Advancing Process Audits With Process Mining: A Systematic Review of Trends, Challenges, and Opportunities

This systematic literature review focuses on the research area of process audits and explores the potential of process mining techniques for their enhancement. Traditional process audits, being manual and sample-based, heavily rely on auditors’ expertise and preferences. With the emergence of process mining (PM), there exists an opportunity to improve traditional process audits. However, prior to initiating a PM project specifically for audits, it is crucial to understand the benefits and challenges associated with the implementation. Through a systematic analysis of research articles from six reputable scholarly literature indexing databases, this review reveals how integrating PM into the auditing landscape introduces automation, transparency, and efficiency in addition to overcoming the limitations of traditional process audits. The findings of this review provide valuable insights to identify the benefits of PM-based audits and comprehend the challenges that must be addressed to fully realize the potential of PM techniques in process audits.


I. INTRODUCTION
The increasing use of information systems to conduct business activities has resulted in a significant rise in the amount of data generated by these systems. As Tim Berners-Lee, the inventor of the World Wide Web, famously said, ''Data is a precious thing and will last longer than the systems themselves.'' Organizations heavily rely on data related to diverse business operations, such as purchase order management, patient treatment processes, and customer complaints management, to make effective decisions. Traditionally, such data is analyzed using data mining and machine learning techniques to find patterns in the data and predict future outcomes. However merely focusing on storage and statistical analysis of this data is insufficient. To gain insights and The associate editor coordinating the review of this manuscript and approving it for publication was Alba Amato . make informed decisions, an understanding of the operational processes behind the data is necessary [1].
Business process audits are performed to evaluate the compliance of an organization with standard procedures and to identify opportunities for improvement [2], [3], [4], [5]. A typical process audit consists of four high level stages. First, the audit planning is performed which consists of deciding the audit strategy and resources are allocated for performing the audits. Then the required data is collected through manual sampling such as interviews, observations, and relevant document collection. Subsequently, these data samples are analyzed for compliance and efficiency assessment of the process. As a last step the findings of audit analytics are reported [2], [6]. Fig. 1. shows the high-level steps of a traditional business process audit.
While traditional business process audits involve manual sample collection and compliance checking [7], process  mining provides a new dimension to business process auditing by automated compliance checking [8], [9], [10]. As organizations incorporate their processes into information systems, employees utilize these systems to execute planned processes, which in turn generate event logs. These event logs can be used to rediscover the process and conduct an audit against the actual process model. Fig. 2. shows methodology employed by process mining for business process audits.
Process mining-based audit involves several key steps, including scoping the audit, collecting, and preparing data, discovering the process model, analyzing the process, and preparing a report with recommendations. The audit begins by defining the scope of the analysis and identifying relevant IT systems and data sources. The event logs are then collected, transformed, and cleaned for analysis. Using process mining techniques, the software automatically discovers the process model, and the model is analyzed for deviations and inefficiencies. Finally, a report is prepared summarizing the findings and recommendations for improvement. Process mining-based audit provides auditors with a detailed understanding of the business process, enabling them to identify opportunities for improvement and increase efficiency and effectiveness [11], [12], [13]. Researchers predict that the application of process mining in auditing will dramatically change the role of the auditor [14].
Despite the potential of process mining to enhance traditional auditing methods [15], [16], there has been limited adoption of process mining-based audits in practice [4] which needs further investigation. Furthermore, while several studies have explored process mining-based audits [7], [10], [16], [17]; there is currently a lack of a comprehensive review that addresses the issues associated with both traditional and process mining-based audits. A direct comparison of the traditional and process mining-based audits is important to explicitly understand the value and potential of process mining for audits. Additionally, the identification of the challenges associated with process mining-based audits will help in determining the reasons for the slow adoption of this novel audit approach. Therefore, following three objectives were formulated: • To conduct a comprehensive analysis of research trends on process mining for business process audits revealing trends on various aspects of process mining based audits • To assess the advantages and potential of process mining in the context of business process audits in addition to comparison with traditional audit methods • To synthesize the challenges and limitations associated with the application of process mining in business process audits.
To accomplish the objectives, a systematic review of primary studies published between 2011 and 2023 was performed. The review focused on six popular scholarly research indexing online databases. This study makes following three contributions to existing the body of knowledge: 1. A comprehensive analysis of the primary studies on process mining for business process audits, including an examination of trends in terms of contribution type, context, audit type, process mining techniques, and available tool support. 2. Analysis of the advantages and potential of process mining for business process audits, including a comparison with traditional audit methods VOLUME 11, 2023 3. Systematic analysis and synthesis of the challenges and limitations of process mining for business process audits The review findings suggest that while process mining offers several advantages over traditional audits, it still faces significant obstacles such as data availability and interpretation of results. The successful implementation of process mining-based audits requires professionals with expertise in the process mining domain, and auditors need to be trained to adopt this approach. Further, the study underscores the significance of process mining in the audit domain and emphasizes the need for collaborative efforts among researchers, auditors, and industry professionals to realize its full potential.
The rest of the article is organized as follows: The related works section discusses the existing works on the topic, along with their respective limitations. In the research method section, the research method is elaborated upon, along with an overview of the search strategy employed in the current systematic review. In the results section, the corresponding results for each research question are presented, followed by a discussion of results, their implications, and recommendations for future research. Finally, the findings are summarized and presented in the conclusion section.

