To date, information system is introduced into many enterprises, to provide standard working process to users for reference according to original development documents as it is applied. How to analyze and validate whether users in procurement information system comply with standard working process with no deficiency in information security topics caused, should be emphasized by enterprises. This study proposed a mechanism to analyze user operation, by analyzing varied data behavior in event log of database when users are operating information system, by establishing priority of each behavior in log file on the basis of scheme in database, to further acquire individual user’ process operating database. Adopting Petri Net, this study drew standard process into Petri Net map. As for individual user’s process operating database, this study converted such process into Petri Net map according to convert steps in α algorithm, for benefiting auditor observation. To analyze difference between user’s processes with standard process, this study constructed a mechanism for automatic difference analysis, to assist auditor in analyzing user’s process automatically. Meanwhile, to validate its feasibility, a system is developed to assist auditor in knowing whether unpredicted losses inside enterprise are caused by improper behavior of user, thus to further reduce deficiency inside enterprise and provide chances of process re-engineering to enterprises with process difference results.