Received 6 June 2023, accepted 28 June 2023, date of publication 4 July 2023, date of current version 11 July 2023.

Digital Object Identifier 10.1109/ACCESS.2023.3292117

Advancing Process Audits With Process Mining: A

Systematic Review of Trends, Challenges, and
Opportunities
MOHAMMAD IMRAN 1,2 , SURAYA HAMID 1 , (Member, IEEE),
AND MAIZATUL AKMAR ISMAIL 1 , (Member, IEEE)
1 Departmentof Information Systems, Faculty of Computer Science and Information Technology, University of Malaya, Kuala Lumpur 50603, Malaysia
2 Departmentof Information Technology, Faculty of Information and Communication Technology, Balochistan University of Information Technology,
Engineering & Management Sciences, Quetta 87300, Pakistan
Corresponding authors: Suraya Hamid ([email protected]) and Mohammad Imran ([email protected])

ABSTRACT This systematic literature review focuses on the research area of process audits and explores
the potential of process mining techniques for their enhancement. Traditional process audits, being manual
and sample-based, heavily rely on auditors’ expertise and preferences. With the emergence of process
mining (PM), there exists an opportunity to improve traditional process audits. However, prior to initiating
a PM project specifically for audits, it is crucial to understand the benefits and challenges associated
with the implementation. Through a systematic analysis of research articles from six reputable scholarly
literature indexing databases, this review reveals how integrating PM into the auditing landscape introduces
automation, transparency, and efficiency in addition to overcoming the limitations of traditional process
audits. The findings of this review provide valuable insights to identify the benefits of PM-based audits and
comprehend the challenges that must be addressed to fully realize the potential of PM techniques in process
audits.

INDEX TERMS Audits, business process audits, process compliance checking, process mining, systematic
literature review.

I. INTRODUCTION make informed decisions, an understanding of the operational

The increasing use of information systems to conduct busi- processes behind the data is necessary [1].
ness activities has resulted in a significant rise in the amount Business process audits are performed to evaluate the
of data generated by these systems. As Tim Berners-Lee, compliance of an organization with standard procedures and
the inventor of the World Wide Web, famously said, ‘‘Data to identify opportunities for improvement [2], [3], [4], [5].
is a precious thing and will last longer than the systems A typical process audit consists of four high level stages.
themselves.’’ Organizations heavily rely on data related to First, the audit planning is performed which consists of
diverse business operations, such as purchase order manage- deciding the audit strategy and resources are allocated for
ment, patient treatment processes, and customer complaints performing the audits. Then the required data is collected
management, to make effective decisions. Traditionally, such through manual sampling such as interviews, observations,
data is analyzed using data mining and machine learning and relevant document collection. Subsequently, these data
techniques to find patterns in the data and predict future samples are analyzed for compliance and efficiency assess-
outcomes. However merely focusing on storage and statistical ment of the process. As a last step the findings of audit
analysis of this data is insufficient. To gain insights and analytics are reported [2], [6]. Fig. 1. shows the high-level
steps of a traditional business process audit.
The associate editor coordinating the review of this manuscript and While traditional business process audits involve man-
approving it for publication was Alba Amato . ual sample collection and compliance checking [7], process

This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/
68340 VOLUME 11, 2023
M. Imran et al.: Advancing Process Audits With PM

Process mining-based audit involves several key steps,

including scoping the audit, collecting, and preparing data,
discovering the process model, analyzing the process, and
preparing a report with recommendations. The audit begins
by defining the scope of the analysis and identifying relevant
IT systems and data sources. The event logs are then col-
lected, transformed, and cleaned for analysis. Using process
mining techniques, the software automatically discovers the
process model, and the model is analyzed for deviations
and inefficiencies. Finally, a report is prepared summarizing
the findings and recommendations for improvement. Process
mining-based audit provides auditors with a detailed under-
standing of the business process, enabling them to identify
opportunities for improvement and increase efficiency and
effectiveness [11], [12], [13]. Researchers predict that the
application of process mining in auditing will dramatically
change the role of the auditor [14].
Despite the potential of process mining to enhance
traditional auditing methods [15], [16], there has been
limited adoption of process mining-based audits in prac-
tice [4] which needs further investigation. Furthermore,
while several studies have explored process mining-based
audits [7], [10], [16], [17]; there is currently a lack of a com-
prehensive review that addresses the issues associated with
both traditional and process mining-based audits. A direct
comparison of the traditional and process mining-based
FIGURE 1. Typical activities in traditional business process audits.
(Figure adapted from [2]). audits is important to explicitly understand the value and
potential of process mining for audits. Additionally, the
identification of the challenges associated with process
mining-based audits will help in determining the reasons for
the slow adoption of this novel audit approach.
Therefore, following three objectives were formulated:
• To conduct a comprehensive analysis of research trends
on process mining for business process audits revealing
trends on various aspects of process mining based audits
• To assess the advantages and potential of process mining
in the context of business process audits in addition to
comparison with traditional audit methods
• To synthesize the challenges and limitations associated
with the application of process mining in business pro-
cess audits.
To accomplish the objectives, a systematic review of
FIGURE 2. Process Mining based audit methodology. (Figure adapted primary studies published between 2011 and 2023 was per-
from [4]). formed. The review focused on six popular scholarly research
indexing online databases. This study makes following three
contributions to existing the body of knowledge:
mining provides a new dimension to business process 1. A comprehensive analysis of the primary studies on
auditing by automated compliance checking [8], [9], [10]. process mining for business process audits, including
As organizations incorporate their processes into information an examination of trends in terms of contribution type,
systems, employees utilize these systems to execute planned context, audit type, process mining techniques, and
processes, which in turn generate event logs. These event logs available tool support.
can be used to rediscover the process and conduct an audit 2. Analysis of the advantages and potential of process
against the actual process model. Fig. 2. shows methodology mining for business process audits, including a com-
employed by process mining for business process audits. parison with traditional audit methods

VOLUME 11, 2023 68341

 M. Imran et al.: Advancing Process Audits With PM

3. Systematic analysis and synthesis of the challenges

and limitations of process mining for business process
audits
The review findings suggest that while process mining
offers several advantages over traditional audits, it still faces
significant obstacles such as data availability and interpre-
tation of results. The successful implementation of process
mining-based audits requires professionals with expertise in
the process mining domain, and auditors need to be trained to
adopt this approach. Further, the study underscores the signif-
icance of process mining in the audit domain and emphasizes
the need for collaborative efforts among researchers, auditors,
and industry professionals to realize its full potential.
The rest of the article is organized as follows: The related
works section discusses the existing works on the topic,
along with their respective limitations. In the research method
section, the research method is elaborated upon, along with
an overview of the search strategy employed in the current
systematic review. In the results section, the corresponding
results for each research question are presented, followed by
a discussion of results, their implications, and recommenda-
tions for future research. Finally, the findings are summarized FIGURE 3. Review process with sub activities.

and presented in the conclusion section.

II. RELATED WORKS challenges. Furthermore, there is a lack of comprehensive

In recent years, process mining has gained attention and been studies that encompass all aspects of process mining, includ-
extensively explored in various domains, including health- ing process discovery, conformance, and enhancement.
care [18], [19], [20], [21], education [22], cyber security [23], It is evident that none of the studies have highlighted
and other domains [24], [25]. However, there is a notice- recent trends associated with various aspects of process min-
able gap in research regarding the potential value of process ing based audits. Moreover, although some opportunities of
mining in the auditing domain. In this section the existing process mining have been emphasized, it is unclear how
secondary studies on process mining based audit and their these opportunities overcome challenges of traditional audits.
limitations have been discussed. Finally, none of the studies have discussed the challenges
As presented in Table 1, there are some related works associated with application of process mining based audits.
that include experience reports, conceptual papers, review Therefore, there is need to bridge the gaps in existing knowl-
papers, and frameworks that shed light on various aspects edge by conducting a systematic and comprehensively review
of process mining in auditing. However, each study has of existing primary studies that not only examines the oppor-
its limitations. Some studies focus on specific types of tunities to overcome limitations of existing audits but also
audits, such as internal [26] external [27] or only financial highlight associated challenges with application of such novel
audits [8], without adequately addressing the comprehensive audit technique.
understanding of the broader opportunities and challenges
involved in implementing process mining. Although few III. METHODOLOGY
of the studies highlight the benefits of process mining in The methodology section provides a detailed overview of the
auditing [8], [28], [29] but fail to adequately address the review approach utilized in the study. A systematic review
potential challenges associated with conducting such a novel methodology by Kitchenham et al. [32] is used to conduct
audit technique. Moreover, these studies [8], [28], [29] are this study. The review process comprises three key phases:
relatively outdated, as they are over a decade old, and review planning, conducting, and reporting. Fig. 3. illustrates
their findings are subjective without following a system- the activities involved in the review process. The focus of the
atic approach to assess existing research works. Certain planning stage remained on the formulation of the research
researchers have discussed challenges related to business pro- questions and the review protocol. The review protocol activ-
cess audits [30], without exploring the potential opportunities ity further comprises search string formulation, selection of
offered by process mining in overcoming these challenges. suitable databases for literature search, and preparation of
On the other hand, few researchers [27] briefly mention the inclusion and exclusion criteria. The review plan formu-
process mining as a potential technique in auditing with- lated in the previous stage was implemented in the execution
out thoroughly discussing the associated opportunities and stage. Finally, in the third stage, the review findings are

68342 VOLUME 11, 2023

M. Imran et al.: Advancing Process Audits With PM

TABLE 1. Related works on process mining based audit.

disseminated. In the upcoming subsections, a detailed explo- tional auditing, and examining the challenges associated with
ration of the three major steps of the review process has been process mining-based audits:
undertaken.
RQ1. What are the current research trends and advance-
ments in the application of process mining for
A. REVIEW PLANNING
business process audits, revealing various aspects of
process mining-based audits?
In this section, the review planning process for this systematic
RQ2. How can process mining address the limitations of
review has been outlined. The planning phase of this review
traditional business process audits and what opportu-
involved the formulation of research questions, the develop-
nities does it offer in this context?
ment of a search strategy, and the establishment of criteria for
RQ3. What are the key challenges associated with utilizing
selection of studies. The aim of outlining the review plan is
process mining for business process audits?
to ensure transparency, replicability, and comprehensiveness.

