Auditors validate information about organizations and their business processes. Reliable information is needed to determine whether these processes are executed within certain boundaries set by managers, governments, and other stakeholders. Violations of specific rules enforced by law or company policies may indicate fraud, malpractice, risks, or inefficiencies. Traditionally, an audit can only provide reasonable assurance that business processes are executed within the given set of boundaries. Auditors assess the operating effectiveness of process controls, and when these controls are not in place or functioning as expected, they typically check samples of factual data. However, with detailed information about processes increasingly available in high-quality event logs, auditors no longer have to rely on a small set of samples offline. Instead, using process mining techniques, they can evaluate all events in a business process, and do so while it is still running. The omnipresence of electronically recorded business events coupled with process mining technology enable a new form of auditing that will dramatically change the role of auditors: Auditing 2.0.
Aalst, van der, W. M. P., Hee, van, K. M., Werf, van der, J. M. E. M., & Verdonk, M. C. (2010). Auditing 2.0: Using process mining to support tomorrow's auditor. Computer, 43(3), 90-93. https://doi.org/10.1109/MC.2010.61