II. RELATED WORKS
In recent years, process mining has gained attention and been extensively explored in various domains, including healthcare [18], [19], [20], [21], education [22], cyber security [23], and other domains [24], [25]. However, there is a noticeable gap in research regarding the potential value of process mining in the auditing domain. In this section the existing secondary studies on process mining based audit and their limitations have been discussed.
As presented in Table 1, there are some related works that include experience reports, conceptual papers, review papers, and frameworks that shed light on various aspects of process mining in auditing. However, each study has its limitations. Some studies focus on specific types of audits, such as internal [26] external [27] or only financial audits [8], without adequately addressing the comprehensive understanding of the broader opportunities and challenges involved in implementing process mining. Although few of the studies highlight the benefits of process mining in auditing [8], [28], [29] but fail to adequately address the potential challenges associated with conducting such a novel audit technique. Moreover, these studies [8], [28], [29] are relatively outdated, as they are over a decade old, and their findings are subjective without following a systematic approach to assess existing research works. Certain researchers have discussed challenges related to business process audits [30], without exploring the potential opportunities offered by process mining in overcoming these challenges. On the other hand, few researchers [27] briefly mention process mining as a potential technique in auditing without thoroughly discussing the associated opportunities and challenges. Furthermore, there is a lack of comprehensive studies that encompass all aspects of process mining, including process discovery, conformance, and enhancement.
It is evident that none of the studies have highlighted recent trends associated with various aspects of process mining based audits. Moreover, although some opportunities of process mining have been emphasized, it is unclear how these opportunities overcome challenges of traditional audits. Finally, none of the studies have discussed the challenges associated with application of process mining based audits. Therefore, there is need to bridge the gaps in existing knowledge by conducting a systematic and comprehensively review of existing primary studies that not only examines the opportunities to overcome limitations of existing audits but also highlight associated challenges with application of such novel audit technique.

III. METHODOLOGY
The methodology section provides a detailed overview of the review approach utilized in the study. A systematic review methodology by Kitchenham et al. [32] is used to conduct this study. The review process comprises three key phases: review planning, conducting, and reporting. Fig. 3. illustrates the activities involved in the review process. The focus of the planning stage remained on the formulation of the research questions and the review protocol. The review protocol activity further comprises search string formulation, selection of suitable databases for literature search, and preparation of the inclusion and exclusion criteria. The review plan formulated in the previous stage was implemented in the execution stage. Finally, in the third stage, the review findings are disseminated. In the upcoming subsections, a detailed exploration of the three major steps of the review process has been undertaken.

A. REVIEW PLANNING
In this section, the review planning process for this systematic review has been outlined. The planning phase of this review involved the formulation of research questions, the development of a search strategy, and the establishment of criteria for selection of studies. The aim of outlining the review plan is to ensure transparency, replicability, and comprehensiveness.

1) RESEARCH QUESTIONS
The following three research questions were formulated with the aim of conducting a quantitative analysis of the scientific literature, exploring the potential of process mining in tradi-tional auditing, and examining the challenges associated with process mining-based audits: RQ1. What are the current research trends and advancements in the application of process mining for business process audits, revealing various aspects of process mining-based audits? RQ2. How can process mining address the limitations of traditional business process audits and what opportunities does it offer in this context? RQ3. What are the key challenges associated with utilizing process mining for business process audits?
2) REVIEW PROTOCOL For each of the selected literature indexing databases, a localized version of the above search query was employed. In the following subsection, the selected literature indexing databases and their selection criteria are outlined.