2) REVIEW PROTOCOL
1) RESEARCH QUESTIONS The development of the review protocol involved formulating
The following three research questions were formulated with search strings, selecting suitable databases for the search, and
the aim of conducting a quantitative analysis of the scientific definition of the inclusion and exclusion criteria. Each of
literature, exploring the potential of process mining in tradi- these subsections is detailed below.

VOLUME 11, 2023 68343

 M. Imran et al.: Advancing Process Audits With PM

a: SEARCH STRINGS TABLE 2. Inclusion criteria for studies.

Prior to the development of the optimal search string, several

mock literature searches were conducted. However, the fol-
lowing query was selected based on its ability to generate the
most relevant search results
(Audit OR auditing OR investigate OR investigation) AND
(logs OR ‘‘event logs’’ OR traces) AND (‘‘process mining’’
OR ‘‘processes mining’’)
For each of the selected literature indexing databases,
a localized version of the above search query was employed.
In the following subsection, the selected literature indexing
databases and their selection criteria are outlined.

b: DATABASES TO SEARCH TABLE 3. Exclusion criteria for studies.

The literature search for this review was conducted using
six online resources that index scholarly literature, includ-
ing Web of Science, Scopus, Science Direct, IEEE Xplore,
Springer Link, and ACM Digital Library.
The selection of suitable databases for this study involved
consideration of several factors, including quality journal
indexing criteria and availability of indexed papers. Consid-
ering these factors, the Web of Science (WoS) was deemed
a suitable database due to its high-quality journal indexing
criteria. To supplement this database and to ensure inclusion
of WoS-unindexed papers, the Scopus database was also
included, as it indexes abstracts and references from a vast
number of publishers, including Elsevier. However, since
Scopus does not index full-texts, Science Direct was addition-
ally included in the search process. Science Direct provides
indexing for full-text articles from a range of journals and
books, particularly those published by Elsevier and a few
other sources. To broaden the scope of the search to include
conference proceedings, IEEE Xplore and SpringerLink were
also added. SpringerLink was particularly included due to
its popularity in the computer science domain, as well as its mining were considered off-topic and excluded. Additionally,
indexing of conference proceedings in well-known Springer studies that solely mentioned process mining and auditing
lecture notes series such as LNCS, LNBI, LNBIP, and others. terms in the author introductions were also excluded from
Following the literature search process, the subsequent consideration. The full exclusion criteria are presented in
subsection describes the inclusion and exclusion criteria uti- Table 3.
lized to filter articles. To ensure the reliability and rigor of our review, a rigor-
ous screening process was implemented. Specifically, arti-
c: INCLUSION AND EXCLUSION CRITERIA cles without citations were excluded. Furthermore, sources
In this step, criteria for the screening of articles were formu- containing grey literature and those lacking a systematic
lated, specifying requirements for inclusion and exclusion. methodology to support a comprehensive review (as defined
The inclusion criteria (IC) refer to the selection of papers in [33], [34]) were omitted. The aim of adopting this approach
that meet the established requirements, while the exclusion was to include only high-quality literature sources.
criteria (EC) pertain to the elimination of papers that fail to In the upcoming section, the second step of our review pro-
meet specific criteria. The criteria employed for inclusion of cess, which involves conducting the review, will be described.
articles is presented in Table 2.
The exclusion criteria were applied to remove papers that B. REVIEW CONDUCTING
did not meet specific requirements. Papers that were not in During this stage, the review plan formulated in the previous
English language, duplicate publications, and those whose stage was implemented. Searches were conducted in selected
full text were unavailable were excluded. In addition, papers databases, and the search results were retrieved. To address
that focused on auditing using methods other than process the presence of duplicate studies across multiple databases,

68344 VOLUME 11, 2023

M. Imran et al.: Advancing Process Audits With PM

a title-based inter-database and intra-database deduplication nal audit types. Various process mining tools have also been
process was conducted. Subsequently, the screening process employed to perform business process audits. The types of
of the articles was carried out based on the inclusion and contributions made in the literature include empirical studies,
exclusion criteria, including the titles and abstracts. After- case studies, frameworks, and guidelines. In the following
ward, a full-text screening of the articles that passed the sections, we discuss the results of each of these aspects in
previous screening stages was conducted. Finally, answers more detail:
from the selected articles were recorded using an Excel sheet.
1) TYPE OF CONTRIBUTIONS
1) DATA COLLECTION AND ANALYSIS
The contribution types of studies refer to the ways in which
The information pertaining to each research question was the presented research contributed to the audit field. We iden-
collected using Microsoft Excel form which also helped in tified four main types of contributions made by researchers
quantitative analysis of the collected data. namely the proposal of methods, models, tools, and empiri-
The last step of the review process consisted of reporting cal cases. Methodological contributions involved proposing
the findings, which will be described in the following section. new audit methods or refining of existing methodologies.
Model as contribution involved putting forward a conceptual
C. REPORTING THE FINDINGS framework of audit analytics. Empirical cases consisted of
In this phase, the review results are reported. The overall the studies that evaluated the findings of exiting studies in
study screening process is illustrated in the form of PRISMA the form of experimental evaluations or case studies. Propos-
diagram in Fig. 4. ing a tool as contribution involved introducing new tool or
A total of seventy research articles were identified as rele- explaining how improved tool can aid in improving process
vant to addressing the research questions. The distribution of mining based audits.
included studies by year and publication type is presented in It is important to note that some of the studies may have
Fig. 5. and Fig. 6, respectively. multiple contribution types such as proposing a methodology
As illustrated in Fig. 5, there was an increasing trend in and performing its evaluation in context of other methodolo-
frequency of publication over time, although a decline in gies. However, the selection of contribution types in this paper
recent years can also be observed. Fig. 6. Demonstrates that is based on the specific objectives of each study. Among con-
the included studies were evenly distributed between con- tribution these types, empirical cases were the most prevalent,
ference and journal publications. Nevertheless, conference as depicted in Fig. 7. Studies presenting auditing methods
publications slightly outnumbered journal publications. were the second most common type of contribution to the
The detailed findings relevant to each research question field, while those offering auditing models or tools were
will be reported in the subsequent results section. relatively scarce.
IV. RESULTS
2) APPLICATION DOMAIN
In this section, the review findings have been presented.
The research questions formulated in the review planning This section presents a broad categorization of studies based
section were used to guide the analysis and organization of on their application domain, providing insight into the focus
the results. of PM-based audits in specific domains. The distribution of
The section begins by presenting the findings related to studies, as shown in Fig. 8, indicates that a significant amount
each research question in detail, supported by tables, figures, of research has been conducted in the domains of financial
and relevant statistics. Overall, this section provides insights auditing and healthcare.
into the opportunities and challenges of using process min- In addition to healthcare, studies on the compliance audit
ing for business process audits and can serve as a valuable of the help desk were found, which is an instantiation of
resource for researchers and practitioners in this field. Customer Relationship Management (CRM), used to evalu-
ate system effectiveness for customer satisfaction. Security
A. RQ 1: WHAT ARE THE CURRENT RESEARCH TRENDS assessment remained the fourth most dominant domain for
AND ADVANCEMENTS IN THE APPLICATION OF PROCESS assessing the organization’s exposure to external threats,
MINING FOR BUSINESS PROCESS AUDITS, REVEALING with intrusion detection being the most common applica-
VARIOUS ASPECTS OF PROCESS MINING-BASED AUDITS? tion. However, less attention has been paid to the logistic,
This subsection presents the results of the analysis of the liter- procurement, and production domains, which are crucial for
ature on the use of process mining for business process audit. determining the efficiency of an organizational process.
In the literature analysis, various aspects were examined,
including the application domain, audit type, tools, process 3) AUDIT TYPE
mining technique used, and types of contributions made by The internal audit process aims to ensure compliance with
researchers. The study findings demonstrate that process- both internal and external regulations with more focus on the
mining-based business process auditing is employed across efficiency of organizational processes and the effectiveness
various application domains, with a greater emphasis on inter- of implemented business rules [35], [36]. Typically, internal

VOLUME 11, 2023 68345

 M. Imran et al.: Advancing Process Audits With PM

FIGURE 4. PRISMA diagram showing study screening process.

FIGURE 5. Yearly publication distribution. FIGURE 6. Distribution of publication types.

audit type is presented in Fig. 9, while Table 4 provides a list

audits are conducted by the organization’s internal audi- of articles corresponding to each audit type.
tors [11], [29], [37]. In contrast, external audits are conducted These results indicate that internal audits have received
by third-party auditors to ensure compliance with external more attention from researchers compared to external audits,
regulations [35]. Studies were categorized based on the type or a combination of the two. It can be inferred that internal
of audit to identify trends in the adoption of process mining audits are more favorable for process mining-based audits
in specific audit types. The distribution of studies based on based on the available studies.

68346 VOLUME 11, 2023

M. Imran et al.: Advancing Process Audits With PM

TABLE 4. Articles using internal and external auditing.

