Enhanced fraud detection with data analytics

© Copyright ACL Services Ltd. 2005
The contents of this document are proprietary and cannot be disclosed without the
prior written consent of ACL Services Ltd. 1
Enhanced Fraud Detection with Data Analytics
Live Webinar
Presented by:
Michael Kano, Data Analytics Consultant
Arbutus Analytics
About Jim Kaplan, CIA, CFE
 President and Founder of AuditNet®,
the global resource for auditors
(available on iOS, Android and Windows
devices)
 Auditor, Web Site Guru,
 Internet for Auditors Pioneer
 IIA Bradford Cadmus Memorial Award
Recipient
 Local Government Auditor’s Lifetime
Award
 Author of “The Auditor’s Guide to
Internet Resources” 2nd Edition
1
2

About AuditNet® LLC
• AuditNet®, the global resource for auditors, serves the global audit
community as the primary resource for Web-based auditing content. As the first online
audit portal, AuditNet® has been at the forefront of websites dedicated to promoting the
use of audit technology.
• Available on the Web, iPad, iPhone, Windows and Android devices and
features:
• Over 3,300 Customizable Templates, Audit Programs, Questionnaires,
and Control Matrices – unlimited downloads for subscribers.
• Webinars focusing on fraud, data analytics, IT audit, and internal audit
with free CPE for subscribers and site license users.
• Audit guides, manuals, and books on audit basics and using audit
technology.
• LinkedIn Networking Group with over 10K members.
• Monthly Newsletters with Expert Guest Columnists.
• Surveys on timely topics for internal auditors.
Introductions
HOUSEKEEPING
This webinar and its material are the property of AuditNet® and its Webinar partners. Unauthorized usage or
recording of this webinar or any of its material is strictly forbidden.
 If you logged in with another individual’s confirmation email you will not receive CPE as the confirmation
login is unique to the individual who registered.
 This Webinar is not eligible for viewing in a group setting. You must be logged in with your unique join link.
 We are recording the webinar and you will be provided access to that recording after the webinar if you joined
the live session. Downloading or otherwise duplicating the webinar recording is expressly prohibited.
 If you meet the criteria for earning CPE, you will receive a link via email to download your certificate after
completing the evaluation. The official email for CPE will be issued via cpe@email.cpe.io and it is important to
white list this address. It is from this email that your CPE credit will be sent. Non receipt of your confirmation
email result from your company firewall or spam filters preventing emails with attachments.
 Requests to resend confirmation emails will require payment of a $25 fee for processing to the original email
address or an updated email address.
 Submit questions via the chat box on your screen and we will answer them either during or at the conclusion.
 You must answer the survey questions after the Webinar or before downloading your certificate.
3
4

IMPORTANT INFORMATION
REGARDING CPE!
 ATTENDEES - If you attend the entire Webinar and meet the criteria for CPE you will receive an email
with the link to download your CPE certificate. The official email for CPE will be issued via
cpe@email.cpe.io and it is important to white list this address. It is from this email that your CPE credit
will be sent.
 We cannot manually generate a CPE certificate as these are handled by our 3rd party provider. We highly
recommend that you work with your IT department to identify and correct any email delivery issues
prior to attending the Webinar. Issues would include blocks or spam filters in your email system or a
firewall that will redirect or not allow delivery of this email from email.cpe.io
 When you completed the registration you opted-in for our mailing list. If you do not want to receive
our information cancel your registration.
 We are not responsible for loss of connection, audio sound or other computer related issues. You must
have pop-ups enabled.
The views expressed by the presenters do not necessarily represent the views, positions, or
opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them,
are for educational purposes only and do not constitute accounting or legal advice or create an
accountant-client relationship.
While AuditNet® makes every effort to ensure information is accurate and complete,
AuditNet® makes no representations, guarantees, or warranties as to the accuracy or
completeness of the information provided via this presentation. AuditNet® specifically
disclaims all liability for any claims or damages that may result from the information contained
in this presentation, including any websites maintained by third parties and linked to the
AuditNet®website.
Any mention of commercial products is for information only; it does not imply recommendation
or endorsement by AuditNet® LLC
5
6