b: DATABASES TO SEARCH
The literature search for this review was conducted using six online resources that index scholarly literature, including Web of Science, Scopus, Science Direct, IEEE Xplore, Springer Link, and ACM Digital Library.
The selection of suitable databases for this study involved consideration of several factors, including quality journal indexing criteria and availability of indexed papers. Considering these factors, the Web of Science (WoS) was deemed a suitable database due to its high-quality journal indexing criteria. To supplement this database and to ensure inclusion of WoS-unindexed papers, the Scopus database was also included, as it indexes abstracts and references from a vast number of publishers, including Elsevier. However, since Scopus does not index full-texts, Science Direct was additionally included in the search process. Science Direct provides indexing for full-text articles from a range of journals and books, particularly those published by Elsevier and a few other sources. To broaden the scope of the search to include conference proceedings, IEEE Xplore and SpringerLink were also added. SpringerLink was particularly included due to its popularity in the computer science domain, as well as its indexing of conference proceedings in well-known Springer lecture notes series such as LNCS, LNBI, LNBIP, and others.
Following the literature search process, the subsequent subsection describes the inclusion and exclusion criteria utilized to filter articles.

c: INCLUSION AND EXCLUSION CRITERIA
In this step, criteria for the screening of articles were formulated, specifying requirements for inclusion and exclusion. The inclusion criteria (IC) refer to the selection of papers that meet the established requirements, while the exclusion criteria (EC) pertain to the elimination of papers that fail to meet specific criteria. The criteria employed for inclusion of articles is presented in Table 2.
The exclusion criteria were applied to remove papers that did not meet specific requirements. Papers that were not in English language, duplicate publications, and those whose full text were unavailable were excluded. In addition, papers that focused on auditing using methods other than process  mining were considered off-topic and excluded. Additionally, studies that solely mentioned process mining and auditing terms in the author introductions were also excluded from consideration. The full exclusion criteria are presented in Table 3.
To ensure the reliability and rigor of our review, a rigorous screening process was implemented. Specifically, articles without citations were excluded. Furthermore, sources containing grey literature and those lacking a systematic methodology to support a comprehensive review (as defined in [33], [34]) were omitted. The aim of adopting this approach was to include only high-quality literature sources.
In the upcoming section, the second step of our review process, which involves conducting the review, will be described.

B. REVIEW CONDUCTING
During this stage, the review plan formulated in the previous stage was implemented. Searches were conducted in selected databases, and the search results were retrieved. To address the presence of duplicate studies across multiple databases, a title-based inter-database and intra-database deduplication process was conducted. Subsequently, the screening process of the articles was carried out based on the inclusion and exclusion criteria, including the titles and abstracts. Afterward, a full-text screening of the articles that passed the previous screening stages was conducted. Finally, answers from the selected articles were recorded using an Excel sheet.

1) DATA COLLECTION AND ANALYSIS
The information pertaining to each research question was collected using Microsoft Excel form which also helped in quantitative analysis of the collected data.
The last step of the review process consisted of reporting the findings, which will be described in the following section.

C. REPORTING THE FINDINGS
In this phase, the review results are reported. The overall study screening process is illustrated in the form of PRISMA diagram in Fig. 4.
A total of seventy research articles were identified as relevant to addressing the research questions. The distribution of included studies by year and publication type is presented in Fig. 5. and Fig. 6, respectively.
As illustrated in Fig. 5, there was an increasing trend in frequency of publication over time, although a decline in recent years can also be observed. Fig. 6. Demonstrates that the included studies were evenly distributed between conference and journal publications. Nevertheless, conference publications slightly outnumbered journal publications.
The detailed findings relevant to each research question will be reported in the subsequent results section.

IV. RESULTS
In this section, the review findings have been presented. The research questions formulated in the review planning section were used to guide the analysis and organization of the results.
The section begins by presenting the findings related to each research question in detail, supported by tables, figures, and relevant statistics. Overall, this section provides insights into the opportunities and challenges of using process mining for business process audits and can serve as a valuable resource for researchers and practitioners in this field. This subsection presents the results of the analysis of the literature on the use of process mining for business process audit. In the literature analysis, various aspects were examined, including the application domain, audit type, tools, process mining technique used, and types of contributions made by researchers. The study findings demonstrate that processmining-based business process auditing is employed across various application domains, with a greater emphasis on inter-nal audit types. Various process mining tools have also been employed to perform business process audits. The types of contributions made in the literature include empirical studies, case studies, frameworks, and guidelines. In the following sections, we discuss the results of each of these aspects in more detail:

