Transcript Document

Discussion of
“Data Mining of Emails to Support
Periodic and Continuous
Assurance”
Alexander
Kogan
Interesting Paper
• Innovative topic – first in auditing/assurance
literature
• Provides comprehensive literature review on
email data mining
• Describes promising software tools
• Shows examples of actual Enron emails
• Raises important research questions
2
Main Weakness
• Lack of relevance to periodic and continuous
assurance
• Exploratory approach to indentify presence of
fraud – lacks specificity
• Cost vs. benefit – can this money be better
spent on transaction monitoring and automatic
confirmations?
3
Significant Hurdles
• Questionable scalability across engagements:
very significant configuration and fine-tuning
expenses (may be ongoing)
• Technological infeasibility of defeating email
log avoidance – most sensitive messages are
likely to bypass corporate email altogether
(using external email, e.g., Yahoo, through
HTTP over SSL – unbreakable encryption)
4
Specific Issues
• Sender deception does not seem to be an issue
to ever come up within the audit context –
BUT can be used by management to go after
anonymous whistleblowers!
• Volume and velocity of emails are not
convincingly related to any audit objectives
• Enron email database schema begs for an
explanation (what is rtype?)
5
Promising Directions
• Proposed link of social network analysis with
control environment can be developed to
identify suspected collusion WITHIN the
enterprise (should utilize SOD rules defined
for access roles)
• Content deception analysis can be potentially
useful for screening correspondence from
clients to auditors (at the auditor’s end)
6