A model explanation-based audit decision provenance method, device and medium

By constructing an audit entity identifier, generating a traceability evidence package, and performing field purification and word segmentation parsing, and combining a gradient boosting tree model for misstatement risk assessment, the problem of unified association between audit decision records and log records was solved, achieving the stability and repeatability of audit decision traceability, and improving the verifiability and accountability of interpretation results.

CN121980550BActive Publication Date: 2026-07-07XIAMEN MEIYA YIAN INFORMATION TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
XIAMEN MEIYA YIAN INFORMATION TECH CO LTD
Filing Date
2026-04-07
Publication Date
2026-07-07

AI Technical Summary

Technical Problem

Existing technologies for audit sampling decision verification and traceability suffer from several drawbacks. They lack a unified index for linking audit decision records with internal enterprise log records, resulting in insufficient stability and repeatability of model interpretation results. This leads to an unstable chain of evidence, affecting the confidence and accountability of the interpretation.

Method used

The audit entity identifier is constructed and voucher verification is performed to generate an audit traceability evidence package. A traceability graph index set is formed through field purification and word segmentation parsing. The false alarm risk is inferred in parallel by combining extreme gradient boosting trees and lightweight gradient boosting machines. A baseline candidate pool and an explanation replay dataset are generated. Shapley additive explanation and locally interpretable model-independent explanation are performed to form the final sample set and explanation package.

Benefits of technology

It improves the operability of evidence integrity verification and source consistency verification, enhances the queryable mapping of data flow events and evidence fingerprint signature pairs, improves the consistency and reusability of sampling decisions, reduces review discrepancies caused by single interpretation fluctuations, and enhances the reproducibility of interpretation results and the ability to resolve disputes.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN121980550B_ABST
    Figure CN121980550B_ABST
Patent Text Reader

Abstract

The application discloses a kind of based on model explanation auditing decision traceability method, equipment and medium, it is related to auditing traceability technical field, including, constructing auditing subject identification and executing voucher check, collecting auditing decision record and enterprise internal log record and generating data fingerprint and digital signature to key evidence, form auditing traceability evidence package;To enterprise internal log record is executed field purification and word segmentation and log template analysis, extract data flow event and associate auditing traceability evidence package, obtain traceability graph index set;Call explanation playback dataset to carry out shapley additive explanation and local interpretable model independent explanation to benchmark candidate pool and re-sampling playback stability evaluation, filter explanation up to candidate and trigger backup candidate replacement.The application is explained by shapley additive and local interpretable model independent explanation, cooperates with re-sampling playback stability evaluation and triggers candidate replacement, reduces the difference of review caused by single explanation fluctuation.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of audit tracing technology, and in particular to an audit decision tracing method, device and medium based on model interpretation. Background Technology

[0002] With the development of digital auditing and continuous auditing technologies in enterprises, the audit evidence collection and decision-making process is gradually shifting from manual working papers to integrated processing of event recording, log auditing, and risk assessment based on audit platforms. Conventional solutions typically use identity authentication and API calls to collect audit decision records and internal enterprise log records, combining data fingerprints and digital signatures to identify the integrity of evidence, and using log template parsing to extract data flow events to form a queryable traceability relationship. At the risk level, common practices use gradient boosting tree algorithms to output false alarm risks and perform hierarchical ranking, while using model interpretation methods to generate key factor descriptions to assist audit judgment.

[0003] Existing technologies still have shortcomings in "verifiable and traceable audit sampling decisions": On the one hand, there is a lack of unified index expression between audit decision records, internal enterprise log records, and evidence fingerprint signature pairs, making it difficult to form a stable chain of evidence between data flow events and working paper reference location information; on the other hand, model interpretation results often remain at a single output, and the stability and repeatability of interpretation lack engineering constraints, making the same sample candidates prone to differences under different interpretation environments, thereby affecting the confidence of interpretation and the consistency of review, and thus weakening the verifiability and accountability of audit decision tracing results. Summary of the Invention

[0004] In view of the aforementioned existing problems, the present invention is proposed.

[0005] Therefore, this invention provides a model-interpretive audit decision tracing method to solve the problem of audit sampling decisions lacking a repeatable chain of evidence for model interpretation and a unified index for log tracing.

[0006] To solve the above-mentioned technical problems, the present invention provides the following technical solution:

[0007] In a first aspect, the present invention provides an audit decision tracing method based on model interpretation, comprising,

[0008] Construct audit entity identifiers and perform voucher verification, collect audit decision records and internal enterprise log records, and generate data fingerprints and digital signatures for key evidence to form an audit traceability evidence package;

[0009] Perform field cleanup and word segmentation on internal enterprise log records, as well as log template parsing, extract data flow events and associate them with audit and tracing evidence packages to obtain a tracing graph index set;

[0010] Perform sample candidate alignment on the audit decision record and the source graph index set and extract audit inference features. Call extreme gradient boosting tree and lightweight gradient boosting machine to infer false alarm risk in parallel and sort it hierarchically to generate a baseline candidate pool, a backup candidate pool and an explanation replay dataset.

[0011] The interpretation replay dataset is called to perform Shapley additive interpretation, locally interpretable model-independent interpretation, and resampling replay stability evaluation on the baseline candidate pool. Candidates that meet the interpretation criteria are selected and backup candidate replacement is triggered to obtain the final sample set and interpretation package.

[0012] The final sample set is used to arrange working paper elements, and the interpretation package, data fingerprint, digital signature and traceability graph index set are used for evidence verification and correlation analysis and arrangement to generate audit decision traceability results.

[0013] As a preferred embodiment of the audit decision tracing method based on model interpretation described in this invention, the step of constructing the audit subject identifier and performing voucher verification specifically includes:

[0014] The audit platform registers the accounts, roles, and scope of permissions of the audit participants and assigns unique entity identifiers to form a set of entity identifiers;

[0015] Bind the subject identifier set to the access credential verification rules and issue a session token to form a subject session identifier;

[0016] The main session identifier is used to perform token verification on the log interface and audit service interface and record the verification status to form a verification pass mark.

[0017] As a preferred embodiment of the audit decision tracing method based on model interpretation described in this invention, the formation of the audit tracing evidence package specifically includes:

[0018] The call verification collects sampling actions, assertion types, sample candidate identifiers, execution review roles, and working paper reference location information through the audit service interface to form an audit decision record;

[0019] The call verification collects internal enterprise log records containing data flow-related messages and time information through the log interface, forming the raw log stream;

[0020] Analyze audit decision records, extract the location information of cited key evidence, and perform salted hashing and digital signature on the key evidence to form evidence fingerprint signature pairs;

[0021] The evidence fingerprint signature is encapsulated with the evidence name and category, sending and receiving time and object elements, and associated with the subject session identifier to form an audit traceability evidence package.

