02/18/2010 Meeting - Data Analytics

  • 199 views
Uploaded on

 

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
199
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
10
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Leveraging data analysis toLeveraging data analysis to identify fraud patterns and issues Satish Lalchand Deloitte Financial Advisory Services LLPDeloitte Financial Advisory Services LLP Jason Beck CISCO February 18th, 2010 This presentation contains general information only and Deloitte Financial Advisory Services LLP is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for suchaccounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte Financial Advisory Services LLP shall not be responsible for any loss sustained by any person who relies on this presentation.
  • 2. Agenda Introduction Current environment and challengesCurrent environment and challenges Strategies for identifying fraud and leveraging analytics fData analytics concept and sources of data Leveraging analytics to identify : 1 Vendor fraud1. Vendor fraud 2. Employee fraud 3. Revenue manipulation 4. Foreign Corrupt Practices Act (“FCPA”) and commercial corruption issues Tools for analysis Copyright © 2010 Deloitte Development LLC. All rights reserved.1 Questions
  • 3. Deloitte Survey Indicates that Executives Believe Economic Stress can Lead to Increase in FraudEconomic Stress can Lead to Increase in Fraud Economic stress can result in increased pressure on professionals to meet earnings and revenue targets and increase risk of misappropriationg g pp p of assets fraud due to layoffs and cost cutting measures. According to an online survey in October 2008 of 249 executives from a cross section of industries including financial services, industrial manufacturing, energy and utilities, consumer products, and insurance d t d b C li W k b h lf f D l itt Fi i l Ad iconducted by Compliance Week on behalf of Deloitte Financial Advisory Services LLP, over 90% of respondents expect fraud activity to remain steady or increase1 Copyright © 2010 Deloitte Development LLC. All rights reserved.2 1 http://www.deloitte.com/dtt/cda/doc/content/us_fas_fraud_downturn_survey_v2_290109.pdf
  • 4. Uptick in Fraud ? “As economic conditions soften around the globe, fraud risks for Fraud Fears a ou d t e g obe, aud s s o businesses appear to be on the rise. A slowing economy may increase pressure on companies to meet — and often exceed — short-term Industry Manufacturing Financial Services Other Decrease 1 0% 0 0% 0 0% performance goals…It is this mindset in slower economic times that can contribute to increased fraudulent activity.” significantly 1.0% 0.0% 0.0% Decrease somewhat 2.0% 5.7% 3.7% Don’t know 2.0% 5.7% 7.4% y – “Financial Fraud: Does an economic downturn mean an uptick?” Deloitte Financial Advisory Services LLP Increase significantly 4.9% 3.8% 6.2% Increase somewhat 40.2% 45.3% 39.5% Stay the 50% 39 6% 39 5% Stay the same 50% 39.6% 39.5% Source: Compliance Week/Deloitte Survey on Fraud (October 2008) Copyright © 2010 Deloitte Development LLC. All rights reserved.3
  • 5. Potential Challenges Faced by Internal Audit • Need to enhance regular internal audit cycle with increased fraud monitoringg – Increase in scope of program – Additional procedures to be performed • Reduced Internal Audit staff and budgets – Demand for increased cost effectiveness – Most value out of proceduresMost value out of procedures – Aim for high coverage • Global versus domestic scope• Global versus domestic scope – Internal Audit has a global role – Limit on travel expenses Need to identify areas and countries to focus on Copyright © 2010 Deloitte Development LLC. All rights reserved.4 – Need to identify areas and countries to focus on
  • 6. Potential Challenges Faced by Internal Audit (contd.) • Affordability of a techology solution – Custom solution to be built ?Custom solution to be built ? – Very large volumes of data – Need for tools to capture, reconcile, analyze, and report data – Data security and confidentialityData security and confidentiality • Lack of interface to financial and reporting systems Multiple accounting systems– Multiple accounting systems – Challenges in procuring data – How do I run my tests on SAP? Oracle? What do I need to know to get started ?– What do I need to know to get started ? Copyright © 2010 Deloitte Development LLC. All rights reserved.5