Michael Kano
Data Analytics Consultant, Arbutus Analytics
• 25 years of experience in data analytics and internal audit with organizations in the USA,
Canada, and the Middle East
• Senior member of the data analytics practice at Focal Point Data Risk, a US-based
professional services firm
• Manager of eBay, Inc.’s data analytics program in the Internal Audit department.
o Integrated data analytics into the audit workflow on strategic and tactical levels
o Developed quality and documentation standards, trained users, and provided
analytics support on numerous audits in the PayPal, and eBay organizations (IT,
compliance, operations, vendor management, revenue assurance, T&E, and human
resources)
o Cooperated with non-IA teams such as the Business Ethics Office and Enterprise Risk
Management teams
• Expert user of Arbutus Analyzer, ACL Desktop/Direct Link, Alteryx, Microsoft Access, SQL,
and Tableau
• Led ACL Services Ltd.’s global training team for 8 years
• MBA, UCLA Anderson School of Management
Agenda
Current Issues and Impact
Traditional Approaches
Role of Data Analytics
Numeric Analytics
Implementation
7
8

9
CURRENT ISSUES AND IMPACT
What is the Cost of Fraud?
ACFE "Report to the Nations: Global Study on Fraud and Abuse
2020"
5% of revenues
Worldwide phenomenon
Occurs in businesses and governments
All levels within organizations
10
9
10

COVID-19 Pandemic and Fraud
ACFE "Fraud in theWake of COVID-19: Benchmarking Report -
September 2020"
 77% report increased levels of fraud
 33% report significantly increased levels
 92% expect increased levels
 45% expect significant increase
 Prevention and detection more challenging
11
Significant Indirect Costs
Loss of consumer confidence = reduced revenues
Negative PR image = lower stock values
Low employee morale = lower productivity
Inability to retain and attract qualified staff
12
11
12

Top Occupational Fraud Schemes (Worldwide)*
Category Frequency Median Loss
Asset Misappropriation 86% $100,000
Corruption 43% $200,000
Fraudulent Statements 10% $954,000
*ACFE "Report to the Nations: Global Study on Fraud and Abuse 2020"
13
Top Occupational Fraud Schemes (Middle East and North Africa)*
Category Frequency
Corruption 52%
Noncash 19%
Skimming 16%
Cash on hand 12%
Cash Larceny 9%
14
13
14

2020 Fraud Detection Methods Statistics*
Category All ME/NA
Tips 43% 46%
Internal Audit 15% 17%
Management Review 12% 9%
IT Controls 2% 2%
Other 30% 26%
15
Detection through Controls
Inadequate internal controls: second highest factor
contributing to fraud
 Collusion was first, management override rated third
 Factors relating to internal controls accounted for 70% of responses
Reliance on internal controls
 Often overridden or not properly understood/configured
 Gaps in controls occur in interfaces between applications, systems, or
business units
Opportunity to strengthen controls and procedures
16
15
16

TRADITIONAL APPROACHES
17
Traditional Role of the Fraud Investigator: Reactive
 Responds only when issues are noticed by others.
 The longer frauds go undetected, the larger the potential for
loss and the smaller the chances of recovery.
 Typical fraud scheme runs 14 months before being detected.
 The lag provides a time cushion for the fraudster to leverage.
18
17
18

10,000 Employees
X 26 Pay Periods
260,000 transactions
1 payment .0004 %
10 payments .004 %
100 payments .04 %
1,000 payments .4 %
Traditional Role of the Examiner: Reviewing samples of transactions
19
Traditional Role of the Fraud Examiner: Testing Existing Controls
 Many frauds occurred because of insufficient controls.
 Other frauds exploited situations where controls were
ignored.
 ERP application controls
• Inconsistent effectiveness
• Test rules rather than transactions
• Seldom compare data from disparate systems
• Weak SOD in small/medium-sized organizations
20
19
20

