Process Mining of Event Logs: A Case Study Evaluating Internal Control Effectiveness

Abstract

SYNOPSISThis paper aims at adopting process mining to evaluate the effectiveness of internal control using a real-life event log. Specifically, the evaluation is based on the full population of an event log and it contains four analyses: (1) variant analysis that identifies standard and non-standard variants, (2) segregation of duties analysis that examines whether employees violate segregation of duties controls, (3) personnel analysis that investigates whether employees are involved in multiple potential control violations, and (4) timestamp analysis that detects time-related issues including weekend activities and lengthy process duration. Results from the case study indicate that process mining could assist auditors in identifying audit-relevant issues such as non-standard variants, weekend activities, and personnel who are involved in multiple violations. Process mining enables auditors to detect potential risks, ineffective internal controls, and inefficient processes. Therefore, process mining generates a new type of audit evidence and could revolutionize the current audit procedure.