Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Discussion of “Data Mining of Emails to Support Periodic and Continuous Assurance” Alexander Kogan Interesting Paper • Innovative topic – first in auditing/assurance literature • Provides comprehensive literature review on email data mining • Describes promising software tools • Shows examples of actual Enron emails • Raises important research questions 2 Main Weakness • Lack of relevance to periodic and continuous assurance • Exploratory approach to indentify presence of fraud – lacks specificity • Cost vs. benefit – can this money be better spent on transaction monitoring and automatic confirmations? 3 Significant Hurdles • Questionable scalability across engagements: very significant configuration and fine-tuning expenses (may be ongoing) • Technological infeasibility of defeating email log avoidance – most sensitive messages are likely to bypass corporate email altogether (using external email, e.g., Yahoo, through HTTP over SSL – unbreakable encryption) 4 Specific Issues • Sender deception does not seem to be an issue to ever come up within the audit context – BUT can be used by management to go after anonymous whistleblowers! • Volume and velocity of emails are not convincingly related to any audit objectives • Enron email database schema begs for an explanation (what is rtype?) 5 Promising Directions • Proposed link of social network analysis with control environment can be developed to identify suspected collusion WITHIN the enterprise (should utilize SOD rules defined for access roles) • Content deception analysis can be potentially useful for screening correspondence from clients to auditors (at the auditor’s end) 6