[0022] As a preferred embodiment of the audit decision tracing method based on model interpretation described in this invention, wherein obtaining the tracing graph index set specifically involves:

[0023] The original log stream is cleaned by removing unstructured fields such as time, level, and component fields to form a cleaned log set.

[0024] The cleanup log set is segmented into words and a tag sequence is generated to form a log tag sequence set;

[0025] The log tag sequence set is parsed in a tree structure, with intra-group consistency checks, hierarchical clustering regrouping, and inter-group fusion to form a template parameter set.

[0026] Extract the starting node, destination node, and execution time from the template parameter set and combine them into directed edge events to form a data flow event set;

[0027] The audit traceability evidence package is associated with the data flow event set by time object and location information, and a queryable directed traceability relationship is constructed to form a traceability graph index set.

[0028] As a preferred embodiment of the model-based audit decision tracing method of the present invention, the step of performing sample candidate alignment and extracting audit inference features on the audit decision records and the tracing graph index set specifically includes:

[0029] The sample candidate identifiers of the audit decision record are located and matched with the directed edge events of the traceability graph index set to establish a one-to-one correspondence, forming a candidate alignment mapping result;

[0030] The assertion information and audit procedure identifiers are extracted from the candidate alignment mapping results and aggregated into an assertion semantic description to form an assertion description set.

[0031] Data flow path segments are extracted from candidate alignment maps and aggregated into path trajectory descriptions to form a path description set;

[0032] Perform consistency verification on the fingerprints and signatures of the audit traceability evidence package to form a verification status set;

[0033] The assertion description set, path description set, and verification status set are combined into audit inference features.

[0034] As a preferred embodiment of the model-interpretation-based audit decision tracing method described in this invention, the generation of the baseline candidate pool, the backup candidate pool, and the interpretation playback dataset specifically includes:

[0035] The audit inference features are fed into an extreme gradient boosting tree and a lightweight gradient boosting machine for parallel inference and the false alarm risk is output to form a dual-model risk pair.

[0036] The risk pairs of the two models are deterministically fused to generate a single risk value, which is then summarized into a candidate risk table.

[0037] The candidate risk table is sorted hierarchically according to assertion type and the sorting position is marked to form a hierarchical sorting list;

[0038] Based on the hierarchical ranking list, the sample candidates corresponding to the candidate risk table are divided and the sampling level is identified to form a baseline candidate pool and a backup candidate pool.

[0039] The audit reasoning features, candidate risk tables, source map index information, and evidence fingerprint signatures are paired and solidified, and associated with the baseline candidate pool and the backup candidate pool to form an interpretation and replay dataset.

[0040] As a preferred embodiment of the audit decision tracing method based on model interpretation described in this invention, the step of obtaining the final sample set and interpretation package specifically involves:

[0041] The baseline candidate pool and the explanation replay dataset are checked for consistency of candidate identifiers, and the reasoning features, risk values, source indexes and evidence fingerprints of the same candidate are extracted to form an explanation replay instance set;

[0042] Perform Shapley additive interpretation on the replay instance set and output a summary of key factor contributions with a fixed baseline sample size to form the Shapley summary set;

[0043] Local interpretable model-independent interpretations are performed on the instances corresponding to the Shapley point set, and local interpretations and fitting summaries are output with fixed perturbation sampling scales to form local point sets.

[0044] Resampling and replaying of local key point sets and comparing the consistency between the ranking direction of key factors and the fitted summary are performed to form a stable record set;

[0045] The stability record set is aggregated into an explanation confidence score and candidates that meet the explanation criteria are selected. At the same time, candidates that do not meet the criteria are replaced by calling the backup candidate pool and the explanation replay instance set is updated until the criteria are met, forming the final sample set and explanation package.

[0046] As a preferred embodiment of the audit decision tracing method based on model interpretation described in this invention, the generation of audit decision tracing results specifically includes:

[0047] The final sample set is processed by arranging the manuscript elements and aggregating the sampling actions, assertion descriptions, risk values ​​and sorting positions to form a manuscript item set.

[0048] The interpretation package is invoked to compile the key points of the interpretation of the draft entry set and associate it with stability records and source indexes to form an interpretation entry set;

[0049] The data fingerprint and digital signature are invoked to perform consistency verification on the interpretation item set and the verification status is associated with the traceability graph index set to form the evidence verification item set;

[0050] Perform correlation analysis on the evidence verification item set and establish retrieval relationships between key factors, assertions, evidence fingerprints and traceability nodes to form audit decision traceability results.

[0051] In a second aspect, the present invention provides a computer device including a memory and a processor, wherein the memory stores a computer program, wherein when the computer program is executed by the processor, it implements any step of the model interpretation-based audit decision tracing method described in the first aspect of the present invention.

[0052] Thirdly, the present invention provides a computer-readable storage medium having a computer program stored thereon, wherein: when the computer program is executed by a processor, it implements any step of the model interpretation-based audit decision tracing method described in the first aspect of the present invention.

[0053] The beneficial effects of this invention are as follows: By employing subject session identifiers and verification pass markers, the collection behavior of audit service interfaces and log interfaces has a basis for accountability. Furthermore, by forming an audit tracing evidence package through data fingerprints and digital signatures, audit decision records and original log streams share consistent evidence anchors, thereby improving the operability of evidence integrity verification and source consistency verification. The invention also generates a tracing graph index set from internal enterprise log records through field purification, word segmentation, and log template parsing, enabling a queryable mapping between data flow events and evidence fingerprint signature pairs. This reduces the risk of omissions caused by relying on manual comparison for cross-record associations, thus strengthening the audit chain. The system enhances the interpretability of data flow changes; it enables parallel inference and hierarchical ranking of misstatement risks based on audit inference characteristics, providing a unified risk ranking caliber for sampling decisions and supporting hierarchical coverage, thereby improving the consistency and reusability of sampling schemes; the interpretation and replay dataset solidifies the association between audit inference characteristics, candidate risk tables, and source map index information, allowing Shapley additive interpretations and locally interpretable model-independent interpretations to have replay conditions, and, in conjunction with resampling and replay stability assessment, forms an interpretation confidence score and triggers candidate replacement, reducing review discrepancies caused by single interpretation fluctuations and improving the verifiability and dispute convergence ability of interpretation results. Attached Figure Description

[0054] To more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the following description of the embodiments will be briefly introduced. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0055] Figure 1This is a flowchart of a model-based audit decision tracing method.

