Process mining-technieken voor internecontroletesten - mogelijkheden nu en in de toekomst

'Data analytics' en 'accounting' zijn termen die steeds vaker in combinatie worden gebruikt. Zowel van de financiële rapportering als van de processen die leiden tot deze rapportering worden steeds meer gegevens opgeslagen. Dat data-analyse een toegevoegde waarde kan bieden aan accounting, wordt door steeds meer partijen aangenomen. Hoe deze toegevoegde waarde concreet bereikt kan worden, is echter minder duidelijk. In dit artikel wordt concreet ingegaan op het perspectief van internecontroletesten en process mining, een subset van data-analysetechnieken. Enerzijds worden concrete activiteiten geïdentificeerd in het proces van interne beheersing, die ondersteund zouden kunnen worden door process mining- algoritmes. Dit is vooral voor het vergelijken van werkelijke uitvoeringen met een verwacht procesmodel. Anderzijds worden de wetenschappelijke uitdagingen die hiermee gepaard gaan toegelicht: 1) de impact van de event log-structuur op controletesten en 2) de classificatie van procesafwijkingen, zodat een volledige analyse haalbaar wordt

How active learning and process mining can act as Continuous Auditing catalyst

In the context of Continuous Auditing, different approaches have been proposed to incorporate data analytics to accomplish a continuous audit environment. Some work suggests the use of data mining, some the use of process mining; some work reports on concrete case studies, where other work presents a conceptual approach. In this paper, we present an actionable framework to address one specific level of continuous auditing: the transaction verification level. This framework combines the techniques of data mining and process mining on one hand, and includes the auditor as a human expert to deal with the typical alarm flood on the other hand. Further, different research opportunities are identified in this context

Process mining-technieken voor internecontroletesten - mogelijkheden nu en in de toekomst

‘Data analytics' en ‘accounting' zijn termen die steeds vaker in combinatie worden gebruikt. Zowel van de financiële rapportering als van de processen die leiden tot deze rapportering worden steeds meer gegevens opgeslagen. Dat data-analyse een toegevoegde waarde kan bieden aan accounting, wordt door steeds meer partijen aangenomen. Hoe deze toegevoegde waarde concreet bereikt kan worden, is echter minder duidelijk. In dit artikel wordt concreet ingegaan op het perspectief van internecontroletesten en process mining, een subset van data-analysetechnieken. Enerzijds worden concrete activiteiten geïdentificeerd in het proces van interne beheersing, die ondersteund zouden kunnen worden door process mining- algoritmes. Dit is vooral voor het vergelijken van werkelijke uitvoeringen met een verwacht procesmodel. Anderzijds worden de wetenschappelijke uitdagingen die hiermee gepaard gaan toegelicht: 1) de impact van de event log-structuur op controletesten en 2) de classificatie van procesafwijkingen, zodat een volledige analyse haalbaar wordt

Cascading impact of cyberattacks on multilayer social networks

Cybercriminals are getting more intelligent with their tactics in cyberattacks; by using a fake social media profile, they are capable of copying a legitimate profile and perform different scale attacks. In social networks, there are other types of cyberattacks such as Compromised Profile, Malicious Links and Content, Social Engineering, and Reconnaissance. Cascading impact in fact is not always caused through sophisticated attacks as observed in the case of SolarWinds by accessing to customer data. There are much simpler examples, one of which is the constant occurrence of business email compromise, or even cascading of cyberattacks in multilayer networks e.g., from social media into business operation. Multilayer networks are ones with multiple kinds of relations in multidimensional settings as an extension of the traditional networks. At the same time, we aim to explore the cascading impact of cyberattacks on multilayer social networks. This means how a cyberattack originated by using a fake social profile will cascade into all parallel multilayer networks. We use dynamic processes in multilayer networks to understand how the cyberattacks are propagated. We use ML algorithms to detect fake and nonfake profiles, e.g. via a dataset in twitter, then use SIR (susceptible, infected or removed) model as a base generating simulated cascades with the goal of comparing them with real ones to assess how realistic this model performs in multilayer networks, e.g. in a dataset including profiles in Google+ -Instagram – Twitter to see how fake profiles are cascaded into parallel social networks

Blockchain-based data sharing platform customization with on/off-chain data balancing

Blockchain is widely considered as a promising solution, which can build a secure and efficient environment for data sharing. With more and more people working remotely and privacy becoming a major concern, having a secure and efficient way of sharing data has become a necessity. Blockchain being a decentralized ledger emphasizing cryptography obviously helps with data security and privacy, but the technology can suffer from major constraints in the context of data sharing such as on-chain data volume, storage, network performance, off-chain security, and more. In this study, we are looking at customization as a dynamic or adaptive strategy to determine when/how/what data should be stored on-chain versus off-chain to face the trade-off between performance and security; we explore the relevant research questions and the metrics by implementing a proof-of-concept solution using Hyperledger-fabric and IPFS (Inter Planetary File System). The results show that the on-chain latency increases with rising on-chain data ratio, whereas the off-chain exhibits reduced latency with respect to the on-chain ratio. In conclusion, the balance between on-chain and off-chain data storage in blockchain networks is a nuanced decision that hinges on the nature of the data, resource availability, and the desired trade-off between security and performance. A customized approach, where sensitive data is securely stored on-chain, while other data is managed off-chain for improved throughput, can help achieve the optimal equilibrium, ensuring both data integrity and network efficiency