CN-121980550-A - Audit decision tracing method, equipment and medium based on model interpretation

Abstract

The invention discloses an audit decision tracing method, equipment and medium based on model interpretation, and relates to the technical field of audit tracing, comprising the steps of constructing an audit subject identifier, executing credential verification, collecting audit decision records and enterprise internal log records, generating data fingerprints and digital signatures for key evidences, and forming an audit tracing evidence packet; and invoking an interpretation playback data set to perform saprolitic additive interpretation and local interpretable model independent interpretation and resampling playback stability evaluation on the reference candidate pool, screening interpretation standard candidates and triggering standby candidate replacement. According to the invention, the analysis is carried out by the additive analysis of saprolidine and the independent analysis of the local interpretable model, and the analysis is matched with the resampling playback stability evaluation and the candidate replacement triggering, so that the rechecking divergence caused by single interpretation fluctuation is reduced.

Inventors

• WU SHAOHUA
• SONG ZHENGCHEN
• WU MAOFANG
• WU CHENHUA
• XU JIAYU
• FU XIAOFENG

Assignees

• 厦门美亚亿安信息科技有限公司

Dates

Publication Date

20260505

Application Date

20260407

Claims (10)

1. 1. An audit decision tracing method based on model interpretation is characterized by comprising the following steps of, Constructing an audit subject identifier and executing credential verification, collecting an audit decision record and an enterprise internal log record, and generating a data fingerprint and a digital signature for key evidence to form an audit tracing evidence packet; Performing field purification, word segmentation and log templated analysis on the log records in the enterprise, extracting data flow events and associating audit tracing evidence packages to obtain a tracing map index set; Executing sample candidate alignment and extracting audit reasoning features on the audit decision records and the traceability graph index set, calling an extreme gradient lifting tree and a lightweight gradient lifting machine to infer misreport risks in parallel and sort the risks in layers, and generating a reference candidate pool, a standby candidate pool and an interpretation playback data set; Invoking an interpretation playback data set to perform saprolily additive interpretation, local interpretable model independent interpretation and resampling playback stability evaluation on the reference candidate pool, screening interpretation standard candidates and triggering standby candidate replacement to obtain a final sample set and an interpretation package; And executing manuscript element arrangement on the final sample set, and performing evidence verification and association analysis arrangement on the interpretation package, the data fingerprint, the digital signature and the traceability map index set to generate an audit decision traceability result.
2. 2. The model interpretation-based audit decision trace-source method as claimed in claim 1, wherein the steps of constructing audit subject identification and executing credential verification are as follows: Registering account numbers, roles and authority ranges of audit participation subjects on an audit platform, and distributing unique subject identifications to form a subject identification set; Binding the main body identification set with an access credential checking rule and issuing a session token to form a main body session identification; And executing token check on the log interface and the audit service interface through the main body session identifier, and recording the check state to form a check passing mark.
3. 3. The audit decision trace source method based on model interpretation as set forth in claim 2, wherein the forming of the audit trace source evidence package is specifically as follows: calling and checking to collect sampling action, assertion type, sample candidate mark, executing rechecking role and manuscript quoting positioning information through mark to audit service interface to form audit decision record; calling and checking to collect enterprise internal log records containing data flow direction related information and time information through a mark pair log interface to form an original log flow; analyzing the audit decision record, extracting positioning information of the quoted key evidence, and executing salted hash and digital signature on the key evidence to form an evidence fingerprint signature pair; And packaging the evidence fingerprint signature pairs, the evidence name category, the sending and receiving time and the object elements and associating the evidence fingerprint signature pairs with the main body session identification to form an audit tracing evidence package.
4. 4. The audit decision traceability method based on model interpretation of claim 3, wherein the obtained traceability map index set is specifically: Performing field purification on the original log stream and eliminating unstructured fields of time fields, grade fields and component fields to form a purified log set; Word segmentation is carried out on the purified log set, a mark sequence is generated, and a log mark sequence set is formed; Performing tree analysis, intra-group consistency check, hierarchical clustering regrouping and inter-group fusion on the log mark sequence set to form a template parameter set; extracting an initial node, a target node and execution time from the template parameter set and combining the initial node, the target node and the execution time into a directed edge event to form a data flow event set; And establishing an association relation between the audit tracing evidence package and the data flow direction event set according to the time object and the positioning information, and constructing a queriable directed tracing relation to form a tracing map index set.
