66 Pages Posted: 31 May 2012
Date Written: September 30, 2011
Due to the stimulus from SOX as well as increasing use of computer-mediated workflows, automated methods for auditing internal control procedures are in increasing demand. Here we present a model checking technique for exhaustively analyzing internal control procedures to detect control weaknesses based on a specified set of control principles. We presume the control procedure to be represented in a computational format. Indeed, a computational version of the procedure currently in operation in the company may be directly accessible from the organization’s ERP and/or workflow system. By using logic-programming based pattern matching combined with model checking techniques we are able to identify sequences of actions in the procedure where the specified control principles are violated. Sample executions from our prototype system are included to demonstrate computational feasibility.
Keywords: Business Procedures; Pattern Recognition, Internal Control Evaluation, Petri-Net Modeling
Suggested Citation: Suggested Citation
Chen, Kuo Tay and Lee, Ronald Marlin and Nguyen, Vu Hoang, Pattern Directed Auditing of Business Procedures: A Logic Programming, Model Checking Approach (September 30, 2011). Available at SSRN: https://ssrn.com/abstract=2070759 or http://dx.doi.org/10.2139/ssrn.2070759