This document discusses forensic data analytics and its use in fraud risk management. It begins with an agenda on key analytics trends, "big data thinking," and examples of anti-fraud use cases like employee and vendor transaction risk scoring. The document then covers the forensic data analytics landscape, increasing regulatory focus on advanced monitoring, and how analytics can help improve compliance efficiency. It discusses challenges of forensic data analytics and integrating visualization into risk management platforms. The document concludes with success factors for deploying forensic data analytics like focusing on priority projects and gaining leadership support.

1. Forensic Data Analytics
2015
Big risks requires big data thinking
Forensic data analytics use cases
Vincent Walden
Partner, EY
November 17, 2015

2. Page 2
Agenda
► Key analytics trends in fraud risk management
► “Big data thinking”
► Anti-fraud use case examples:
► Employee and vendor transaction risk scoring
► Payment stream analysis
► Text mining and dashboards to find potentially improper payments
► Social media analytics
► Email analytics, emotive tone and Fraud Triangle Analytics
► Cyber monitoring and events
► Integrating visualization into your risk management
platform

3. Page 3
The forensic data analytics landscape
► The regulators are upping their game
► Be ready - the regulators are investing in advanced monitoring
technology
► Big risks requires “big data” thinking
► New approaches to counter fraud and compliance monitoring,
beyond simple rules-based tests
► Compliance fatigue? Analytics can help
► Analytics can help improve efficiency and program effectiveness to
help compliance functions audit and monitor smarter – saving both
time and valuable resources

4. Page 4
Upping their game: SEC priorities around
forensic data analytics
-U.S. SEC Chair Mary Jo White, prepared testimony
before the Senate Appropriations Subcommittee,
May 14, 2014

5. Page 5
FDA business landscape
Data analytics is continued focus area in guidance
COSO: Internal Controls Integrated
Framework
1. Principal #8: Fraud Risk Assessment (COSO 2013)
2. New guidance coming in December 2015 will have
significant focus on the use of proactive forensics
data analytics
ACFE Report to the Nation on Occupational Fraud
1. For those companies with proactive data analytics in place, the
cost per fraud incident was 59.7% lower (roughly $100,000
lower per incident) than those companies not using proactive
data analytics – more than any other control listed in the
survey.
2. Further, the median duration of fraud based on the presence of
proactive data analytics was half the time at 12 months vs 24
months.
See 2014 ACFE Report the Nations on Occupational Fraud, Figures 37 and 38

6. Page 6
Forensic data analytics maturity model
Beyond traditional “rules-based queries” – consider all four quadrants
False Positive Rate
High Low
Structured
Data
Detection Rate
Low High
Unstructured
Data
“Traditional” rules-Based Queries &
Analytics
Matching, Grouping, Ordering,
Joining, Filtering
Statistical-Based Analysis
Anomaly Detection, Clustering
Risk Ranking
Traditional Keyword Searching
Keyword Search
Data Visualization & Text Mining
Data visualization, drill-down into
data, text mining

7. Page 7
Big data thinking

8. Page 8
Definition of Big Data
Gartner: Big Data is high volume,
velocity and variety information assets
that demand cost-effective, innovative
forms of information processing for
enhanced insight and
decision making.

9. Page 9
Big data techniques for counter fraud
► Multiple data sources
► Data visualization
► Text analytics
► Payment/transaction risk scoring
► Predictive modeling – technology assisted monitoring
► Pattern & link analysis
► Flexible deployment models

10. Page 10
Anti-fraud use case examples

11. Page 11
Employee risk scoring - Travel &
entertainment expense monitoring

12. Page 12
Vendor risk scoring - potentially improper
payments

13. Page 13
Text mining dashboard - payment
descriptions

14. Page 14
Text mining dashboard – drill down

15. Page 15
Text mining dashboard – word clouds and
stratification

16. Page 16
Social media analytics

17. Page 17
Email analytics: Emotive tone – secretive,
angry, derogatory emails

18. Page 18
Email analytics: Fraud triangle analytics
Fraud Triangle Analytics: Pressure/Opportunity/Rationalization
Employee term analysis
Term hit frequency over time

19. Page 19
Cyber monitoring

20. Page 20
Surveillance monitoring: executive dashboard
► Aggregate view of risks,
by incident
► Quick synopsis of
risk profile

21. Page 21
Surveillance monitoring: management dashboard
Risk ranking summary at the trader (employee) level
► Risk score by personnel ► Interactive dashboards

22. Page 22
Management alert screen
Trader alert initiation
► Create customized
alerts
► Transparency across multiple data sources:
trades, voice, email, chat, entertainment, etc.

