%0 Journal Article %1 Carnaghan2006170 %A Carnaghan, Carla %D 2006 %J International Journal of Accounting Information Systems %K Controls IT-Auditing IT-Revision %N 2 %P 170--204 %R DOI: 10.1016/j.accinf.2005.10.005 %T Business process modeling approaches in the context of process level audit risk assessment: An analysis and comparison %U http://www.sciencedirect.com/science/article/B6W6B-4K4WMW6-2/2/c4a114cda49b33f70835ca8e38af4b52 %V 7 %X Current auditing standards emphasize the importance of auditors gaining a broader understanding of an organization's operations to perform risk assessment (i.e. assess the risks of material misstatement). Auditors' ability to effectively analyze operations in the form of business processes is by definition a key determinant of their ability to appropriately plan and conduct the audit. However, to date there has been little consideration of how best to represent or organize the information required about business processes for audit risk assessment purposes. This paper identifies a number of commonly used business process modeling conventions, and characterizes them relative to the needs of auditors in performing risk assessments at the business process level. To provide a context for the process modeling conventions examined, international standards on enterprise modeling are outlined, and the constructs they identify are compared to those identified as needed for process level risk assessment. This comparison helps provide some assurance that the knowledge needed for audit risk assessment at the process level is similar to that needed for management understanding and control of business processes more generally. A number of commonly used business process modeling conventions are identified based on a literature review, including data flow diagrams, system flowcharts, REA models, event process chains, IDEF0 and IDEF3, UML diagrams, and business process diagrams (BPMN). The constructs represented in each of these models are compared to those identified as needed for process level audit risk assessment, and the merits of each convention are discussed. The paper concludes by noting particular areas where additional research is needed before more definitive answers regarding which process modeling conventions are most appropriate for auditor use are possible.

@article{Carnaghan2006170, abstract = {Current auditing standards emphasize the importance of auditors gaining a broader understanding of an organization's operations to perform risk assessment (i.e. assess the risks of material misstatement). Auditors' ability to effectively analyze operations in the form of business processes is by definition a key determinant of their ability to appropriately plan and conduct the audit. However, to date there has been little consideration of how best to represent or organize the information required about business processes for audit risk assessment purposes. This paper identifies a number of commonly used business process modeling conventions, and characterizes them relative to the needs of auditors in performing risk assessments at the business process level. To provide a context for the process modeling conventions examined, international standards on enterprise modeling are outlined, and the constructs they identify are compared to those identified as needed for process level risk assessment. This comparison helps provide some assurance that the knowledge needed for audit risk assessment at the process level is similar to that needed for management understanding and control of business processes more generally. A number of commonly used business process modeling conventions are identified based on a literature review, including data flow diagrams, system flowcharts, REA models, event process chains, IDEF0 and IDEF3, UML diagrams, and business process diagrams (BPMN). The constructs represented in each of these models are compared to those identified as needed for process level audit risk assessment, and the merits of each convention are discussed. The paper concludes by noting particular areas where additional research is needed before more definitive answers regarding which process modeling conventions are most appropriate for auditor use are possible.}, added-at = {2009-07-17T15:20:29.000+0200}, author = {Carnaghan, Carla}, biburl = {https://www.bibsonomy.org/bibtex/2af5ee39c51b105b15f0921c147c1178e/stefan.strecker}, description = {ScienceDirect - International Journal of Accounting Information Systems : Business process modeling approaches in the context of process level audit risk assessment: An analysis and comparison}, doi = {DOI: 10.1016/j.accinf.2005.10.005}, interhash = {1fc77134c44d19e0b57159df5ec1cbe0}, intrahash = {af5ee39c51b105b15f0921c147c1178e}, issn = {1467-0895}, journal = {International Journal of Accounting Information Systems}, keywords = {Controls IT-Auditing IT-Revision}, note = {2005 Research Symposium on Integrity, Privacy, Security & Trust in an IT Context}, number = 2, pages = {170--204}, timestamp = {2009-07-22T10:39:58.000+0200}, title = {Business process modeling approaches in the context of process level audit risk assessment: An analysis and comparison}, url = {http://www.sciencedirect.com/science/article/B6W6B-4K4WMW6-2/2/c4a114cda49b33f70835ca8e38af4b52}, volume = 7, year = 2006 }