adequate representation and modeling of mined processes were investigated by considering specific, already existing literature [17] and by analyzing available test and real life data. The used mining methods were engineered [24] by assembling parts of already available methods and by developing new concepts where no adequate solutions were available yet. 1 The analysis results and requirements for further development constitute the primary outputs produced in the research process that is laid out in this paper. The engineered methods were implemented in a software prototype for evaluation purposes. We rigorously tested the software artifact with test and real life data in order to validate it against the relevant research questions addressed by the research work [25]. The content of this article discusses the results and insights that have been generated by applying the designed methods to this voluminous data. 4 Representation and Experimental Setup [5] Introduced a simple, deterministic and unsupervised mining algorithm that is suitable for extracting data from information systems and for reconstructing executed process instances. When using process mining in the context of financial audits it is necessary to mine information that is relevant from an audit perspective and to ensure that the received information precisely reflects the executed transactions. Financial transactions in ERP systems create journal entries when they are executed. The chosen algorithm exploits the open-item-accounting structure of journal entries that can be used to link transactions to a process instance. 2 Journal entries consist of an accounting document and at least two entry items that are posted as credits and debits. When open-item-accounting is enabled each cleared item has a reference to the accounting document that cleared it. The algorithm starts with an arbitrary journal entry and reconstructs the links between journal entries that cleared each other. It matches the events in the event log to cases that represent process instances. 3 The original mining algorithm produced directed graphs representing the mined process instances. We extended the mining algorithm with a function for mapping the 1 The engineering of the applied methods is not part of this paper. Details are available in [5]. 2 The open-item-accounting is a fundamental concept of the double-entry bookkeeping which needs to be supported by every information system used for double-entry bookkeeping. 3 Compared to other mining algorithms like the α-algorithm [4] the implemented algorithm does not rely on the temporal ordering of events but on their logical structure. 378 mined cases to Petri nets and implemented it in a software artifact. The software prototype was written in Java using the Java NetBeans IDE [26]. It provides functionality to export Petri net models in different data formats for visual representation. The open source software Renew [27] was used for verifying that the software artifact reconstructs reachable and therefore correct Petri nets. The yed Graph Editor [28] was used for graphical representation and automatic layout of mined process instances. Figure 1 displays a colored Petri net (CPN) model of a reconstructed process instance. The example shows an instance of a purchasing process. Executed transactions are modeled as rectangles (Petri net transitions). The journal entry items produced by executing the transactions are modeled as circles (Petri net places). The places are colored by the account number according to the account the item was posted to. Two different types of connections are possible between transactions and journal entry items. A dotted arrow (Petri net arc) means that a transaction has posted the connected journal entry item. A dotted line (Petri net test arc) illustrates that a journal entry item was cleared by the connected transaction. Arc inscriptions play a significant role. They denote the values that are associated to the connection between transactions and journal entry items. Each transition is accompanied by a start place containing a token colored with the original document number of the journal entry. They are connected to the corresponding transaction with a simple arrow (Petri net arc). This actually leads to an enabled CPN that mimics the behavior of the originally executed process instance. The example in Figure 1 shows that a transaction for receiving goods (MB01) was processed by user 2. It led to entries on the raw material account (310000) and on the goods received / invoices received account (191100) with the amount of 17, The invoice for these received goods were processed (MR1M) and a payment run (F110) executed that cleared the items posted by the MR1M transactions. The FB1S transaction was executed for clearing the items that were created by MB01 and MR1M. [ ] [ ] [ ] [ ] MB01 User [ ] [ ] [ ] [ ] [ ] FB1S MR1M [ ] [ ] [ ] [ ] [ ] [ ] User 1 User F110 User [ ] [ ] [0.00] [0.01] [ ] [536.24][80.44] Fig. 1. Example of a Reconstructed Purchase Process Instance For applying the mining algorithm the necessary data of the executed process instances was extracted from the available ERP systems. The setup of the experiment includ- 379 ing conducted activities, involved software modules and input and output for each activity is illustrated in Figure 2. The relevant data was extracted by using a configurable extraction module. It retrieves the event log from the ERP system by extracting data from relevant database tables. The usage of a separate module provides the benefit that only the extraction component needs to be adjusted when data is extracted from different ERP systems. The mining algorithm operates independently from the underlying data structure of the individual ERP systems. The extraction module loads the extracted data into an event log database that can be accessed by the mining module. The mining module matches events in the log to cases, reconstructs executed instances and provides functionalities for analyzing them. It also produces output files in different formats (Extensible Graph Modeling Language (XGML) and Petri Net Markup Language (PNML)) that can be imported into subsequent software for verification (Renew) and graphical presentation (yed Graph Editor) purposes. The reconstructed instances are modeled as Petri nets and stored as separate data objects in the mining module. Input ERP Data Event Log Process Instances Process Instances Activity Data Extraction Mining Verification Representation Output Software Components Event Log Process Instances Petri Nets Extraction Module Mining Module Renew Petri Nets yed Fig.2. Experimental Setup We used three different data sets for analysis. The first set was extracted from the SAP IDES test system. The test system is available for universities participating in the SAP University Alliance Program [29]. Postings in ERP systems are stored as data entries with information relating to the whole posting (journal entry) and the single entries that were posted to different accounts (journal entry items). The data set contained 115,060 journal entries and 419,106 journal entry items. 81,171 process instances could be reconstructed by executing the implemented mining algorithm. The data set included all transaction data that was available in the test system covering a period of 17 years. The second data set was extracted from a SAP system of a retail company. The set included the data of all executed transactions but only for a time period of one year. The volume of 92,487 journal entries and 222,901 related journal entry items that can be traced back to 40,130 process instances over just one year illustrates the high amount of transactions that are processed in real life environments. This observation becomes even more evident for the third data set. It originated from a SAP system of a manufacturing company in the health sector. It contains 1,764,773 journal entries and 7,395,434 journal entry items. 1,035,805 process instances could be reconstructed using the mining algorithm. Table 1 provides an overview of the different data sets. 380 Table 1. Overview of Data Sets Data Set #1 #2 #3 SAP IDES Retail Manufacturing Number of journal entries 115,060 92,487 1,764,773 Number of journal entry items 419, ,901 7,395,434 Number of process instances 81,171 40,130 1,035,805 Covered period 17 years 1 year 1 year 5 Mining Results Analysis The mining and reconstruction of process instances from the available data sets provide the basis for analyzing the created Petri net models. The aim of this analysis is the identification of patterns that might help in further improvement of the mining algorithm, the gaining of insights concerning which further research is needed for developing automated analysis methods that can be applied in real life scenarios, and what kind of limitations for developing such methods might exist. The following sub-sections illustrate results from statistical analyses of the mined process instances for all three used data sets. Due to place restrictions we limit the presentation of results to those aspects that we consider relevant for the aforementioned aim. 5.1 Distribution of Net Size Figures 3, 4 and 5 show the distribution of the number of process instances over the number of net elements with logarithmic scaling on the x- and y-axes for the different data sets. 4 Net elements include transitions, places and arcs. The number of net elements gives an impression of the size and complexity of a process instance. The charts illustrate that the distribution of the number of net elements over the number of instances exhibit the same pattern for all data sets. Only very few instances consist of very many net elements. The vast majority of instances consist of relatively few net elements. Table 2 provides an overview of specific characteristic values of the distributions. The sh
Recommended
View more...
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks
SAVE OUR EARTH

We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

More details...

Sign Now!

We are very appreciated for your Prompt Action!

x