FIGURE 7. The research contribution of studies.

overview and efficiency analysis of the as-is process [100],

while conformance checking audits compliance against
rules and regulations [101]. Enhancement discovers process
improvement opportunities [1].
In Fig. 11, the process mining techniques used in business
process auditing are illustrated. Two strategies have been
employed by researchers: the process discovery and a com-
bination of discovery and conformance checking techniques.
Compliance assessment has remained consistently used over
time, while there has been a growing trend in the use of pro-
cess discovery methodologies for auditing, reaching a peak in
FIGURE 8. Distribution of studies by application domain. 2018. However, results indicate both techniques have expe-
rienced a decline in popularity in recent years. Surprisingly,
the enhancement perspective has been overlooked throughout
the studies which focus on improving the process for optimal
outcomes.
Studies that did not explicitly disclose use of process
discovery or conformance checking techniques are repre-
sented by the ‘‘not specified’’ line in the graph. Although not
specifically mentioning does not mean they were not used
or explored throughout the research. However, the supplied
information in those articles did not reveal any process dis-
covery and conformance checking technique applied.
In the upcoming section, the findings related to the second
FIGURE 9. Distribution of studies by audit type. research question will be discussed.

4) TOOL SUPPORT B. RQ 2: HOW CAN PROCESS MINING ADDRESS THE

Through the analysis of the literature, it was found that several LIMITATIONS OF TRADITIONAL BUSINESS PROCESS
tools were employed by researchers. In Fig. 10, the seven AUDITS AND WHAT OPPORTUNITIES DOES IT PRESENT IN
tools used by researchers are displayed, with the widely used THIS CONTEXT?
open-source process mining tool ProM being the most preva- In this section, the results of question 2 have been presented
lent. The second most favored option remained ‘‘Disco.’’ based on the analysis of the literature on the limitations of
While other open-source tools, such as Apromore and PM4Py traditional business process audits and the opportunities that
were also utilized, ProM and Disco stood out as they provided process mining offers to overcome them. Table 5 presents
more features and ease of use. the findings on the limitations and challenges of traditional
process audits, as well as the corresponding enhancement
5) PROCESS MINING TECHNIQUES USED opportunities provided by process mining-based audits. The
Process mining techniques include process discovery, con- items in the table are ordered according to their signifi-
formance checking, and enhancement. Discovery offers an cance in the literature. These limitations and opportunities are

VOLUME 11, 2023 68347

 M. Imran et al.: Advancing Process Audits With PM

FIGURE 10. Distribution of studies according to tool usage.

FIGURE 11. Process mining techniques used for auditing.

categorized into five primary themes, which will be discussed literature, it was found that the use of unsupervised log
in detail as follows. data, which records organizational activities in a human-
independent manner, promotes objectivity in the auditing
process. By analyzing the entire population data, the need
1) SAMPLING UNCERTAINTY CHALLENGE to select a representative sample is eliminated, preventing
The primary limitation of traditional audits as identified audit data from being biased by the auditors’ preferences and
based on the literature was reliance on random sam- interests [78].
ples. [88], [91] to detect deviations from standard operating
procedures [51], which can introduce errors and subjectiv-
ity into the process. Moreover, random sampling provides 2) RESOURCE-INTENSIVE AUDIT
only a partial view of the process [63], [76], [78]. In con- The second most prevalent limitation of traditional audit as
trast, process mining-based audits use complete log data, identified in literature was its resource intensiveness. Part of
providing concrete evidence and increasing auditors’ confi- traditional audit activities such as source document review
dence in the audit process [38], [78], [91]. From the analysis and interviews can be time-consuming and require additional

68348 VOLUME 11, 2023

M. Imran et al.: Advancing Process Audits With PM

TABLE 5. Comparison of limitations of traditional audits and corresponding enhancement opportunities offered by process mining techniques.

human resources to collect samples [35]. In contrast, it was audit results [88]. In contrast, findings suggest that process
found that process mining leverages log data, which is typi- mining-based auditing activities ensure transparency in the
cally stored in centralized locations like servers, streamlining audit process through the use of explicit data and an objective
the data collection process. As a result, auditors can concen- audit process [41]. The validity of the outcomes can be easily
trate on other auditing tasks, rather than investing much time verified at any point in time by repeating the same activities.
in data collection [35]. However, the sampling strategy used in conventional audits
makes it difficult to obtain the same outcomes again [88].
3) CREDIBILITY AND VALIDITY CHALLENGE
One of the primary challenges associated with traditional
audits is the issue of credibility and validity. The subjectiv- 4) LIMITED SCOPE
ity and uncertainty inherent in traditional sampling methods Traditional audits typically focus on data analytics [93].
raise concerns about the accuracy and reliability of the However, process mining goes beyond these techniques to

VOLUME 11, 2023 68349

 M. Imran et al.: Advancing Process Audits With PM

TABLE 6. Challenges associated with pm-based auditing.

enable end-to-end, multi-perspective audits that offer deep dover [69]. Security and segregation of duty analysis also
insights into how processes are executed. By utilizing log enable the detection of activities performed by unauthorized
data, multi-perspective audits at multiple levels, including personnel [28]. Typical audit analytics that employ sampling
organizational, departmental, and even individual employee approaches can only uncover partial violations, in contrast,
levels, can be facilitated through process mining. These types process mining has the capability to identify a wider range
of audits can contribute to a more comprehensive under- of irregularities or deviations. [63], [76], [78]. Additionally,
standing of the processes and assist in identifying areas for it was found that comparatively process mining equips audi-
improvement, thereby adding value to continuous process tors with the necessary tools to examine computer-based
improvement efforts. [28], [71]. transactions.
Findings further suggest that the retrospective nature of In the next section, the findings related to the third research
traditional audits, which are often conducted annually, can question will be discussed.
be overcome by process mining, which enables internal
and external audits to be conducted at any time of the C. RQ 3: WHAT ARE THE KEY CHALLENGES ASSOCIATED
year [16], [35]. The utilization of continuous auditing brings WITH UTILIZING PROCESS MINING FOR BUSINESS
these audits closer to operational support, allowing for near- PROCESS AUDITS?
real-time audits during process execution. Ad-hoc audits Despite having the potential to improve the auditing pro-
conducted for efficiency assessment purposes can assist in cess, the implementation of process mining is not immune
continuous process improvement. to challenges and limitations, which must be understood
and addressed to ensure its effectiveness. In this section,
5) LIMITED ANALYTICAL CAPABILITIES the challenges associated with the application of process
Comparing the analytical capabilities of both audit types, mining-based audits are intended to be presented. Based on
it was found that in traditional audits, the detection of some the findings corresponding to research question 3, the rele-
novel audit perspectives has limited support such as interac- vant challenges are presented in Table 6. Furthermore, each
tion analysis [69], segregation of duty analysis [28], detection of these challenges are briefly elaborated in the subsequent
of security violations [63], and full activity order analy- subsections:
sis. Interaction analysis in process mining shows how staff
members communicate and hand over work across depart- 1) COMPLEXITY CHALLENGE
ments and staff members, helping to detect violations of Real-life processes can be complex, with a variety of
interaction restrictions and standard procedures for work han- behaviors required to achieve goals. When modeling

68350 VOLUME 11, 2023

M. Imran et al.: Advancing Process Audits With PM

such processes with process mining techniques, the limitations that need be understood before auditing process
outcome can be a difficult-to-understand, spaghetti-like using specific process discovery algorithm. Throughout the
model representation due to fine-granular details in the literature, the selection of suitable algorithms in different
logs [43], [46], [67], [76], [89]. Literature analysis revealed auditing scenarios remained influenced by the researchers’
that auditors encounter significant challenges when utilizing choice in process mining-based auditing.
process mining techniques for auditing purposes, with com-
plexity being the most notable obstacle. [96]. Although some 4) HANDLING NOISE AND ANOMALIES
methods like clustering, abstraction, filtration, and pattern When conducting process mining-based audits, real-life event
mining can help deal with this issue [102]; however, effective logs can present challenges due to the presence of anomalies.
utilization of such methods introduces yet another challenge To accurately identify true positive anomalies, the effec-
for auditors. Since there is a tradeoff between complexity tive management of log noise and the ability to distinguish
and model precision [102], simplifying the processes can between abnormal behavior and behavior that may appear
decrease the level of evidence needed for audits thereby unusual but is actually normal is crucial for auditors [90].
reducing confidence on audit findings. Researchers argue that failure to detect unusual behavior and
understand its impact on the organization can lead to inac-
2) LOG EXTRACTION AND TRANSFORMATION curate conclusions about anomalous behavior, particularly in
Process mining leverages event logs to extract knowledge financial auditing where the consequences of misinterpreting
about process execution, offering the advantage of consid- anomalous behavior can be significant [106], [107]. As such,
ering the entire population of logs compared to traditional all unusual behavior must be carefully analyzed by auditors,
auditing methods [38], [78], [91]. However, it was found who should consider its potential impact before drawing any
that constructing these logs into suitable representations conclusions regarding the validity of a financial audit [92].
for process mining tools is challenging due to the lack of
skills required for selecting appropriate process instances and 5) DATA AVAILABILITY AND INACCURACY CHALLENGE
attributes [10]. Another challenge arises when the executions Findings suggest that in the context of business process
of multiple processes are recorded in the same log, making audits, process mining faces significant challenges due to data
it difficult to select the right process to audit [72]. This issue availability and data inaccuracy. Data availability challenges
arises due to the presence of relevant data required to verify arise when critical data is missing, incomplete, or outdated,
a statement but its inability to be associated with a particular thereby hindering the ability to obtain a comprehensive
case [13]. Moreover, it was also found that incomplete, and understanding of the audited process [13]. On the other
biased data collection can also hinder the usability of process hand, data inaccuracy challenges occur when data is entered
mining based audits such as if the data used for the analysis incorrectly or processing errors occur, leading to incorrect
is incomplete or biased, it can lead to inaccurate results. conclusions. Despite the current digital age, several organi-
As an example, the exclusion of certain process steps or zations still rely on a paper-based environment for carrying
activities from the analysis could result in an incomplete or out organizational activities [42], [47], [93]. To address
inaccurate depiction of the process. Similarly, if the data is these challenges, proactive collaboration between auditors
biased towards certain types of process executions, the overall and the audited organization is necessary to enhance data
process may not be accurately represented [13]. Therefore, management processes, employ data cleansing techniques,
if preprocessing steps are not adequately considered, they and rely on multiple data sources to ensure accuracy. Over-
may introduce bias into the analysis and findings. coming these challenges is crucial to the success of process
mining-based audits and the accuracy of the conclusions
3) REPRESENTATIONAL AND ALGORITHMIC BIAS drawn from them. According to [13], it is common for real
Visual analytics play a significant role in understanding how world processes to involve certain activities that are not
a process is executed. The extracted process models and captured by the IT applications supporting them. Such as,
insights heavily depend on the quality of the representation of the verification of product quality might be recorded in the
the data [103]. The analysis of literature reveals that there is IT application as a simple binary outcome of ‘‘Satisfac-
a range of process mining algorithms to model the execution tory’’ or ‘‘Unsatisfactory,’’ whereas in reality, an individual
of the process. The popular process mining algorithm, Fuzzy may perform multiple checks that cumulatively determine
miner [104] yields a directly-follows graph. The Inductive the final judgement. The accuracy and reliability of pro-
miner [105] generates petri net notation, while Heuristic cess mining-based audits are significantly challenged by this
miner produces a heuristics-net that can be converted into aspect.
a Petri net [16]. An appropriate representation of data can
facilitate auditors in detecting anomalies and deviations from 6) PRIVACY CONCERNS
typical behavior, thereby aiding in the identification of poten- Ensuring data privacy is a critical consideration in process
tial fraud and irregularities. However, it was found that each mining, as the event logs used for analysis may contain
of the process discovery algorithms have drawbacks and personal and sensitive information about the organization’s

