Designing an Automated Audit Tool for the Targeted Risk Exposure Reduction

The risk exposure of an organization is the cost of being non-compliant for all process instances that are subject to auditing and it can be reduced by auditing internal controls for every process instance, detecting and eliminating the cause of non-compliance. This paper discusses the design consideration for an automated auditing tool to achieve the desired level of risk exposure reduction. A method is provided to measure the effectiveness and the limits of such tools and adjust their performance for various risk exposure levels.