taking data analytics to the next level...the first 48 hours: live server log files pulled for early...
Post on 01-Jun-2020
2 Views
Preview:
TRANSCRIPT
®2013 Association of Certified Fraud Examiners, Inc.
Taking Data Analytics
to the Next Level
Upping the Analytic Ante:
A Structured Approach to Unstructured Data
®2013 Association of Certified Fraud Examiners, Inc.
2 of 36
Structured Data Sources
SAP
Oracle
JD Edwards
Great Plains
Quickbooks
Excel or Access
SAS
Web logs
CRM and sales data
Customs & logistics
Access logs
Trade data
Surveys
Research data
®2013 Association of Certified Fraud Examiners, Inc.
3 of 36
Integrating Forensic Analytics into the
Investigation or Anti-Fraud Program
Pre-field work analysis and sample selections:
Mine payables data for potentially improper payments
Mine selected, high-risk GL accounts:
Gifts, charity, donations, promotions, miscellaneous, customs
Mine travel & entertainment
Conflicts of interests between vendor and employee
master
®2013 Association of Certified Fraud Examiners, Inc.
4 of 36
Integrating Forensic Analytics into the
Investigation or Anti-Fraud Program
During field work
Use of interactive dashboards during interviews
Additional “drill-down” when new information is
discovered
®2013 Association of Certified Fraud Examiners, Inc.
5 of 36
Common Structured Data Anti-Fraud Tests
Payment stream analysis Altered invoices, goods not received, duplicate invoices,
unauthorized payments, excess quantities purchased,
requestor/approver conflicts
Vendor master/employee master
comparisons Conflicts of interest, fictitious vendors, background due diligence
Employee expenses and P-card expenditures Over limits, unauthorized expenses, miscellaneous/sundry
expenses, bribery
®2013 Association of Certified Fraud Examiners, Inc.
6 of 36
Common Structured Data Anti-Fraud Tests
Payroll Ghost employees, unusual payments, no
deductions/evaluations, direct deposit account analysis
Bribery and corruption Bid rigging, conflicts of interest, contract compliance, kickbacks,
payments to outside consultants, inappropriate donations
®2013 Association of Certified Fraud Examiners, Inc.
7 of 36
Who
Recipient
Corrupt
IntentBusiness
Purpose
Payment
FCPA
Violation
The FCPA potentially applies to any individual, firm,
officer, director, employee, or agent of a firm and any
stockholder acting on behalf of a firm.
The person making or
authorizing the payment must
have a corrupt intent, and the
payment must be intended to
induce the recipient to misuse
his official position to direct
business wrongfully to the
payer or to any other person.
Prohibits paying, offering, promising to
pay (or authorizing to pay or offer)
money or anything of value.
Extends only to corrupt
payments to a foreign
official, a foreign political
party or party official, or
any candidate for foreign
political office.
Prohibits payments
made in order to
assist the firm in
obtaining or
retaining business
for or with, or
directing business
to, any person.
Source: www.justice.gov/criminal/fraud/fcpa/docs/lay-persons-guide.pdf
DOJ’s Five Elements of an FCPA Violation Good Framework for Developing Corruption Tests
®2013 Association of Certified Fraud Examiners, Inc.
8 of 36
Anti-Bribery and Corruption
Analytics Work Plan Element of an
FCPA violation Sample analytical tests
Who (Vendor & agent analysis)
• Stratify agent payments by time period and currency amount
• Stratify agent payments by contract or project code
• Identify large, round-sum payments by agent and frequency
• Identify top ten agents with highest expense-to-fee ratio
• Analysis of agent commissions, recurring commissions,
large/round dollars, etc.
• Identify payments to vendors not listed in the vendor master
• Cluster bottom ten agent payments and frequency
Corrupt intent (Text analytics)
Concept analysis of free-text fields of selected GL data:
• Cash disbursements
• Travel and entertainment
• Consultant/agent payments
• Marketing expenditures
• Charitable expenditures
• Customs clearance account
• Cost of sales
®2013 Association of Certified Fraud Examiners, Inc.
9 of 36
Anti-Bribery and Corruption
Analytics Work Plan (continued)
Element of an
FCPA Violation Sample analytical tests
Payment (Cash disbursements
analysis)
• Cash disbursement analysis by country
• Petty cash account analysis in selected countries
• Payments made w/o a P.O. or to payee not in vendor master
• Compare payment activity to Transparency International’s
CPI index (generate heat map)
• Analysis of travel and entertainment by country
• Analysis of payments to charity by country
• Analysis of payments made to customs agents by country
• Vendor background checks/third-party due diligence
®2013 Association of Certified Fraud Examiners, Inc.