VOLUME 11, 2023 68351

 M. Imran et al.: Advancing Process Audits With PM

personnel. The audit data and findings must be protected from can be attributed to the fact that several tasks in these domains
misuse and exposure. The logs utilized for process mining are performed manually and beyond the scope of traditional
are commonly in CSV format, encompassing a wealth of information systems.
information that extends beyond the requirements of auditing, Regarding the audit types, the findings revealed a stronger
including personal information [97]. The presence of such emphasis on internal audit types. This tendency towards inter-
rich personal information raises security and privacy concerns nal audit types signifies that that process mining based audit
to prevent misuse of such data for non-auditing purposes. It is approach is effective for evaluating internal controls of the
believed by researchers that the existing privacy preservation organizations, however it remains immature for external audit
techniques [63], [64], [72] are insufficient in ensuring privacy. of an organization. The limited availability of research works
Therefore, there is an urgent need for further research on on external audit types can be attributed to the absence of
dealing with privacy issues [97]. an external reference model that enables compliance check-
ing against external boundaries. However, it is worth noting
7) INTEGRATING PM INTO AUDIT LANDSCAPE that the assessment of efficiency and effectiveness against
Another relevant challenge found in the literature was the standard benchmarks does not necessarily require a distinct
integration of process mining into the existing audit land- reference model.
scape [7]. The absence of a reference process model for In terms of trends on tool usage, ProM and Disco
auditing in organizations often results in ad-hoc execution have remained dominant process mining tools. However,
of these tasks [71]. Furthermore, since the scope of process researchers have expressed concerns regarding the fuzzy
mining-based audit is restricted solely to the activities per- miner algorithm employed by popular tools like Disco
formed within the system [59], the activities executed outside and Celonis, as they believe it can produce misleading
the system boundaries are unlogged and thus cannot be inves- results [108]. Therefore, it is essential for researchers to
tigated by process mining-based techniques [7], [60], [71]. consider this aspect carefully when selecting appropriate
Moreover, findings revealed scarcity of studies on cross- auditing tools. The occurrence of erroneous outcomes due to
organizational audits. misleading results can lead to a distorted representation of
In summary, the results section highlighted the limitations reality, potentially leading to the failure of the entire auditing
of traditional business process auditing techniques and the endeavor.
potential of process mining to overcome them. While process Results on application of process mining techniques in
mining-based audits were found to be effective for evaluating business process audits revealed two types of process mining
internal controls, their maturity for external auditing remains techniques that remained under focus: process discovery and
a challenge. Furthermore, data availability, interpretation of conformance assessment. However, it is worth noting that
audit results, and ethical and privacy concerns were identified the enhancement perspective of auditing, which focuses on
as additional challenges that hinder the adoption of pro- improving the process by addressing identified bottlenecks
cess mining based audits. In the subsequent section, a more during process discovery and conformance assessment, has
detailed discussion of these findings will be presented. been overlooked in the literature. Combined with predictive
and continuous auditing, process improvement techniques
V. DISCUSSION can significantly improve auditing activities by enabling
The discussion section aims to provide an in-depth analysis real-time audit of the process inefficiencies and anomaly
and interpretation of the findings obtained from the study. detection. Real-time auditing of process inefficiencies and
The objective of this study was to reveal trends in utiliza- anomaly detection can enable auditors to identify and address
tion of process mining for business process audits, investigate issues as they occur, rather than waiting until the end of a
the limitations of traditional business process audits and reporting period. This can lead to more timely and effective
explore the opportunities that process mining offers to corrective actions and ultimately result in improved organi-
overcome these limitations. Additionally, the objective also zational performance. Future research in this direction should
included identifying the challenges associated with the imple- focus on developing process improvement techniques that are
mentation of process mining in auditing. specifically tailored for process mining-based audits. This
In context of trends in the usage of process mining in audit, can involve the development of new algorithms and methods
the findings reveal that researchers have primarily focused for identifying bottlenecks and inefficiencies, as well as the
on experimental studies and utilizing existing tools rather integration of predictive and continuous auditing into the
than developing new auditing models and tools. In context audit process.
of trends in the application domain, there has been notable The review on how process mining overcomes limi-
interest in process mining-based methods in the financial tations of traditional audits suggests that process mining
and healthcare auditing fields. This interest stems from the offers several advantages over traditional audits. Leveraging
sensitivity of these domains such as the potential for causing full-population data remained the foundation of all the advan-
financial harm to a company. However, there has been rela- tages that process mining offers over traditional audits. It was
tively less emphasis on auditing opportunities in the logistics found that traditional audit poses a risk of bias in auditing
management, procurement, and production domains. This process since it requires manual collection of representative

68352 VOLUME 11, 2023

M. Imran et al.: Advancing Process Audits With PM

samples, which are subject to the preference and expertise mining, and data management. One prospective direction for
of the auditor. Process mining overcomes this limitation future research in this direction can be investigation of meth-
by removing the need for sample collection and enables ods for ensuring the validity and reliability of event logs used
a full-population-based audit, which promotes a transpar- for process mining-based auditing. For instance, researchers
ent, reproducible, unbiased, and objective audit process that could explore techniques for identifying and correcting errors
increases both the auditor and the auditee’s trust in the audit- and inconsistencies in event logs, or the validation of event
ing process. The identified opportunities indicate that the logs against other sources of data, such as interviews or
process mining-based audit approach has the potential to observations. Additionally, researchers could investigate the
offer a more comprehensive understanding of the processes, impact of diverse types of errors or inconsistencies on the
uncover process inefficiencies, and identify bottlenecks that results of process mining-based auditing, in order to develop
may go unnoticed in a traditional audit. This approach can be guidelines for identifying and addressing such issues.
particularly advantageous when conducting audits on com- In addition to aforementioned challenges, the review find-
plex and interconnected processes, as it helps to uncover ings also emphasized the challenges of bias, privacy, and
significant issues that may be overlooked by traditional ethical concerns. The process of auditing a business pro-
audits. cess often involves sensitive information that requires careful
Aside from the several opportunities it presents, it was management and protection. For instance, in case of a loan
also observed that there are certain challenges that delay application process [13], [100], during the process audit,
the adoption of process mining over traditional audits in it may be discovered that a loan application was unjustly
audit domain. These challenges remained mainly associated denied. Without identifying the root cause, the disclosure
with difficulty in interpreting audit results and the avail- of such findings can potentially create uncertainty for other
ability of data required for process mining-based audits. applicants whose requests were also denied. Therefore, it is
Several organizations continue to manage their business pro- crucial to maintain anonymity when handling event logs
cesses manually, making it impossible to undertake process exported from the relevant IT applications. Neglecting to
mining-based audits due to the lack of available data. Further- address such cases can lead to ethical issues and introduces a
more, process mining-based audits encounter the challenge risk of bias into the audit process.
of detecting auditing actions that were performed beyond the Although a comprehensive coverage of the literature was
scope of information system. This type of audit is possible attempted, it is important to acknowledge that the validity
using traditional audits by visually observing the process of the findings in this review may be threatened by cer-
activities. Some of the researchers [13] have already empha- tain limitations. Six well-known scholarly literature indexing
sized upon the potential of pattern recognition techniques databases were relied upon for our literature search, with a
to overcome this limitation in order to enhance the overall specific focus on journal articles and conference proceedings.
accuracy and reliability of the audit process. The groundwork In order to ensure the quality and avoid the inclusion of
of Kratsch et al. [109] can give a new direction to overcome grey literature, all other sources and articles were excluded.
this challenge by using image recognition techniques over However, the inclusion of additional sources may have a
video recordings of human activities, thereby enabling the slight impact on the study findings. It is worth mentioning
audit of activities beyond the scope of the information system. that several conference proceedings, specifically those pub-
Although not specifically focused on audits, the work of lished as book chapters in the popular Springer lecture notes
Kratsch et al. [109] lays a foundation for future research to series, as well as snowballed papers, were not affected by our
tackle the challenge of missing data and eliminate barriers selection criteria.
associated with data unavailability. Auditing a dynamic and The implementation of PM-based audit is a complex pro-
evolving process change requires a different approach, which cess that requires the expertise of professionals in the process
is yet another unaddressed challenge. The recent Covid-19 mining domain [110]. Auditors have long relied on traditional
outbreak serves as a prime example of this issue as orga- audit methods, and the transition towards PM-based audits
nizations had to abruptly transition from on-premises work requires training auditors to adopt this novel approach. The
practices to off-premises and online modes. This sudden application of process mining techniques in auditing remains
and significant process change poses a unique challenge for hindered by several challenges that need to be overcome to
auditing. fully realize their potential.
Another fundamental challenge of process mining-based
auditing that remained unaddressed in the literature was the VI. CONCLUSION
generation of a trustworthy event log for audit. No studies In conclusion, based on a systematic review of relevant liter-
were observed pertaining to this aspect of auditing, as most ature, this study examined different perspectives of process
of the studies primarily remained focused on the analysis mining usage in business process audits and demonstrated
and investigation phases, rather than evaluating the validity how process mining overcomes the limitations of traditional
and reliability of the log being investigated. Addressing this audit. Additionally, the specific challenges related to inte-
challenge requires a multi-disciplinary approach, involving gration of process mining into audit landscape were also
researchers from different domains, such as auditing, process highlighted.