1) TYPE OF CONTRIBUTIONS
The contribution types of studies refer to the ways in which the presented research contributed to the audit field. We identified four main types of contributions made by researchers namely the proposal of methods, models, tools, and empirical cases. Methodological contributions involved proposing new audit methods or refining of existing methodologies. Model as contribution involved putting forward a conceptual framework of audit analytics. Empirical cases consisted of the studies that evaluated the findings of exiting studies in the form of experimental evaluations or case studies. Proposing a tool as contribution involved introducing new tool or explaining how improved tool can aid in improving process mining based audits.
It is important to note that some of the studies may have multiple contribution types such as proposing a methodology and performing its evaluation in context of other methodologies. However, the selection of contribution types in this paper is based on the specific objectives of each study. Among contribution these types, empirical cases were the most prevalent, as depicted in Fig. 7. Studies presenting auditing methods were the second most common type of contribution to the field, while those offering auditing models or tools were relatively scarce.

2) APPLICATION DOMAIN
This section presents a broad categorization of studies based on their application domain, providing insight into the focus of PM-based audits in specific domains. The distribution of studies, as shown in Fig. 8, indicates that a significant amount of research has been conducted in the domains of financial auditing and healthcare.
In addition to healthcare, studies on the compliance audit of the help desk were found, which is an instantiation of Customer Relationship Management (CRM), used to evaluate system effectiveness for customer satisfaction. Security assessment remained the fourth most dominant domain for assessing the organization's exposure to external threats, with intrusion detection being the most common application. However, less attention has been paid to the logistic, procurement, and production domains, which are crucial for determining the efficiency of an organizational process.

3) AUDIT TYPE
The internal audit process aims to ensure compliance with both internal and external regulations with more focus on the efficiency of organizational processes and the effectiveness of implemented business rules [35], [36]. Typically, internal   audits are conducted by the organization's internal auditors [11], [29], [37]. In contrast, external audits are conducted by third-party auditors to ensure compliance with external regulations [35]. Studies were categorized based on the type of audit to identify trends in the adoption of process mining in specific audit types. The distribution of studies based on audit type is presented in Fig. 9, while Table 4 provides a list of articles corresponding to each audit type.
These results indicate that internal audits have received more attention from researchers compared to external audits, or a combination of the two. It can be inferred that internal audits are more favorable for process mining-based audits based on the available studies.

4) TOOL SUPPORT
Through the analysis of the literature, it was found that several tools were employed by researchers. In Fig. 10, the seven tools used by researchers are displayed, with the widely used open-source process mining tool ProM being the most prevalent. The second most favored option remained ''Disco.'' While other open-source tools, such as Apromore and PM4Py were also utilized, ProM and Disco stood out as they provided more features and ease of use.

5) PROCESS MINING TECHNIQUES USED
Process mining techniques include process discovery, conformance checking, and enhancement. Discovery offers an overview and efficiency analysis of the as-is process [100], while conformance checking audits compliance against rules and regulations [101]. Enhancement discovers process improvement opportunities [1].
In Fig. 11, the process mining techniques used in business process auditing are illustrated. Two strategies have been employed by researchers: the process discovery and a combination of discovery and conformance checking techniques. Compliance assessment has remained consistently used over time, while there has been a growing trend in the use of process discovery methodologies for auditing, reaching a peak in 2018. However, results indicate both techniques have experienced a decline in popularity in recent years. Surprisingly, the enhancement perspective has been overlooked throughout the studies which focus on improving the process for optimal outcomes.
Studies that did not explicitly disclose use of process discovery or conformance checking techniques are represented by the ''not specified'' line in the graph. Although not specifically mentioning does not mean they were not used or explored throughout the research. However, the supplied information in those articles did not reveal any process discovery and conformance checking technique applied.
In the upcoming section, the findings related to the second research question will be discussed. In this section, the results of question 2 have been presented based on the analysis of the literature on the limitations of traditional business process audits and the opportunities that process mining offers to overcome them. Table 5 presents the findings on the limitations and challenges of traditional process audits, as well as the corresponding enhancement opportunities provided by process mining-based audits. The items in the table are ordered according to their significance in the literature. These limitations and opportunities are VOLUME 11, 2023  categorized into five primary themes, which will be discussed in detail as follows.

1) SAMPLING UNCERTAINTY CHALLENGE
The primary limitation of traditional audits as identified based on the literature was reliance on random samples. [88], [91] to detect deviations from standard operating procedures [51], which can introduce errors and subjectivity into the process. Moreover, random sampling provides only a partial view of the process [63], [76], [78]. In contrast, process mining-based audits use complete log data, providing concrete evidence and increasing auditors' confidence in the audit process [38], [78], [91]. From the analysis literature, it was found that the use of unsupervised log data, which records organizational activities in a humanindependent manner, promotes objectivity in the auditing process. By analyzing the entire population data, the need to select a representative sample is eliminated, preventing audit data from being biased by the auditors' preferences and interests [78].

