Upload
millicent-watkins
View
217
Download
0
Embed Size (px)
Citation preview
Page 1Page 1Page 1
Mitigating Fraud and Corruption Risk Using Data Analytics
Jeffrey Harfenist, CPA, MBABDO Consulting, Global Forensics Practice Leader - Southwest
Page 2Page 2Page 2
AGENDA
• Discussion of trends concerning fraud risk, compliance and the use of technology to mitigate fraud risk
• Considerations in the preparation of a fraud risk assessment
• Implementing forensic tools to mitigate risks associated with fraud and corruption risks
• Case examples
• Doing more with less – the benefits of employing monitoring tools
Page 3Page 3Page 3
Reporting structure
– Involvement of Board of Directors & Executive Management
Working with limited resources
– Strong Demand to do more with less
Increased focus on risk assessment and monitoring
– Measuring effectiveness of compliance programs
Growing adoption of technology
– Using technology to monitor fraud and analyze data
In-House Trends
Page 4Page 4Page 4
TECHNOLOGY
RISK ASSESSMENT & MONITORING
RESOURCES NEEDED
Professionals responsible for compliance risk measures are increasingly reporting to higher levels in the company…
81% Companies list executives as top beneficiaries of Data Analytics; 68% list Boards
INVOLVEMENT OF BoD & EXEC MGMT
HEAD OF LEGAL WHO REPORTS TO CEO:Globally = 21%N. America = 26%Europe = 16%
HEAD OF ANY OTHER FUNCTION WHO THEN REPORTS TO CEO:Globally = 8%N. America = 10%Europe = 6%
DIRECTLY TO THE BOARD: Globally = 31%N. America = 30%Europe = 32%
DIRECTLY TO CEO:Globally = 40%N. America = 34%Europe = 46%
In-House Trends
Page 5Page 5Page 5 5
INVOLVEMENT OF BOARD & EXEC MGMT
TECHNOLOGY
RISK ASSESSMENT & MONITORING
RESOURCES NEEDED
46% of Directors are more focused managing fraud risk
66% Directors are placing greater emphasis on awareness of fraud risk
88% Companies list compliance as the top concern of GCs, CEOs & BoDs.
66% Expect staffing costs to increase
65% Believe staffing constraints are the biggest obstacles to their ability to detect or mitigate risk
63% Believe data analytics is cost effective
Strong demand to do more with less!
In-House Trends
Page 6Page 6Page 6 6
TECHNOLOGY
RESOURCES NEEDED
INVOLVEMENT OF BoD & EXEC MGMT
RISKASSESSMENT & MONITORING
Increasing governmental emphasis on assessing risk
88% Boards include risk into strategic discussions
68% Companies try to measure effectiveness of compliance
90% Believe data analytics enhances risk assessment
74% Companies use data analytics when investigating fraud or bribery
In-House Trends
Page 7Page 7Page 7 7
RISK ASSESSMENT & MONITORING
RESOURCES NEEDED
INVOLVEMENT OF BoD & EXEC MGMT
TECHNOLOGY
90% of the world’s data has been generated only in the past 2 years
79% Believe data analytics can review larger amounts of data in a shorter amount of time
82% Believe it can detect fraud & corruption sooner
89% Believe it can detect potential misconduct that it couldn’t detect before
26% Companies are actually using technology for monitoring fraud (and growing)
In-House Trends
Page 8Page 8Page 8 Page 8
• Male, between 30 and 45 (approx. 53%)
• High level of education
• Works in accounting, sales or operations
• Approx. 7% had been charged with or convicted of a crime before
• Typically involved in a billing scheme or corrupt behavior
Who is The Perpetrator
Page 9Page 9Page 9 Page 9
There Is A Better Way
Assessing Company Risk
Page 10Page 10Page 10
Fraud’s Trajectory
Typically starts out small
Increases in complexity and aggressiveness
Often grows in magnitude, and number of participants
Will rarely cease on its own accord
Page 11Page 11Page 11 Page 11
Traditional Approach
Page 12Page 12Page 12 Presentation TitlePage 12
Pressure + Opportunity = Trouble Ahead
Page 13Page 13Page 13
Pressure
Opportunity Rationalization
The Fraud
Triangle
Living beyond one’s means
Market approaching saturation
Pending bankruptcy or
delisting
Unrealistic revenue and profit
expectations
Significant related party transactions
Significant use of
estimates
Highly complex transactions
Substantial overseas
operations
High turnover in senior
management
Ineffective systems and
controls
Failure to achieve results is
unacceptable
Compensation is contingent on
results
The activity is not criminal
Ensuring goals are being met
Competitors are doing it
Happening at the highest
levels
Feeling of entitlement
The Fraud Triangle
Page 14Page 14Page 14 Prospect name − Document titlePage 14Page 14
Particular risk factors might include:
• Level of anti-corruption compliance policies, procedures, and controls in place
• Content of training regimens (Internal Audit)
• Procurement process (control environment)
• Product life cycles, sales cycles, and performance issues
• Competitive landscape
• Pace of international growth
• Acquisitions
• Compensation structure
Assessing Specific Risk Factors
