Information Systems Auditing

The inherent quality of business processes increasingly plays a significant role in the economic success of an organization. More and more business processes are supported through IT processes. In this contribution, we present a new approach which allows the continuous quality improvement of IT processes by the interconnection of IT Infrastructure Library (ITIL) reference model and process mining. On the basis of the reference model, to-be processes are set and key indicators are determined. As-is processes and their key indicators derived by process mining are subsequently compared to the to-be processes. This new approach enables the design and control of ITIL based customer support processes which will be trialed in a practice case of a customer relationship management (CRM) system. The procedural models, as well as its results, are introduced in this publication.

This paper reports on the potential of process mining as a basis for security audits of business process and corresponding business process management systems. In particular, it focuses on process discovery as a means to reconstruct process-related structures from event logs, such as the process' control flow, social network and data flows. Based on this information, security analysis to determine the compliance with security and privacy requirements can be automated.

Information System/Information Technology (IS/IT) has important role to accelerate and enhance bureaucratic reform in government institutions. Ministry of Energy and Mineral Resources (MEMR) Republic of Indonesia requires IS/IT to improve accountability and reduce complexity of bureaucratic in public services. To ensure optimization on IS/IT resources and alignment with MEMR’s strategic objectives, all IS/IT maneuvers should be prepared using a Strategic Information Systems Planning. This study performs advance exploration regarding on how MEMR contrive IS/IT maneuvers to enhance bureaucratic reform in four IT domains: IT governance, IS application, IT infrastructure and IT human resources. The contrived maneuvers refer to the principles of bureaucratic reform and also business principles: Automation, Continuity, and Standardized, then organized in a roadmap which encompasses 2016 until 2020. Without neglecting other maneuvers, this study promotes IT Steering Committee and integrati...

Information Technology (IT) has rounded into a technology which hardly assist even determine level of performance a company. For the agenda of increasing performance, Bina Sarana Informatika (BSI) has been supported by information technology. Constructively IT (Information Technology), Business process or job activity process happened in university can be put across and efficient. But other side, the purpose of business, applying of IT needs cost money high investment at risk to big enough failure. Therefore required a mechanism Arrange IT Management (IT Governance) which totally and structural from starting planning untill the observation. This research is to give a model proposal arrange IT Management for Bina Sarana Informatika (BSI) by relating COBIT (Control Objective for Information and Related Technology) Version of 4.0. This research is focused on two main domain COBIT, that is Delivery Support (DS) and Monitoring Evaluation (ME) and this research is continuation from other researcher that is Evi, Rahmawati, the researcher who focuses on domain DS and ME. Methodologies are done through analysis whereas from vision identification, mission and purpose of organization and also mission and vision from part of Biro Teknologi Informasi (BTI). Here in after identifying by management awareness to IT asset function which have him (it in supporting the of reaching company mission and vision through questioner. From both the data hence is determinable of maturity goals (expected maturity level) appropriate for Bina Sarana Informatika (BSI). Then continued by doing assessment of current maturity level through questioner and interview to related and relevant responder of management of titanium. The expected data and current maturity levels of each IT process are analyzed to look at the gap, and then determined gradually; Steps that must be taken to overcome the gap.

Application of Benford's Law in the field of financial analysis is very rarely covered. In this paper it is researched possibility of usage of this law in analysis of stock prices and stock turnover in Zagreb stock exchange. On the basis of online available and public data, sets of input numbers are prepared. These sets are checked against Benford's Law. Results show that sets partially fit to this law. Stock turnover data conforms to Benford's Law, while daily closing stock prices do not. Probably, psychological factors significantly influence daily closing stock prices, so these values do not conform to Benford's distribution. S a ž e t a k O primjeni Benfordovog zakona u području financijskih analiza u literaturi postoji malo izvora. U ovom radu se istražuje mogućnost primjene ovog zakona u analizi kretanja cijena i prometa dionica na burzi, i to na primjeru Zagrebačke burze. Temeljem online raspoloživih podataka, oblikovani su skupovi ulaznih nizova na koje je primijenjen Benfordov zakon. Dobiveni rezultati ukazuju da je ovaj zakon djelomično primjenljiv i za takvu problematiku. Potpuno je primjenljiv za analize i procjene ukupnog dnevnog promete dionica, ali nije primjenljiv za analize i procjene zadnjih dnevnih cijena dionica. Vjerojatno na ove cijene na tržištu značajno utječu psihološki čimbenici, pa stoga ova pojava ne slijedi Benfordovu distribuciju.