2) RESOURCE-INTENSIVE AUDIT
The second most prevalent limitation of traditional audit as identified in literature was its resource intensiveness. Part of traditional audit activities such as source document review and interviews can be time-consuming and require additional 68348 VOLUME 11, 2023 Authorized licensed use limited to the terms of the applicable license agreement with IEEE. Restrictions apply. human resources to collect samples [35]. In contrast, it was found that process mining leverages log data, which is typically stored in centralized locations like servers, streamlining the data collection process. As a result, auditors can concentrate on other auditing tasks, rather than investing much time in data collection [35].

3) CREDIBILITY AND VALIDITY CHALLENGE
One of the primary challenges associated with traditional audits is the issue of credibility and validity. The subjectivity and uncertainty inherent in traditional sampling methods raise concerns about the accuracy and reliability of the audit results [88]. In contrast, findings suggest that process mining-based auditing activities ensure transparency in the audit process through the use of explicit data and an objective audit process [41]. The validity of the outcomes can be easily verified at any point in time by repeating the same activities. However, the sampling strategy used in conventional audits makes it difficult to obtain the same outcomes again [88].

4) LIMITED SCOPE
Traditional audits typically focus on data analytics [93]. However, process mining goes beyond these techniques to VOLUME 11, 2023  enable end-to-end, multi-perspective audits that offer deep insights into how processes are executed. By utilizing log data, multi-perspective audits at multiple levels, including organizational, departmental, and even individual employee levels, can be facilitated through process mining. These types of audits can contribute to a more comprehensive understanding of the processes and assist in identifying areas for improvement, thereby adding value to continuous process improvement efforts. [28], [71].
Findings further suggest that the retrospective nature of traditional audits, which are often conducted annually, can be overcome by process mining, which enables internal and external audits to be conducted at any time of the year [16], [35]. The utilization of continuous auditing brings these audits closer to operational support, allowing for nearreal-time audits during process execution. Ad-hoc audits conducted for efficiency assessment purposes can assist in continuous process improvement.

5) LIMITED ANALYTICAL CAPABILITIES
Comparing the analytical capabilities of both audit types, it was found that in traditional audits, the detection of some novel audit perspectives has limited support such as interaction analysis [69], segregation of duty analysis [28], detection of security violations [63], and full activity order analysis. Interaction analysis in process mining shows how staff members communicate and hand over work across departments and staff members, helping to detect violations of interaction restrictions and standard procedures for work han-dover [69]. Security and segregation of duty analysis also enable the detection of activities performed by unauthorized personnel [28]. Typical audit analytics that employ sampling approaches can only uncover partial violations, in contrast, process mining has the capability to identify a wider range of irregularities or deviations. [63], [76], [78]. Additionally, it was found that comparatively process mining equips auditors with the necessary tools to examine computer-based transactions.
In the next section, the findings related to the third research question will be discussed.

C. RQ 3: WHAT ARE THE KEY CHALLENGES ASSOCIATED WITH UTILIZING PROCESS MINING FOR BUSINESS PROCESS AUDITS?
Despite having the potential to improve the auditing process, the implementation of process mining is not immune to challenges and limitations, which must be understood and addressed to ensure its effectiveness. In this section, the challenges associated with the application of process mining-based audits are intended to be presented. Based on the findings corresponding to research question 3, the relevant challenges are presented in Table 6. Furthermore, each of these challenges are briefly elaborated in the subsequent subsections:

1) COMPLEXITY CHALLENGE
Real-life processes can be complex, with a variety of behaviors required to achieve goals. When modeling such processes with process mining techniques, the outcome can be a difficult-to-understand, spaghetti-like model representation due to fine-granular details in the logs [43], [46], [67], [76], [89]. Literature analysis revealed that auditors encounter significant challenges when utilizing process mining techniques for auditing purposes, with complexity being the most notable obstacle. [96]. Although some methods like clustering, abstraction, filtration, and pattern mining can help deal with this issue [102]; however, effective utilization of such methods introduces yet another challenge for auditors. Since there is a tradeoff between complexity and model precision [102], simplifying the processes can decrease the level of evidence needed for audits thereby reducing confidence on audit findings.