10 of 36
Anti-Bribery and Corruption
Analytics Work Plan (continued)
Element of an
FCPA Violation Sample analytical tests
Recipient (Customer / buyer analysis)
• Customer segmentation by country
• Government customer segmentation by country
• Transparency International’s CPI index
• Sale price and margin analysis across customers by product
• Free goods or credits as a percentage of sales
Business purpose
test (Revenue analysis)
• Trending analysis of revenue by country
• Stratification of revenue by country
• Trending analysis of revenue by customer
• Stratification of revenue by customer
• Calculation of effective commission rate paid to agents
®2013 Association of Certified Fraud Examiners, Inc.
11 of 36
Procure-to-Pay,
Accounts Payable Tests
®2013 Association of Certified Fraud Examiners, Inc.
12 of 36
Vendor Cash Disbursement,
Payment Analytics
Analytics include:
Vendor stratification and clustering by amount and over
time
Requestor/approver conflicts—fake invoices or ghost
vendors
Conflicts of interest—employee and vendor master
comparison
Text mining and keyword searching of suspicious
payment descriptions
Identify government vendors or payments in unusual
foreign currencies
®2013 Association of Certified Fraud Examiners, Inc.
13 of 36
Questions to ask:
Did executives have fake vendors on the vendor
master linked to their home, friends, or personal bank
accounts?
Were there duplicative invoices being submitted to
extract cash?
Were executives overriding controls to extract cash for
bribes?
What is the nature of the vendors that certain
executives approved?
Vendor Cash Disbursement,
Payment Analytics
®2013 Association of Certified Fraud Examiners, Inc.
14 of 36
Accounts Payable Analytics
Vendor stratification
Round-dollar amounts
One-time payees or payees
not on vendor master
Duplicative payments
High amount/low frequency
or low amount/high
frequency
Keyword search for
suspicious payment
descriptions
Concept analysis of
free-text terms
Statistical anomaly
detection
Payments in unusual
currency
Employee and vendor
master conflicts
Payment and vendor
risk scoring
®2013 Association of Certified Fraud Examiners, Inc.
15 of 36
AP Demonstration
®2013 Association of Certified Fraud Examiners, Inc.
16 of 36
Travel and Entertainment Expense
Analytics Analytics include:
Where are expenses
occurring (country,
state, city) by
category?
What is expense for?
How much?
Who is submitting?
Duplicate expenses
Text mining and
keyword search
EY’s interactive T&E Expense Review Dashboard
®2013 Association of Certified Fraud Examiners, Inc.
17 of 36
Travel and Entertainment Expense
Analytics Questions to ask:
Are there patterns with respect to who executives
entertained (e.g., state-owned entities, PEPs, and
other government officials)?
Are there patterns of inappropriate expenses
(nightclubs, gift giving, etc.)?
Are there bogus reimbursements to fund improper
cash to executives so they could to entertain public
officials?
®2013 Association of Certified Fraud Examiners, Inc.
18 of 36
Travel and Entertainment Expense
Analytics Stratify by top employees
Stratify by expense
category
Round-dollar amounts
Keyword search expense
descriptions
Concept analysis of
expense descriptions
Entity extraction—look for
proper names in
descriptions
Statistical anomaly
detection
Low dollar/high
frequency
Weekend T&E incurred
Focus on T&E with
government officials
Employee risk score
®2013 Association of Certified Fraud Examiners, Inc.
19 of 36
Travel and Entertainment Example “Who Entertained Whom, Where, What For, and For How Much?”
®2013 Association of Certified Fraud Examiners, Inc.
20 of 36
Other Examples
®2013 Association of Certified Fraud Examiners, Inc.
21 of 36
Customer Analytics
Analytics include:
Customer stratification and clustering by amount and
over time
Revenue recognition and time series analysis at
quarter or year end
Free goods, credits, and discount sales analysis/
comparison
Conflicts of interest—employee and customer master
comparison
®2013 Association of Certified Fraud Examiners, Inc.
22 of 36
Customer Analytics
Questions to ask:
Are any customers getting favorable treatment from
certain executives in terms of average sales price,
discounts, credits, etc.?