  • 7. Strategies for Identifying Indicators of Fraud Approaches Rules Profiling Advanced or Predictive analytics Blend • Detect known patterns • Set up rules to filter suspicious transactions • Build profiles of customers, transactions, and accounts analytics • Knowledge discovery — databases and system • Combination of existing approaches • Detect and keep track of new patterns E al ate set and system • Evaluate set of data for learning Suitable forSuitable for IndustrySuitable forSuitable for unknown patterns Suitable for known patterns Industry leading practices Suitable for complex patterns Copyright © 2010 Deloitte Development LLC. All rights reserved.6
  • 8. Data Analytics — Concept 1. Anomaly testing Data analyticsEntities S li 2. Profiling 3. External list comparisons 4 Keyword searchesCustomers and agents Employees and contractors Suppliers 4. Keyword searches Third-party data sources Accounting data sources Transactions of entities Customers and agents World- Compliance PEP Data AR AP Employee Expense and Payroll • Financial Sub ledgers (AP/AR/GL) • Entertainment expenses Valid address database User-defined data sources Keywords Names of CustomersGL AR Vendors 123 $17.26 1233 $14k 3433 $49 … • Entertainment expenses • Payroll • Credit cards/expenses • Expense reimbursement • Time keeping Copyright © 2010 Deloitte Development LLC. All rights reserved.7 Keywords (advanced) Names of InterestEmployees Cash Ledger • Contractor payments
  • 9. Identifying Potentially Relevant Data Sources ERP General l d Payroll Accounts bl Accounts i blledger y payable receivable Master Analytic Data Store Thi d t d t Internal audit leads I t i E-mails, files, and computer images Third-party data Interviews Strategic Cost Management Customer Relationship Management Call center Sales Marketing Manufacturing Supply chain management Copyright © 2010 Deloitte Development LLC. All rights reserved.8 g
  • 10. Leveraging Analytics to Help Identify Potential . . . • Vendor fraud • Employee fraud R i l ti• Revenue manipulation • Foreign Corrupt Practices Act (“FCPA”) and commercial corruption issues Following slides will outline some potential areas top consider. Copyright © 2010 Deloitte Development LLC. All rights reserved.9
  • 11. Introduction to Vendor Fraud • Ghost Vendors Di b t S h• Disbursement Schemes • Conflicts of Interest The following slides will outline some potential fraud schemes and provide a relevant case studyand provide a relevant case study to consider specific fraud examples for each situation. Copyright © 2010 Deloitte Development LLC. All rights reserved.10
  • 12. This scheme represents a fraudster creating and making payments to a fictitious Vendor Fraud – Ghost Vendors This scheme represents a fraudster creating and making payments to a fictitious or ghost vendor within the accounts payable system No Indicators Data Analytic Detection Procedures 1 Insufficient documentation for Vendor set up Invalid Tax ID Query vendor master records for invalid/missing information Invalid Tax ID (ex: 99-9999999)( ) Blanks and Null values 2 Incorrect contact information for Vendors Telephone numbers Verify validity and type of phone numbers provided by vendorsTelephone numbers Fax numbers Validate telephone numbers against 3rd party data sources through batch runs Match vendors telephone number with company’s telephone numbercompany s telephone number 3 Invalid/Erroneous address information for Vendors CMRA Perform address verification Compare vendor address against 3rd party address database to determine Copyright © 2010 Deloitte Development LLC. All rights reserved.11 CMRA PO Box address Undeliverable address p y the validity of the address
  • 13. This scheme involves the distribution of funds from the company in overbilling or Vendor Fraud – Disbursement Schemes p y g other unauthorized disbursement schemes. No Indicators Data Analytic Detection Procedures 1 Invoices created during non-business hours Saturdays, Sundays & Public Holidays Compare the document dates of invoices to a data table comprising of dates for Public Holidays E N Y D Ch i tEx: New Year Day, Christmas 2 Invoices with fewer digits than standard numbering or sequential invoice numbers E 111 001 022 Summarize invoice numbers for each vendor to observe hidden pattern Steadily increasing invoice numbersEx: 111, 001, 022 Invoices that are consistently expedited for payments Steadily increasing invoice numbers Calculate the difference between