[0056] Figure 2 A flowchart for constructing audit entity identifiers and verifying vouchers.

[0057] Figure 3 This is a flowchart for audit reasoning feature extraction and risk assessment.

[0058] Figure 4 This is a flowchart for model interpretation and stability assessment. Detailed Implementation

[0059] To make the above-mentioned objects, features and advantages of the present invention more apparent and understandable, the specific embodiments of the present invention will be described in detail below with reference to the accompanying drawings.

[0060] Many specific details are set forth in the following description in order to provide a full understanding of the invention. However, the invention may also be practiced in other ways different from those described herein, and those skilled in the art can make similar extensions without departing from the spirit of the invention. Therefore, the invention is not limited to the specific embodiments disclosed below.

[0061] Secondly, the term "one embodiment" or "embodiment" as used herein refers to a specific feature, structure, or characteristic that may be included in at least one implementation of the present invention. The phrase "in one embodiment" appearing in different places in this specification does not necessarily refer to the same embodiment, nor is it a single or selective embodiment that is mutually exclusive with other embodiments.

[0062] Reference Figures 1-4 This is one embodiment of the present invention, which provides an audit decision tracing method based on model interpretation, including the following steps:

[0063] S1. Construct audit entity identifiers and perform voucher verification, collect audit decision records and internal enterprise log records, and generate data fingerprints and digital signatures for key evidence to form an audit traceability evidence package.

[0064] S1.1. Register the accounts, roles, and scope of permissions of audit participants on the audit platform, and assign a unique entity identifier to each audit participant. Combine the accounts, roles, scope of permissions, and unique entity identifiers to form an entity identifier set.

[0065] The subject identifier set is bound to the access credential verification rule and a session token is issued. The access credential verification rule is used to limit the validity period, access scope and issuance conditions of the session token. The correspondence between the session token and the subject identifier set is used to generate the subject session identifier. The subject session identifier is used to perform token verification on the log interface and audit service interface and form a verification pass mark.

[0066] The main session identifier is used to perform token verification on the log interface and audit service interface and record the verification status. Token verification is used to verify the validity of the session token and the matching of permissions, and the verification status is used to generate a verification pass flag.

[0067] S1.2. The call verification collects sampling actions, assertion types, sample candidate identifiers, execution review roles, and working paper reference location information through the audit service interface and aggregates them to form an audit decision record. The working paper reference location information is a locatable description that identifies the key evidence in the business storage location or business reference location. The key evidence file is the evidence file pointed to by the working paper reference location information and used to support the verification of the assertion type corresponding to the sampling action.

[0068] The call verification uses a flag to collect internal enterprise log records containing data flow-related messages and time information from the log interface and aggregates them to form a raw log stream. The internal enterprise log records are used to record the time information of data flow-related messages.

[0069] The audit decision records are analyzed and the location information of the cited key evidence is extracted. Based on the location information, the content of the key evidence document is accessed. The content of the key evidence document is generated by performing salted hashing to generate a data fingerprint and simultaneously performing digital signature to generate a signature value. The data fingerprint and signature value are combined to form an evidence fingerprint signature pair.

[0070] To further explain, the expression for generating a data fingerprint by calculating the content of key evidence documents through salted hashing is as follows:

[0071] ;

[0072] in, A data fingerprint is used to characterize the consistency of the content of key evidence documents without preserving the original text of the key evidence documents. Represents a hash function; This indicates the contents of key evidence documents; Indicates salinity; This indicates a join operation.

[0073] S1.3. Use evidence fingerprint signature to generate a digital signature and encapsulate it with evidence name category, sending and receiving time and object element. Evidence name category identifies the business category of key evidence, sending and receiving time identifies the time when the business interaction related to key evidence occurred, and object element identifies the business object involved in key evidence. Associate the encapsulation result with the subject session identifier to form an audit traceability evidence package.

[0074] To further explain, a digital signature is calculated by using a signing private key to sign a data fingerprint, expressed as follows:

[0075] ;

[0076] in, This refers to a digital signature, used to support verification of the integrity and consistency of the data fingerprint's origin; Indicates the signature algorithm; This represents the private key used for signing; This represents a data fingerprint.

[0077] S2. Perform field cleanup and word segmentation on the enterprise's internal log records, as well as log template parsing, extract data flow events and associate them with audit and tracing evidence packages to obtain a tracing graph index set.

[0078] S2.1. Call the original log stream that has passed the verification mark, extract the time field, level field and component field of each internal enterprise log record in the original log stream, and remove the time field, level field and component field from the text of the internal enterprise log record, retaining the business semantic fields to form a clean log set.

[0079] Each internal log record in the cleanup log set is segmented into words by spaces, tabs, and punctuation delimiters, and word sequences are output. The word sequences are then aggregated to form a log tag sequence set.

[0080] Tree-based parsing is used to index the log tag sequence set. The first few words of each word sequence in the log tag sequence set are used as the index path, and the numerical words are replaced with wildcards. Wildcards are used to unify the branch differences caused by numerical changes. The tree-based parsing outputs log templates and template parameters, and the log templates and template parameters are aggregated to form a template parameter set.

[0081] S2.2. Divide the template parameter set into log groups according to the log template and perform intra-group consistency test. The intra-group consistency test measures the common pattern length of two word sequences in the log group by the longest common subsequence and distinguishes between template stable log groups and template unstable log groups accordingly. Template unstable log groups are regrouped into multiple template stable log groups by hierarchical clustering. Inter-group fusion is performed between template stable log groups by the longest common subsequence to obtain a structured log template set. The structured log template set is then written back to the template parameter set.

[0082] To further explain, the longest common subsequence is used to calculate the similarity between two word sequences within a log group, and the expression is:

[0083] ;

[0084] in, The similarity score represents the consistency of patterns within a log group and supports hierarchical clustering regrouping and inter-group fusion. Representing a lexical sequence With lexical sequence The longest common subsequence; The number of lexical units in the longest common subsequence; Representing a lexical sequence Length; Representing a lexical sequence Length; This indicates taking the smaller value.

[0085] S2.3. Filter log templates containing data flow related messages in the template parameter set, extract the start node, destination node and execution time according to the template parameters corresponding to the log template and combine them to form directed edge events, and aggregate the directed edge events to form a data flow event set.

[0086] The audit traceability evidence package is associated with the data flow event set based on time objects and location information. The time objects are used to align the sending and receiving time of the audit traceability evidence package with the execution time of the directed edge event. The location information is used to align the business reference location of the audit traceability evidence package with the business object corresponding to the data flow related message. The association relationship is used to map the data fingerprint and digital signature of the audit traceability evidence package to the directed edge event and form a queryable directed traceability relationship.

