摘要
The increasing utilization of computerized systems in businesses has led to the generation and storage of massive databases. In light of the availability of such big data, auditing is moving from the traditional sample-based approach to audit-by-exception. The literature is abundant with studies that propose various machine learning, statistical, and data mining techniques that have proved to be efficient in identifying exceptions. However, such techniques often inundate auditors and management with large numbers of exceptions. This dissertation, composed of three essays, attempts to help them overcome the human limitations of dealing with information overload by proposing methodologies to detect and subsequently prioritize such exceptions. These prioritization techniques can help auditors and management to direct their investigations towards the more suspicious cases, or exceptional exceptions. The first essay evaluates the quality of auditors’ judgment of business processes’ risk levels using historic data procured from internal controls risk assessments of a multinational company. I identify the exceptions where auditor assessments deviate from the value predicted by an ordered logistic regression model. Subsequently, I propose two metrics to prioritize these exceptions. The results indicate that the prioritization methodology proved effective in helping auditors focus their efforts on the more problematic audits. In the second essay I propose a framework where I use a weighted rule-based expert system to identify exceptions that violate internal controls. These exceptions are then prioritized based on a suspicion score, defined as the sum of the risk weightings of all the internal controls that were violated by that specific record. Finally, the exceptions are ranked by decreasing order of suspicion score. The third essay addresses the problem of data quality from a duplicate records perspective. I present the various techniques used to detect such duplicates, and focus on the issue of duplicate payments. I use two real business datasets as an illustration. Finally I propose a prioritization methodology where each duplicate candidate receives a cumulative score based on multiple criteria. The results show that my prioritization methodology can help the auditors to process duplicate candidates more effectively.
摘要译文
企业中计算机化系统的利用率不断提高,导致生成和存储海量数据库。鉴于此类大数据的可用性,审计正从基于样本的传统方法转变为逐项审计。大量文献提出了各种机器学习,统计和数据挖掘技术,这些技术已被证明可以有效地识别异常。但是,此类技术通常会给审计人员和管理人员带来很多例外。本文由三篇论文组成,试图通过提出检测异常情况并随后对其进行优先级排序的方法,来帮助他们克服人为处理信息超载的局限性。这些优先级排序技术可以帮助审核员和管理人员将调查的方向转向更可疑的案例或例外情况。第一篇文章使用从跨国公司内部控制风险评估中获得的历史数据来评估审计师对业务流程风险水平的判断质量。我确定了审计师的评估偏离有序逻辑回归模型预测的值的例外情况。随后,我提出了两个度量标准来对这些异常进行优先级排序。结果表明,优先排序方法论被证明可以有效地帮助审计师将精力集中在问题更多的审计上。在第二篇文章中,我提出一个框架,在该框架中,我将使用基于加权规则的专家系统来识别违反内部控制的异常。然后根据可疑分数对这些例外进行优先级排序,可疑分数定义为该特定记录违反的所有内部控制的风险权重之和。最后,按怀疑评分的降序对异常进行排序。第三篇论文从重复记录的角度解决了数据质量问题。我将介绍用于检测此类重复项的各种技术,并重点介绍重复支付的问题。我以两个真实的业务数据集为例。最后,我提出了一种优先排序方法,其中每个重复的候选人都基于多个标准获得累积分数。结果表明,我的优先排序方法可以帮助审核员更有效地处理重复的候选人。
Issa, Hussein. Exceptional exceptions[D]. US: The State University of New Jersey , 2013