fraud detection - using data analysis techniques

7/30/2019 Fraud Detection - Using Data Analysis Techniques

1/6

Fraud Detection: Using Data Analysis Techniques

A new approach being used for fraud prevention and detection involves the examinationof patterns in the actual data. The rationale is that unexpected patterns can be symptomsof possible fraud. A simple example of the application of this technique is the search for

duplicate transactions, such as the same invoice number - vendor number:

Duplicate Transactions

Invoice Number Vendor Number Amount

129304 A543891 $1,035.71129304 A543891 $1,035.71

Ordinarily, one would expect that invoice number - vendor number combinations, wouldbe unique. Therefore, the existence of transactions with the same invoice number -

vendor number combinations would be an unexpected pattern in the data. Theidentification of possible duplicate transactions would be a possible symptom of fraudthat should be examined. However, fraud symptoms are only that symptoms - and care

should be taken to properly investigate the transactions before jumping to conclusions.Transactions that look like duplicates may simply be progress payments or equal billingof monthly charges. It is possible to search for duplicates on one or more key fields.

Even Amounts

Another digital analysis technique is to identify even dollar amounts, numbers that havebeen rounded up, such as $200.00 or $5,000.00. The existence of even amounts may be a

symptom of possible fraud and should be examined.

The MOD() function in ACL can easily identify these types of even numbers. Forexample: MOD(Amount,100) = 0 will identify transactions that are a multiple of 100,

such as $300.00 and $700.00, and also $1,200 and $25,000, but would not identifytransactions with Amounts of $200.23, or $1250.00. MOD(Amount,1000)=0 willidentify transactions with Amounts that are multiples of 1,000, such as $27,000, but

would not identify transactions with Amounts of $500.00 or $22,100.00.

Case Study: Even Amounts

Travel expenses had always be a concern for the auditors as controls were a weak.

Employees had a maximum per diem rate when traveling, but had to submit actualreceipts to cover the expenses. Maximums were also established for meals: Breakfast$10.00, Lunch $20.00 and Dinner $30.00 and for Hotel $100.00. The auditors used the

MOD() function to identify transactions that were multiples of $10.00 or multiples of$100.00. These transactions were compared to the manual receipts to ensure that theamounts expensed were appropriate.


2/6

The manual review determined that some people were charging the maximum rates for

meals and hotels even though the receipts did not justify the amounts.

Ratio Analysis

Another useful fraud detection technique is the calculation of ratios for key numericfields. Like financial ratios that give indications of the relative health of a company, data

analysis ratios point to possible symptoms of fraud. Three commonly employed ratiosare:

the ratio of the highest value to the lowest value (Maximum/Minimum); the ratio of the highest value to the next highest (Maximum/2nd Highest); and the ratio of the current year to the previous year.

For example, auditors concerned about prices paid for a product, could calculate the ratio

of the Maximum Unit Price to the Minimum Unit Price for each product (NATO StockNumber). If the ratio is close to 1, then they can be sure that there is not much variancebetween the highest and lowest prices paid. However, if the ratio is large, this could bean indication that too much was paid for the product in question.

Product Line Max Min Ratio

Product 1 235 127 1.85Product 2 289 285 1.01

Product 1 has a large difference in the unit price between the minimum and maximum(ratio of 1.85); whereas Product 2 has a smaller variance in the unit prices (ratio of 1.01).

Audit should review the transactions for the unit prices of $235 and $127 for Product 1 toensure the proper payments were made. Paying abnormally high unit prices for productsmay be a symptom of kickbacks in the contracting area.

The ratio of the maximum to the 2nd highest value can also highlight possible frauds. Forexample, examining the pattern of payments made to vendors can be revealing. In this

case, a large ratio could indicate an anomaly in the data.

Customer Max 2nd Highest Ratio

XYZ Corp. $100,080 $ 26,068 3.84ABC Corp. $103,429 $101,210 1.02

A large ratio indicates that the Maximum value is significantly larger than the second

highest value. Auditors and fraud investigators would be interested in these unusualtransactions as they represent a deviation from the norm. Unexplained deviations could


3/6

be symptoms of fraud. In a number of cases, high ratios have identified paymentsincorrectly made to the vendor.

Case Study - Doctored Bills

The auditors reviewed the patient billing system to determine if the appropriate chargeswere being assessed the patients healthcare providers. An initial analysis of the data wasperformed to calculate the ratio of the highest and lowest charges for each procedure.

The auditing standards required that procedures with a ratio of Highest/Lowest greaterthan 1.30 be noted and additional review performed.

This quarter, three procedures had ratios higher than 1.30, the highest ratio being 1.42. Afilter was set to identify the records related to the three procedures in question andadditional analysis was performed. This quickly determined that one doctor was charging

significantly more than the other doctors, for the same procedures. A comparison of thecharges from the billing system with the payments recorded in the Accounts Receivable

system, revealed that the doctor was skimming some of the payment received. Theamount recorded in the receivable system was in line with the usual billing amount for theprocedures. The doctor was unable to justify the higher prices, or explain the difference

in the billing and the receivable systems.