[0087] Index entries are created for queryable directed tracing relationships. The index entries record the correspondence between the starting node, the destination node, the execution time, and the data fingerprint and digital signature of the audit tracing evidence package, and are aggregated to form a tracing graph index set.

[0088] S3. Perform sample candidate alignment on the audit decision record and the source graph index set and extract audit inference features. Call extreme gradient boosting tree and lightweight gradient boosting machine to infer false alarm risks in parallel and sort them hierarchically. Generate a baseline candidate pool, a backup candidate pool and an explanation replay dataset.

[0089] S3.1. Extract sample candidate identifiers from audit decision records and aggregate them to form a sample candidate identifier set. The sample candidate identifier set is used to uniquely identify the business records to be sampled and verified. The sample candidate identifier set is matched with the directed edge events of the traceability graph index set and a one-to-one correspondence is established. The matching is based on the positioning information of the working paper to align the business reference position and the time information of the enterprise's internal log records to align the execution time. The candidate alignment mapping result is output.

[0090] Based on the candidate alignment mapping results, assertion types and audit procedure identifiers are extracted. The audit procedure identifier is used to identify the source of the audit procedure recorded by the audit service interface. The assertion types and audit procedure identifiers are aggregated into assertion semantic descriptions, and the assertion semantic descriptions are summarized according to the sample candidate identifiers to form an assertion description set.

[0091] Based on the candidate alignment mapping results, the starting node, destination node, and execution time of directed edge events are extracted and sorted by execution time to form data flow path segments. The data flow path segments are aggregated into path trajectory descriptions, and the path trajectory descriptions are aggregated according to the sample candidate identifiers to form a path description set.

[0092] S3.2. Extract data fingerprints and digital signatures from the audit traceability evidence package to form an evidence fingerprint signature pair set; perform consistency verification on the evidence fingerprint signature pair set and generate verification status. The verification status is aggregated according to the sample candidate identifier to form a verification status set. The consistency verification characterizes the consistency of data fingerprints and digital signatures in the audit traceability evidence package packaging process and subsequent use process.

[0093] The assertion description set, path description set, and verification status set are combined to form audit inference features. The audit inference features are then combined to form an audit inference feature set based on the sample candidate identifiers.

[0094] The audit inference feature set is split into multiple audit inference feature records according to the sample candidate identifier, and each audit inference feature record is converted into a feature field order and data type that can be recognized by the extreme gradient boosting tree. Each converted audit inference feature record is fed into the extreme gradient boosting tree and the tree node condition judgment and leaf node location are completed. The extreme gradient boosting tree outputs the false alarm risk score at the leaf node. The false alarm risk scores are aggregated according to the sample candidate identifier to form the extreme gradient boosting tree false alarm risk set.

[0095] The audit inference feature set is split into multiple audit inference feature records according to the sample candidate identifier, and each audit inference feature record is converted into a feature field order and data type that can be recognized by the lightweight gradient booster. Each converted audit inference feature record is fed into the lightweight gradient booster and the tree node condition judgment and leaf node location are completed. The lightweight gradient booster outputs the false alarm risk score at the leaf node. The false alarm risk scores are aggregated according to the sample candidate identifier to form the lightweight gradient booster false alarm risk set.

[0096] In this embodiment, both the extreme gradient boosting tree and the lightweight gradient boosting machine directly receive the same audit inference feature records and output false positive risk scores respectively. Two highly homogeneous tree models are used in parallel instead of conventional stacking because audit decision tracing requires the final risk value to be directly traceable back to the same set of audit inference feature fields, the same set of assertion descriptions, the same path trajectory descriptions, and the same set of verification states. Under the condition that the input fields have consistent semantics, the two tree models use different tree-building mechanisms to judge the risk of the same candidate, thus forming a mutually verifiable dual-model risk pair. The extreme gradient boosting tree focuses on overall gain control under layer-by-layer splitting, while the lightweight gradient boosting machine focuses on local high-gain splitting under leaf-first growth. The parallel output of both can improve the robustness of risk identification while maintaining consistency in the interpretation space. If the conventional stacking method is used, the output of the two models needs to be fed into the upper meta-model. The meta-model will introduce new feature mapping relationships and secondary weight relationships, so that the final single risk value no longer directly corresponds to the original audit inference feature field. This will increase the complexity of the replay link for subsequent Shapley additive interpretation, locally interpretable model-independent interpretation and resampling replay stability assessment, which is not conducive to the verifiability of audit decision tracing results.

[0097] The false alarm risk set of extreme gradient boosting tree and the false alarm risk set of lightweight gradient boosting machine are paired up according to the sample candidate identifier to form a dual-model risk pair; deterministic fusion is performed on the dual-model risk pair to generate a single risk value, and the single risk value is summarized according to the sample candidate identifier to form a candidate risk table.

[0098] To further explain, deterministic fusion calculates a single risk value through a dual-model risk pair, expressed as:

[0099] ;

[0100] in, It represents a single risk value, used to uniformly characterize the misreporting risk level of the business record corresponding to the sample candidate identifier; This indicates taking the larger value; This indicates the risk of false positives in the output of the extreme gradient boosting tree; This indicates the risk of false alarms in the output of the lightweight gradient booster.

[0101] Before performing deterministic fusion, first... and A validity check is performed to confirm that the corresponding sample candidate identifiers of the two models are consistent and that the risk values ​​are both within a preset risk range. The preset risk range is determined by the output mapping method of the extreme gradient boosting tree and the lightweight gradient boosting machine. Since the original risk scores of the two models are converted into probabilistic false alarm risks through probability mapping, zero to one is determined as the preset risk range for uniform constraint. and The valid range of values.

[0102] exist and If both models pass the validity check, the risk difference between the two models is further calculated. The expression is:

[0103] ;

[0104] in, This represents the risk difference between the two models, used to characterize the degree of deviation between the extreme gradient boosting tree and the lightweight gradient boosting machine in their risk assessments of the same candidate identifier.

[0105] when If the risk value is not greater than a preset conflict threshold, the dual-model risk pair is determined to be in a consistent fusion state, and a single risk value is calculated. ;when When the risk value exceeds a preset conflict threshold, the dual-model risk pair is determined to be in a conflict fusion state, and a model conflict marker is generated. The model conflict marker is then compared with the single risk value. Include them in the candidate risk table.

