Presentation is loading. Please wait.

Presentation is loading. Please wait.

Towards a Generic On Line Auditing Tool (OLAT)

Published byElly Esser Modified over 6 years ago

Similar presentations

Presentation on theme: "Towards a Generic On Line Auditing Tool (OLAT)"— Presentation transcript:

1 Towards a Generic On Line Auditing Tool (OLAT)
Akhil Kumar, Marc Verdonk (Deloitte) Jan Martijn, Kees, Wil

2 Performance information
Decision-making manager Responsible manager Corrective action Auditor Alarm Online portal Assurance information Alarm Follow-up Audit results Performance information Continuous Auditing Tool Continuous Control Monitoring Tool Assurance Process Management Software Assurance Process Control framework

3 Requirements for the OLAT
Business rules (incl external laws) Business process OLAT Information system Information rules feedback

4 Requirements for OLAT: context
The IS should be the official source of data, all official events are recorded in the IS all decisions or commitments made by people have to be recorded and confirmed by the IS before they are valid The IS should never delete or update a record in the database; only additions with time stamps The OLAT should be independent of the IS, which means: it should be based on the source data of the IS it should evaluate the business rule with its own algorithms

5 Requirements for the OLAT: assurance
Three levels of assurance Detective: the log satisfies the business rules Prospective: detective plus the process model discovered from the log satisfies the business rules Corrective: detective plus (human) correction measures Preventive: controls that prevent events in the real process to avoid business rule violations.

6 Design of the OLAT: functions
The Monitor should record the events with the corresponding data: The input from external sources together with the data presented to them before and after the input. This data will be stored in a event datawarehouse (or log) Three computational functions for auditing: Rule evaluation on the traces in the log by: LogLogic, LTL checker, checker or SQL queries: Detective Discovery of the process model and analysis of potential paths: Prospective History-based Petri nets: transition guards: Preventive

7 Design: Architecture

8 Design: Data model

9 Challenges for the future
Generation of the Event Database Schema from the Business Rules Can we translate all relevant business rules to predicate logic on the model? How generic can we make the Monitor as a service? With the Monitor we can create a learning system: start with a flower net as process model in the information system and by mining we discover business rules that can be used as guards!

Download ppt "Towards a Generic On Line Auditing Tool (OLAT)"

Similar presentations

Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.

Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Models vs. Reality dr.ir. B.F. van Dongen Assistant Professor Eindhoven University of Technology

Models vs. Reality dr.ir. B.F. van Dongen Assistant Professor Eindhoven University of Technology
1 Continuous Auditing Implications: Rethinking the Roles of Systems of Internal Controls Presented by Rob Nehmer Berry College at the Fifth Continuous.

1 Continuous Auditing Implications: Rethinking the Roles of Systems of Internal Controls Presented by Rob Nehmer Berry College at the Fifth Continuous.
1. Research Topics for Continuous Auditing Mike Groomer Professor of Accounting and Information Systems Kelley School of Business Indiana University.

1. Research Topics for Continuous Auditing Mike Groomer Professor of Accounting and Information Systems Kelley School of Business Indiana University.
Overview of Databases and Transaction Processing Chapter 1.

Overview of Databases and Transaction Processing Chapter 1.
1004INT Information Systems Week 10 Databases as Business Tools.

1004INT Information Systems Week 10 Databases as Business Tools.
AUDITING INFORMATION TECHNOLOGY USING COMPUTER ASSISTED AUDIT TOOLS AND TECHNIQUES.

AUDITING INFORMATION TECHNOLOGY USING COMPUTER ASSISTED AUDIT TOOLS AND TECHNIQUES.
History-Dependent Petri Nets Kees van Hee, Alexander Serebrenik, Natalia Sidorova, Wil van der Aalst ?

History-Dependent Petri Nets Kees van Hee, Alexander Serebrenik, Natalia Sidorova, Wil van der Aalst ?
Functions of a Database Management System. Functions of a DBMS C.J. Date n Indexing n Views n Security n Integrity n Concurrency n Backup/Recovery n Design.

Functions of a Database Management System. Functions of a DBMS C.J. Date n Indexing n Views n Security n Integrity n Concurrency n Backup/Recovery n Design.
1 Introduction Introduction to database systems Database Management Systems (DBMS) Type of Databases Database Design Database Design Considerations.

1 Introduction Introduction to database systems Database Management Systems (DBMS) Type of Databases Database Design Database Design Considerations.
Patrick Seto CS157A Section 3 Data Warehouses Presented by Patrick Seto CS157A Section 3.

Patrick Seto CS157A Section 3 Data Warehouses Presented by Patrick Seto CS157A Section 3.
A university for the world real R © 2009, www.yawlfoundation.org Chapter 17 Process Mining and Simulation Moe Wynn Anne Rozinat Wil van der Aalst Arthur.

A university for the world real R © 2009, Chapter 17 Process Mining and Simulation Moe Wynn Anne Rozinat Wil van der Aalst Arthur.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Insuring Sensitive Processes through Process Mining Jorge Munoz-Gama Isao Echizen Jorge Munoz-Gama and Isao Echizen.

Insuring Sensitive Processes through Process Mining Jorge Munoz-Gama Isao Echizen Jorge Munoz-Gama and Isao Echizen.
5.1 © 2007 by Prentice Hall 5 Chapter Foundations of Business Intelligence: Databases and Information Management.

5.1 © 2007 by Prentice Hall 5 Chapter Foundations of Business Intelligence: Databases and Information Management.
Update from Business Week Number of Net Fraud Complaints – 2002 – 48,252 – 2004 – 207,449.

Update from Business Week Number of Net Fraud Complaints – 2002 – 48,252 – 2004 – 207,449.
Security Architecture

Security Architecture
©2010 John Wiley and Sons www.wileyeurope.com/college/lazar Chapter 12 Research Methods in Human-Computer Interaction Chapter 12- Automated Data Collection.

©2010 John Wiley and Sons Chapter 12 Research Methods in Human-Computer Interaction Chapter 12- Automated Data Collection.

Similar presentations

Ads by Google