Application of Benford’s Law in the field of financial analysis is very rarely covered. In this paper it is researched possibility of usage of this law in analysis of stock prices and stock turnover in Zagreb stock exchange. On the basis of online available and public data, sets of input numbers are prepared. These sets are checked against Benford’s Law. Results show that sets partially fit to this law. Stock turnover data conforms to Benford’s Law, while daily closing stock prices do not. Probably, psychological factors significantly influence daily closing stock prices, so these values do not conform to Benford’s distribution. Sažetak O primjeni Benfordovog zakona u podrucju financijskih analiza u literaturi postoji malo izvora. U ovom radu se istražuje mogucnost primjene ovog zakona u analizi kretanja cijena i prometa dionica na burzi, i to na primjeru Zagrebacke burze. Temeljem online raspoloživih podataka, oblikovani su skupovi ulaznih nizova na koje je primijenjen Benfordov za...

Application of Benford's Law in the field of financial analysis is very rarely covered. In this paper it is researched possibility of usage of this law in analysis of stock prices and stock turnover in Zagreb stock exchange. On the basis of online available and public data, sets of input numbers are prepared. These sets are checked against Benford's Law. Results show that sets partially fit to this law. Stock turnover data conforms to Benford's Law, while daily closing stock prices do not. Probably, psychological factors significantly influence daily closing stock prices, so these values do not conform to Benford's distribution. S a ž e t a k O primjeni Benfordovog zakona u području financijskih analiza u literaturi postoji malo izvora. U ovom radu se istražuje mogućnost primjene ovog zakona u analizi kretanja cijena i prometa dionica na burzi, i to na primjeru Zagrebačke burze. Temeljem online raspoloživih podataka, oblikovani su skupovi ulaznih nizova na koje je primijenjen Benfordov zakon. Dobiveni rezultati ukazuju da je ovaj zakon djelomično primjenljiv i za takvu problematiku. Potpuno je primjenljiv za analize i procjene ukupnog dnevnog promete dionica, ali nije primjenljiv za analize i procjene zadnjih dnevnih cijena dionica. Vjerojatno na ove cijene na tržištu značajno utječu psihološki čimbenici, pa stoga ova pojava ne slijedi Benfordovu distribuciju.

While there is increasing awareness of the Year 2000 computer date problem, most organizations have yet to take sufficient action to ensure that their systems are "millennium-proof." This lack of progress is particularly troubling given the profoundly negative legal, and even survival exposures that enterprises of every kind (e.g., public, private, profit-making, non-profit and government), as well as their management (e.g., directors, officers, civil servants, elected and appointed politicians), face if non-compliant software and hardware cause major disruptions to enterprise operations. For this reason, information systems audit and control professionals must play a proactive role during the next three years in helping their organizations to confront and resolve the Year 2000 date problem. IS audit and control professionals can help their organizations in five ways: 1) convincing other members of the organization, particularly senior management, that this is a serious problem requiring immediate attention; 2) helping managers overcome their initial responses to the Year 2000 date problem (usually denial and anger); 3) playing an active role in establishing a Year 2000 steering committee and program office; 4) helping to develop enterprise-wide Year 2000 compliance definitions, standards, and test plans; and 5) conducting audits to certify the completeness and appropriateness of Year 2000 project plans, as well as whether or not Year 2000 compliance has been achieved.