23. Page 23
Trader communication review screen – text
analytics using Watson Content Analytics
► Sentiment analysis
highlighted using WCA
► Issue coding
and tagging

24. Page 24
Integrating visualization into your risk
management platform

25. Page 25
How is fraud detected?
50% by tip or accident demonstrates the need
for improved analytics
2014 ACFE Report to the Nation on Occupational Fraud

26. Page 26
Start with the “Fraud Tree” of schemes
Fraud tree
Cash
larceny
Theft of
other assets
– inventory/
AR/
fixed assets
Revenue
recognition
Non
financial
Conflicts
of
interest
Bribery and
corruption/
FCPA
Illegal
gratuities
Bid-rigging/
procurement
Corruption Fraudulent statements
Asset misappropriation
Fake
vendor
Payroll
fraud
T&E
fraud
Theft of
data
GAAP Reserves
General focus of auditors
General focus of
internal auditors
General focus of the regulators
(opportunity for Auditors and Investigators)

27. Page 27
Today’s biggest forensic data analytics (FDA)
challenges
Source: 2014 EY Global Forensic Data Analytics Survey (www.ey.com/fdasurvey)
2%
3%
3%
4%
5%
5%
6%
6%
8%
9%
10%
10%
15%
15%
26%
0% 5% 10% 15% 20% 25% 30%
Uncertainty about the relevance of FDA in the Company
FDA producing positive results to indicate and prove any fraud or…
FDA is not prevalent to the culture
Huge volume of data to analyze
To identify fraudulent information across large data sets
Lack of human resources or manpower to operate FDA
Spreading the FDA culture across different Business Units
Difficulty in adapting FDA to comply with different regulations in…
Poor quality or lack of accuracy in the data
To prevent fraud rather than discover fraud
FDA is too expensive
Convincing senior management or the company about the benefits of…
Improving the quality of the analysis process
Challenges with combining data across various IT systems
Getting the right tools or expertise for FDA

28. Page 28
Integrating dashboards into an boarder fraud risk
management platform
Visualization: Detect
fraud within a business
process
Case Management: Assign
tasks, flag transactions and
delegate projects for review
Statistical: Apply fraud
insights and automated
alerts to take action in
real or near time –
when it matters
Pattern & Link: Uncover
hidden fraud and
relationships
Detect
Investigate
Respond
Discover

29. Page 29
An enterprise approach, based on solutions
Entity and Social
Network analytics
Predictive
analytics
Behavioral /
Geospatial
Prioritized
Incidents
Business
intelligence
Context / Text
analytics
Decision
management
Content
management
Case
management
Forensic
analysis
Beneficiaries
Legal & compliance
(including M&A)
Internal Audit
Big Data, scalable platform, delivered on desktop or mobile device
► Flexible approaches, reports and
capabilities for each beneficiary
► Changing risks requires flexible tools
► Knowing “who is who” is key to
identifying patterns & opportunities
► Reduced false positives, better ROI
► Cross enterprise view of exposures
► Expedient audits/ investigations
► Data transparency, no “black box”
Data Governance and Collaboration
Shared Services
& Finance
BU Leadership
& Corporate
Internal Sources
External Sources
Other
beneficiaries
Enterprise Platform
Security
intelligence &
Cyber
Social
media feeds
Shared svcs.
data feeds
ERP systems
Sanctions &
watchlists
News feeds &
adverse media
Internal
reports &
communications
Master &
reference data
Embedded
Intelligence
Activity
Monitoring
Dark Web

30. Page 30
Five success factors in deploying FDA
1. Focus on the low hanging fruit, the priority of the first project
matters
2. Go beyond traditional “rules-based” tests – incorporate big data
thinking
3. Communicate: share information on early successes across
departments / business units to gain broad support
4. Leadership gets it funded, but interpretation of the results by
experienced or trained professionals make the program successful
5. Enterprise-wide deployment takes time, don’t expect overnight
adoption

31. Page 31
Questions or discussion

32. Page 32
Contact information
Vincent Walden
Partner, EY
212-773-3643
vincent.walden@ey.com