VOLUME 11, 2023 68353

 M. Imran et al.: Advancing Process Audits With PM

The study revealed scarcity of new auditing models and [14] W. van der Aalst et al., ‘‘Process mining manifesto,’’ in Proc. Business
tools and immaturity of process mining towards external Process Manag. Workshops, in Lecture Notes in Business Informa-
tion Processing, F. Daniel, K. Barkaoui, and S. Dustdar, Eds. Berlin,
auditing of business processes. Enhancement perspective Germany: Springer-Verlag, 2012, pp. 169–194, doi: 10.1007/978-3-642-
of process mining in audits remained largely unexplored. 28108-2_19.
Findings further reveal that Process mining offers several [15] D. Sledgianowski, M. Gomaa, and C. Tan, ‘‘Toward integration of big
data, technology and information systems competencies into the account-
advantages over traditional audits, the foundation of which ing curriculum,’’ J. Accounting Educ., vol. 38, pp. 81–93, Mar. 2017, doi:
is an objective and reproducible audit process. On the other 10.1016/j.jaccedu.2016.12.008.
hand, challenges in adoption of process mining over tradi- [16] M. Jans and M. Hosseinpour, ‘‘How active learning and process mining
can act as continuous auditing catalyst,’’ Int. J. Accounting Inf. Syst.,
tional audits include lack of expertise, unavailability of log vol. 32, pp. 44–58, Mar. 2019, doi: 10.1016/j.accinf.2018.11.002.
data and generation of a trustworthy event log. Privacy and [17] T. M. Barboza, F. M. Santoro, K. C. Revoredo, and R. M. M. Costa,
‘‘A case study of process mining in auditing,’’ in Proc. 15th Brazilian
ethical concerns also need attention.
Symp. Inf. Syst., May 2019, pp. 1–8, doi: 10.1145/3330204.3330241.
The identified challenges point towards several future [18] T. G. Erdogan and A. Tarhan, ‘‘Systematic mapping of process mining
research directions. For instance, there is a need to develop studies in healthcare,’’ IEEE Access, vol. 6, pp. 24543–24567, 2018, doi:
10.1109/ACCESS.2018.2831244.
process improvement techniques specifically tailored for pro- [19] M. R. Dallagassa, C. dos Santos Garcia, E. E. Scalabrin, S. O. Ioshii,
cess mining-based audits. This may involve the development and D. R. Carvalho, ‘‘Opportunities and challenges for applying pro-
of new algorithms and methods that may satisfy both process cess mining in healthcare: A systematic mapping study,’’ J. Ambient
Intell. Humanized Comput., vol. 13, no. 1, pp. 165–182, Jan. 2022,
mining and audit perspective. Another potential avenue for doi: 10.1007/s12652-021-02894-7.
further research is the development of methods to ensure the [20] E. Rojas, J. Munoz-Gama, M. Sepúlveda, and D. Capurro, ‘‘Process
validity and reliability of event logs used for process mining mining in healthcare: A literature review,’’ J. Biomed. Informat., vol. 61,
pp. 224–236, Jun. 2016, doi: 10.1016/j.jbi.2016.04.007.
based audits. [21] M. S. Sundari, K. Lakshmaiah, and E. Foundation, ‘‘Process mining
in healthcare systems: A critical review and its future,’’ Int. J. Emerg.
Trends Eng. Res., vol. 8, no. 9, pp. 5197–5208, Sep. 2020, doi:
REFERENCES
10.30534/ijeter/2020/50892020.
[1] W. van der Aalst, Data Science in Action. Berlin: Springer Berlin Heidel- [22] M. A. Ghazal, O. Ibrahim, and M. A. Salama, ‘‘Educational process min-
berg, 2016, doi: 10.1007/978-3-662-49851-4_1. ing: A systematic literature review,’’ in Proc. Eur. Conf. Electr. Eng. Com-
[2] J. P. Russell, Process Auditing and Techniques, 2nd ed. Milwaukee, WI, put. Sci. (EECS), Nov. 2017, pp. 198–203, doi: 10.1109/EECS.2017.45.
USA: ASQ Quality Press, 2013. [23] M. Macak, L. Daubner, M. F. Sani, and B. Buhnova, ‘‘Process mining
[3] J. M. E. M. van der Werf, H. M. W. Verbeek, and W. M. P. van der Aalst, usage in cybersecurity and software reliability analysis: A systematic
‘‘Context-aware compliance checking,’’ in Business Process Manage- literature review,’’ Array, vol. 13, Mar. 2022, Art. no. 100120, doi:
ment (Lecture Notes in Computer Science), vol. 7481. Berlin, Germany: 10.1016/j.array.2021.100120.
Springer, 2012, pp. 98–113, doi: 10.1007/978-3-642-32885-5_7. [24] C. D. S. Garcia, A. Meincheim, E. R. Faria Junior, M. R. Dallagassa,
D. M. V. Sato, D. R. Carvalho, E. A. P. Santos, and E. E. Scalabrin,
[4] E. Roubtsova and N. Wiersma, ‘‘Involvement of business roles in auditing
‘‘Process mining techniques and applications—A systematic mapping
with process mining,’’ in Communications in Computer and Information
study,’’ Exp. Syst. Appl., vol. 133, pp. 260–295, Nov. 2019, doi:
Science. Cham, Switzerland: Springer, 2019, pp. 24–44.
10.1016/j.eswa.2019.05.003.
[5] V.-L. Enzo, ‘‘Using process mining to improve productivity in banks,’’ in [25] A. R. C. Maita, L. C. Martins, C. R. LṖaz, L. Rafferty, P. C. K. Hung,
Advances in Information and Communication (Lecture Notes in Networks S. M. Peres, and M. Fantinato, ‘‘A systematic mapping study of process
and Systems). Cham, Switzerland: Springer, 2022, pp. 982–1000, doi: mining,’’ Enterprise Inf. Syst., vol. 12, no. 5, pp. 505–549, May 2018, doi:
10.1007/978-3-030-98015-3_66. 10.1080/17517575.2017.1402371.
[6] S. Srivastava, G. Srivastava, and R. Bhatnagar, ‘‘Analysis of [26] M. Jans, B. Depaire, and K. Vanhoof, ‘‘Does process mining add to inter-
process mining in audit trails of organization,’’ in Algorithms nal auditing? An experience report,’’ in Enterprise, Business-Process and
for Intelligent Systems. Singapore: Springer, 2020, pp. 611–618, Information Systems Modeling (Lecture Notes in Business Information
doi: 10.1007/978-981-15-4936-6_66. Processing), vol. 81, Berlin, Germany: Springer, 2011, pp. 31–45, doi:
[7] M. Werner, M. Wiese, and A. Maas, ‘‘Embedding process mining 10.1007/978-3-642-21759-3_3.
into financial statement audits,’’ Int. J. Accounting Inf. Syst., vol. 41, [27] D. A. Appelbaum, A. Kogan, and M. A. Vasarhelyi, ‘‘Analytical pro-
Jun. 2021, Art. no. 100514, doi: 10.1016/j.accinf.2021.100514. cedures in external auditing: A comprehensive literature survey and
[8] M. J. Jans, ‘‘Process mining in auditing: From current limitations to framework for external audit analytics,’’ J. Accounting Literature, vol. 40,
future challenges,’’ in Proc. Business Process Management Workshops. no. 1, pp. 83–101, Jun. 2018, doi: 10.1016/j.acclit.2018.01.001.
Berlin, Germany: Springer, 2012, pp. 394–397, doi: 10.1007/978-3-642- [28] M. Jans, M. Alles, and M. Vasarhelyi, ‘‘The case for process min-
28115-0_37. ing in auditing: Sources of value added and areas of application,’’
[9] W. M. P. van der Aalst, K. M. van Hee, J. M. van der Werf, and Int. J. Accounting Inf. Syst., vol. 14, no. 1, pp. 1–20, Mar. 2013, doi:
M. Verdonk, ‘‘Auditing 2.0: Using process mining to support tomorrow’s 10.1016/j.accinf.2012.06.015.
auditor,’’ Computer, vol. 43, no. 3, pp. 90–93, Mar. 2010, doi: 10.1109/ [29] M. Jans, M. G. Alles, and M. A. Vasarhelyi, ‘‘A field study on the use
MC.2010.61. of process mining of event logs as an analytical procedure in audit-
ing,’’ Accounting Rev., vol. 89, no. 5, pp. 1751–1773, Sep. 2014, doi:
[10] M. Jans, ‘‘Auditor choices during event log building for process mining,’’
10.2308/accr-50807.
J. Emerg. Technol. Accounting, vol. 16, no. 2, pp. 59–67, Sep. 2019, doi:
[30] M. Hashmi, G. Governatori, H.-P. Lam, and M. T. Wynn, ‘‘Are we
10.2308/jeta-52496.
done with business process compliance: State of the art and challenges
[11] A. P. Kurniati, G. P. Kusuma, and G. A. Ary Wisudiawan, ‘‘Designing ahead,’’ Knowl. Inf. Syst., vol. 57, no. 1, pp. 79–133, Oct. 2018, doi:
application to support process audit using process mining,’’ J. Theor. 10.1007/s10115-017-1142-1.
Appl. Inf. Technol., vol. 80, no. 3, pp. 473–480, 2015. [31] M. Elhagaly, K. Drvoderic, R. G. Kippers, and F. A. Bukhsh, ‘‘Evolution
[12] P. Gottschalk and P. Gottschalk, ‘‘Internal investigation approaches,’’ in of compliance checking in process mining discipline,’’ in Proc. 2nd Int.
Investigating White-Collar Crime. Cham, Switzerland: Springer, 2018, Conf. Comput., Math. Eng. Technol. (iCoMET), Jan. 2019, pp. 1–6, doi:
pp. 57–72, doi: 10.1007/978-3-319-68916-6_5. 10.1109/ICOMET.2019.8673437.
[13] N. J. Wiersma. (2017). The Use of Process Mining in Business [32] B. Kitchenham, O. Pearl Brereton, D. Budgen, M. Turner, J. Bailey, and
Process Auditing. Open Univ. The Netherlands. [Online]. Available: S. Linkman, ‘‘Systematic literature reviews in software engineering—A
https://1library.net/document/z1rdxxeq-use-process-mining-business- systematic literature review,’’ Inf. Softw. Technol., vol. 51, no. 1, pp. 7–15,
process-auditing.html Jan. 2009, doi: 10.1016/j.infsof.2008.09.009.