Information systems auditing activities are mandatory in today business environments. There are numerous useful methods that can be conducted in such audits. One of contemporary methods is application of so-called Benford's Law. In this paper we examine ways of application of this law in investigation of certain number set with aim to make a conclusion if number set conforms to Benford's Law. As an examination target we used foreign payment system messages which are issued between foreign and domestic business entities i.e. commercial and central banks. We chose sample of 1.745.311 transactions and conducted examination for first, second and first two digits. We examine certain data subsets, created according to certain payment types, and investigate how Benford’s Law tests can be used in auditing. We also compare practical usefulness and note differences between various conformity tests in auditing environment. Results we achieved prove adequate potential of this law in a...

The paper aims to explore the usefulness of e-audit implementation in enhancing government auditor performance. It scrutinized in depth the auditor behavior change related the new audit technique based on information technology. The study used a qualitative approach by observing and interviewing Indonesia government auditor. Participatory observation involved in gathering rich data and analysis in Miles Huberman interactive technique. The results showed that the availability of data hasn’t been fulfilled yet by the entity and the period time given to the auditors to access the e-audit portal is too short, in addition, the auditors don't optimally take advantage of features available in the portal of e-audit. Implementation of e-audit has helped streamline the examination process, and increase the value of the audit findings comparison. This shows that the implementation of e-audit create of transparency and accountability in local government financial management.

The paper aims to explore the usefulness of e-audit implementation in enhancing government auditor performance. It scrutinized in depth the auditor behavior change related the new audit technique based on information technology. The study used a qualitative approach by observing and interviewing Indonesia government auditor. Participatory observation involved in gathering rich data and analysis in Miles Huberman interactive technique. The results showed that the availability of data hasn’t been fulfilled yet by the entity and the period time given to the auditors to access the e-audit portal is too short, in addition, the auditors don't optimally take advantage of features available in the portal of e-audit. Implementation of e-audit has helped streamline the examination process, and increase the value of the audit findings comparison. This shows that the implementation of e-audit create of transparency and accountability in local government financial management.

Management processes without responsive to abnormal activity that might occur can affect the performance of an organization. The Publishing Workflow Ontology (PWO) will be modified for detect abnormal activity, such as wrong pattern, wrong resource, throughput time maximum and wrong duty combine that occurs in the event logs. The new model from modification called “Warning Criterion Ontology (WCO)” can be represent the knowledge base to detect abnormal activity in the business process especially this knowledge can be used distinguishes the activity is allowed to be done by the superior and any activity which should only be done by direct superior. The model used some rule for reasoning, then after reasoning used some SPARQL to detection abnormal activity. Results of detection abnormal activity can be used as attributes for assessment Key Performance Indicator (KPI) activity in determining “The compliance in Standard Operating Procedure (SOP) implementation”. This research obtained a...

Information technology develops rapidly. It makes all the existing business processes in an organization cannot be separated from the use of computers. One of the existing business processes in an organization that use the benefits of IT is logistic department. Logistics system of an organization is always related to the inventory management process. One of the organizations that use logistics system is Satya Wacana Christian University Salatiga. The use of Logistics Information System still found many obstacles such as; management of transaction data that is not on the time and discrepancy information data items that are shown in the Information System. One of the standards in evaluating the InformationSystem’s performance is using the COBIT framework as one of the major frameworks with the goal of providing clear policies and best practices to assist the organization in achieving its business objectives. Performance evaluation of LogisticsInformation System in Satya Wacana Christi...

In the company environment, the management team is responsible for producing normative models. The normative model is considered a standard model that aims at auditing all business processes in the same context. In this regard, the audit operation encompasses four process mining activities, in a hybrid evaluation (offline and online), which are the detect, the check, the compare, and the promote activities. This is still well performed for structured business processes. Otherwise, complex processes may deviate from the initial defined normative model context. Indeed, the latter must be refined for more precise results. Therefore, the combination of human knowledge, control-flow discovery algorithms, and process mining activities is required. To this end, we present a technique for reducing the complexity of unstructured process models (Spaghetti process models) into structured ones (Lasagna process models). This framework outputs a refined normative model for improving the future Bu...