invoice date and check date 3 Payments/Checks without supporting Perform analysis on check register3 Payments/Checks without supporting documentation for goods/services provided Missing invoices, Purchase Orders Perform analysis on check register Investigate unsupported payments (i.e. checks lacking invoices or P.O.’s) 4 Invoices from two different vendors with Data match on SKU number or Copyright © 2010 Deloitte Development LLC. All rights reserved.12 4 Invoices from two different vendors with similar/same product/service description with significant price variance Data match on SKU number or description of a part/product/services provided between 2 unrelated vendors
  • 14. Vendor Fraud – Conflict of Interest This scheme involves an employee to vendor or vendor to vendor relationship that may result in preferential treatment No Indicators Data Analytic Detection Procedures 1 Shared elements (PII) between employees Perform comparison between and vendors Address Telephone Number employee master records and vendor master records Emergency contact for employees match with vendor contact information Bank Account Number SSN/Tax ID match with vendor contact information Public Data SourcesPublic Data Sources www.411.com www.blackbookonline.com www.dogpile.com www.anywho.com Copyright © 2010 Deloitte Development LLC. All rights reserved.13 www.peoplesearch.net
  • 15. Vendor Fraud – Conflict of Interest (contd.) Data Visualization – Shared Bank Accounts Copyright © 2010 Deloitte Development LLC. All rights reserved.14
  • 16. Vendor Fraud Case Study – Manufacturing Company • Private manufacturing company defrauded by an employee • Fraudster background Purchasing manager with three years at the Company Granted “super user” system accessGranted “super-user” system access Involved in fraudulent vendor payment scheme Adept at covering up payments Eventually terminated for fraudulent usage of p cardEventually terminated for fraudulent usage of p-card Copyright © 2010 Deloitte Development LLC. All rights reserved.15
  • 17. Vendor Fraud Case Study – Manufacturing Company (contd ) • Elements of fraud Super user access allowed fraudster to create vendor accounts (contd.) Super-user access allowed fraudster to create vendor accounts Perpetrated fraud through multiple employee log-ins Lack of system control to validate vendor data entry Use of legitimate product data by fraudulent vendor for falsified salesUse of legitimate product data by fraudulent vendor for falsified sales Copyright © 2010 Deloitte Development LLC. All rights reserved.16
  • 18. Vendor Fraud Case Study – Manufacturing Company (contd ) • How fraud was detected Unrelated fraudulent action by fraudster triggered questions (contd.) Unrelated fraudulent action by fraudster triggered questions Performed data analytics on vendor and accounts payable data Use of legitimate product data by fraudulent vendor • Monetary outcome of fraud – $650,000 Copyright © 2010 Deloitte Development LLC. All rights reserved.17
  • 19. Introduction to Employee Fraud • Ghost Employees • Expense and P-Card Irregularities P ll• Payroll The following slides will outline some potential fraud schemes and provide a relevant case studyand provide a relevant case study to consider specific fraud examples for each situation. Copyright © 2010 Deloitte Development LLC. All rights reserved.18
  • 20. Employee Fraud – Ghost Employees This scheme is to create a ghost or a false employee within the employee master data and process payroll for this fictitious employee Data Analytic Detection No Indicators Data Analytic Detection Procedures 1 Insufficient documentation for employees in HR system Query employee master records for invalid/missing informationHR system invalid/missing information Blanks and Null values 2 Invalid SSN for employees in the HR system Verify employee social security data against a 3rd party databaseaga st a 3 pa ty database Ex: SSN of a deceased individual being currently used 3 Employees set up multiple times in the Identify employees with the samep y p p employee master data Reissue employee IDs to rehires y p y name Perform match of employee names that sound similar Copyright © 2010 Deloitte Development LLC. All rights reserved.19
