Leading Compliance Monitoring Activities to Assess Fraud and Corruption Risks


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Leading Compliance Monitoring Activities to Assess Fraud and Corruption Risks

  1. 1. Leading compliance monitoring activities to assess fraud and corruption risks ACI China Anti-Corruption Summit June 18, 2014
  2. 2. 11 1 Discussion: Top Compliance Issues 2 EY’s First Annual Global Forensic Data Analytics Survey 3 Leveraging Forensic Data Analytics (“FDA”) to Detect Fraud 4 Dashboarding & Visualization 5 Leveraging Statistical Analysis and Text Mining to Identify “Corrupt Intent” Agenda
  3. 3. 2 Discussion: Top Compliance Issues
  4. 4. 33 ► Bribery and corruption remain top risks ► Regulatory pressure ► Third-party integrity ► M&A due diligence ► Risk areas include: ► Integrity of vendors, suppliers and distributors, government officials ► Improper payments in the forms of bribes or kickbacks ► Travel and entertainment abuse ► Conflicts of interests (e.g., employee and supplier matches) Top issues— what we are seeing
  5. 5. 44 Start with the Fraud Tree Fraud tree Cash larceny Theft of other assets – inventory/ AR/ fixed assets Revenue recognition Non financial Conflicts of interest Bribery and corruption/ FCPA Illegal gratuities Bid-rigging/ procurement Corruption Fraudulent statements Asset misappropriation Fake vendor Payroll fraud T&E fraud Theft of data GAAP Reserves General focus of auditors General focus of internal auditors General focus of attorneys (opportunity for Internal Auditors and Investigators)
  6. 6. 55 Frequent compliance examples Social Media Monitoring Advanced Email Monitoring Mobil Devices Meals & Entertainment Marketing & Events CRM and Sales Data Information Security Employee Payroll Distributor & Margin Analysis Capital Projects Education, Grants, Sponsorships Emerging monitoring activities may include… Vendor Payments / AP Trading / AML Vendor Due Diligence & Watchlist Monitoring Charity & Donations
  7. 7. 66 ► Internal Audit ► Compliance & Legal ► Investigations ► Business / Operations What we hear: 1. Make my program more effective and measurable 2. Make my program more efficient (reduced sample sizes, risk based, cost savings) Now, more than ever, increased transparency is top-of-mind among our clients in…
  8. 8. 77 How global companies are responding ► Compliance and legal are often teaming with internal audit to look beyond anti-corruption policies and training and into tests of books and records ► Integrating new analytics specifically targeting corruption – these aren’t your typical rules-based, process control SOX tests ► Integrating “Big Data” concepts including: ► Text mining (unstructured data) ► Statistical analyses and anomaly detection ► Visual analytics and interactive dashboards ► 100% data sampling, not just random sampling ► Analytics used to assess high fraud/corruption risk areas
  9. 9. 88 Compliance monitoring challenges ► The rapid pace of regulatory requirements requires a good compliance monitoring program to have the flexibility to accommodate a continuously changing regulatory environment. ► ERP systems and enterprise data warehouses are often not integrated with other key systems related to compliance (e.g., speaker programs, event management systems, sample management, promotion materials, etc.). ► Many departments work in their own organizational silo which creates redundant efforts to meet monitoring and reporting requirements. ► The volume of business activities that should be monitored can overwhelm the resources of most organizations. ► Get the right FDA tools and the right people to operate FDA ► The data available for analysis are incomplete or inaccurate
  10. 10. 9 EY’s First Annual Global Forensic Data Analytics Survey
  11. 11. 1010 EY’s first annual global forensic data analytics survey ► This survey was conducted between October 2013 and December 2013 on behalf of EY’s Fraud Investigation and Dispute Services practice (“FIDS”) ► Survey approach ► 446 companies surveyed, across 11 countries ► Respondents are executive and senior management responsible for anti-fraud and anti-corruption programs ► 45% of the companies generate $100 million to $1 billion in revenue, 55% - over $1 billion ► Over a dozen industries represented, with the largest shares held by financial services, Pharmaceutical, oil & gas, utilities, and mining
  12. 12. 1111 ► 75% of the companies surveyed use forensic data analytics (“FDA”) ► FDA includes a broad base of users, including corporate executive management (81%) and the board of directors (65%) ► Triggers for using FDA are, as we would expect, businesses’ greatest concerns: bribery and corruption, financial statement fraud and asset misappropriation ► FDA is seen as cost-effective and offering many benefits, primarily as a means of enhancing companies’ ability to detect fraud and misconduct ► FDA typically represents 2/5 of overall anti-fraud and anti-bribery program spend currently and this is typically felt to be sufficient. However, over half predict an increase in spend on FDA in the next 3 years Key findings
  13. 13. 1212 Key findings (cont.) ► 67% of respondents say their current anti-fraud and anti-bribery program is effective in preventing and detecting fraud and corruption; however, 64% say they need to do more to improve their current procedures, including the use of FDA ► 62% of respondents say they need to improve management’s awareness of the benefits of FDA and proactive transaction monitoring ► Survey respondents reported the single largest challenge was getting the right FDA tools and a lack of human resources or manpower to operate FDA ► Spreadsheets and database tools still dominate the technology landscape. There is a need to go beyond traditional rules-based analytics by leveraging more sophisticated FDA technologies such as statistical modeling, predictive analysis, visualization, and interactive dashboards
  14. 14. 13 4% 62% 63% 79% 82% 82% 82% 89% 90% Other Able to analyze non-structured data formats, alongside structured data formats to identify… Cost effective We can review a large amount of data in a shorter period of time Earlier detection of misconduct Assists in planning our audits or investigative field work Offers better comparison of data for improved fraud risk decision-making Able to detect potential misconduct that we couldn’t detect before Enhances our risk assessment process Total 4% 54% 57% 70% 80% 73% 79% 84% 86% C-Suite Main benefits of FDA
  15. 15. 14 61% 68% 70% 77% 81% 84% Internal investigations or business integrity Board of directors Business unit managers Legal/compliance Corporate executive management Internal audit FDA benefits extend high into the organization
  16. 16. 15 Leveraging Forensic Data Analytics (“FDA”) to Detect Fraud
  17. 17. 1616 Source: ACFE 2010 Report to the Nations On Occupational Fraud 50% by tip or accident demonstrates the need for improved analytics 2012 ACFE Report to the Nation on Occupational Fraud How is fraud detected?