Nowadays, business IT alignment has become a priority in most large organization. It is a question of aligning the information system on the business strategies of the organization. This step is aimed at increasing the practical value of the information system and makes it a strategic asset for the organization. Many works showed the importance of documentation, the analysis and the evaluation of business IT alignment, but few proposed solutions applicable to the strategic and functional level. This paper aims has to fill this gap by proposing a simple approach for modeling and evaluate enterprise strategy in the context of strategic alignment. This approach is illustrated by case study of a real project in a Moroccan public administration.

The paper aims to explore the usefulness of e-audit implementation in enhancing government auditor performance. It scrutinized in depth the auditor behavior change related the new audit technique based on information technology. The study used a qualitative approach by observing and interviewing Indonesia government auditor. Participatory observation involved in gathering rich data and analysis in Miles Huberman interactive technique. The results showed that the availability of data hasn’t been fulfilled yet by the entity and the period time given to the auditors to access the e-audit portal is too short, in addition, the auditors don't optimally take advantage of features available in the portal of e-audit. Implementation of e-audit has helped streamline the examination process, and increase the value of the audit findings comparison. This shows that the implementation of e-audit create of transparency and accountability in local government financial management.

Information System/Information Technology (IS/IT) has important role to accelerate and enhance bureaucratic reform in government institutions. Ministry of Energy and Mineral Resources (MEMR) Republic of Indonesia requires IS/IT to improve accountability and reduce complexity of bureaucratic in public services. To ensure optimization on IS/IT resources and alignment with MEMR’s strategic objectives, all IS/IT maneuvers should be prepared using a Strategic Information Systems Planning. This study performs advance exploration regarding on how MEMR contrive IS/IT maneuvers to enhance bureaucratic reform in four IT domains: IT governance, IS application, IT infrastructure and IT human resources. The contrived maneuvers refer to the principles of bureaucratic reform and also business principles: Automation, Continuity, and Standardized, then organized in a roadmap which encompasses 2016 until 2020. Without neglecting other maneuvers, this study promotes IT Steering Committee and integrati...

To master ongoing market competitiveness, manufacturing companies try to increase process efficiency through process improvements. Mapping the endto-end order processing is particularly important, as one needs to consider all order-fulfilling core processes to evaluate process performance. However, today's traditional process mapping methods such as workshops are subjective and time-consuming. Therefore, process improvements are based on gut feeling rather than facts, leading to high failure probabilities. This paper presents a process mining approach that provides data-based description of process performance in order processing and thus objectively and effortlessly maps as-is end-to-end processes. The approach is validated with an industrial case study.

Management processes without responsive to abnormal activity that might occur can affect the performance of an organization. The Publishing Workflow Ontology (PWO) will be modified for detect abnormal activity, such as wrong pattern, wrong resource, throughput time maximum and wrong duty combine that occurs in the event logs. The new model from modification called “Warning Criterion Ontology (WCO)” can be represent the knowledge base to detect abnormal activity in the business process especially this knowledge can be used distinguishes the activity is allowed to be done by the superior and any activity which should only be done by direct superior. The model used some rule for reasoning, then after reasoning used some SPARQL to detection abnormal activity. Results of detection abnormal activity can be used as attributes for assessment Key Performance Indicator (KPI) activity in determining “The compliance in Standard Operating Procedure (SOP) implementation”. This research obtained a...