2) LOG EXTRACTION AND TRANSFORMATION
Process mining leverages event logs to extract knowledge about process execution, offering the advantage of considering the entire population of logs compared to traditional auditing methods [38], [78], [91]. However, it was found that constructing these logs into suitable representations for process mining tools is challenging due to the lack of skills required for selecting appropriate process instances and attributes [10]. Another challenge arises when the executions of multiple processes are recorded in the same log, making it difficult to select the right process to audit [72]. This issue arises due to the presence of relevant data required to verify a statement but its inability to be associated with a particular case [13]. Moreover, it was also found that incomplete, and biased data collection can also hinder the usability of process mining based audits such as if the data used for the analysis is incomplete or biased, it can lead to inaccurate results. As an example, the exclusion of certain process steps or activities from the analysis could result in an incomplete or inaccurate depiction of the process. Similarly, if the data is biased towards certain types of process executions, the overall process may not be accurately represented [13]. Therefore, if preprocessing steps are not adequately considered, they may introduce bias into the analysis and findings.

3) REPRESENTATIONAL AND ALGORITHMIC BIAS
Visual analytics play a significant role in understanding how a process is executed. The extracted process models and insights heavily depend on the quality of the representation of the data [103]. The analysis of literature reveals that there is a range of process mining algorithms to model the execution of the process. The popular process mining algorithm, Fuzzy miner [104] yields a directly-follows graph. The Inductive miner [105] generates petri net notation, while Heuristic miner produces a heuristics-net that can be converted into a Petri net [16]. An appropriate representation of data can facilitate auditors in detecting anomalies and deviations from typical behavior, thereby aiding in the identification of potential fraud and irregularities. However, it was found that each of the process discovery algorithms have drawbacks and limitations that need be understood before auditing process using specific process discovery algorithm. Throughout the literature, the selection of suitable algorithms in different auditing scenarios remained influenced by the researchers' choice in process mining-based auditing.

4) HANDLING NOISE AND ANOMALIES
When conducting process mining-based audits, real-life event logs can present challenges due to the presence of anomalies. To accurately identify true positive anomalies, the effective management of log noise and the ability to distinguish between abnormal behavior and behavior that may appear unusual but is actually normal is crucial for auditors [90]. Researchers argue that failure to detect unusual behavior and understand its impact on the organization can lead to inaccurate conclusions about anomalous behavior, particularly in financial auditing where the consequences of misinterpreting anomalous behavior can be significant [106], [107]. As such, all unusual behavior must be carefully analyzed by auditors, who should consider its potential impact before drawing any conclusions regarding the validity of a financial audit [92].

5) DATA AVAILABILITY AND INACCURACY CHALLENGE
Findings suggest that in the context of business process audits, process mining faces significant challenges due to data availability and data inaccuracy. Data availability challenges arise when critical data is missing, incomplete, or outdated, thereby hindering the ability to obtain a comprehensive understanding of the audited process [13]. On the other hand, data inaccuracy challenges occur when data is entered incorrectly or processing errors occur, leading to incorrect conclusions. Despite the current digital age, several organizations still rely on a paper-based environment for carrying out organizational activities [42], [47], [93]. To address these challenges, proactive collaboration between auditors and the audited organization is necessary to enhance data management processes, employ data cleansing techniques, and rely on multiple data sources to ensure accuracy. Overcoming these challenges is crucial to the success of process mining-based audits and the accuracy of the conclusions drawn from them. According to [13], it is common for real world processes to involve certain activities that are not captured by the IT applications supporting them. Such as, the verification of product quality might be recorded in the IT application as a simple binary outcome of ''Satisfactory'' or ''Unsatisfactory,'' whereas in reality, an individual may perform multiple checks that cumulatively determine the final judgement. The accuracy and reliability of process mining-based audits are significantly challenged by this aspect.

6) PRIVACY CONCERNS
Ensuring data privacy is a critical consideration in process mining, as the event logs used for analysis may contain personal and sensitive information about the organization's VOLUME 11, 2023 personnel. The audit data and findings must be protected from misuse and exposure. The logs utilized for process mining are commonly in CSV format, encompassing a wealth of information that extends beyond the requirements of auditing, including personal information [97]. The presence of such rich personal information raises security and privacy concerns to prevent misuse of such data for non-auditing purposes. It is believed by researchers that the existing privacy preservation techniques [63], [64], [72] are insufficient in ensuring privacy. Therefore, there is an urgent need for further research on dealing with privacy issues [97].