5. 5. The model interpretation-based audit decision trace-source method as claimed in claim 4, wherein the sample candidate alignment is performed on the audit decision record and the trace-source graph index set, and audit reasoning features are extracted, specifically: Carrying out positioning matching on sample candidate identifiers of the audit decision records and directed edge events of the traceability graph index set, and establishing a one-to-one correspondence relationship to form candidate alignment mapping results; extracting assertion information and audit program identification from the candidate alignment mapping result and converging the assertion information and audit program identification into assertion semantic description to form an assertion description set; extracting data flow direction path segments from the candidate alignment mapping and converging the data flow direction path segments into path track descriptions to form a path description set; Performing consistency verification on the fingerprint and the signature of the audit tracing evidence package to form a verification state set; And combining the assertion description set, the path description set and the verification state set into audit reasoning features.
6. 6. The model interpretation-based audit decision trace-back method as claimed in claim 5, wherein the generating the reference candidate pool, the standby candidate pool and the interpretation playback data set comprises: respectively sending audit reasoning features into an extreme gradient lifting tree and a lightweight gradient lifting machine to carry out parallel reasoning and output false report risks to form a double-model risk pair; Carrying out deterministic fusion on the double-model risk pairs, generating a single risk value, and summarizing the single risk value into a candidate risk table; layering and sorting the candidate risk tables according to the assertion type, and marking sorting positions to form a layering and sorting list; Dividing sample candidates corresponding to the candidate risk table according to the hierarchical ordering list, and identifying sampling levels to form a reference candidate pool and a standby candidate pool; And pairing and solidifying audit reasoning features, candidate risk tables and trace source map index information with evidence fingerprint signature pairs, and associating the audit reasoning features, the candidate risk tables and trace source map index information with a reference candidate pool and a standby candidate pool to form an interpretation playback data set.
7. 7. The audit decision trace-source method based on model interpretation as set forth in claim 6, wherein the final sample set and interpretation package is obtained specifically as follows: The reference candidate pool and the interpretation playback data set are subjected to candidate identification consistency check, and the reasoning features, the risk values, the tracing indexes and the evidence fingerprint indexes of the same candidate are extracted to form an interpretation playback instance set; Performing saprolipram additive explanation on the explanation playback instance set, and fixing a baseline sample scale to output a key factor contribution abstract to form a saprolipram principal point set; performing local interpretable model independent interpretation on the corresponding examples of the saprolitic point set, and fixing the disturbance sampling scale to output local interpretation and fitting abstract to form a local point set; resampling and playback are carried out on the local point set, and consistency of the key factor ordering direction and the fitting abstract is compared to form a stability record set; And converging the stability record set into an interpretation confidence score, screening interpretation standard candidates, and simultaneously replacing the non-standard candidate calling standby candidate pool and updating the interpretation playback instance set until the standard is reached to form a final sample set and an interpretation package.
8. 8. The model interpretation-based audit decision trace-source method as set forth in claim 7, wherein the generating audit decision trace-source result is specifically as follows: Executing manuscript element arrangement on the final sample set, converging sampling actions, assertion description, risk values and ordering positions to form a manuscript item set; Invoking an explanation package to carry out explanation key point arrangement on the manuscript item set, and associating a stability record with a traceability index to form an explanation item set; Invoking the data fingerprint and the digital signature to execute consistency verification on the interpretation item set, and associating the verification state with the traceability map index set to form an evidence verification item set; And performing association analysis arrangement on the evidence verification item set, and establishing a retrieval relation of key factors, assertion, evidence fingerprints and traceability nodes to form audit decision traceability results.
9. 9. The computer equipment comprises a memory and a processor, wherein the memory stores a computer program, and the computer equipment is characterized in that the processor realizes the steps of the audit decision tracing method based on model interpretation according to any one of claims 1-8 when executing the computer program.
10. 10. A computer readable storage medium having a computer program stored thereon, wherein the computer program when executed by a processor implements the steps of the model interpretation based audit decision tracing method of any of claims 1 to 8.

