Process Mining enables auditors to detect potential risks, ineffective internal controls, and inefficient processes. Therefore, process mining generates a new type of audit evidence and could revolutionize the current audit procedure. In this execrise you should demostrate Process Mining to evaluate the effectiveness of internal controls, using a real-life event log.
Specifically, the evaluation should be based on the full population of an event log and should contain as a minimum four analyses: (1) Variant Analysis, which should identify standard and non-standard variants, (2) Segregation of Duties (SoD) analysis, which should examine whether employees violated segregation of duties controls, (3) Personnel Analysis, which should investigate whether employees are involved in multiple potential control violations, and (4) Timestamp Analysis, which should detect time-related issues, including weekend activities and lengthy process duration.
Results from this case study should indicate how Process Mining could assist auditors in identifying audit-relevant issues, such as non-standard variants, weekend activities, and personnel who are involved in multiple violations.