Are there patterns that suggest potential revenue
recognition concerns (e.g., sales booked in December
and returned in January)?
Are there customers related to certain executives that
pose conflict of interest concerns (e.g., family
members, same last name, same bank account, same
address, etc.)?
®2013 Association of Certified Fraud Examiners, Inc.
23 of 36
Selected GL accounts
Stratify by selected, high-risk accounts
Adjustments to dormant accounts
Look for reserve or miscellaneous accounts
Round-dollar entries
One-time or end of year/quarter postings
Keyword search JE descriptions
Concept analysis of JE descriptions
Entries made on weekends or holidays
®2013 Association of Certified Fraud Examiners, Inc.
24 of 36
Transaction Risk Scoring
Filter by selected
analytics Review breaches on
targeted analytics
®2013 Association of Certified Fraud Examiners, Inc.
25 of 36
Challenge: Analyze 400,000 transactions for
suspected bribery payments per DOJ subpoena
1. Team reviewed 2,000 transactions from ledger data (text
comments, amounts, dates, etc.)
Identified 400 suspicious and 1,600 non-suspicious entries
2. Created statistical model: “is suspicious”/“is not suspicious”
3. Applied model to remaining 398,000 transactions
4. Identified 14,000 new suspicious transactions
With confidence over 95% similar to “is suspicious”
Identified over $8 million in highly suspicious payments
Methodology accepted by the DOJ for this case
Predictive Modeling
®2013 Association of Certified Fraud Examiners, Inc.
26 of 36
These three variables
were the highest
drivers of suspicious
transactions
These variables were less important when predicting suspicious
transactions. Client should focus resources on monitoring efforts for the
three leading drivers, which accounts for 80% of the predictive value.
Perform Variable
Analysis
Predictive Modeling Focus on the Variables That Matter Most
®2013 Association of Certified Fraud Examiners, Inc.
27 of 36
Practical Problem 2: Finding
Potentially Improper Payments
®2013 Association of Certified Fraud Examiners, Inc.
28 of 36
Practical Problem
Global manufacturing company
Focus on China business activity
Review of accounts payable, T&E, and GL
Analyze dashboard
Analyze selected reports
Analyze transaction risk scoring output
Build your sample selections
Challenge: Who can spot the most improper payments?
®2013 Association of Certified Fraud Examiners, Inc.
29 of 36
Unstructured Data Analytics
®2013 Association of Certified Fraud Examiners, Inc.
30 of 36
Unstructured Data Sources
Instant message
Social media posts
Video
Voice
News feeds
User documents
Presentations
Sales and marketing
iPhone apps
®2013 Association of Certified Fraud Examiners, Inc.
31 of 36
What You Might Have Heard
From eDiscovery
Keyword search
Concept analysis
Predictive coding
®2013 Association of Certified Fraud Examiners, Inc.
32 of 36
Now Let’s Talk Text Mining
Emotive tone—happy, sad, angry, confused,
communications
Ethical behavior—harassing, secretive, cursing
Entity extraction
Text link analysis
Social network
analysis
Fraud triangle
analytics
®2013 Association of Certified Fraud Examiners, Inc.
33 of 36
Social Network Analysis Who Is Talking to Whom?
The first 48 hours: Live server log files pulled for early case assessments
Understanding a complex organization’s true organization chart:
Identification of relationships versus activities, amongst actors
Triage of custodians and communications: Rapidly identify and point to
communications of highest interest
Sample analytics criterion:
1. Private communications where 90% of all communications is outbound
2. Private communications where content is FORWARDED outbound more than 35% of time
3. Private communications where attachments are sent outbound more that 35% of time
®2013 Association of Certified Fraud Examiners, Inc.
34 of 36
The Fraud Triangle* Applying Theory to Electronic Communications
*Donald R. Cressey's Fraud Triangle: Incentive/Pressure, Opportunity, and Rationalization are present when fraud exists.
®2013 Association of Certified Fraud Examiners, Inc.
35 of 36
Interactive Dashboard
Fraud Triangle Analytics – Interactive Dashboard
®2013 Association of Certified Fraud Examiners, Inc.
36 of 36
Rogue Employee Analytics Risk Scoring Model—Peer Stratification Dashboard Review
Peer Stratification
Dots represent clusters of high-risk communications
that can be reviewed by clicking.
Detail-Level View
top related