  • 21. Employee Fraud – Expense and P-card Irregularities This scheme is to create a fictitious expense or p-card transaction No Indicators Data Analytic Detection ProceduresProcedures 1 Expense transactions just under the approval threshold limit Identify multiple expense transactions for the same expense type just below approval thresholdyp j pp amount 2 High volume or increased dollar value expenses for generic expense types Profile expense transactions for increased volume and dollar value for specific employees Miscellaneous, Unknown, Other, etc 3 Identical transactions in expense and P-Card system for the same amount. Query for transactions across expense and P-Cards system with same name amount and similar Copyright © 2010 Deloitte Development LLC. All rights reserved.20 same name, amount and similar dates
  • 22. This scheme creates fictitious salary wage and bonus payments Employee Fraud – Payroll This scheme creates fictitious salary, wage, and bonus payments No Indicator Data Analytic Detection Procedures 1 Increased volume of overtime payments Identify exempt employees receiving non-exempt or overtime wages Identify employees receiving more than one salary payment per paythan one salary payment per pay period 2 Employees with high volume or increased dollar value bonus payments. Query employee bonus payments and filter results by job title.dollar value bonus payments. and filter results by job title. Filter employee payroll records for employees receiving bonus payments equal to or greater than salary payments 3 Payroll disbursements to employees who are not in the HR records Match employee payroll listing to HR records Copyright © 2010 Deloitte Development LLC. All rights reserved.21 Verify Social Security information with 3rd party data source
  • 23. Employee Fraud Case Study – Non-Profit Organization • Non-Profit organization defrauded by multiple employee's Weak controls surrounding payroll payments– Weak controls surrounding payroll payments • Backgroundg – Employees set up multiple times in the payroll system – Employees using invalid Social Security Numbers – Ghost employees were associated with Social Security Numbers that werep y y registered for a death benefit claim Copyright © 2010 Deloitte Development LLC. All rights reserved.22
  • 24. Employee Fraud Case Study – Non-Profit Organization (contd ) • Elements of fraud Bonus payments were approved in a decentralized manner which allowed (contd.) – Bonus payments were approved in a decentralized manner which allowed employees to receive multiple payments – Two bonus categories existed in the payroll system that did not exist in the payroll manualp y – Non-eligible employees were receiving longevity bonus payments – Employees setup multiple times in the system were receiving multiple paychecks and not notifying the company – Pay codes were set up on the fly by the benefits group Copyright © 2010 Deloitte Development LLC. All rights reserved.23
  • 25. Employee Fraud Case Study – Non-Profit Organization (contd ) • How fraud was detected – Performed unexpected relationship testing on employee data and discovered l l i l i i h (contd.) employees setup multiple times in the system – Used data analytic techniques on payroll data to determine employees who were not eligible to receive bonus payments Identified employees who received more than one bonus in the same year– Identified employees who received more than one bonus in the same year Copyright © 2010 Deloitte Development LLC. All rights reserved.24
  • 26. Analyzing Multiple Sources - Strategy Payroll HR Accounts payable Expense disbursement payable P-card Address verification Shared elements testing Accounts receivables Vendors Benford’s law Duplicate payments Management reporting Unexpected relationships High-risk focus SSN testing Overpayments Manual and special paymentsUnexpected relationships Test internal controls Manual and special payments Client-customized testing External data Scoring verification Employee fraud g algorithms Vendor fraud Copyright © 2010 Deloitte Development LLC. All rights reserved.25
  • 27. Revenue Manipulation • Understand sales and related transactions – Profile and graph sales, rebates and discount datag p , – Identify patterns and relationships between parties • Invoice and returns manipulationp - Suspicious patterns of returns or credits occurring directly after fiscal quarter or year- ends - Canceling and rebilling of invoices Ri ht f t / t l t ( id l tt ?)- Right of return v/s actual returns (side letters?) • Channel stuffing Evidence of higher discounts or returns post quarter end Profile data by product and- Evidence of higher discounts or returns post quarter end. Profile data by product and customer groups to see outliers. - Unusual or extended payment terms, modification of standard system settings Copyright © 2010 Deloitte Development LLC. All rights reserved.26
