dr. kishore singh & prof. peter best department of accounting,...
TRANSCRIPT
Dr.KishoreSingh&Prof. PeterBestDepartmentofAccounting,Finance&Economics
GriffithUniversity
Introduction� ModernERPsystemsrecordseveralthousandsoftransactionsdaily
� Difficulttofindafewinstancesofanomalousactivitiesamonglegitimatetransactions
� CA/CMsystemsperformsubstantialanalytics,butmayproducelengthyreportsà informationoverload
� Approachesthatreducetheburdenofexcessiveinformationaremorelikelytocontributetotheoveralleffectivenessoftheauditprocess
� Weaddressthisissuebydemonstratingtheuseofvisualization topresentinformationgraphically
Visualization� Anytechnologythatenableusersto'see'information-helpsthembetterunderstandandputitintoanappropriatecontext
� Patterns,trendsandcorrelationsthatmaygoundetectedintext-baseddataà exposedandrecognisedwithlesseffort.
� Highvolumedata- visualizedasacollectionofpointsintwo-dimensionalspace
FrameworkforResearch� Thevisualizationsdevelopedinthispaperarebasedonnode-linkdiagrams
� Eachnodeisshownasapoint,circle,polygon,orsomeothergraphicalobject,andeachedgeisshownasalineorcurveconnectingthetwonodes
� Nodesareplacesintwo-dimensionalspace,andedgesrepresentrelationshipsbetweenthenodes
� Whynode-linkdiagrams?Theysimplifyidentificationofrelationships
� Goal- createarepresentationthatmakesunderlyingdataunderstandableandvisuallyappealing
AnomalyDetectioninAccountsPayable� Keymethodstodetect
� violationsinsegregationofduties� knownfraudschemes
� Wefocusontheformer
� ACFE(2014)- keyindicatorsforfraudsarelackofinternalcontrolsoranabilitytooverrideexistinginternalcontrols
� E.g.- toperpetrateavendorfraudanemployee- createsshellcompanyandsubmitfictitiousinvoicesforpayment
� Tosuccessfullyperpetratethisschemerequiresviolationofsegregationofdutiesbycreating(ormodifying)vendormasterrecords,andenteringinvoicesforpayment
Question1� Whattypesofvisualizationsmayassistauditorsindiscoveringpotentialanomaliesinaccountspayabletransactiondata?
� LittleandBest(2003)proposedthefollowingtwoseparationofdutiesprinciplesforaccountspayable� separationofmasterrecordmaintenancefromtransactionentry� separationofpaymentsandchequeentryfrominvoicedataentry
� Motivation- usersthathavetheseauthorizationsarecapableofcreatingshellcompaniesandpayingfictitiousinvoiceswithoutbeingdetected.
VisualizationstoDetectAPFraud� Thefollowingnode-linkvisualizationsareproducedinthisstudytodetectviolations inSoDs:
� Usersperformingvendormaintenance,enteringinvoiceandprocessingpayments
� Usersperformingvendormaintenanceandprocessingpayments� Usersperformingvendormaintenanceandenteringinvoices� Usersenteringinvoicesandprocessingpayments
SpecialCase� Modifyexistinglegitimatevendor– changevendorsbankingdetailstemporarilytofraudulentaccount,processpayment,revertvendorsbankingdetailstotheoriginalvalues(flipping)
Visualizationstodetectspecialcase� Vendorssharingbankaccounts– ifanemployeesetsupshellcompanyto
perpetratevendorfraudanduseacommonaccounttohavepaymentssentto,thenamongstthevisualizationofvendorbankaccounts,itwillappearthatbothalegitimatevendorandoneormoreothervendorssharedthesamebankaccountatsomepoint
� Vendorswithmultiplebankaccounts– shouldanemployeetemporarilyorpermanentlymodifyanexistinglegitimatevendorsbankingdetails(forgenuineorfraudulentreasons),thenthesechangesvisuallyappearasthoughthevendorhadmorethanonebankaccountatsomepoint
� Timelineanalysisforvendorbankaccountchanges(relatestovendorswithmultiplebankaccounts)–listoftransactionsthatareprocessedtoanyoralllistedbankaccountsthatavendorhadatsomepoint
FindingCollusion� Challenging- no“silverbullet”� Employeescolludetoovercomewell-designedinternalcontrols
� Visualizationsproducedinthisstudyhavethepotentialtohighlightsuchactivitieswhichmayassistanauditorindirectingtheirinvestigations
Question2� Howcanadatasetbeusedtodynamicallyproducevisualizationswithoutuserintervention?
� Pre-processeddataà sourcedataforvisualizations� VisualizationsproducedinGraphviz� Opensourcegraphvisualizationsoftware� UsestheDOTlanguagetodescribegraphs� InDOT- threetypesofobjects
� Graphs� Nodes� Edges
� Graphsmaybeundirectedordirected
Howdoesitwork?� SeverallayoutprogramsavailableinGraphviz� TakedescriptionsofgraphswritteninDOT(syntax),andproducediagrams
� Forexample� Thissyntax:digraphG{Hello->World}� Produces:
Question2version2� Howcanapre-processeddatasetbeusedtodynamicallycreateDOTcodewhichmaybeusedtoproducenode-linkvisualizationsinGraphviz?