Trend Analysis

Analysis of trends across years, or across departments, divisions, etc. can be very usefulin detecting possible frauds. Another useful calculation is the ratio of the current year to

the previous year. A high ratio indicates a significant change in the totals.

Case Study - Contracting Kickbacks

Johnathan, one of the contracting officers, had devised a great scheme in which he wonand so did the companies who were willing to do business under his conditions.

Companies who were not willing to provide him with a little extra - would not get thecontract.

The auditors decided to use digital analysis as part of their review of the contractingsection. One of the analyses calculated the total contract amount by vendor for each ofthe past two years. A ratio of current year to previous year was calculated and the

statistics command was used to look at the minimum, maximum, average and highest andlowest 5 ratios. While the average was close to 1.0 the highest and lowest 5 values

showed that some companies had significant decreases in business, while others hadexperienced significant increases in business.

The auditors review the detailed for all companies that had a ratio of less than 0.7 or morethan 1.30. The detailed records were extracted to a file and totals were calculated bycontracting officer. For companies that had seen an increase in business, the results


4/6

revealed that Johnathan had raised many of the contracts. In comparison, Johnathan hadraised no contracts with the companies that had seen a decrease in business. The auditors

learned of Johnathans kickback scheme when they interviewed salesmen from thecompanies that had ratios less than 0.7. Interviews with salesmen from the firms that hadincreased sales by 1.30 or more added credence to the fraud accusations.

Benfords Law

More advanced techniques take data analysis to another level, examining the actualfrequency of the digits in the data. Benfords Law, developed by Frank Benford in the1920s, makes predictions on the occurrence of digits in the data. Benfords Law

concludes that the first digit in a large number of transactions (10,000 plus) will be a 1more often than a 2; and a 2 more often than a 3. In fact, the likelihood of the firstdigit taking on a value decreases as the value of the digit increases. Benford calculates

that the first digit will be a 1 about 30%, whereas 9 only has an expected frequency ofabout 5% as the first digit (Ted Hill, American Scientist, July-August 1998, pp.358-

363).

Benfords Law calculates the expected frequencies (rounded to three decimal places) for

first and second digits as follows:

Digit Frequency Frequency

(First Digit) (Second Digit)

0 - 0.120

1 0.301 0.1142 0.176 0.109

3 0.125 0.1044 0.097 0.1005 0.079 0.0976 0.067 0.093

7 0.058 0.0908 0.051 0.0889 0.046 0.085

However, not all data will have distributions as predicted by Benfords Law. Sometimesthere is valid rationale for certain numbers occurring more frequently than expected. For

example, if a company sends a large of amount of correspondence via courier, and thecost is a standard rate ($6.12) for sending a package of under one pound, then the first

digit 6 or the first two digits 61 may occur more often than predicted by BenfordsLaw. Guidelines for deciding whether the data will comply with the Law include:

there should be no set maximum or minimum; there should be no price break points ($6.12 for all packages under 1 pound,

$7.13 for package more than 1 pound and less than 2 pounds); and


5/6

numbers should not be assigned, such as policy numbers, social insurancenumbers, etc.

Given Benfords Law, we would expect that valid, unaltered data to follow the predicted

frequencies. Data that meets the above criteria, but fails to follow the expected

frequencies, may include fraudulent amounts (Mark J. Nigrini, PhD., Digital Analysis: acomputer-assisted data analysis technology for internal auditors, 1998). An analysis of

the frequency distribution of the first digits or second digits can detect abnormal patternsin the data and may identify possible frauds.

An even more focused test can be used to examine the frequency distribution of the firsttwo digits (FTD). The formula for the expected frequencies is:

Expected FTD Frequency = log(1+1/FTD)

Therefore, the expected frequency of 13 is log(1+1/13). The expected frequencies range

from 0.041 for 10, to 0.004 for 99 (Mark J. Nigrini, PhD., Digital Analysis: acomputer-assisted data analysis technology for internal auditors, 1998).

Case Study: Signing Authority

The auditors were investigating possible fraud in the contracting section where thousandsof contracts were raised every month. They used Benfords Law to examine the first two


6/6

digits of the Contract Amount. The results of their analysis revealed that the digits 49were in the data more often than expected.

Classify on the contracting office for all contracts with 49 as the first two digitsdetermined that the contracting manager was raising contracts for amounts in the range

$49,000 to $49,999 to avoid contracting regulations. Contracts under $50,000 could besole-sourced; contracts $50,000 or higher had to be submitted to the bidding process. Hewas raising contracts just under the financial limit and directing them to a company

owned by his wife.

Conclusions

Digital Analysis, an advanced application of data analysis, is a new tool for auditors andfraud investigators interested in preventing and detecting fraud. In fact, digital analysis is

a case where millions of transactions make the identification of fraud symptoms easier tofind then when there are only a few thousand transactions. The patterns in the data

become more obvious and focus attention on the fraud.

Dave Coderre

Author of The Fraud Toolkit; Fraud Detection: Using Data Analysis Techniques toDetect Fraud and CAATTs and Other BEASTs for [email protected]

fraud detection - using data analysis techniques

Documents