[0106] It should be noted that the preset conflict threshold is obtained from the validation sample set before model deployment; the specific validation process is as follows: a validation sample set is constructed by calling historical candidate samples that have undergone manual review and have assertion results, and the corresponding values ​​are output by the extreme gradient boosting tree and the lightweight gradient boosting machine, respectively. and The system calculates the bi-model risk difference for each candidate sample in the validation sample set, sorts all samples by value from smallest to largest, and takes the difference corresponding to the 90th percentile after sorting as the preset conflict threshold, so that most consistent samples enter the consistent fusion state, and identifies the minority samples with significant deviation as the conflict fusion state.

[0107] when and If only one model passes the validity check, a single model rollback flag is generated, and the false alarm risk that passed the validity check is directly recorded as a single risk value. ;when and If none of the above fail the validity check, a fusion failure mark and a fusion failure reason record are generated. The fusion failure reason record includes at least the sample candidate identifier, the failed model identifier, the failure time and the failure reason. The corresponding sample candidate identifier will not be included in the current round of the baseline candidate pool and the backup candidate pool division process, but will be retained in the candidate risk table as a candidate to be recalculated.

[0108] S3.3. The candidate risk table is stratified according to assertion type. Candidates with the same assertion type are grouped into the same assertion type layer, and candidates with different assertion types are grouped into different assertion type layers. Within each assertion type layer, a single risk value is used as the main sorting criterion. Candidates are sorted from high to low according to the single risk value and the sorting position is recorded. The larger the single risk value, the higher the false alarm risk of the corresponding candidate sample and the higher its sorting position, thus forming a stratified sorting list.

[0109] Furthermore, in this embodiment, the hierarchical ranking does not use model confidence as the primary ranking criterion, but rather a single risk value. This is because the candidate risk table has already merged the dual-model risk pairs into a single risk value through deterministic fusion in the aforementioned steps. Moreover, the subsequent division of the baseline candidate pool and the backup candidate pool aims to perform stratified sampling coverage around the level of false alarm risk. Therefore, using a unified single risk value as the primary ranking criterion within the same assertion type layer is more conducive to the consistency of the sampling level division and the consistency of subsequent interpretation and playback.

[0110] When two candidate samples within the same assertion type layer have the same single risk value, the corresponding bi-model risk difference is read and sorted in ascending order of the bi-model risk difference. The smaller the bi-model risk difference, the more consistent the risk judgment of the two tree models on the candidate sample, and the higher its sorting position.

[0111] When the single risk value and the risk difference between the two models are the same, the verification status set of the corresponding sample candidate identifier is read, and the number of items that pass the consistency verification is counted. Then, the items are sorted again from the largest to the smallest number of items that pass the consistency verification. The larger the number of items that pass the consistency verification, the higher the integrity of the evidence chain of the corresponding sample candidate identifier, and the higher its ranking position.

[0112] When the number of single risk values, bi-model risk differences, and the number of items that pass the consistency check are still the same, the execution time in the candidate alignment mapping results is read, and the candidate is supplemented and sorted from the nearest to the furthest execution time. The closer the execution time, the higher the candidate identifier of the sample is in the sorting position, thus forming a unique sorting order that can be repeatedly replayed within the same assertion type layer.

[0113] Based on the hierarchical ranking list, the sample candidate identifiers corresponding to the candidate risk table are divided and the sampling level is marked to form a baseline candidate pool and a backup candidate pool.

[0114] The sample candidate identifiers covered by the baseline candidate pool and the backup candidate pool are matched with the audit inference feature set, the candidate risk table is matched with the source map index set, and the evidence fingerprint signature pair set is matched with the audit source trace evidence package. The matching results are solidified according to the sample candidate identifiers to form the interpretation replay dataset. The interpretation replay dataset maintains a consistent correspondence with the baseline candidate pool and the backup candidate pool and is used for subsequent Shapley additive interpretation, locally interpretable model-independent interpretation, and resampling replay stability assessment.

[0115] S4. Call the interpretation replay dataset to perform Shapley additive interpretation, locally interpretable model-independent interpretation, and resampling replay stability evaluation on the baseline candidate pool, screen candidates that meet the interpretation criteria and trigger backup candidate replacement to obtain the final sample set and interpretation package.

[0116] S4.1. Perform a candidate identifier consistency check between the sample candidate identifiers in the baseline candidate pool and the sample candidate identifiers in the interpretation and playback dataset. The candidate identifier consistency check is completed by comparing the sample candidate identifiers one by one and verifying the consistency of the single risk value recorded in the candidate risk table. Extract the audit reasoning features, single risk value, source map index information and evidence fingerprint index corresponding to each sample candidate identifier from the interpretation and playback dataset to form an interpretation and playback instance set.

[0117] A baseline sample set with a fixed size of 500 was selected from the interpretation replay dataset. The baseline sample set consists of audit inference features and a single risk value from the interpretation replay dataset. The fixed baseline sample size of 500 is because the baseline sample set is used to represent the normal range of values ​​for the audit inference features. If the baseline sample size is too small, the key factor contribution summary output by the Shapley additive interpretation will fluctuate significantly with the replacement of the baseline sample set. If the baseline sample size is too large, the number of marginal contribution calculations for each candidate identifier of the Shapley additive interpretation will increase significantly and reduce the efficiency of audit processing. The fixed baseline sample size of 500 maintains the verifiability and executability between the stability of the key factor contribution summary and the computational complexity of the Shapley additive interpretation.

[0118] The Shapley additive interpretation is performed on the interpretation replay instance set, and the key factor contribution summary is calculated with reference to the baseline sample set. The key factor contribution summary is aggregated according to the sample candidate identifier to form the Shapley summary set. The operation steps of performing the Shapley additive interpretation include: generating a feature replacement order set according to the audit inference feature field list of each sample candidate identifier in the interpretation replay instance set. The feature replacement order set is used to represent the different addition order of the audit inference feature fields. For each feature replacement order, the values ​​of the fields in the audit inference feature fields that are not added to the order are replaced one by one using the baseline sample set, and the values ​​of the fields that have been added to the order are retained to form feature subset records. The feature subset records are fed into the extreme gradient boosting tree and the lightweight gradient boosting machine for parallel inference to obtain the misstatement risk score, and the feature subset risk value is generated by deterministic fusion.

[0119] Under the same feature permutation order, the difference in risk values ​​between two adjacent feature subsets is compared and used as the marginal contribution value of the newly added audit inference feature field. The marginal contribution value is aggregated within the baseline sample set and the feature permutation order set to form the audit inference feature field contribution table. The key factor contribution summary is obtained by sorting the audit inference feature field contribution table by absolute contribution value and recording the contribution direction, absolute contribution value and sorting position. The contribution direction is determined by the sign of the marginal contribution value in the audit inference feature field contribution table.