  18. 18. 1717 And it is not just a data warehouse. Analytics are business driven and technology enabled. Forensic Data Analytics is The ability to collect and use electronically stored information, both structured and unstructured data sources, to identify potentially improper payments, patterns of behaviour and trends. Forensic data analytics encompasses integrating continuous monitoring tools, analysing data in real time and allowing for immediate action to prevent suspicious or fraudulent payments. Forensic data analytics defined
  19. 19. 1818 Forensic data analytics maturity model ► EY developed an FDA maturity model that describes four key quadrants of FDA activity that span both structured data sources, such as transactional data, and unstructured data sources, such as free-text communications ► Upper-left quadrant: “traditional” rule-based queries ► Upper-right quadrant: statistical methods ► Bottom-left quadrant: simple keyword search ► Bottom-right quadrant: data visualization and text mining A leading FDA practice incorporates elements of all four quadrants to ensure more effective detection and fewer false positives.
  20. 20. 1919 False-positive rateHigh Low Structured data Detection rateLow High Unstructured data “Traditional” rule-based, descriptive queries and analytics Matching, grouping, ordering, joining, filtering Statistical Analysis Anomaly detection, clustering, risk ranking, predictive modeling Traditional keyword searching Keyword search Data visualization and text mining Data visualization, drill down into data, text mining Forensic data analytics maturity model Beyond traditional “rules-based queries” – consider all four quadrants
  21. 21. 2020 Gather Process Analysis Delivery/Follow up ERP CRM Contracts Warehouse manageme nt T&E Other • Obtain data from all central systems and external sources. • Load, validate and transform data into define common model – independent of ERP. • Link sources to facilitate analysis. • Provide global dashboards to facilitate identification of risk issues. • Deliver dashboards to be reviewed as part of the testing process. Below is an illustration of how a broad data collection exercise operates in practice. The objective is to gather data from a range of sources – and undertake initial processing to provide a central team with the ability to identify the higher risk activities. Following that review, targeted analytics would be deployed to identify the issues, transactions and relationships that need to be reviewed. EY forensic data analytics workflow
  22. 22. 2121 Tailored design with data analytic risk indicators High Risk Transactions Duplicate Payments Meal Splitting Travel Agents Overbilling A% B% C% D% In-Scope Transactions ► Not every item bears the same risk level ► Define risk based on understanding of business process and potential control weaknesses Risk indicator framework design
  23. 23. 2222 Why Continuous Monitoring? ► Executive visibility and transparency ► Drive process improvements ► More advanced anti fraud control ► Improved audit effectiveness Enables Our Clients: ► Proactively identify and remediate transaction-related issues and challenges ► Generate advanced analytics/insights ► Timely, accurate, complete reporting EY’s approach to continuous transaction monitoring
  24. 24. 23 Dashboarding & Visualization
  25. 25. 2424 The dashboard tells you “who got paid what, where and what for”. Data visualization: accounts payable monitoring
  26. 26. 2525 The 4W1H tell you “Who entertained who, where, what for, and for how much?” Data visualization: travel & entertainment monitoring
  27. 27. 2626 Filter by selected analyticsReview breaches on targeted analytics Payment risk scoring Key component to reducing false positives and focusing risk assessment
  28. 28. 2727 The dashboard tells you relationships identified through the analysis of structured and unstructured data sources. Data visualization: social network analysis
  29. 29. 2828 Rather than simply comparing watch-list names to a vendor table in a spreadsheet, this example links accounts payable data to third-party watch-list data to identify potentially improper payments to sanctioned or high-risk entities and displays the results in an interactive dashboard. Demonstrate management oversight & intent Linking payment data to sanctions and watch list databases
  30. 30. 2929 Geocoding AP risk scores to identify hot regions. Risk scoring and data visualization Geocoded heat maps
  31. 31. 30 ► Leveraging Statistical Analysis and Text Mining to Identify “Corrupt Intent”
  32. 32. 3131 “<blank>” Donation Pay on behalf of Special payment Volume contract incentive One time payment Honorarium Incentive payment Friend fee Nobody calls it “bribe expense” Commission to the customer Consulting fee Government fee Processing fee Goodwill payment Beyond just keyword searching, text mining within payment data plays a key role in identifying potentially improper payments. Focusing on payment text descriptions What if you saw these terms used as justification for payments?
  33. 33. 3232 Text mining: vendor payment analysis High risk terms linked to payment amounts
  34. 34. 3333 These three variables were this highest drivers of suspicious transactions These variables were less important when predicting suspicious transactions. Client should focus resources on monitoring efforts for the three leading drivers, which accounts for 80% of the predictive value. Perform Variable Analysis Predictive modelling Focus on the variables that matter most
  35. 35. EY | Assurance | Tax | Transactions | Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization and may refer to one or more of the member firms of EYGlobal Limited, each of which is a separate legal entity. EYGlobal Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. © 2013 Ernst & Young, China All Rights Reserved. This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice. www.ey.com/china