Traditional Role of the Examiner: Limited Use of Technology
 Data sets still growing in size and complexity
 Fraudsters using increasingly sophisticated methods
 Both the AICPA and theACFE specifically refer to the use of
data analysis to assist in fraud detection.
 DA brings broader scope, greater precision, higher
efficiency.
21
ROLE OF DATA ANALYTICS
22
21
22

Detecting Frauds with Analytics
Drill-down Analysis
 Review large population and determine true areas of risk
 Isolate “red flags” and drill down
Attribute Sampling
 Begin with entire population and filter for transactions matching
specific criteria
File Matching
 Compare separate data files and look for disparities or matches (e.g.
phantom vendors)
23
Benefits of Data Analytics
 Close control loopholes before fraud escalates
 Quantifies the impact of fraud
 Cost-effective
 Acts as a deterrent
 Can be automated for continuous auditing/monitoring
 Provides focus based on risk and probability of fraud
 Direct pointers to critical evidence
 Support for regulatory compliance (command logs)
24
23
24

DA Software Characteristics
 Review 100% of transactions
 Data integrity protection
 Scalable; no limit on file size
 Supports continuous monitoring/auditing through automation
 Compare data from different applications, systems, and character sets
 Perform tests that are designed for audit and control purposes
 Conduct tests proactively
 Maintain comprehensive logs of all activities performed
25
Benefits of Continuous Monitoring/Auditing
 Conducts tests consistently and efficiently
 Confirms/validates effectiveness of controls
 Mitigates deficient control structures
 Monitors data from disparate systems to provide holistic view of
transactions
 Provides independent assurance
 Identifies further process improvement opportunities
 Identifies suspicious transactions in a timely manner
 Reduces waste, enhances recoveries
26
25
26

Use of Spreadsheets: Risk & Limitations
• No data integrity
• Complexity and size
• No data integrity protection
• Purpose and use
• Number of users
• Frequency and extent of changes
• Potential for error
• Recent audits of 54
spreadsheets found that 91%
had errors*
• 30-90% of spreadsheets
suffer from at least one major
error*
Risks
• Data from diverse systems,
character sets
• Record volumes
• File sizes
• Audit trail
Limitations
*“The Use of Spreadsheets:
Considerations for Section 404 of
the Sarbanes-Oxley Act,” PwC, July
2004
27
NUMERIC ANALYTICS
28
27
28

Testing Transaction Values
Duplicate amounts
Round amounts
Benford's Law
Thresholds
Outliers
29
Duplicate Amounts
Filter out recurring payments (rent, support…)
Aggregate by user, vendor, product…
Same-Same-Different: Same vendor-same amount-within 14
days
30
29
30

Round Amounts
 Unlikely to be naturally occurring
 Use Modulus function to identify
 Can be granular
 Round currency units: $1.00 $6.00…
 Round hundreds: $300.00 $100.00…
 Round thousands $4,000.00
$8,000.00…
 Aggregate by user, vendor,
product…
 Recurring duplicates
31
Benford's Law: Distribution
 Frequency distribution of first or first two digits in population values vs
standard distribution
1st Digit Frequency
1 30.1%
2 17.6%
3 12.5%
4 9.7%
5 7.9%
6 6.7%
7 5.8%
8 5.1%
9 4.6%
32
31
32

Benford's Law: Population Characteristics
> 10,000 records
Be composed of similar data
Consist of single transactions
No artificial minimums or maximums
True value, not assigned numbers
33
Benford's Law 1st Digit Test: Result
Compare actual count to
expected count
Zstat ratio = number of
standard deviations from
the mean
Leading digit 5 is very high
Compare agent distributions
to population
34
33
34

Benford's Law 1st Digit Test: Frequency and materiality by agent
 Agent RST represents significant number and materiality of
exceptional items (leading digit = 5)
 Compare to distribution of entire population
35
Outliers
 Transactions or events that are
significantly different from the rest of
the population.
 Usually in terms of materiality, but can
also include date/age data
 Unexpected/extreme values
 GL journal entries
 T&E claims
 Vendor invoices
 Date/time gaps
 Interest/FX rates
 Payroll
36
35
36

