Summary: Auditing 2.0: Using Process Mining to
Support Tomorrow's Auditor
Wil M.P. van der Aalst, Eindhoven University of Technology & Queensland University of Technology
Kees M. van Hee, Eindhoven University of Technology
Jan Martijn van der Werf, Eindhoven University of Technology
Marc Verdonk, Deloitte Netherlands & Eindhoven University of Technology
The term auditing refers to the evaluation of organizations and their processes. Audits are performed to
ascertain the validity and reliability of information about these organizations and associated processes.
This is done to check whether business processes are executed within certain boundaries set by
managers, governments, and other stakeholders. For example, specific rules may be enforced by law or
company policies and the auditor should check whether these rules are followed or not. Violations of
these rules may indicate fraud, malpractice, risks, and inefficiencies. Traditionally, an auditor can only
provide reasonable assurance that business processes are executed within the given set of boundaries.
They check the operating effectiveness of controls that are designed to ensure reliable processing. When
these controls are not in place, or otherwise not functioning as expected, they typically only check
samples of factual data, often in the `paper world'. However, today detailed information about
processes is being recorded in the form of event logs, audit trails, transaction logs, databases, data
warehouses, etc. Therefore, it should no longer be necessary to only check a small set of samples offline.
Instead, all events in a business process can be evaluated and this can be done while the process is still
running. The availability of log data and advanced process mining techniques enable a new form of