� DOTissimpleyetcomplex� Severalattributesneedtobedefinedforgraphs,nodesandedges� Nodesà ellipses,boxes,recordsorplaintext(nooutline)� Nodeà polygonorrecord-based� Defaultnodelabelisitsname� Nodeandedgelabelsneedtobesetexplicitly� Multi-linelabelsarepossible� Colourattributescanbespecifiedfornodesandedges� Othercharacteristics- orientation,size,spacingandplacementareallconfigurable
DOTExample� Thisvisualizationdemonstratesrelationshipamongusersandtypesoftransactionstheyperform
� Itrequires74linesofDOTcode� MorecomplexvisualizationsmaypotentiallycontainhundredsorthousandsoflinesofDOTcodethatmayvaryfromonevisualizationtothenext
DOTCodeforExample� AsectionoftheDOTcodetoproducethepreviousvisualization
TheSolution� Graphvizcodewriter– blackboxsolution
� Requiresfiltered/pre-processeddataset� Sixstepprocess
GraphVizCodewriterprocess� Step1
� Readpre-processeddataintocodewriter� Step2
� Definetypeofgraph(e.g.directed),preconfigureattributes� Step3
� Extractallusernodesfromdatasetandpreconfiguretheirattributes(SQLSelect)
� Step4� Extractalltransactionnodesfromdatasetandpreconfigure
� Step5� Findassociationsbetweenuser andtransaction nodes,establishedges,preconfigureattributes
� Step6� ExportDOTfileforusebuylayoutprogram
ImplementationandTesting� TestedonSAPERPsystemofalargeorganization
� Theyprovidedasampleofaccountingtransactiondatawhichincludedbetween500,000and800,000individualtransactionsacrossthevariousdatatables,forasixmonthperiod
� Investigation� ViolationsinSoDs� Anomaliesrelatingtovendorbankaccounts
Usersperformingvendormaintenance,enteringinvoiceandprocessingpayments(Note:multipleedgesfromausernodetoaspecifictransactioncodenodeindicatethattheuserhasentered
thesametransactiontypeacrossmultiplecompanycodeswithintheSAPERPsystem)
Usersperformingvendormaintenanceandprocessingpayments(Note:multipleedgesfromausernodetoaspecifictransactioncodenodeindicatethattheuserhasentered
thesametransactiontypeacrossmultiplecompanycodeswithintheSAPERPsystem)
Usersperformingvendormaintenanceandenteringinvoices(Note:multipleedgesfromausernodetoaspecifictransactioncodenodeindicatethattheuserhasentered
thesametransactiontypeacrossmultiplecompanycodeswithintheSAPERPsystem)
Usersenteringinvoicesandprocessingpayments(Note:multipleedgesfromausernodetoaspecifictransactioncodenodeindicatethattheuserhasentered
thesametransactiontypeacrossmultiplecompanycodeswithintheSAPERPsystem)
Vendorssharingbankaccounts
Vendorswithmultiplebankaccounts
Timelineanalysisforvendorbankaccountchanges
Thisisapayment
Detailedactivitiesofasingleriskyuser
Targetingaspecificvendortoidentifywhichusersthathaveinteractedwiththevendor
Potentialto“see”relationshipsamongmultipleusersandcommonvendors
What’sgoingonhere?
Benford’sLaw:LawofLargeNumbers� Benford'slaw oflargenumbers,givesexpectedfrequenciesofdigitsinnumericaldata.
� Analysisofthefirsttwodigitsforvendorinvoicesrevealedlargedeviationsat11,22,27,36,45,54 and67.
� Othersmallerdeviationswerealsoobservedbutappearedinsignificant.
� 36wasselected asthiswasthelargest. Theinvestigationrevealed1217invoicetransactions,allcontaining36 asthefirsttwodigits.� Severalidentical amountsappearedtohavebeenrecordedforthesamevendors.Thesetransactionswereenteredbydifferentusers.Afollowupinvestigationwasconductedandseveralduplicateinvoiceswerediscovered.(Furtherdetailsofthisinvestigationwerenotprovidedbytheorganization).
Benford’sAnalysis
Validation� ReviewedbytheExecutiveDirector– InformationSystemsAuditofatopinternationalaccountingfirm,stated:‘…Automatedfrauddetectionsoftwarecanprovideinternalauditorswithatooltoefficientlyassessthepresenceoffraudwithinanorganization….Ingeneral,Ifoundthefunctionalityofthetooltobeuseful.TheuserinterfacewouldrequireaminimalleveloftrainingandsomelevelofunderstandingoftheSAPapplication,whichisareasonableconstraint.Thegraphsandvisualizationsclearlycommunicatedamessageforthereader.’
Feedbackfromauditingpractitioners� Feedbackfromapanelofauditingpractitionerswasverypositive.
� Theyfoundthevisualizationseasytounderstand,andusefulinaggregatinglargevolumesofdata.
� Visualizationswereseenasenablingidentificationofrelationshipsorpatternsindatathatwouldotherwisebedifficultintextualdata.
� Overall,thepanelratedthevisualizationsasinnovativeandimportanttoolsinafraudinvestigator'stoolkit
Conclusion� Newandevolvingopportunitiesforfraudsters� ThousandsoftransactionsdailygeneratethousandsoflinesofdatainERPsystem- novelapproachesrequiredtoleveragetheamountofdata
� Hiddenamonggigabytesofdatamaypossiblybefraudulenttransactions- nearimpossibletodetect.
� Forensicanalystsandauditorsseekingnewandinnovativemethodstodiscoverfraud
� Completefrauddetectionischallenging- no“silverbullet”� Visualization,whencombinedwithothermethodologies,mayimproveanauditor’sabilitytoidentifysuspiciousactivitiesnototherwiseidentifiable,andtoencouragefurtherinvestigations.
� KSingh&PBest(2016)InteractivevisualanalysisofanomalousaccountspayabletransactionsinSAPenterprisesystems.ManagerialAuditingJournal31(1),35-63
� Little,A.&Best,P.J.(2003)AframeworkforseparationofdutiesinanSAPR/3environmentManagerialAuditingJournal18(5), 419-430
� ACFE(2014)ReporttotheNationonOccupationalFraudandAbuse, http://www.acfe.com/rttn. Accessed:2June2014
References