[0120] S4.2. Perform locally interpretable model-independent interpretation on the interpretation playback instance set and fix the perturbation sampling size to three thousand times. Perturbation sampling is used to generate perturbation samples around audit inference features and form a perturbation sample set. The perturbation sampling size is fixed at three thousand times because the perturbation sample set is used to cover the combination of audit inference feature values ​​in the neighborhood of the sample candidate identifier. If the perturbation sampling size is too small, the local interpretation will fluctuate significantly with the replacement of the perturbation sample set and the fitted summary will be unstable. If the perturbation sampling size is too large, the number of false alarm risk inferences of the perturbation sample set will increase significantly and reduce the efficiency of audit processing. Fixing the perturbation sampling size at three thousand times is to ensure that the local interpretation ranking and the fitted summary remain verifiable and executable in repeated perturbation sampling.

[0121] The steps for generating perturbation samples based on audit inference features include: copying audit inference feature records for each candidate identifier in the interpretation and playback instance set to form initial perturbation records; randomly replacing the numerical audit inference feature fields of the initial perturbation records within the corresponding field value range of the baseline sample set while keeping the field data type unchanged; randomly selecting field values ​​from the same field value set in the baseline sample set to replace the enumerated audit inference feature fields of the initial perturbation records while preserving the legality of the field values; randomly replacing the textual audit inference feature fields of the initial perturbation records with the same textual values ​​in the baseline sample set while maintaining consistent text encoding rules; repeating the above replacement process until three thousand perturbation records are generated and aggregated to form a perturbation sample set.

[0122] The locally interpretable model-independent explanation calculates local explanations and fitting summaries on the perturbation sample set. These summaries are then aggregated according to the sample candidate identifiers to form a local key point set. The steps for calculating the local explanations and fitting summaries include: feeding each perturbation sample into parallel inference using an extreme gradient boosting tree and a lightweight gradient boosting machine to obtain a false positive risk score, and then fusioning it deterministically to generate a perturbation risk value. The perturbation risk value and the audit inference feature field values ​​of the perturbation sample set form a local fitting set; applying least squares fitting to the local fitting set to obtain a set of influence degrees for the audit inference feature fields, and sorting the set of influence degrees by absolute influence value to form a local explanation; calculating the coefficient of determination for the local fitting set and using it as the fitting summary. The coefficient of determination characterizes the degree to which the least squares fitting explains the changes in the perturbation risk value.

[0123] A resampling and replay stability assessment is performed on the local key point set. The resampling and replay stability assessment generates multiple sets of local interpretations and fitting summaries by repeatedly generating perturbed sample sets for the same sample candidate identifier and repeatedly performing local interpretable model-independent interpretations. Key factor sets are extracted from multiple sets of local interpretations and compared pairwise. Stability records are calculated for pairwise comparisons of key factor sets and aggregated to form a stability record set.

[0124] To further explain, stability records are obtained by pairwise comparisons of the key factor set. The expression for calculating stability records using the key factor set is as follows:

[0125] ;

[0126] in, Indicates stability record; This represents the first set of key factors corresponding to the local interpretation obtained from the resampling playback stability assessment. This represents the set of key factors corresponding to the second set of local interpretations obtained from the resampling playback stability assessment. Indicates the number of elements in the intersection of the sets of key factors; This represents the number of elements in the union of the sets of key factors.

[0127] S4.3. The fitted summaries of the stability record set and the local key point set are aggregated to form an explanation confidence score. The explanation confidence scores are aggregated according to the sample candidate identifier to form an explanation confidence score table. The explanation confidence score table is used to screen candidates that meet the explanation criteria and candidates that do not meet the explanation criteria.

[0128] To further clarify, the explanatory confidence score is determined jointly by the stability record and the fitted summary. The expression for calculating the explanatory confidence score using the stability record and the fitted summary is as follows:

[0129] ;

[0130] in, This indicates the interpretation of the confidence score; This indicates taking the smaller value; Indicates stability record; The coefficient of determination is represented in the fitted summary; the confidence score is used to simultaneously constrain the consistency of key factors and the consistency of the fitted summary.

[0131] Based on the explanatory confidence score table, candidate samples with an explanatory confidence score of 85 or higher are identified as candidates meeting the explanatory criteria, while candidate samples with an explanatory confidence score of less than 85 are identified as candidates failing the explanatory criteria. The explanatory confidence score of 85 or higher is because the explanatory confidence score uses the smaller value between the stability record and the coefficient of determination. An explanatory confidence score of 85 or higher indicates that both the stability record and the coefficient of determination are at a high level and meet the audit review requirements for explanatory repeatability and fit consistency. An explanatory confidence score of less than 85 indicates insufficient consistency of the key factor set or insufficient coefficient of determination and increases the risk of explanatory disputes.

[0132] For candidates whose explanations do not meet the criteria, select a single high-risk sample candidate identifier from the backup candidate pool to replace it and update the baseline candidate pool. The replacement process maintains the consistency of assertion type hierarchy and the consistency of the sorting position rules of the hierarchical sorting list.

[0133] After each baseline candidate pool update, the interpretation and replay dataset is called again, and the candidate identifier consistency check is re-executed according to the sample candidate identifiers in the updated baseline candidate pool. The corresponding audit inference features, single risk values, source map index information and evidence fingerprint index are re-extracted and summarized to form the updated interpretation and replay instance set.

[0134] The Shapley additive interpretation, locally interpretable model-independent interpretation, and resampling playback stability assessment are repeatedly performed on the updated interpretation replay instance set, and the interpretation confidence score table is regenerated. When the interpretation confidence score of all sample candidate identifiers in the updated baseline candidate pool is not less than 85 points, the baseline candidate pool is determined to meet the interpretation criteria, and the baseline candidate pool is aggregated to form the final sample set.

[0135] When there are no replaceable sample candidate identifiers in the backup candidate pool that satisfy the consistency of assertion type hierarchy and sorting position rules, the replacement process for the corresponding candidate that fails to meet the explanation criteria is terminated, and a replacement termination record is generated. The replacement termination record includes at least the original sample candidate identifier, explanation confidence score, reason for failure, backup candidate pool exhaustion flag, and termination time. The candidates that meet the explanation criteria without forming a replacement termination record are aggregated to form the final sample set.

[0136] Each candidate identifier in the final sample set is associated with a single risk value, a Shapley point set, a local point set, a stability record set, a source map index, and an evidence fingerprint index, and the replacement termination record is also encapsulated to form an interpretation package.

[0137] S5. Perform working paper element arrangement on the final sample set, and perform evidence verification and correlation analysis on the interpretation package, data fingerprint, digital signature and traceability graph index set to generate audit decision traceability results.