A learning management system is a system that supports the management of teaching and learning activities in an educational institution. Telkom University has its own learning management system called CeLOE which was developed based on the open-source Moodle application. This study analyses an event log, automatically generated by the CeLOE LMS, that records student and lecturer activities in learning. The event log is mined to obtain a process model representing learning behaviours of the lecturers and students during the learning process. The case study in this research is learning in the study program 365 during the first semester of 2020/2021. The results of the analysis obtained are expected to increase understanding of the learning process and produce recommendations for improving the learning management system. The conclusions obtained from the analysis of the process model include the identification of activities and learning content that are used and carried out by students and lecturers, the most frequent learning activities and resources done by students and lecturers during the first semester of 2020/2021 in the study program 365, and the gap of activities and learning resources during the first semester of 2020/2021 in the study program 365.

ISACA’s COBIT is widely used to assess the maturity of process capability in many enterprises. It’s last version is COBIT 5, which proposes a process assessment as a part of a process improvement initiative or as part of a capability determination approach. Two important steps of the COBIT 5 assessment process are data collection and data validation. This paper proposes process mining as a method to improve the traditional data collection and validation. An internal blog of a private university in Indonesia is analyzed as a case study to implement the model being proposed. The result shows that this model is proven as implementable in a real case of managing operations of a university blog. The resulted findings of the process mining can be combined with the findings of other assessment methods to enhance the result of the assessment program.

This report documents the program and the outcomes of Dagstuhl Seminar 13481 "Unleashing Operational Process Mining". Process mining is a young research discipline connecting computational intelligence and data mining on the one hand and process modeling and analysis on the other hand. The goal of process mining is to discover, monitor, diagnose and improve real processes by extracting knowledge from event logs readily available in today's information systems. Process mining bridges the gap between data mining and business process modeling and analysis. The seminar that took place November 2013 was the first in its kind. About 50 process mining experts joined forces to discuss the main process mining challenges and present cutting edge results. This report aims to describe the presentations, discussions, and findings.

This report documents the program and the outcomes of Dagstuhl Seminar 13481 “Unleashing Operational Process Mining”. Process mining is a young research discipline connecting computational intelligence and data mining on the one hand and process modeling and analysis on the other hand. The goal of process mining is to discover, monitor, diagnose and improve real processes by extracting knowledge from event logs readily available in today’s information systems. Process mining bridges the gap between data mining and business process modeling and analysis. The seminar that took place November 2013 was the first in its kind. About 50 process mining experts joined forces to discuss the main process mining challenges and present cutting edge results. This report aims to describe the presentations, discussions, and findings. Seminar 25.–29. November, 2013 – www.dagstuhl.de/13481 1998 ACM Subject Classification H.2.8 Database Applications (Data mining), H.2.1 Logical Design (Data models), K...

This report documents the program and the outcomes of Dagstuhl Seminar 13481 "Unleashing Operational Process Mining". Process mining is a young research discipline connecting computational intelligence and data mining on the one hand and process modeling and analysis on the other hand. The goal of process mining is to discover, monitor, diagnose and improve real processes by extracting knowledge from event logs readily available in today's information systems. Process mining bridges the gap between data mining and business process modeling and analysis. The seminar that took place November 2013 was the first in its kind. About 50 process mining experts joined forces to discuss the main process mining challenges and present cutting edge results. This report aims to describe the presentations, discussions, and findings.

Information systems auditing activities are mandatory in today business environments. There are numerous useful methods that can be conducted in such audits. One of contemporary methods is application of so-called Benford's Law. In this paper we examine ways of application of this law in investigation of certain number set with aim to make a conclusion if number set conforms to Benford's Law. As an examination target we used foreign payment system messages which are issued between foreign and domestic business entities i.e. commercial and central banks. We chose sample of 1.745.311 transactions and conducted examination for first, second and first two digits. We examine certain data subsets, created according to certain payment types, and investigate how Benford’s Law tests can be used in auditing. We also compare practical usefulness and note differences between various conformity tests in auditing environment. Results we achieved prove adequate potential of this law in a...

