Technology for Business Assurance
Copyright © 2009 ACL Services Ltd.
The Best of Crimes, the Worst of Crimes: Fraud Stories That Prove the Truth Is in the Transactions
Peter Millar
Director, Technology ApplicationACL Services Ltd
[email protected] | twitter.com/PBMillar
Copyright © 2009 ACL Services Ltd. 2ACL Services Ltd.
t was the best of times, it was the worst of times,
…it was the age of wisdom, it was the age of
foolishness, it was the epoch of belief, it was the epoch
of incredulity…
…we had everything before us, we had nothing before
us, we were all going direct to Heaven, we were all
going direct the other way…
…the period was so far like the present period, that
some insisted on being received, for good or for evil, in
the superlative degree of comparison only.
Copyright © 2009 ACL Services Ltd. 3ACL Services Ltd.
t was the best of Crimes, it was the worst of Crimes,
…it was the age of deceit, it was the age of foolishness, it was
the epoch of belief that no one would know.
…we had everything before us—as evidenced in the data, we
had nothing before us—because we failed to see.
…in the superlative degree of comparison, it was the worst of
crimes because the truth lay in the transactions and all one
had to do was to look for it.
Copyright © 2009 ACL Services Ltd. 4ACL Services Ltd.
ey events—past decade
2000: ―Bull Market‖ and Y2K
2001: Terrorism, BCP, and disaster recovery
2002: Enron, WorldCom, and Cynthia Cooper
2002–2003: Sarbanes-Oxley and PCAOB
2004–2007: SOX, SOX, and things like SOX (at least for Auditors)
2008: Implosion of the economy
2010–Today: Economic recovery; realignment of coverage
Copyright © 2009 ACL Services Ltd. 5ACL Services Ltd.
―It’s only when the tide goes
out that you learn who's
been swimming naked.‖
- Warren Buffet
Copyright © 2009 ACL Services Ltd. 6ACL Services Ltd.
Changes Owing to the Economic Crisis
Assurance providers now need to:
– Work more closely with management to identify risk, and add value to the
bottom line.
– Take a more strategic role and help the business make sound decisions.
Management needs to:
– Leverage the knowledge/expertise of those providing business assurance.
Technology is:
– Critical to delivering more insight, improved quality, and greater confidence.
Copyright © 2009 ACL Services Ltd. 7ACL Services Ltd.
Using Data Analysis for Fraud Detection
1. Test against 100 percent of transactions
2. Automate testing to enable:– Continuous assessment of problem areas
– Scheduled repetitive monitoring of other risk areas
– Increased efficiencies in identifying indicators of fraud
3. Access and relate data from virtually any source– Internal or external to organization
– Without moving sensitive data outside of the secure data center
4. Identify where automated system-based controls:– Are not functioning effectively
– Do not apply to the business process (manual controls only)
Copyright © 2009 ACL Services Ltd. 8ACL Services Ltd.
Sampling for Fraud Detection?
Acceptable
Range
Population Sample
Control Breach
Suspicious Transactions
Copyright © 2009 ACL Services Ltd. 9ACL Services Ltd.
A process that uses [technology] is light years ahead of
manual sampling. In the past, you’d have to hit the
lottery to find something big. With [data analysis,] we
can find the root issues, identify trends, and provide our
clients with detailed results.
Jill LindenVice President of Operations
CHAN Healthcare Auditors
Copyright © 2009 ACL Services Ltd. 10ACL Services Ltd.
A Variety of Analytical Techniques for Fraud Detection
Calculation of statistical parameters,such as averages, standard deviations, and highest and lowest values, to identify statistical anomalies
Classifications to find patterns and associations among groups of data
Stratifications of numeric values to identify unusual and outlying values
Digital analysis, using Benford’s Law, to identify statistically unlikely occurrences of numeric amounts
Joining or matching data fields between disparate systems, typically looking for expected matches or differences for data such as name, address, telephone, or part/serial number
―Sounds like‖ functions that identify fraudulent variations of valid company and employee names
Duplicates testing that identifies both simple or complex combinations of duplication
Gaps testing that identifies missing sequential data
Summing and totaling to check control totals that may be falsified
Graphing to provide visual identification of anomalous transactions
Copyright © 2009 ACL Services Ltd. 11ACL Services Ltd.
Application Areas for Data Analytics in Fraud
Vertical Business Processes
Insurance Claims
Health Care
Financial Services
Manufacturing
Retail
Construction/Engineering Contracts
Telco
Standard Business Processes
Procure-to-Pay
Travel and Entertainment
Corporate Cards
Order-to-Cash
Payroll
Inventory and Materials Management
Capital Assets
Financial Statements and Reporting
General Ledger
Revenue Recognition
Information Systems
Segregation of Duties
Systems Access
Master Data Files
Configuration Settings
Copyright © 2009 ACL Services Ltd. 12ACL Services Ltd.
Food for Thought …
Is it reasonable to expect a correlation between the current
economic climate and instances of fraud and abuse?