68354 VOLUME 11, 2023

M. Imran et al.: Advancing Process Audits With PM

[33] M. Gusenbauer and N. R. Haddaway, ‘‘Which academic search systems [50] F. A. Bukhsh and H. Weigand, ‘‘Compliance checking of shipment
are suitable for systematic reviews or meta-analyses? Evaluating retrieval request by utilizing process mining concepts: An evaluation of smart
qualities of Google scholar, PubMed, and 26 other resources,’’ Res. Synth. auditing framework,’’ in Proc. Int. Conf. Frontiers Inf. Technol. (FIT),
Methods, vol. 11, no. 2, pp. 181–217, Mar. 2020, doi: 10.1002/jrsm.1378. Dec. 2017, pp. 235–240, doi: 10.1109/FIT.2017.00049.
[34] A. Martín-Martín, E. Orduna-Malea, M. Thelwall, and E. Delgado López- [51] Y. Sun, L. AI-Khazrage, and Ö. Özümerzifon, ‘‘Generating high
Cózar, ‘‘Google scholar, web of science, and scopus: A systematic com- quality samples of process cases in internal audit,’’ in Business
parison of citations in 252 subject categories,’’ J. Informetrics, vol. 12, Process Management Forum (Lecture Notes in Business Informa-
no. 4, pp. 1160–1177, Nov. 2018, doi: 10.1016/J.JOI.2018.09.002. tion Processing). Cham, Switzerland: Springer, 2021, pp. 263–279,
[35] W. van der Aalst, K. van Hee, J. M. van der Werf, A. Kumar, doi: 10.1007/978-3-030-85440-9_16.
and M. Verdonk, ‘‘Conceptual model for online auditing,’’ Decis. [52] J. Liang, M. Yang, J. Yang, and Y. Deng, ‘‘Identification of human
Support Syst., vol. 50, no. 3, pp. 636–647, Feb. 2011, doi: operation deviation using a conformance checking technique,’’ in
10.1016/j.dss.2010.08.014. Proc. Int. Conf. Power Syst. Technol., Dec. 2021, pp. 551–555,
[36] H. Li, J. Dai, T. Gershberg, and M. A. Vasarhelyi, ‘‘Understanding usage doi: 10.1109/POWERCON53785.2021.9697743.
and value of audit analytics for internal auditors: An organizational [53] I. Tawakkal, A. P. Kurniati, and G. A. A. Wisudiawan, ‘‘Implementing
approach,’’ Int. J. Accounting Inf. Syst., vol. 28, pp. 59–76, Mar. 2018, heuristic miner for information system audit based on DSS01 COBIT5
doi: 10.1016/j.accinf.2017.12.005. (Case study: CV Narnia distribution),’’ in Proc. Int. Conf. Comput.,
[37] M. Mueller-Wickop, N. Schultz, and M. Peris. (2013). Towards Key Con- Control, Informat. its Appl. (IC3INA), Oct. 2016, pp. 197–202, doi:
cepts for Process Audits—A Multi-Method Research Approach. Accessed: 10.1109/IC3INA.2016.7863049.
Jun. 27, 2020. [Online]. Available: https://www.researchgate.net/ [54] P. Arpasat, P. Porouhan, and W. Premchaiswadi, ‘‘Improvement of
publication/261026820_Towards_Key_Concepts_for_Process_Audits_- call center customer service in a Thai bank using disco fuzzy mining
_A_Multi-Method_Research_Approach algorithm,’’ in Proc. 13th Int. Conf. ICT Knowl. Eng. (ICT Knowl. Eng.),
Nov. 2015, pp. 90–96, doi: 10.1109/ICTKE.2015.7368477.
[38] M. Jans, J. M. van der Werf, N. Lybaert, and K. Vanhoof, ‘‘A business
process mining application for internal transaction fraud mitigation,’’ [55] R. Andrews, S. Suriadi, M. Wynn, A. H. M. T. Hofstede, and
Exp. Syst. Appl., vol. 38, no. 10, pp. 13351–13359, Sep. 2011, doi: S. Rothwell, ‘‘Improving patient flows at St. Andrew’s war memorial hos-
10.1016/j.eswa.2011.04.159. pital’s emergency department through process mining,’’ in Bus. Process
Management Cases. Cham, Switzerland: Springer 2018, pp. 311–333,
[39] G. Schumann, F. Kruse, and J. Nonnenmacher, ‘‘A practice-oriented,
doi: 10.1007/978-3-319-58307-5_17.
control-flow-based anomaly detection approach for internal process
[56] K. Koosawad, N. Saguansakdiyotin, P. Palangsantikul, P. Porouhan,
audits,’’ in Service-Oriented Computing. Cham, Switzerland: Springer,
and W. Premchaiswadi, ‘‘Improving sales process of an automotive
2020, pp. 533–543, doi: 10.1007/978-3-030-65310-1_39.
company with fuzzy miner techniques,’’ in Proc. 16th Int. Conf. ICT
[40] C. Chuchaimongkhon, P. Porouhan, and W. Premchaiswadi, ‘‘A study Knowl. Eng. (ICT&KE), Nov. 2018, pp. 1–6, doi: 10.1109/ICTKE.2018.
to investigate time durations of a call center customer service using 8612390.
transition systems,’’ in Proc. 14th Int. Conf. ICT Knowl. Eng. (ICT&KE),
[57] J. Sakchaikun, S. Tumswadi, P. Palangsantikul, P. Porouhan, and
Nov. 2016, pp. 93–97, doi: 10.1109/ICTKE.2016.7804104.
W. Premchaiswadi, ‘‘IT help desk service workflow relationship with
[41] Y. Wang, F. Caron, J. Vanthienen, L. Huang, and Y. Guo, ‘‘Acquiring process mining,’’ in Proc. 16th Int. Conf. ICT Knowl. Eng. (ICT KE),
logistics process intelligence: Methodology and an application for a Chi- Nov. 2018, pp. 1–5, doi: 10.1109/ICTKE.2018.8612381.
nese bulk port,’’ Exp. Syst. Appl., vol. 41, no. 1, pp. 195–209, Jan. 2014,
[58] F. Mannhardt and A. D. Landmark, ‘‘Mining railway traffic con-
doi: 10.1016/j.eswa.2013.07.021.
trol logs,’’ Transp. Res. Proc., vol. 37, pp. 227–234, Jan. 2019, doi:
[42] J. Štolfa, M. Kopka, S. Štolfa, O. Kobìrský, and V. Snášel, ‘‘An application 10.1016/j.trpro.2018.12.187.
of process mining to invoice verification process in SAP,’’ in Proc. 4th Int. [59] J. Maldonado-Mahauad, M. Pérez-Sanagustín, R. F. Kizilcec, N. Morales,
Conf. Innov. Bio-Inspired Comput. Appl., vol. 2014, vol. 237, pp. 61–74, and J. Munoz-Gama, ‘‘Mining theory-based patterns from big data:
doi: 10.1007/978-3-319-01781-5_6. Identifying self-regulated learning strategies in massive open online
[43] G. O. Spagnolo, E. Marchetti, A. Coco, P. Scarpellini, A. Querci, courses,’’ Comput. Hum. Behav., vol. 80, pp. 179–196, Mar. 2018, doi:
F. Fabbrini, and S. Gnesi, ‘‘An experience on applying process min- 10.1016/j.chb.2017.11.011.
ing techniques to the tuscan port community system,’’ in Software [60] S.-K. Lee, B. Kim, M. Huh, S. Cho, S. Park, and D. Lee, ‘‘Mining trans-
Quality. The Future of Systems- and Software Development (Lecture portation logs for understanding the after-assembly block manufacturing
Notes in Business Information Processing), vol. 238, Cham, Switzerland: process in the shipbuilding industry,’’ Exp. Syst. Appl., vol. 40, no. 1,
Springer, 2016, pp. 49–60, doi: 10.1007/978-3-319-27033-3_4. pp. 83–95, Jan. 2013, doi: 10.1016/j.eswa.2012.07.033.
[44] T. Zhu, Y. Guo, A. Ju, J. Ma, and X. Wang, ‘‘An insider threat [61] S. N. Araghi, F. Fontanili, E. Lamine, L. Tancerel, and F. Benaben,
detection method based on business process mining,’’ Int. J. ‘‘Monitoring and analyzing patients’ pathways by the application of
Bus. Data Commun. Netw., vol. 13, no. 2, pp. 83–98, Jul. 2017, process mining, SPC, and I-RTLS,’’ IFAC-PapersOnLine, vol. 51, no. 11,
doi: 10.4018/ijbdcn.2017070107. pp. 980–985, 2018, doi: 10.1016/j.ifacol.2018.08.480.
[45] R. Gerhardt, J. F. Valiati, and J. V. C. D. Santos, ‘‘An investigation to [62] F. Caron, J. Vanthienen, K. Vanhaecht, E. V. Limbergen, J. De Weerdt,
identify factors that lead to delay in healthcare reimbursement process: and B. Baesens, ‘‘Monitoring care processes in the gynecologic oncology
A Brazilian case,’’ Big Data Res., vol. 13, pp. 11–20, Sep. 2018, doi: department,’’ Comput. Biol. Med., vol. 44, pp. 88–96, Jan. 2014, doi:
10.1016/j.bdr.2018.02.006. 10.1016/j.compbiomed.2013.10.015.
[46] D. Myers, S. Suriadi, K. Radke, and E. Foo, ‘‘Anomaly detection for [63] R. Accorsi and T. Stocker, ‘‘On the exploitation of process mining
industrial control systems using process mining,’’ Comput. Secur., vol. 78, for security audits: The conformance checking case,’’ in Proc. 27th
pp. 103–125, Sep. 2018, doi: 10.1016/j.cose.2018.06.002. Annu. ACM Symp. Appl. Comput., Mar. 2012, pp. 1709–1716, doi:
[47] S. Yoo, M. Cho, E. Kim, S. Kim, Y. Sim, D. Yoo, H. Hwang, and 10.1145/2245276.2232051.
M. Song, ‘‘Assessment of hospital processes using a process mining [64] R. Accorsi, T. Stocker, and G. Müller, ‘‘On the exploitation of pro-
technique: Outpatient process analysis at a tertiary hospital,’’ Int. J. cess mining for security audits: The process discovery case,’’ in Proc.
Med. Informat., vol. 88, pp. 34–43, Apr. 2016, doi: 10.1016/j.ijmedinf. 28th Annu. ACM Symp. Appl. Comput., Mar. 2013, pp. 1462–1468, doi:
2015.12.018. 10.1145/2480362.2480634.
[48] A. S. Dzihni, R. Andreswari, and M. A. Hasibuan, ‘‘Business pro- [65] J. M. E. M. van der Werf and H. M. W. Verbeek, ‘‘Online com-
cess analysis and academic information system audit of helpdesk pliance monitoring of service landscapes,’’ in Proc. Business Pro-
application using genetic algorithms a process mining approach,’’ Pro- cess Manag. Workshops, in Lecture Notes in Business Information
cedia Comput. Sci., vol. 161, pp. 903–909, 2019, doi: 10.1016/j.procs. Processing, vol. 202, Cham, Switzerland: Springer, 2015, pp. 89–95,
2019.11.198. doi: 10.1007/978-3-319-15895-2_8.
[49] M. Siek and R. M. G. Mukti, ‘‘Business process mining from e-commerce [66] E. Rojas, A. Cifuentes, A. Burattin, J. Munoz-Gama, M. Sepúlveda, and
event web logs: Conformance checking and bottleneck identification,’’ in D. Capurro, ‘‘Performance analysis of emergency room episodes through
Proc. 2nd Int. Conf. Biosph. Harmon. Adv. Res., Apr., vol. 2021, vol. 729, process mining,’’ Int. J. Environ. Res. Public Health, vol. 16, no. 7,
no. 1, p. 12133, doi: 10.1088/1755-1315/729/1/012133. pp. 251–263, 2019, doi: 10.3390/ijerph16071274.