Law enforcement agencies being the primary security organs in a country are highly prone to information and network attacks due to the sensitivity nature of the information they deal with in their day to day operations. Information security preparedness requires a consideration of both technical and nontechnical solutions to information security. This paper presents a review of information security preparedness evaluation frameworks, approaches, methods and models available today which the law enforcement agencies and other organizations can use to quickly and reliably evaluate the current security state of their information and or network. The paper also highlights the weakness in each of these mechanisms and points towards a more comprehensive framework for information security preparedness evaluation in law enforcement agencies.

Law enforcement agencies being the primary security organs in a country are highly prone to information and network attacks due to the sensitivity nature of the information they deal with in their day to day operations. Information security preparedness requires a consideration of both technical and nontechnical solutions to information security. This paper presents a review of information security preparedness evaluation frameworks, approaches, methods and models available today which the law enforcement agencies and other organizations can use to quickly and reliably evaluate the current security state of their information and or network. The paper also highlights the weakness in each of these mechanisms and points towards a more comprehensive framework for information security preparedness evaluation in law enforcement agencies.

Law enforcement agencies being the primary security organs in a country are highly prone to information and network attacks due to the sensitivity nature of the information they deal with in their day to day operations. Information security preparedness requires a consideration of both technical and nontechnical solutions to information security. This paper presents a review of information security preparedness evaluation frameworks, approaches, methods and models available today which the law enforcement agencies and other organizations can use to quickly and reliably evaluate the current security state of their information and or network. The paper also highlights the weakness in each of these mechanisms and points towards a more comprehensive framework for information security preparedness evaluation in law enforcement agencies.

Production planning and scheduling decisions are based on underlying models and their parameters which are typically considered granted, accurate and up-to-date. However, changes and uncertainties may force the production to change, shift and adapt in its settings, consequently, the models and parameters used in the planning and execution phases lose their validity. Usually, these changes are not explicitly known, but are incorporated the manufacturing execution system data. To cope with the missing, uncertain or wrong data, process and data mining should be repeatedly employed on the available manufacturing event logs. The paper describes an analysis framework which is able to extract the required information from large-scale and noisy event logs and offers the ability to infer and restore a more realistic history of the underlying manufacturing process hidden by random noise and consequent errors.

Nowadays, hotel industry become a business that very interested for many people that can manage the hotel asset very well, in order to giving faster and satisfy services. Every process in Mahkota hotel still manage manually, and this condition require more time and effort. Beside that also cause some human error. To overcome this problem, Mahkota hotel needs management information system that can control information asset management in a hotel, so it can minimalize human error. Beside that, management information system can make easier and faster the process of displaying information become more effective and efficient. Mahkota hotel information system is built by using Microsoft Visual Basic as programming language and database SQL server. Information system has some feature, such as to manage activity in front office and back office. It hoped can increase and improve the hotel management, so it can giving the best services.

Seiring dengan perkembangan zaman, penggunaan sistem informasi sangat diperlukan untuk menunjang dan meningkatkan kegiatan bisnis dalam suatu perusahaan. Untuk itu diperlukan suatu sistem informasi yang berkualitas bagi sebuah perusahaan.
Hotel merupakan perusahaan jasa yang bergerak di bidang pariwisata perhotelan. Dalam industri perhotelan bagian operasional merupakan bagian yang paling penting dimana semua bagian tersebut merupakan bagian dari Front Office yang melayani Check-In
dan Pelanggan Check-Out, menerima Pembayaran, menyediakan fasilitas sesuai kebutuhan pelanggan. Bagian ini sangat penting karena merupakan bagian dari tulang punggung perusahaan.
Oleh karena itu, jika sistem informasi operasional berjalan sesuai standar perusahaan, maka akan memberikan manfaat yang maksimal. Maka diperlukan teknik untuk mengontrol dan memastikan bahwa sistem informasi telah mencapai tujuan yang sesuai dengan standar perusahaan, maka perlu dilakukan perancangan sistem informasi audit pada hotel.