– From employees?
– From suppliers?
– From customers?
– From other business partners?
Copyright © 2009 ACL Services Ltd. 13ACL Services Ltd.
3rd Party
ProvidersCustomers
Impact of a Troubled Economy
People
Business
Strategy
Internal
Processes
Your company
Copyright © 2009 ACL Services Ltd. 14ACL Services Ltd.
As employees or managers
– Feeling pressure to make miracles happen
– Forced to do more with less
– Bonuses unlikely
– Fearing job loss
– Reduced work enjoyment and, ultimately, company loyalty
As people
– Stressed from financial obligations
– Increase in ―survival mode‖
What Is Happening to Your People?
Completeness/Integrity of
Internal ReportingSegregation of
duties exposure from downsizing
Employee fraudand policy abuse
Copyright © 2009 ACL Services Ltd. 15ACL Services Ltd.
May still be operating under decisions made during better
economic times
– Controls
– Acceptable risk
– Error rates
– Tolerance levels
The desire to capture business may be at odds with existing
policies
―Non-negotiable‖ legal terms and conditions may become
negotiable in practice
What Is Happening to Your Processes?
Quantification ofremaining risks
Exposure fromexisting tolerances
Policy circumvention(e.g., ―splitting‖)
New vendor/contractmonitoring
Copyright © 2009 ACL Services Ltd. 16ACL Services Ltd.
What Is Happening to Your Customers?
Economic uncertainties are forcing budget cuts
Additional approvals are required to free budget dollars,
lengthening the buying cycle
Previously-approved projects are being cut
Looking to stretch the value for their dollar
Desire for returns and warranty redemptions may increase
Verification ofassumptions
Sales order cancellations to
purchase cancellations
Returns andwarranty estimates
Ineligiblediscounts
Copyright © 2009 ACL Services Ltd. 17ACL Services Ltd.
What Is Happening to Your 3rd Party Providers?
Similar to your own issues
May or may not have contractual obligation to inform you in
advance of dire circumstances
May be looking for ways to increase their revenues, even if not
technically in line with contract terms
May be reticent to disclose poor buying behavior on the part of
your company
Significantvendor assessment
Fraudulent/erroneous billing
Price trendingDuplicate vendors,
contracts, etc.
Overpayments / discounts not taken
Copyright © 2009 ACL Services Ltd. 18ACL Services Ltd.
Types of Fraud Tests—Low-Hanging Fruit
Type Tests used
Fictitious vendors Run checks to uncover post office boxes used as addresses and to find any
matches between vendor and employee addresses and/or phone numbers.
Altered invoices Search for duplicates.
Check for invoice amounts not matching contracts or purchase order amounts.
Duplicate invoices Review for duplicate invoice numbers, duplicate dates, and duplicate invoice
amounts.
Duplicate payments Search for identical invoice numbers and payment amounts.
Payroll fraud Check whether a terminated employee is still on payroll by comparing the date of
termination with the pay period covered by the paycheck, and extract all pay
transactions for departure date less than the date of the current pay period.
Copyright © 2009 ACL Services Ltd. 19ACL Services Ltd.
Examples of Fraud Tests: P-Cards
Split purchases to avoid purchasing card limits– Purchases processed as two or more separate transactions
– Identified by isolating purchases from specific vendors
within short periods of time
Favored vendors for kickbacks– Trend analysis to compare current transaction volumes
to previous time period
Suspicious purchases– Transactions that occur on weekends, holidays,
or vacations
U.S. Government Agency Monitored 12 million transactions, identified
$38 million in suspect transactions
Copyright © 2009 ACL Services Ltd. 20ACL Services Ltd.
Depending on your business, this may
very well be a valid business expense
… but probably not
Copyright © 2009 ACL Services Ltd. 21ACL Services Ltd.
Do we really have to ask?
Copyright © 2009 ACL Services Ltd. 22ACL Services Ltd.
Examples of Fraud Tests: Payables
Questionable invoices
– Invoices without a valid P.O.
– Sequential invoices
Over-billing
– Quantity shipped less than quantity ordered
– Item shipped of lower value than item ordered
Duplicate invoices
– Multiple invoices for same item description
– Invoices for same amount on the same date
– Multiple invoices for same P.O. and date
UK Supplier of Construction Materials Simple test uncovered £1.5 million worth of duplicate invoices billed over three years.
Copyright © 2009 ACL Services Ltd. 23ACL Services Ltd.
Is your firm sponsoring a racing team?
Copyright © 2009 ACL Services Ltd. 24ACL Services Ltd.
Examples of Fraud Tests: T&E
Duplicate claims
– Submitting claims twice
Tracking ―no receipt‖ claims
– Isolate expenses without receipts and identify underlying
trends through profiling techniques
Threshold reviews
– Track personnel exceeding thresholds
Inappropriate activity
– Compare expenses to travel records to ensure expenses
claimed for valid trips
Financial Services Firm Identified a single expense fraud worth $30,000 and in excess of
200 instances of expense abuse in one month.