7) INTEGRATING PM INTO AUDIT LANDSCAPE
Another relevant challenge found in the literature was the integration of process mining into the existing audit landscape [7]. The absence of a reference process model for auditing in organizations often results in ad-hoc execution of these tasks [71]. Furthermore, since the scope of process mining-based audit is restricted solely to the activities performed within the system [59], the activities executed outside the system boundaries are unlogged and thus cannot be investigated by process mining-based techniques [7], [60], [71]. Moreover, findings revealed scarcity of studies on crossorganizational audits.
In summary, the results section highlighted the limitations of traditional business process auditing techniques and the potential of process mining to overcome them. While process mining-based audits were found to be effective for evaluating internal controls, their maturity for external auditing remains a challenge. Furthermore, data availability, interpretation of audit results, and ethical and privacy concerns were identified as additional challenges that hinder the adoption of process mining based audits. In the subsequent section, a more detailed discussion of these findings will be presented.

V. DISCUSSION
The discussion section aims to provide an in-depth analysis and interpretation of the findings obtained from the study.
The objective of this study was to reveal trends in utilization of process mining for business process audits, investigate the limitations of traditional business process audits and explore the opportunities that process mining offers to overcome these limitations. Additionally, the objective also included identifying the challenges associated with the implementation of process mining in auditing.
In context of trends in the usage of process mining in audit, the findings reveal that researchers have primarily focused on experimental studies and utilizing existing tools rather than developing new auditing models and tools. In context of trends in the application domain, there has been notable interest in process mining-based methods in the financial and healthcare auditing fields. This interest stems from the sensitivity of these domains such as the potential for causing financial harm to a company. However, there has been relatively less emphasis on auditing opportunities in the logistics management, procurement, and production domains. This can be attributed to the fact that several tasks in these domains are performed manually and beyond the scope of traditional information systems.
Regarding the audit types, the findings revealed a stronger emphasis on internal audit types. This tendency towards internal audit types signifies that that process mining based audit approach is effective for evaluating internal controls of the organizations, however it remains immature for external audit of an organization. The limited availability of research works on external audit types can be attributed to the absence of an external reference model that enables compliance checking against external boundaries. However, it is worth noting that the assessment of efficiency and effectiveness against standard benchmarks does not necessarily require a distinct reference model.
In terms of trends on tool usage, ProM and Disco have remained dominant process mining tools. However, researchers have expressed concerns regarding the fuzzy miner algorithm employed by popular tools like Disco and Celonis, as they believe it can produce misleading results [108]. Therefore, it is essential for researchers to consider this aspect carefully when selecting appropriate auditing tools. The occurrence of erroneous outcomes due to misleading results can lead to a distorted representation of reality, potentially leading to the failure of the entire auditing endeavor.
Results on application of process mining techniques in business process audits revealed two types of process mining techniques that remained under focus: process discovery and conformance assessment. However, it is worth noting that the enhancement perspective of auditing, which focuses on improving the process by addressing identified bottlenecks during process discovery and conformance assessment, has been overlooked in the literature. Combined with predictive and continuous auditing, process improvement techniques can significantly improve auditing activities by enabling real-time audit of the process inefficiencies and anomaly detection. Real-time auditing of process inefficiencies and anomaly detection can enable auditors to identify and address issues as they occur, rather than waiting until the end of a reporting period. This can lead to more timely and effective corrective actions and ultimately result in improved organizational performance. Future research in this direction should focus on developing process improvement techniques that are specifically tailored for process mining-based audits. This can involve the development of new algorithms and methods for identifying bottlenecks and inefficiencies, as well as the integration of predictive and continuous auditing into the audit process.
The review on how process mining overcomes limitations of traditional audits suggests that process mining offers several advantages over traditional audits. Leveraging full-population data remained the foundation of all the advantages that process mining offers over traditional audits. It was found that traditional audit poses a risk of bias in auditing process since it requires manual collection of representative samples, which are subject to the preference and expertise of the auditor. Process mining overcomes this limitation by removing the need for sample collection and enables a full-population-based audit, which promotes a transparent, reproducible, unbiased, and objective audit process that increases both the auditor and the auditee's trust in the auditing process. The identified opportunities indicate that the process mining-based audit approach has the potential to offer a more comprehensive understanding of the processes, uncover process inefficiencies, and identify bottlenecks that may go unnoticed in a traditional audit. This approach can be particularly advantageous when conducting audits on complex and interconnected processes, as it helps to uncover significant issues that may be overlooked by traditional audits.
