Business Process Modeling Supporting the Requirements Elicitation of an Audit System: An Experience Report

1. Introduction

In recent years, most countries that constitute the Organization for Economic Co-operation and Development (OECD) have implemented an extensive reform plan that introduces improvements in the services provided by public administrations in order to ensure their efficiency and quality while addressing the citizens’ needs (Bergmann et al., 2016). However, the incidence of fraud in public service delivery causes users (i.e., citizens, investors, stakeholders, and decision-makers) to mistrust most audit agencies (Zhu et al., 2022).

Auditing is an indispensable element of a regulatory system whose purpose is to reveal deviations from the rules and violations of the principles of legality, efficiency, effectiveness, and economy (Axelsen et al., 2017; Zhu et al., 2022). Furthermore, auditing the public sphere is also essential for public administration since managing such resources is a matter of trust and needs to be managed correctly (Awuah et al., 2022).

In Brazil, the National Audit System within the Unified Health System (SUS) was regulated through Decree nº 1.651 of September 28, 1995. The National Audit System is coordinated by the Unified Health System General Audit Office (AudSUS), an entity within the Brazilian Health Ministry structure. Given that the changes in knowledge function and nature resulting from information technology require constant updating in organizational resources for monitoring, controlling, and producing auditing activities in the public sphere, the Audit System (SISAUD) was instituted on December 4, 2002, representing an advance in modernizing health auditing, socializing information and promoting greater integration among the three spheres of the National Audit System: Federal, State, and Municipal (Melo & Vaitsman, 2007).

Almost twenty years have passed since the institution of SISAUD. Recently, the AudSUS team identified the need for the development of a new system, presenting as determinants the following factors: 1) the Need for an audit tool compatible with new technologies available in the market, such as Artificial Intelligence; 2) Integration of available solutions for strengthening the audit activity; 3) Incorporation of tools that streamline and subsidize the planning and execution stages of the audit activity; 4) Redefinition of control, planning and production mechanisms of the AudSUS workforce; 5) Use of new technologies that allow the execution of remote work with quality; 6) Use of more robust technologies in the execution of the audit activity.

According to previous studies, the quality of software depends on the correct understanding of the end-users and stakeholders’ needs, i.e., the quality of the software requirements (Atoum et al., 2021; Behutiye, Karhapää et al., 2020; Behutiye, Seppänen, et al., 2020; Montgomery et al., 2022; Olsson et al., 2022). Thus, requirements elicitation and specification need to be aligned with business needs in order to meet stakeholder expectations (Ferrari et al., 2021; Karhapää et al., 2021; Montgomery et al., 2022). Therefore, the traditional approach to eliciting requirements through interviews, questionnaires, workshops, and prototyping, is being replaced or complemented by techniques in which the requirements elicitation occurs more precisely to the process in which the software will act (Canedo & da Costa, 2018; de Mendonça et al., 2017; de Sá Mussa et al., 2018; Leão et al., 2019).