Copyright © 2009 ACL Services Ltd. 25ACL Services Ltd.
Business expense?
Copyright © 2009 ACL Services Ltd. 26ACL Services Ltd.
Fraud Indicator Test: Benford’s Law
Numbers occur with predictable frequency within
a ―natural‖ population
Numbers 1–9 appear with declining frequency
– 1 = 30 percent
– 9 = 4.6 percent
Test points to numbers appearing more frequently
than normal, therefore suspect
Billings Spike in the number ―5‖ identified fraudulent billings.
Copyright © 2009 ACL Services Ltd. 27ACL Services Ltd.
What happens in Vegas…
Copyright © 2009 ACL Services Ltd. 28ACL Services Ltd.
http://www.expenseasteak.com/
Copyright © 2009 ACL Services Ltd. 29ACL Services Ltd.
Analytics for Fraud Detection: Six Steps
1) Build a profile of potential frauds.
– This profile includes a list of the many different areas in which fraud may
occur and the types of fraud that are possible in those areas.
– This can be developed as part of a risk assessment.
Copyright © 2009 ACL Services Ltd. 30ACL Services Ltd.
Analytics for Fraud Detection: Six Steps
2) Test data for possible indicators of fraud.
– A complete testing program should include ad hoc testing in addition to more
formalized or regular tests.
– The spectrum of automated testing ranges from ad hoc, to repetitive, to
continuous.
Copyright © 2009 ACL Services Ltd. 31ACL Services Ltd.
Analytics for Fraud Detection: Six Steps
3) Improve the process by implementing continuous analysis.
– Use continuous analysis to test and validate the effectiveness of your
controls and identify fraud indicators—on a timely basis.
– Provide management with immediate notification.
– Create processes for control remediation.
– Implement on a comprehensive basis across business process areas.
Copyright © 2009 ACL Services Ltd. 32ACL Services Ltd.
The Analytic Spectrum for Fraud Detection
Explorative and
investigative in nature—
varied in frequency
Seeking documented
conclusions and
recommendations
Periodic analysis of
processes from multiple
sources and high data
volumes
Seeking to improve the
efficiency and quality of
fraud detection processes
―Always on‖—scripted
monitoring of key processes
Seeking timely notification of
trends, patterns, and
exceptions supporting fraud
detection programs
Ad Hoc Repetitive Continuous
Copyright © 2009 ACL Services Ltd. 33ACL Services Ltd.
Analytics for Fraud Detection: Six Steps
4) Review results from testing and continuous analysis .
– Investigate patterns and indicators that emerge from the fraud detection tests
and continuous analysis.
– Quantify the risk of fraud.
– Identify and target high-risk areas.
– Consider risk monitoring dashboards.
Copyright © 2009 ACL Services Ltd. 34ACL Services Ltd.
Analytics for Fraud Detection: Six Steps
5) Expand scope and repeat.
– This process of building a profile, testing data, improving controls, and
reviewing information needs to be done on a regular basis.
Copyright © 2009 ACL Services Ltd. 35ACL Services Ltd.
Analytics for Fraud Detection: Six Steps
6) Report.
– Report recommendations on how to tighten controls or change processes to
reduce the likelihood of fraud recurrence.
– Follow up to see if those recommendations have been acted upon and if they
have had the desired effect.
– Communicate—―Tone at the Top.‖
Copyright © 2009 ACL Services Ltd. 36ACL Services Ltd.
Data Analysis: Fraud Detection—or Prevention, Too?
Iterative process
– Analyze transactions to find out control deficiencies
– Improve the control
For key risks, transaction analysis can be used to prevent
completion of a process
– Immediate alert to management and audit
Visibility of internal controls and detection system effectiveness
– Creates changes in awareness and culture
– Sets an appropriate Tone at the Top
Copyright © 2009 ACL Services Ltd. 37ACL Services Ltd.
Benefits
Close control loopholes before fraud escalates
Quantifies the impact of fraud
Cost-effective deterrent
Can be automated for continuous analysis
Provides focus based on risk and probability of fraud
Direct pointers to critical evidence
Copyright © 2009 ACL Services Ltd. 38ACL Services Ltd.
Questions You Should Ask About Data Analysis and Fraud
Where is my highest risk of fraud?
What indicators—if any—would I expect to see in the data?
What systems do I need to access to highlight suspected fraud?
Can I get access to this data?
What techniques (matching, grouping, filtering) should I apply?
Can I automate these analytics to drive efficiency into my work?
Copyright © 2009 ACL Services Ltd. 39ACL Services Ltd.
We can do a far, far better job of detecting fraud.
This will give us all a better night’s rest.
…than I have ever done; it is a far, far better rest that I go to than I
have ever known.”
t is a far, far better thing that I do,
I have Great Expectations that you can…
Copyright © 2009 ACL Services Ltd. 40ACL Services Ltd.
Questions?
[email protected] | twitter.com/PBMillar