  • 28. Revenue Manipulation (contd.) • Fictitious Sales – Reconcile sales, inventory, cash receipts and general ledger – Unusual patterns of inventory movement – Unusual patterns of sales entries – Manual adjustments and transactions – Transactions entered by unauthorized persons – Sales posted on non-working days • Bill and Hold A l i f hi t d bill t t d l ti- Analysis of ship to and bill to customers and locations - Inventory movement related to invoices - Evidence of customer inventory being stored in warehouse • Refreshing Receivables - Analysis of revenue recognition date against aging of receivables - Re-invoicing and manipulation of receivables Copyright © 2010 Deloitte Development LLC. All rights reserved.27 g p
  • 29. Revenue Dimensions- Identification of Outliers Time period • Year • Quarter • Month Data population Subgroup • Customer • Sales • Discounts • Returns M t i • Rebates • Reversals • Adjustments Metrics • Amount • Debit/credit • Ratios • TrendsSubgroup • Location • Division Copyright © 2010 Deloitte Development LLC. All rights reserved.28 • Division • Product *Millions of records aggregated
  • 30. The Foreign Corrupt Practices Act •Enacted in 1977 and amended in 1998 by the International Anti-Bribery Act of 1998 which implements anti-bribery conventions of the Organization for Economic Co-operation and Development •Prohibits any U.S. person to make a payment to a foreign official for the purpose of obtaining or retaining business for or with, or directing business to, any person. Applies to foreign firms and persons who take any act in furtherance of such corrupt payments while in the United States. The term “foreign official” includes anyone working for a government owned or managed institution or enterprise. Also includes employees of international organizations (UN, IMF, etc.) •Specifies no materiality, making it illegal to offer anything of value as a bribe, including cash or non-cash items •Distinguishes between bribery and facilitation payments as long as permitted under laws of the host country •Requires companies whose securities are listed in theq p United States to meet its accounting provisions: make and keep books/records that provide transparency of transactions; devise and maintain an adequate system of internal controls Copyright © 2010 Deloitte Development LLC. All rights reserved.29
  • 31. Why focus on FCPA? • Number of enforcements 1 so far in 2009 is consistent with the record setting number of enforcements in 2007 and 2008 • Settlements are becoming costly – December 2008: Siemens 2 – $800 Million – Highest ever – January 2009: Halliburton 3 – $559 Million – Highest for a U.S. companyy $ g p y • Business is international • Corporate transaction volumes, information captured about transactions, and corresponding data volumes continue to grow exponentially Copyright © 2010 Deloitte Development LLC. All rights reserved.30 1 http://www.gibsondunn.com/publications/Pages/2009Mid-YearFCPAClientAlert.aspx 2 http://blogs.wsj.com/law/2008/12/15/siemens-settles-in-us-for-800-mil-leaving-for-german-authorities/ 3 http://blogs.wsj.com/law/2009/01/26/halliburton-breaks-fcpa-settlement-record-for-us-companies/
  • 32. What FCPA Challenges do Companies Face? Identifying FCPA violations and anomalies can be tedious and complex, and often requires significant resources. Foreign language, culture,q g g g g , , distributed decision making, distributor networks, etc. can all be challenges as well. • Technological challenges – Very large volumes of data – Multiple accounting systemsMultiple accounting systems – Data security, data protection, and confidentiality Copyright © 2010 Deloitte Development LLC. All rights reserved.31
  • 33. Very Large Volumes of Data • No materiality thresholds for FCPA violations – Can’t just sample top X transactionsCan t just sample top X transactions • Reduce data volumes to a manageable amount through a combination of entity filtering and fraud testingof entity filtering and fraud testing – Identify and filter for higher risk entities and locations – Composite testing of related payments and employee expenses for anomaliesanomalies – Prioritize transaction review based on a risk scoring methodology Copyright © 2010 Deloitte Development LLC. All rights reserved.32
