Abstract
The risk exposure of an organization is the cost of being non-compliant for all process instances that are subject to auditing and it can be reduced by auditing internal controls for every process instance, detecting and eliminating the cause of non-compliance. This paper discusses the design consideration for an automated auditing tool to achieve the desired level of risk exposure reduction. A method is provided to measure the effectiveness and the limits of such tools and adjust their performance for various risk exposure levels.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Greengard, S.: Compliance Software’s Bonus Benefits. Business Finance Magazine (February 2004)
Gartner: Simplifying Compliance: Best Practices and Technology, French Caldwell, Business Process Management Summit (2005)
Enterprise Risk Management Integrated Framework, Committee of Sponsoring Organizations of the Treadway Commission (COSO), Jersey City, NJ (2004)
COSO (2009) Guidance on monitoring internal control systems. American Institute of Certified Public Accountants
COSO – Committee of sponsoring organizations of the treadway commission, http://www.coso.org
AMR Research: The Governance, Risk Management, and Compliance Spending Report (2010)
Doganata, Y., Curbera, F.: Effect of Using Automated Auditing Tools on Detecting Compliance Failures in Unmanaged Processes. In: Dayal, U., Eder, J., Koehler, J., Reijers, H.A. (eds.) BPM 2009. LNCS, vol. 5701, pp. 310–326. Springer, Heidelberg (2009)
Doganata Y., Curbera F.: A method of calculating the cost of reducing the risk exposure of non-compliant process instances. In: Proceedings of 1st ACM Workshop on Information Security Governance, WISG 2009, pp. 7–9 (2009)
Joseph, L., Gyorkos, T.W., Coupal, L.: Bayesian estimation of disease prevalence and the parameters of diagnostic tests in the absence of a gold standard. American Journal of Epidemiology 141, 263–271 (1995)
Enøe, C., Georgiadis, M.B., Wesley, O.J.: Estimation of sensitivity and specificity of diagnostic tests and disease prevalence when the true disease state is unknown. Preventive Veterinary Medicine 45, 61–81 (2000)
Hagerty, J., Hackbush, J., Gaughan, D., Jacaobson, S.: The Governance, Risk Management, and Compliance Spending Report, 2008-2009. AMR Research Report (March 25, 2008)
Corfield, B.: Managing the cost of compliance, http://justin-taylor.net/webdocs/tip_of_the_iceberg.pdf
Katsis, A.: Sample size determination of binomial data with the presence of misclassification. Metrika 63, 323–329 (2005)
Mukhi, N.K.: Approaches towards Dealing with Complex Systems Configuration. In: Meersman, R., Dillon, T., Herrero, P. (eds.) OTM 2010. LNCS, vol. 6428, pp. 35–37. Springer, Heidelberg (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Doganata, Y., Curbera, F. (2012). Designing an Automated Audit Tool for the Targeted Risk Exposure Reduction. In: Daniel, F., Barkaoui, K., Dustdar, S. (eds) Business Process Management Workshops. BPM 2011. Lecture Notes in Business Information Processing, vol 100. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28115-0_34
Download citation
DOI: https://doi.org/10.1007/978-3-642-28115-0_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28114-3
Online ISBN: 978-3-642-28115-0
eBook Packages: Computer ScienceComputer Science (R0)