Aside from the several opportunities it presents, it was also observed that there are certain challenges that delay the adoption of process mining over traditional audits in audit domain. These challenges remained mainly associated with difficulty in interpreting audit results and the availability of data required for process mining-based audits. Several organizations continue to manage their business processes manually, making it impossible to undertake process mining-based audits due to the lack of available data. Furthermore, process mining-based audits encounter the challenge of detecting auditing actions that were performed beyond the scope of information system. This type of audit is possible using traditional audits by visually observing the process activities. Some of the researchers [13] have already emphasized upon the potential of pattern recognition techniques to overcome this limitation in order to enhance the overall accuracy and reliability of the audit process. The groundwork of Kratsch et al. [109] can give a new direction to overcome this challenge by using image recognition techniques over video recordings of human activities, thereby enabling the audit of activities beyond the scope of the information system. Although not specifically focused on audits, the work of Kratsch et al. [109] lays a foundation for future research to tackle the challenge of missing data and eliminate barriers associated with data unavailability. Auditing a dynamic and evolving process change requires a different approach, which is yet another unaddressed challenge. The recent Covid-19 outbreak serves as a prime example of this issue as organizations had to abruptly transition from on-premises work practices to off-premises and online modes. This sudden and significant process change poses a unique challenge for auditing.
Another fundamental challenge of process mining-based auditing that remained unaddressed in the literature was the generation of a trustworthy event log for audit. No studies were observed pertaining to this aspect of auditing, as most of the studies primarily remained focused on the analysis and investigation phases, rather than evaluating the validity and reliability of the log being investigated. Addressing this challenge requires a multi-disciplinary approach, involving researchers from different domains, such as auditing, process mining, and data management. One prospective direction for future research in this direction can be investigation of methods for ensuring the validity and reliability of event logs used for process mining-based auditing. For instance, researchers could explore techniques for identifying and correcting errors and inconsistencies in event logs, or the validation of event logs against other sources of data, such as interviews or observations. Additionally, researchers could investigate the impact of diverse types of errors or inconsistencies on the results of process mining-based auditing, in order to develop guidelines for identifying and addressing such issues.
In addition to aforementioned challenges, the review findings also emphasized the challenges of bias, privacy, and ethical concerns. The process of auditing a business process often involves sensitive information that requires careful management and protection. For instance, in case of a loan application process [13], [100], during the process audit, it may be discovered that a loan application was unjustly denied. Without identifying the root cause, the disclosure of such findings can potentially create uncertainty for other applicants whose requests were also denied. Therefore, it is crucial to maintain anonymity when handling event logs exported from the relevant IT applications. Neglecting to address such cases can lead to ethical issues and introduces a risk of bias into the audit process.
Although a comprehensive coverage of the literature was attempted, it is important to acknowledge that the validity of the findings in this review may be threatened by certain limitations. Six well-known scholarly literature indexing databases were relied upon for our literature search, with a specific focus on journal articles and conference proceedings. In order to ensure the quality and avoid the inclusion of grey literature, all other sources and articles were excluded. However, the inclusion of additional sources may have a slight impact on the study findings. It is worth mentioning that several conference proceedings, specifically those published as book chapters in the popular Springer lecture notes series, as well as snowballed papers, were not affected by our selection criteria.
The implementation of PM-based audit is a complex process that requires the expertise of professionals in the process mining domain [110]. Auditors have long relied on traditional audit methods, and the transition towards PM-based audits requires training auditors to adopt this novel approach. The application of process mining techniques in auditing remains hindered by several challenges that need to be overcome to fully realize their potential.

VI. CONCLUSION
In conclusion, based on a systematic review of relevant literature, this study examined different perspectives of process mining usage in business process audits and demonstrated how process mining overcomes the limitations of traditional audit. Additionally, the specific challenges related to integration of process mining into audit landscape were also highlighted. VOLUME 11, 2023 The study revealed scarcity of new auditing models and tools and immaturity of process mining towards external auditing of business processes. Enhancement perspective of process mining in audits remained largely unexplored. Findings further reveal that Process mining offers several advantages over traditional audits, the foundation of which is an objective and reproducible audit process. On the other hand, challenges in adoption of process mining over traditional audits include lack of expertise, unavailability of log data and generation of a trustworthy event log. Privacy and ethical concerns also need attention.
The identified challenges point towards several future research directions. For instance, there is a need to develop process improvement techniques specifically tailored for process mining-based audits. This may involve the development of new algorithms and methods that may satisfy both process mining and audit perspective. Another potential avenue for further research is the development of methods to ensure the validity and reliability of event logs used for process mining based audits.