Statistical Methods
Dynamic, based on entire current population characteristics
Possible with advances in computing power
Key methods:
 Standard deviations from the mean
 Median Absolute Deviation (MAD)*
 Logarithm of value + standard deviations*
For detailed presentations of these two methods, watch this webinar:
https://www.arbutussoftware.com/en/detecting-outliers-with-data-analytics
37
Standard Deviation
Measure of dispersal around the mean
Higher standard deviation value indicates greater spread
SD is based on the square of the distances from the mean
% distribution of values in normal distributions is constant
Two populations may have the same mean but different SD
value
One very large value can throw off SD
38
37
38

Standard Deviations from the Mean
Assumes a normal distribution
 Height, weight, etc…
Analysts usually look for values > 2 standard deviations above
the mean
Easily distorted by a small number of very large transactions if
it's a non-normal distribution
39
Normal Distribution: Female Height
#ofInstances
Height (cm)
+1 SD
172
Mean
165
-1 SD
158
SD: 7.1 cm
+2 SD
179
-2 SD
151
40
39
40

Normal Distribution of Values
SD Range % of Number
Greater than +3 SD 0.1%
Between +2 and +3 SD 2.1%
Between +1 and +2 SD 13.6%
Between Mean and +1 SD 34.1%
Between Mean and -1 SD 34.1%
Between -1 and -2 SD 13.6%
Between -2 and -3 SD 2.1%
Less than -3 SD 0.1%
2.2% of population is
greater than 2
standard deviations
above the mean.
41
Same Mean, Different SD
#ofInstances
Amount
42
41
42

Calculating Population Mean and Standard Deviation 1
 Run Statistics command including SD option
43
Calculating Population Mean and Standard Deviation 2
 Create filter for Amount > 2 SD using variables:
Amount > AVERAGE1 + (2 * STDDEV1)
Calculate share of
outliers. In this case, they
are 7.6% of the
population.
Drill-down to distribution
by agent.
44
43
44

Identifying Outliers by Category 1
Example: Outliers by agent
Requires mean and SD by agent to calculate each agent's 2 SD
threshold value
Use Summarize command to calculate the values in a new
table
Join transactions file to new table to populate with each
agent's 2 SD threshold
Filter for transaction values > 2 SD for each agent
45
Identifying Outliers by Category2
 Summarize by
Agent
 Open "Fields to
process" dialog
 Select "Amount"
twice
 Change Type to
AVG and
STDDEV
46
45
46

 Output file has mean and
SD by agent
 Create computed field
for 2 SD threshold
AVG_Amount + (2 * STDDEV_Amount)
47
 Open transaction file
 Join to agent threshold
file and add threshold
field
 Filter for Amount >
Agent_Treshold
48
47
48

IMPLEMENTATION
49
Implementation of a Fraud Detection Program
1. Build a profile of potential frauds which can then be tested
2. Analyze data to identify possible indicators of fraud
3. Implement continuous monitoring of high-risk business
functions to automate the detection process
4. Investigate and drill down into patterns which emerge via
data analysis/detection process
5. Review and update tests regularly
50
49
50

Key Elements of Success
Management recognition of fraud detection and prevention as
a strategic issue
Commitment to a solution
Recognition of role of continuous auditing
Expert support
51
Management & Practical Considerations
Data access
Software availability
Software training & support
Network infrastructure
Quantitative and qualitative benefits assessment
Documentation of testing
52
51
52

Benefits of Data Analytics for Fraud Detection
Increased productivity
Timeliness
Broader scope of coverage
Reduced risk
Higher quality control design & testing
Support for regulatory compliance
Deterrent effect
53
ABOUT ARBUTUS ANALYTICS
54
53
54

About Arbutus Analytics
Available in Spanish,
Portuguese, French, English
and Chinese
Founded in 2003 by Grant
Brodie, author of ACL
software
Founded in 2003 by Grant
Brodie, author of ACL
software
Suite of advanced data
analysis functionality
Suite of advanced data
analysis functionality
Multiple products that
enable cooperation and
data access
Multiple products that
enable cooperation and
data access
Used by auditors, fraud
investigators, and
compliance teams
Used by auditors, fraud
investigators, and
compliance teams
Thousands of users
worldwide in over 60
countries
Thousands of users
worldwide in over 60
countries
Relied upon by businesses
and governments
Relied upon by businesses
and governments
55
Arbutus Software Solutions
55
56