[0138] S5.1. Extract the sample candidate identifiers one by one from the final sample set and locate the corresponding sampling action in the audit decision record, locate the corresponding assertion description in the assertion description set, locate the corresponding single risk value in the candidate risk table, and locate the corresponding sorting position in the hierarchical sorting list; arrange the sampling action, assertion description, single risk value and sorting position into working paper elements according to a unified field order, and aggregate the working paper elements according to the sample candidate identifiers to form a working paper item set; the working paper elements contain the minimum set of information for review, and the working paper elements consist of sampling action, assertion description, single risk value and sorting position.

[0139] Extract the Shapley points set, local points set, stability record set, source map index information, and evidence fingerprint index corresponding to each sample candidate identifier from the interpretation package. Arrange the key factor contribution summary of the Shapley points set, the local explanation and fitting summary of the local points set, the stability record of the stability record set, and the source map index information according to the sample candidate identifier to form interpretation points. Establish a one-to-one correspondence between the interpretation points and the manuscript item set according to the sample candidate identifier and aggregate them to form the interpretation item set. The interpretation points are used to clearly assert the description of the corresponding key factor contribution summary, local explanation, and stability record.

[0140] S5.2. Extract data fingerprints and digital signatures from the audit traceability evidence package and locate the corresponding relationship according to the evidence fingerprint index. Associate the data fingerprints and digital signatures with the interpretation entry set according to the sample candidate identifier. Perform digital signature verification on the digital signature using the signature public key and generate a verification status. The verification status is aggregated according to the sample candidate identifier to form a verification status set. Establish a correspondence between the verification status set and the traceability graph index set, and arrange the correspondence between the start node, destination node, execution time and data fingerprint and digital signature as evidence verification entries. The evidence verification entries are aggregated according to the sample candidate identifier to form an evidence verification entry set.

[0141] To further explain, digital signature verification is calculated using the signing public key, data fingerprint, and digital signature, expressed as follows:

[0142] ;

[0143] in, Indicates the verification status; This refers to a digital signature verification algorithm. Indicates the public key for signing; Represents a data fingerprint; This refers to a digital signature.

[0144] S5.3. Extract key factor contribution summaries and local explanations from the explanatory item set and unify key factor names; extract the starting node, destination node, and execution time corresponding to the data fingerprint from the evidence verification item set and unify the tracing node names; establish retrieval relationships between key factor names, assertion descriptions, data fingerprints, and tracing nodes according to sample candidate identifiers and compile them into an association analysis index. The association analysis index is used to support retrieving assertion descriptions by key factor names, retrieving data fingerprints by assertion descriptions, and retrieving tracing nodes by data fingerprints; the association analysis index, along with the working paper item set, explanatory item set, and evidence verification item set, are aggregated to form the audit decision tracing results. The audit decision tracing results are used during review to reproduce the corresponding relationships between sampling actions, assertion descriptions, single risk values, sorting positions, Shapley points sets, local points sets, stability record sets, data fingerprints, digital signatures, and tracing graph index sets according to sample candidate identifiers.

[0145] This embodiment also provides a computer device applicable to the audit decision tracing method based on model interpretation, comprising: a memory and a processor; the memory is used to store computer-executable instructions, and the processor is used to execute the computer-executable instructions to implement the audit decision tracing method based on model interpretation as proposed in the above embodiment.

[0146] The computer device can be a terminal, comprising a processor, memory, communication interface, display screen, and input devices connected via a system bus. The processor provides computing and control capabilities. The memory includes non-volatile storage media and internal memory. The non-volatile storage media stores the operating system and computer programs. The internal memory provides an environment for the operation of the operating system and computer programs stored in the non-volatile storage media. The communication interface is used for wired or wireless communication with external terminals; wireless communication can be achieved through Wi-Fi, carrier networks, NFC (Near Field Communication), or other technologies. The display screen can be an LCD screen or an e-ink screen. The input devices can be a touch layer covering the display screen, buttons, a trackball, or a touchpad on the computer device's casing, or an external keyboard, touchpad, or mouse.

[0147] This embodiment also provides a storage medium storing a computer program that, when executed by a processor, implements the model interpretation-based audit decision tracing method proposed in the above embodiments. The storage medium can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read Only Memory (EPROM), Programmable Red-Only Memory (PROM), Read-Only Memory (ROM), magnetic storage, flash memory, magnetic disk, or optical disk.

[0148] In summary, this invention employs subject session identification and verification pass markers to ensure the traceability of data collection activities by the audit service interface and log interface. Furthermore, it uses data fingerprints and digital signatures to form an audit tracing evidence package, enabling audit decision records and original log streams to share consistent evidence anchors, thereby improving the operability of evidence integrity verification and source consistency verification. By processing internal enterprise log records through field purification, word segmentation, and log template parsing to generate a tracing graph index set, it achieves a queryable mapping between data flow events and evidence fingerprint signature pairs, reducing the risk of omissions due to reliance on manual comparison for cross-record associations and strengthening the audit chain. The system offers interpretability for changes in data flow; parallel inference and hierarchical ranking of misstatement risks based on audit inference characteristics enable sampling decisions to have a unified risk ranking caliber and support hierarchical coverage, improving the consistency and reusability of sampling schemes; the interpretation and replay dataset solidifies the association between audit inference characteristics, candidate risk tables, and source map index information, enabling Shapley additive interpretations and locally interpretable model-independent interpretations to have replay conditions, and, in conjunction with resampling and replay stability assessment, forms an interpretation confidence score and triggers candidate replacement, reducing review discrepancies caused by single interpretation fluctuations and improving the verifiability and dispute convergence ability of interpretation results.

[0149] It should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and are not intended to limit it. Although the present invention has been described in detail with reference to preferred embodiments, those skilled in the art should understand that modifications or equivalent substitutions can be made to the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention, and all such modifications or substitutions should be covered within the scope of the claims of the present invention.

