Table of Contents

Auditing 2.0 Using Process Mining to Support Tomorrow's Auditor

Wil M.P. van Aalst, Kees M. van Hee, Jan Martijn van Werf, and Marc Verdonk
IEEE Computer, Vol. 43, No. 3, Pages 90–93, March 2010


The term auditing refers to the evaluation of organizations and their processes. Audits are performed to ascertain the validity and reliability of information about these organizations and associated processes. This is done to check whether business processes are executed within certain boundaries set by managers, governments, and other stakeholders. For example, specific rules may be enforced by law or company policies and the auditor should check whether these rules are followed or not. Violations of these rules may indicate fraud, malpractice, risks, and inefficiencies. Traditionally, an auditor can only provide reasonable assurance that business processes are executed within the given set of boundaries. They check the operating effectiveness of controls that are designed to ensure reliable processing. When these controls are not in place, or otherwise not functioning as expected, they typically only check samples of factual data, often in the ‘paper world’. However, today detailed information about processes is being recorded in the form of event logs, audit trails, transaction logs, databases, data warehouses, etc. Therefore, it should no longer be necessary to only check a small set of samples offline. Instead, all events in a business process can be evaluated and this can be done while the process is still running. The availability of log data and advanced process mining techniques enable a new form of auditing: Auditing 2.0. Surely, the availability of process mining techniques and the omnipresence of recorded business events will dramatically change the role of auditors.

Download PDF (365 KB)

The online publication is available here