Direct Data Connections with Arbutus
Arbutus ODBC Connectors (Configured)
Active Directory Apache HBase Cassandra
SAP Concur Couchbase MS DynamicGP
Amazon DynamoDB REST Email (Outlook)
Excel MS Exchange GoogleBigQuery
Apache Hive JIRA MongoDB
MySQL NetSuite PostgreSQL
Quickbooks Amazon Redshift Salesforce
ServiceNow SparkSQL Splunk
SQL Server Xero
Direct Connections
Delimited files (.csv, .del)
Excel (.xlsx)
Access (.accdb, .mdb)
Flat files (.txt)
PDF
XML
AS400
Cobol Copybook
PL/1
dBase
ODBC databases
SAP (via SmartLink)
Any Questions?
Michael Kano (ACDA)
Data AnalyticsConsultant, Arbutus
mkano@arbutussoftware.com I Linkedin: Michael Kano
www.arbutusanalytics.com I Phone: (408) 887-4843
Presenter
57
58

APPENDIX 1: AREAS FOR EFFECTIVE TESTS
Application Areas for Data Analytics
 Accounts Payable
 Purchasing
 Purchase Cards
 Travel & Entertainment Expenses
 Payroll/HR
 IT
 General Ledger
59
60

Examples of Fraud Tests: Payables
 Questionable invoices
 Invoices without a valid P.O.
 Sequential invoices
 Over-billing
 Quantity shipped less than quantity ordered
 Item shipped of lower value than item ordered
 Duplicate invoices
 Multiple invoices for same item description
 Invoices for same amount on the same date
 Multiple invoices for same P.O. and date
Examples of Fraud Tests: Purchasing
 Questionable purchases
 P.O./invoices with amount paid > amount received
 Purchases of consumer items
 Split purchases
 Similar transactions for same vendor within specific timeframe
 Inflated prices
 Compare prices to standard price lists or to historical prices
 Phantom vendors
 Vendor/employee comparison
 Vendor has mail drop as sole address
62
61
62

Examples of Fraud Tests: P-Cards
 Split purchases to avoid purchasing card limits
 Purchases processed as two or more separate transactions
 Identified by isolating purchases from specific vendors within short
periods of time
 Favored vendors for kickbacks
 Trend analysis to compare current transaction volumes to previous time
period
 Suspicious purchases
 Transactions that occur on weekends, holidays, or vacations
 Use after employee termination
63
Examples of Fraud Tests: T&E
 Duplicate claims
 Submitting claims twice
 Tracking “no receipt” claims
 Isolate expenses without receipts and identify underlying
trends through profiling techniques
 Threshold reviews
 Track personnel exceeding thresholds
 Inappropriate activity
 Compare expenses to travel records to ensure expenses
claimed for valid trips
 Blacklisted vendors/MCC codes
64
63
64

Examples of Fraud Tests: HR/Payroll
 Phantom employees
 Watch list matching
 Vendor matching
 Segregation of duties
65
Examples of Fraud Tests: IT
 Segregation of duties
 Identity management (Active Directory)
 High-level access
 Application password configurations
 Data integrity
 Terminated users
66
65
66

Examples of Fraud Tests: General Ledger
 Manual journal entries
 End-of-period adjustments
 Keyword search
 Even (rounded) amounts
 Frequently reversed journal entries
 Infrequently used accounts
 Large credits to revenue just prior to quarter-end
 Topside entries
67
Join us for the next Arbutus Analytics webinar on Dec 10th / 1pm EDT.
Stay tuned for more details.
THANK YOU
67
68

Enhanced fraud detection with data analytics

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Enhanced fraud detection with data analytics

Similar to Enhanced fraud detection with data analytics (20)

More from Jim Kaplan CIA CFE

More from Jim Kaplan CIA CFE (9)

Recently uploaded

Recently uploaded (20)

Enhanced fraud detection with data analytics