Claims

1. A model-based method for tracing audit decisions, characterized in that: include, Construct audit entity identifiers and perform voucher verification, collect audit decision records and internal enterprise log records, and generate data fingerprints and digital signatures for key evidence to form an audit traceability evidence package; Perform field cleanup and word segmentation on internal enterprise log records, as well as log template parsing, extract data flow events and associate them with audit and tracing evidence packages to obtain a tracing graph index set; Perform sample candidate alignment on the audit decision record and the source graph index set and extract audit inference features. Call extreme gradient boosting tree and lightweight gradient boosting machine to infer false alarm risk in parallel and sort it hierarchically to generate a baseline candidate pool, a backup candidate pool and an explanation replay dataset. The interpretation replay dataset is called to perform Shapley additive interpretation, locally interpretable model-independent interpretation, and resampling replay stability evaluation on the baseline candidate pool. Candidates that meet the interpretation criteria are selected and backup candidate replacement is triggered to obtain the final sample set and interpretation package. The operational steps for performing Shapley additive interpretation include: A feature replacement order set is generated based on the list of audit inference feature fields for each candidate identifier in the interpretation replay instance set. The feature replacement order set is used to represent the different addition order of the audit inference feature fields. For each feature replacement order, the values ​​of fields in the audit inference feature fields that are not included in the order are replaced one by one using the baseline sample set, while the values ​​of fields that have been included in the order are retained to form feature subset records. The feature subset records are fed into extreme gradient boosting trees and lightweight gradient boosting machines for parallel inference to obtain false alarm risk scores, and feature subset risk values ​​are generated by deterministic fusion. The final sample set is used to arrange working paper elements, and the interpretation package, data fingerprint, digital signature and traceability graph index set are used for evidence verification and correlation analysis and arrangement to generate audit decision traceability results.

2. The audit decision tracing method based on model interpretation as described in claim 1, characterized in that: The specific steps for constructing the audit entity identifier and performing voucher verification are as follows: The audit platform registers the accounts, roles, and scope of permissions of the audit participants and assigns unique entity identifiers to form a set of entity identifiers; Bind the subject identifier set to the access credential verification rules and issue a session token to form a subject session identifier; The main session identifier is used to perform token verification on the log interface and audit service interface and record the verification status to form a verification pass mark.

3. The audit decision tracing method based on model interpretation as described in claim 2, characterized in that: The formation of the audit traceability evidence package specifically includes: The call verification collects sampling actions, assertion types, sample candidate identifiers, execution review roles, and working paper reference location information through the audit service interface to form an audit decision record; The call verification collects internal enterprise log records containing data flow-related messages and time information through the log interface, forming the raw log stream; Analyze audit decision records, extract the location information of cited key evidence, and perform salted hashing and digital signature on the key evidence to form evidence fingerprint signature pairs; The evidence fingerprint signature is encapsulated with the evidence name and category, sending and receiving time and object elements, and associated with the subject session identifier to form an audit traceability evidence package.

4. The audit decision tracing method based on model interpretation as described in claim 3, characterized in that: The obtained source graph index set is specifically as follows: The original log stream is cleaned by removing unstructured fields such as time, level, and component fields to form a cleaned log set. The cleanup log set is segmented into words and a tag sequence is generated to form a log tag sequence set; The log tag sequence set is parsed in a tree structure, with intra-group consistency checks, hierarchical clustering regrouping, and inter-group fusion to form a template parameter set. Extract the starting node, destination node, and execution time from the template parameter set and combine them into directed edge events to form a data flow event set; The audit traceability evidence package is associated with the data flow event set by time object and location information, and a queryable directed traceability relationship is constructed to form a traceability graph index set.

5. The audit decision tracing method based on model interpretation as described in claim 4, characterized in that: The process of aligning audit decision records with the source graph index set and extracting audit inference features specifically involves: The sample candidate identifiers of the audit decision record are located and matched with the directed edge events of the traceability graph index set to establish a one-to-one correspondence, forming a candidate alignment mapping result; The assertion information and audit procedure identifiers are extracted from the candidate alignment mapping results and aggregated into an assertion semantic description to form an assertion description set. Data flow path segments are extracted from candidate alignment maps and aggregated into path trajectory descriptions to form a path description set; Perform consistency verification on the fingerprints and signatures of the audit traceability evidence package to form a verification status set; The assertion description set, path description set, and verification status set are combined into audit inference features.

6. The audit decision tracing method based on model interpretation as described in claim 5, characterized in that: The generation of the baseline candidate pool, the backup candidate pool, and the interpretation replay dataset are specifically as follows: The audit inference features are fed into an extreme gradient boosting tree and a lightweight gradient boosting machine for parallel inference and the false alarm risk is output to form a dual-model risk pair. The risk pairs of the two models are deterministically fused to generate a single risk value, which is then summarized into a candidate risk table. The candidate risk table is sorted hierarchically according to assertion type and the sorting position is marked to form a hierarchical sorting list; Based on the hierarchical ranking list, the sample candidates corresponding to the candidate risk table are divided and the sampling level is identified to form a baseline candidate pool and a backup candidate pool. The audit reasoning features, candidate risk tables, source map index information, and evidence fingerprint signatures are paired and solidified, and associated with the baseline candidate pool and the backup candidate pool to form an interpretation and replay dataset.

7. The audit decision tracing method based on model interpretation as described in claim 6, characterized in that: The final sample set and interpretation package are obtained as follows: The baseline candidate pool and the explanation replay dataset are checked for consistency of candidate identifiers, and the reasoning features, risk values, source indexes and evidence fingerprints of the same candidate are extracted to form an explanation replay instance set; Perform Shapley additive interpretation on the replay instance set and output a summary of key factor contributions with a fixed baseline sample size to form the Shapley summary set; Local interpretable model-independent interpretations are performed on the instances corresponding to the Shapley point set, and local interpretations and fitting summaries are output with fixed perturbation sampling scales to form local point sets. Resampling and replaying of local key point sets and comparing the consistency between the ranking direction of key factors and the fitted summary are performed to form a stable record set; The stability record set is aggregated into an explanation confidence score and candidates that meet the explanation criteria are selected. At the same time, candidates that do not meet the criteria are replaced by calling the backup candidate pool and the explanation replay instance set is updated until the criteria are met, forming the final sample set and explanation package.

8. The audit decision tracing method based on model interpretation as described in claim 7, characterized in that: The generation of audit decision tracing results specifically includes: The final sample set is processed by arranging the manuscript elements and aggregating the sampling actions, assertion descriptions, risk values ​​and sorting positions to form a manuscript item set. The interpretation package is invoked to compile the key points of the interpretation of the draft entry set and associate it with stability records and source indexes to form an interpretation entry set; The data fingerprint and digital signature are invoked to perform consistency verification on the interpretation item set and the verification status is associated with the traceability graph index set to form the evidence verification item set; Perform correlation analysis on the evidence verification item set and establish retrieval relationships between key factors, assertions, evidence fingerprints and traceability nodes to form audit decision traceability results.

9. A computer device comprising a memory and a processor, wherein the memory stores a computer program, characterized in that: When the processor executes the computer program, it implements the steps of the audit decision tracing method based on model interpretation as described in any one of claims 1 to 8.

10. A computer-readable storage medium having a computer program stored thereon, characterized in that: When the computer program is executed by the processor, it implements the steps of the audit decision tracing method based on model interpretation as described in any one of claims 1 to 8.