Description

Audit decision tracing method, equipment and medium based on model interpretation Technical Field The invention relates to the technical field of audit tracing, in particular to an audit decision tracing method, equipment and medium based on model interpretation. Background With the development of enterprise digital audit and continuous audit technology, audit evidence obtaining and decision making processes are gradually changed from manual manuscripts to event recording, log audit and risk assessment integrated processing based on an audit platform. The conventional scheme generally adopts identity authentication and interface call to collect audit decision records and enterprise internal log records, combines data fingerprints and digital signatures to realize evidence integrity identification, utilizes log templatization to analyze and extract data flow events to form a queriable traceability relationship, and in a risk level, the common method uses a gradient lifting tree algorithm to output false alarm risks and conduct layering sequencing, and simultaneously uses a model interpretation method to generate key factor description to assist audit judgment. The related technology still has a short board in the aspect of 'audit sampling decision rechecking traceability', on one hand, audit decision records, enterprise internal log records and evidence fingerprint signature pairs lack of unified associated index expression, so that a stable evidence chain is difficult to form by data flow event and manuscript reference positioning information, on the other hand, model interpretation results often stay in single output, interpretation stability and repeatability lack of engineering constraint, so that the same sample candidates are easy to be different in different interpretation environments, interpretation confidence and rechecking consistency are affected, and verifiability and accountability of audit decision traceability results are further weakened. Disclosure of Invention The present invention has been made in view of the above-described problems occurring in the prior art. Therefore, the invention provides an audit decision tracing method based on model interpretation, which solves the problem that audit sampling decisions lack repeatable model interpretation evidence chains and log tracing unified indexes. In order to solve the technical problems, the invention provides the following technical scheme: in a first aspect, the invention provides an audit decision trace-source method based on model interpretation, comprising, Constructing an audit subject identifier and executing credential verification, collecting an audit decision record and an enterprise internal log record, and generating a data fingerprint and a digital signature for key evidence to form an audit tracing evidence packet; Performing field purification, word segmentation and log templated analysis on the log records in the enterprise, extracting data flow events and associating audit tracing evidence packages to obtain a tracing map index set; Executing sample candidate alignment and extracting audit reasoning features on the audit decision records and the traceability graph index set, calling an extreme gradient lifting tree and a lightweight gradient lifting machine to infer misreport risks in parallel and sort the risks in layers, and generating a reference candidate pool, a standby candidate pool and an interpretation playback data set; Invoking an interpretation playback data set to perform saprolily additive interpretation, local interpretable model independent interpretation and resampling playback stability evaluation on the reference candidate pool, screening interpretation standard candidates and triggering standby candidate replacement to obtain a final sample set and an interpretation package; And executing manuscript element arrangement on the final sample set, and performing evidence verification and association analysis arrangement on the interpretation package, the data fingerprint, the digital signature and the traceability map index set to generate an audit decision traceability result. As a preferred scheme of the model interpretation-based audit decision tracing method, the invention comprises the steps of constructing audit subject identification and executing credential verification, and specifically comprises the following steps: Registering account numbers, roles and authority ranges of audit participation subjects on an audit platform, and distributing unique subject identifications to form a subject identification set; Binding the main body identification set with an access credential checking rule and issuing a session token to form a main body session identification; And executing token check on the log interface and the audit service interface through the main body session identifier, and recording the check state to form a check passing mark. As a preferable scheme of the audit decision tracing method ba