  • 34. FCPA Transaction Review Process Full dataset extracted from one or more accounting systems Filter transactions based on entity screening and classification Further filter based on fraud testing and risk scoring Review source documents and other backup materials Copyright © 2010 Deloitte Development LLC. All rights reserved.33
  • 35. Entity Filtering • Identity and flag entities that are: – Government vendors/customers/suppliers – Agents – Consultants L i ti d hi i i– Logistics and shipping companies – Sales personnel that deal with government entities – EtcEtc. • Compare customers and vendors to a PEP* list top identify potentially risky entities. * PEP Li ti f liti ll E d P Copyright © 2010 Deloitte Development LLC. All rights reserved.34 * PEP: Listing of politically Exposed Persons
  • 36. Composite Testing • Test related payments and employee expenses using a combination of general fraud tests and risk scoring • Transactional Based Fraud Tests – Amounts approaching approval thresholds– Amounts approaching approval thresholds – Sequential invoices – Transactions on non-working days • Transactional Risk Scoring Add i hi h i k j i di i– Addresses in high risk jurisdictions – Consulting/logistics/shipping companies – Entertainment accounts and other accounts of interest Copyright © 2010 Deloitte Development LLC. All rights reserved.35 – Entertainment accounts and other accounts of interest
  • 37. Prioritized Raw Data • Review transactions based on risk of participating entities and number of fraud tests “failed” • Expand review to additional transactions as needed Copyright © 2010 Deloitte Development LLC. All rights reserved.36
  • 38. Multiple Accounting Systems/Data Security • Multiple Source Data Systems – Data is often distributed across accounting systems in multiple countries. – It is not always sufficient to test every system independentlyindependently. – Need a method for consolidating data and testing it uniformly across systems • Data Security Keeping data sec re hen transporting/consolidating– Keeping data secure when transporting/consolidating – Personally Identifiable Information Copyright © 2010 Deloitte Development LLC. All rights reserved.37
  • 39. FCPA Case Study • Global manufacturing company proactively reviews international transactional accounting data to mitigate the risk of fraud – First phase review consisted of over 2.6 million general ledger entriesentries – Based on entity filtering, PEP list matching, transactional fraud tests and targeted keyword searches the population of transactions was reduced to approximately 250 transactionstransactions was reduced to approximately 250 transactions which were manually reviewed and confirmed. Copyright © 2010 Deloitte Development LLC. All rights reserved.38
  • 40. F t t id h l ti t l Tools for analysis Factors to consider when selecting a tool: 1. Size of your data Number of linesNumber of lines Space needed As data volume increases, it will become necessary to select a more powerful analysis tool 2. Format Text files, spreadsheet, database may contain raw data. 3. Complexity Basic v/s advanced analysis Programming needed for logic ? Copyright © 2010 Deloitte Development LLC. All rights reserved.39
  • 41. Tools for analysis 1. ACL Common tool used by internal audit teams Built in tests 2. MS EXCEL Spreadsheet allowing sorting and filtering Ability to create pivot tables and graphs to identify anomalies Challenges: Data can be accidently over written, preserving data integrity, comparing data across sources, grouping data across sources. 3. MS ACCESS Starting database tool Ability to create complex relationships between multiple data sets Build reports and interface for data review Challenges: Performance depends on computer being used limited multi user capabilityChallenges: Performance depends on computer being used, limited multi user capability. 4. MS SQL SERVER Advanced database platform Copyright © 2010 Deloitte Development LLC. All rights reserved.40 Ability to write complex logic and work with large volumes of data Challenges: Requires technical knowledge and programming skills
  • 42. About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of memberDeloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Copyright © 2010 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu