How Process Mining can help IA upgrade to Ver 4.0
Traditionally, Internal Audits have been identified as guardians of Risk Management, Governance and Internal control procedures. Prima facie, the Internal Audit function used the maturity levels of documented policies & procedures, recording & reporting environments, control validations and training of these procedures for providing assurance. While these principles were well suited to the earlier versions of the business environment, the technological advancements including the recent digital disruption has led to a complete shift in the way the business operations are carried out.
ERP installations integrating the business processes, by default
Standard Transaction Systems with in-built controls and validations
Automated statutory/tax compliances while conducting transactions
Integrated CRM Applications/Digital apps recording process failures and complaints for immediate attention
Secured Access to Transactions/Information based on the Network environment
Secure Cloud based data warehouse as one source of data consolidation and reporting
While the automation levels are at a new high now, the following continue to pose an entirely different challenge to interpreting standards and setting benchmarks for Audit & Assurance functions.
Extended Technology Landscape with Inclusion of external stakeholders – Vendors, Customers, Banks, Government Authority etc
Parties to a transaction being at different levels of digitization/automation
The transaction data dumps can no longer help visualize the numerous transaction routes.
The basic premise of a standard operating procedure stands challenged. For every 50-100 transactions, a new process variant could emanate to conclude the transaction appropriately.
With huge rise in volume of transactions, audits based on sample data can be rendered ineffective.
Governance/risk assessment needs to be visualized and assessed on a far larger canvas than the current scope.
What, then, could form the meaningful agenda and the modus operandi of the Internal Audit function to create appropriate plans and get assurance on the ever-evolving process environments and establish reasonable assurance of governance and risk management.
Data Analytics and Process Mining paired together is a perfectly timed response to the current day challenge of the Audit & Business Process Excellence functions. Process Mining is a data enabled visualization solution that acts as an X-ray of the organization processes. The tool helps draw out a digital footprint of the processes for ease of interpretation of actual business process flows viz-a-viz documented/defined processes with transaction dumps. Seen alongside process metrics, a perfect representation of the areas requiring attention and the processes that are deviant and proving to be deterrents is an easy discovery.
The digital depiction of the process routes not only helps understand compliance, risks, controls and inefficiencies but also design an effective Internal Audit Plan, in the first place, covering high risk areas and will eventually direct the reviewer to the root cause of deviations.
Data Analytics & Process Mining Tools are a perfect intersection of Business Process Scrutiny/Management, Domain knowledge, Process Visualization, Process Measurement Metrics and their influencing factors.
With alert systems centred around dynamic outlier thresholds, these technological capabilities can convert an IA/Business Excellence observation to a concurrent mode and can notify the stakeholders on a real time basis. When implemented appropriately for business-critical processes, Process mining alongside appropriate process metrics can bring meaningful and far-reaching results for Audit & Assurance and BPM.