VOLUME 11, 2023 68355

 M. Imran et al.: Advancing Process Audits With PM

[67] D. Myers, K. Radke, S. Suriadi, and E. Foo, ‘‘Process discovery [86] M. Ebrahim and S. A. H. Golpayegani, ‘‘Anomaly detection in
for industrial control system cyber attack detection,’’ in Proc. business processes logs using social network analysis,’’ J. Com-
IFIP Adv. Inf. Commun. Technol., vol. 502, 2017, pp. 61–75, put. Virol. Hacking Techn., vol. 18, no. 2, pp. 127–139, Jun. 2022,
doi: 10.1007/978-3-319-58469-0_5. doi: 10.1007/s11416-021-00398-8.
[68] S. C. de Alvarenga, S. Barbon, R. S. Miani, M. Cukier, and [87] N. Adams, A. Augusto, M. Davern, and M. L. Rosa, ‘‘Why do banks
B. B. Zarpelão, ‘‘Process mining and hierarchical clustering to help find bus. Process compliance so challenging? An Australian perspective,’’
intrusion alert visualization,’’ Comput. Secur., vol. 73, pp. 474–491, in Proc. Int. Conf. Bus. Process Manag., vol. 1, 2022, pp. 3–20, doi:
Mar. 2018, doi: 10.1016/j.cose.2017.11.021. 10.1007/978-3-031-16171-1_1.
[69] K. Ganesha, S. M. S. Raj, and S. Dhanush, ‘‘Process mining approach [88] M. Werner, ‘‘Financial process mining—Accounting data structure
for efficient utilization of resources in a hospital,’’ in Proc. Int. Conf. dependent control flow inference,’’ Int. J. Accounting Inf. Syst., vol. 25,
Innov. Inf., Embedded Commun. Syst. (ICIIECS), Mar. 2017, pp. 1–5, doi: pp. 57–80, May 2017, doi: 10.1016/j.accinf.2017.03.004.
10.1109/ICIIECS.2017.8275886. [89] S. Stephan, J. Lahann, and P. Fettke, ‘‘A case study on the application of
[70] A. Fares, J. Gama, and P. Campos, ‘‘Process mining for analyzing cus- process mining in combination with journal entry tests for financial audit-
tomer relationship management systems: A case study,’’ in Learning from ing,’’ in Proc. Annu. Hawaii Int. Conf. Syst. Sci., 2021, pp. 5718–5727.
Data Streams in Evolving Environments. Cham, Switzerland: Springer,
[90] R. Post, I. Beerepoot, X. Lu, S. Kas, S. Wiewel, A. Koopman, and
2019, pp. 209–221, doi: 10.1007/978-3-319-89803-2_9.
H. Reijers, ‘‘Active anomaly detection for key item selection in process
[71] A. Thaduri, S. M. Famurewa, A. K. Verma, and U. Kumar, ‘‘Pro-
auditing,’’ in Proc. Int. Conf. Process Min., vol. 1, 2022, pp. 167–179,
cess mining for maintenance decision support,’’ in System Performance
doi: 10.1007/978-3-030-98581-3_13.
and Management Analytics. Singapore: Springer, 2019, pp. 279–293,
[91] F. Corradini, F. Marcantoni, A. Morichetta, A. Polini, B. Re, and
doi: 10.1007/978-981-10-7323-6_23.
[72] J. De Weerdt, A. Schupp, A. Vanderloock, and B. Baesens, ‘‘Process M. Sampaolo, ‘‘Enabling auditing of smart contracts through process
mining for the multi-faceted analysis of business processes—A case mining,’’ in From Software Engineering to Formal Methods and Tools,
study in a financial services organization,’’ Comput. Ind., vol. 64, no. 1, and Back (Lecture Notes in Computer Science), vol. 11865. Cham,
pp. 57–67, Jan. 2013, doi: 10.1016/j.compind.2012.09.010. Switzerland: Springer, 2019, pp. 467–480, doi: 10.1007/978-3-030-
[73] M. Gupta, A. Sureka, and S. Padmanabhuni, ‘‘Process mining multiple 30985-5_27.
repositories for software defect resolution from control and organizational [92] M. Werner and N. Gehrke, ‘‘Multilevel process mining for financial
perspective,’’ in Proc. 11th Work. Conf. Mining Softw. Repositories, audits,’’ IEEE Trans. Services Comput., vol. 8, no. 6, pp. 820–832,
May 2014, pp. 122–131, doi: 10.1145/2597073.2597081. Nov. 2015, doi: 10.1109/TSC.2015.2457907.
[74] R. Dolak and J. Botlik, ‘‘Process mining of event logs from [93] G. Baader and H. Krcmar, ‘‘Reducing false positives in fraud detection:
horde helpdesk,’’ in Smart Technologies and Innovation for a Sus- Combining the red flag approach with process mining,’’ Int. J. Accounting
tainable Future. Cham, Switzerland: Springer, 2019, pp. 303–309, Inf. Syst., vol. 31, pp. 1–16, Dec. 2018, doi: 10.1016/j.accinf.2018.03.004.
doi: 10.1007/978-3-030-01659-3_35. [94] I. I. Febriansyah, R. Sarno, and R. N. Anggraini, ‘‘Decision tree and
[75] T. Chiu and M. Jans, ‘‘Process mining of event logs: A case study fuzzy logic in the audit of information system for tax letter issuance,’’
evaluating internal control effectiveness,’’ Accounting Horizons, vol. 33, in Proc. Int. Electron. Symp. (IES), Aug. 2022, pp. 581–586, doi:
no. 3, pp. 141–156, Sep. 2019, doi: 10.2308/acch-52458. 10.1109/IES55876.2022.9888372.
[76] Z. Paszkiewicz, ‘‘Process mining techniques in conformance testing of [95] E. Roubtsova and N. Wiersma, ‘‘A practical extension of frameworks
inventory processes: An industrial application,’’ in Proc. Int. Conf. Bus. for auditing with process mining,’’ in Proc. 13th Int. Conf.
Inf. Syst., 2013, pp. 302–313. Eval. Novel Approaches Softw. Eng., 2018, pp. 406–415, doi:
[77] W. Premchaiswadi and P. Porouhan, ‘‘Process modeling and bottleneck 10.5220/0006798904060415.
mining in online peer-review systems,’’ SpringerPlus, vol. 4, no. 1, [96] J.-F. Rodríguez-Quintero, A. Sánchez-Díaz, L. Iriarte-Navarro, A. Maté,
Dec. 2015, doi: 10.1186/s40064-015-1183-4. M. Marco-Such, and J. Trujillo, ‘‘Fraud audit based on visual analysis: A
[78] P. Zerbino, D. Aloini, R. Dulmin, and V. Mininno, ‘‘Process-mining- process mining approach,’’ Appl. Sci., vol. 11, no. 11, p. 4751, May 2021,
enabled audit of information systems: Methodology and an appli- doi: 10.3390/app11114751.
cation,’’ Exp. Syst. Appl., vol. 110, pp. 80–92, Nov. 2018, doi: [97] F. M. Bade, C. Vollenberg, J. Koch, J. Koch, and A. Coners, ‘‘The dark
10.1016/j.eswa.2018.05.030. side of process mining. How identifiable are users despite technologically
[79] Z. Huang, X. Lu, and H. Duan, ‘‘Resource behavior measure and appli- anonymized data? A case study from the health sector,’’ in Proc. Int. Conf.
cation in business process management,’’ Exp. Syst. Appl., vol. 39, no. 7, Bus. Process Manag., vol. 1, 2022, pp. 219–233, doi: 10.1007/978-3-031-
pp. 6458–6468, Jun. 2012, doi: 10.1016/j.eswa.2011.12.061. 16103-2_16.
[80] P. Jaisook and W. Premchaiswadi, ‘‘Time performance analysis of med- [98] G. Kipping, D. Djurica, S. Franzoi, T. Grisold, L. Marcus, S. Schmid,
ical treatment processes by using disco,’’ in Proc. 13th Int. Conf. J. V. Brocke, J. Mendling, and M. Röglinger, ‘‘How to leverage pro-
ICT Knowl. Eng. (ICT Knowl. Eng.), Nov. 2015, pp. 110–115, doi: cess mining in organizations—Towards process mining capabilities,’’
10.1109/ICTKE.2015.7368480. in Proc. Int. Conf. Bus. Process Manag., vol. 1, 2022, pp. 40–46, doi:
[81] M. Macak, I. Vanát, M. Merjavý, T. Jevocin, and B. Buhnova, ‘‘Towards
10.1007/978-3-031-16103-2_5.
process mining utilization in insider threat detection from audit logs,’’
[99] I. Beerepoot, C. Di Ciccio, H. A/ Reijers, S. Rinderle-Ma, W. Bandara,
in Proc. 7th Int. Conf. Social Netw. Anal., Manage. Secur. (SNAMS),
A. Burattin, D. Calvanese, T. Chen, I. Cohen, B. Depaire, and G. Di
Dec. 2020, pp. 1–6, doi: 10.1109/SNAMS52053.2020.9336573.
Federico, ‘‘The biggest business process management problems to solve
[82] W. Pulsanong, P. Porouhan, S. Tumswadi, and W. Premchaiswadi, ‘‘Using
before we die,’’ Comput. Ind., vol. 146, Apr. 2023, Art. no. 103837, doi:
inductive miner to find the most optimized path of workflow process,’’ in
10.1016/J.COMPIND.2022.103837.
Proc. 15th Int. Conf. ICT Knowl. Eng. (ICT&KE), Nov. 2017, pp. 1–5,
doi: 10.1109/ICTKE.2017.8259633. [100] K. Sirisong, P. Palangsantikul, P. Arpasat, S. Intarasema, and
[83] J.-F. Jimenez, G. Zambrano-Rey, S. Aguirre, and D. Trentesaux, ‘‘Using S. Tumswadi, ‘‘Analysis of a bank’s lending approval system using
process-mining for understating the emergence of self-organizing manu- process mining,’’ in Proc. 19th Int. Conf. ICT Knowl. Eng. (ICT&KE),
facturing systems,’’ IFAC-PapersOnLine, vol. 51, no. 11, pp. 1618–1623, Nov. 2021, pp. 1–4, doi: 10.1109/ICTKE52386.2021.9665411.
2018, doi: 10.1016/j.ifacol.2018.08.258. [101] Y. Wang, J. Hulstijn, and Y.-H. Tan, ‘‘Regulatory supervision with com-
[84] A. S. Khatavakhotan and S. H. Ow, ‘‘Development of a soft- putational audit in international supply chains,’’ in Proc. 19th Annu.
ware risk management model using unique features of a proposed Int. Conf. Digit. Government Res., Governance Data Age, May 2018,
audit component,’’ Malaysian J. Comput. Sci., vol. 28, no. 2, pp. 1–10, doi: 10.1145/3209281.3209319.
pp. 110–131, Jun. 2015, Accessed: Aug. 15, 2022. [Online]. Available: [102] M. Imran, M. A. Ismail, S. Hamid, and M. H. N. M. Nasir,
https://ejournal.um.edu.my/index.php/MJCS/article/view/6858 ‘‘Complex process modeling in process mining: A systematic
[85] A. Lopata, R. Butleris, S. Gudas, K. Rudžioniene, L. Žioba, I. Veitaite, review,’’ IEEE Access, vol. 10, pp. 101515–101536, 2022, doi:
D. Dilijonas, E. Grišius, and M. Zwitserloot, ‘‘Financial process mining 10.1109/ACCESS.2022.3208231.
characteristics,’’ in Information and Software Technologies (Commu- [103] A. Kaouni, G. Theodoropoulou, A. Bousdekis, A. Voulodimos, and
nications in Computer and Information Science), vol. 1665. Cham, G. Miaoulis, ‘‘Visual analytics in process mining for supporting business
Switzerland: Springer, 2022, pp. 209–220, doi: 10.1007/978-3-031- process improvement,’’ Front. Artif. Intell. Appl., vol. 338, pp. 5–6, 2021,
16302-9_16. doi: 10.3233/FAIA210089.