 ISO/IEC 15504-4 identifies process assessment as an activity that can be performed either as part of a process improvement initiative or as part of a capability determination approach.  The purpose of process improvement is to continually improve the enterprise's effectiveness and efficiency.  The purpose of process capability determination is to identify the strengths, weaknesses and risk of selected processes with respect to a particular specified requirement through the processes used and their alignment with the business need.  It provides an understandable, logical, repeatable, reliable and robust methodology for assessing the capability of IT processes.

Life can be made better and easier with the growing information and communication technology. Efficient Software and Hardware together play a vital role giving relevant information which helps improving ways we do business, learn, communicate, entertain and work. This exposes to an environment with significant risks which are vulnerable to inside or outside attacks. System audit, thus, becomes important and is a key process to assure security, reliability and our dependency on such systems. The information system audit for security can increase the chances of adopting sufficient preventive and security measures for prevention or lowering of consequences. This paper is prepared upon exploration and studies on information system security and challenges in Nepal. Data is collected by online survey and the analysis of data helps to explore its current status of security and challenges for Information System Audit in Nepal.

ISACA’s COBIT is widely used to assess the maturity of process capability in many enterprises. It’s last version is COBIT 5, which proposes a process assessment as a part of a process improvement initiative or as part of a capability determination approach. Two important steps of the COBIT 5 assessment process are data collection and data validation. This paper proposes process mining as a method to improve the traditional data collection and validation. An internal blog of a private university in Indonesia is analyzed as a case study to implement the model being proposed. The result shows that this model is proven as implementable in a real case of managing operations of a university blog. The resulted findings of the process mining can be combined with the findings of other assessment methods to enhance the result of the assessment program.

The specialized nature of Information Systems auditing and the professional skills and credibility necessary to perform such audits, require standards that would apply specifically to IS auditing. Standards, procedures and guidelines have been issued by various institutions, which discuss the way the auditor should go about auditing Information Systems.
In line with such developments Supreme Audit Institution of India has declared a mission to adopt and evolve standards, guidelines and best practices for auditing in a computerized environment. This will lend credibility and clarity in conducting audit in computerized environment.
The framework for the IS Auditing Standards provides multiple levels of guidance. Standards provide a framework for all audits and auditors and define the mandatory requirements of the audit. They are broad statement of auditors’ responsibilities and ensure that auditors have the competence, integrity, objectivity and independence in planning, conducting and reporting on their work. Guidelines provide guidance in applying IS Auditing Standards. The IS auditor should consider them in determining how to achieve implementation of the standards, use professional judgment in their application and be prepared to justify any departure. Procedures provide examples of procedures an IS auditor might follow in an audit engagement. It provides information on how to meet the standards when performing IS auditing work, but do not set requirements. The objective of the IS Auditing Guidelines and Procedures is to provide further information on how to comply with the IS Auditing Standards.

Mathra Tool, Inc. (MTI) is a small business manufacturing case. It can be used by undergraduate or graduate students studying management controls and auditing in a computerized setting. Students integrate accounting, auditing, and information systems concepts. They identify and assess controls to set detection risk and suggest the nature, extent and timing of detailed tests for generalized audit software. They then prioritize weaknesses in internal control, separating reportable conditions from other improvements.
MTI is particularly topical, in the light of SAS No. 80, Amendment to Statement on Auditing Standards No. 31, Evidential Matter, effective for financial statements beginning on or after January 1, 1997. This SAS recognizes that both electronic and paper evidence needs to be considered when conducting risk assessments and during the evidence gathering process. Instructors can discuss concepts of activity based costing (due to inappropriate overhead application) and additional types of electronic data interchange (EDI) beyond the stand-alone EDI method used by MTI. Used with permission of the American Accounting Association and the author.

The process of student registration in IT Telkom needs to be evaluated to enable
the continual improvements. For this purpose, the process mining was used to obtain a real
overview of the actual process happening on student's registration process through IT
Telkom registration information system. Fuzzy mining approach is proven to be more
suitable to be used in this case compared to Alpha algorithm, although it seems that the
student registration process is a structured process. This paper contributes in presenting