68356 VOLUME 11, 2023

M. Imran et al.: Advancing Process Audits With PM

[104] C. W. Günther, ‘‘Process mining in flexible environments,’’ Inf. SURAYA HAMID (Member, IEEE) received
Syst. IE&IS, Eindhoven Univ. Technol., Eindhoven, The Netherlands, the B.I.T. degree in industrial computing and
Tech. Rep. 200911996, 2009, doi: 10.6100/IR644335. the M.I.T. degree in computer science from the
[105] S. J. J. Leemans, D. Fahland, and W. M. P. van der Aalst, National University of Malaysia, in 1998 and
‘‘Discovering block-structured process models from event logs 2000, respectively, and the Ph.D. degree from
containing infrequent behaviour,’’ in Proc. Bus. Process Management the Department of Computing and Information
Workshops. Cham, Switzerland: Springer, 2014, pp. 66–78, Systems, The University of Melbourne, in 2013.
doi: 10.1007/978-3-319-06257-0_6.
She is currently an Associate Professor with the
[106] F. Bezerra, J. Wainer, and W. M. P. van der Aalst, ‘‘Anomaly detection
Department of Information Systems, Faculty of
using process mining,’’ in Enterprise, Business-Process and Information
Systems Modeling (Lecture Notes in Business Information Processing)
Computer Science and Information Technology,
vol. 29. Berlin, Germany: Springer, 2009, pp. 149–161, doi: 10.1007/978- University of Malaya, Malaysia. She was involved in various research,
3-642-01862-6_13. leading to the publication of several academic articles in the areas of infor-
[107] R. B. Bahaweres, J. Trawally, I. Hermadi, and A. I. Suroso, ‘‘Foren- mation systems specifically on social informatics, educational technology,
sic audit using process mining to detect fraud,’’ J. Phys. Conf., information services, e-learning, and big data initiative related.
vol. 1779, no. 1, Feb. 2021, Art. no. 012013, doi: 10.1088/1742-
6596/1779/1/012013.
[108] W. M. P. van der Aalst, ‘‘Process discovery from event data: Relating
models and logs through abstractions,’’ WIREs Data Mining Knowl.
Discovery, vol. 8, no. 3, p. e1244, May 2018, doi: 10.1002/widm.1244.
[109] W. Kratsch, F. König, and M. Röglinger, ‘‘Shedding light on blind spots—
Developing a reference architecture to leverage video data for process
mining,’’ Decis. Support Syst., vol. 158, Jul. 2022, Art. no. 113794, doi:
10.1016/J.DSS.2022.113794.
[110] C. Feliciano and R. Quick, ‘‘Innovative information technology in audit-
ing: Auditors’ perceptions of future importance and current auditor
expertise,’’ Accounting Eur., vol. 19, no. 2, pp. 311–331, May 2022, doi:
10.1080/17449480.2022.2046283.

MOHAMMAD IMRAN received the B.S. degree MAIZATUL AKMAR ISMAIL (Member, IEEE)
in information technology from the University received the bachelor’s degree from the University
of Balochistan, in 2013, and the M.S. degree in of Malaya, Malaysia, the master’s degree from
information technology from the Balochistan Uni- the University of Putra Malaysia, and the Ph.D.
versity of Information Technology, Engineering & degree in computer science from the University of
Management Sciences (BUITEMS), in 2017. He is Malaya, in 2010. She has over 15 years of teaching
currently a Faculty Member with the Department experience since she started her career, in 2001,
of Information Technology, Faculty of Information as a Lecturer with the University of Malaya, where
and Communication Technology, BUITEMS. His she is currently an Associate Professor with the
research interests include the domains of business Department of Information Systems, Faculty of
process intelligence, business process management, and process mining, Computer Science and Information Technology. She was involved in various
with a special focus on dealing with complexity and understandability studies, leading to the publication of several academic papers in the areas of
issues in process mining. In addition to his research endeavors, he holds information systems specifically on semantic web, educational technology,
a wide range of experience in programming the Microsoft.Net platform. and information systems. She hopes to extend her research beyond informa-
From 2016 to 2018, he led the Web Team of the IEEE Conference on tion systems in her quest to elevate the quality of teaching and learning.
Computers, Electronic and Electrical Engineering (ICE Cube).

VOLUME 11, 2023 68357