Page 15Page 15Page 15 Presentation TitlePage 15
Inefficiency Drives Cost
Employing Forensic Tools
Page 16Page 16Page 16
Analyzes the company’s existing data
Looks for transactions and relationships that fail to fit existing norms or company parameters (Potentially Anomalous Transactions or “PATs”)
The larger the data set, the more robust the results
There are a number of existing tools available
Data Analytics Overview
Page 17Page 17Page 17
Internal Drivers for Employing Forensic Tools
Data volumes are growing exponentially
People fail to identify complex patterns and anomalous trends
Business processes and controls don’t operate perfectly
Toxic employees exist
Performance pressures have not abated
Compliance assets are being spread thinner
Collusive behavior is on the rise
Page 18Page 18Page 18 18
The Impact of Collusion
Page 19Page 19Page 19
Trying to Identify Several Issues
High risk relationships:
• Usual suspects
• Undisclosed affiliations
• Questionable payment attributes
Potentially Anomalous Transactions
• Represent a fraction of the overall transaction volume
• Designed to “hide in plain sight”
• Fall outside the Company’s “norms”
Page 20Page 20Page 20
Example: Link Analysis
Page 21Page 21Page 21
Example: Duplicate Vendors
Page 22Page 22Page 22
Payroll per Job Description
Example: Payroll Trends
Page 23Page 23Page 23
Example: GL Entries without Description
Page 24Page 24Page 24
Example: GL Entries without Description
Page 25Page 25Page 25
Data Analytics: Challenges
Accessibility:
– Are there issues with legacy systems and acquisitions?
Reliability/Completeness:
– Do non-numeric fields contain numeric data (and vice-versa)?
– Can it be reconciled to a control point?
Integrity:
– Has data transferred from legacy systems been adversely affected, altered, corrupted or truncated?
Consistency:
– Are date formats consistent across the data sets?
Page 26Page 26Page 26
Theft via “Conflicted” Purchases
Common schemes for Purchases from conflicted vendors:
[What This Means: Buying from a supplier/vendor where the employee has an undisclosed interest.]
– Employee negotiates a higher price than normal
– Bid rigging, manipulating competitive quotes
– Purchases of off-grade product disguised as a good product
– Employee approves invoices for phantom goods or services
Page 27Page 27Page 27
Misappropriation of Assets
Presentation TitlePage 27
Page 28Page 28Page 28
Analytical Testing - PATs
• Stratification
• Gaps/Duplicates
• Filter/Sort
• Non-Recurring
• Aging
• Join/Relate
• Relational Analysis
• Ratio Analysis
• Frequency Analysis
• Missing Data
• Trends/Regression
• Benford’s Law
Page 29Page 29Page 29 Page 29
0
20
40
60
Invoic
e D
ate
v
s.
P
aym
en
t D
ate
Time
Vendor Payment Attribute Analysis
Page 30Page 30Page 30
1. Sale Takes Place
3. Proposal Prepared
6. Program Management
2. Engineering Analysis Performed
4. Procurement Takes Place
5. 4 Fraudulent Invoices Sent
$45mm – 90% Materials & 10%
Eng. Hours
$4.5mm in Engineering Cost @ $150/Hour – or
30,000 Total Hours
22,000 Internal Eng. Hours @ $150
$4.5mm Actual vs. $4.5mm Budget
$600,000
8,000 Contract Eng. Hours @ $75
for Total Cost of $3,900,000
Collusion Creates Slush Fund
Page 31Page 31Page 31
Relevant
Data Sets
Inconsistency in
Vendor Data
Frequency
Anomalies
Invoice Anomali
es
High Value
Coordinate Analytics
Page 32Page 32Page 32 Page 32
Doing More
With Less
Employing Monitoring Tools
Page 33Page 33Page 33 Page 33
Data mining software coupled with
advanced analytics and exception management capabilities
Established forensic protocols and
recognized investigative methods
• Real-time (or near real-time) detection of: Inefficiencies in purchasing Potentially anomalous
transactions High-risk relationships Compliance failures Circumvention of controls
The Monitoring Process
Page 34Page 34Page 34 Page 34Page 34
Policy Violations
Vendor Change /
Change Back
Incorrect Accounting
Procurement Exceptions
Outlier Exceptions
Data Anomalies
An Integrated Monitoring Approach
Page 35Page 35Page 35 Page 35
Ongoing Monitoring Evaluates 100% of the
transactions or associated target functions
Transactions or functions requiring further review are identified in real-time (or near real-time)
Process is highly automated and can be repeated on as frequent a basis as required
Automatically brings in relevant outside data
Leads to optimal allocation of limited internal resources
Timely correction of errors and identification of prohibited behaviors
Traditional Approach Evaluates only a small percentage
of transactions or targeted functions
Transactions or functions requiring further review are identified during scheduled reviews
Process is somewhat automated and is repeated on a rolling basis as determined by IA
Outside data is considered only if it is specifically sought
Internal resources are dispatched in less than optimal fashion
Errors and prohibited behaviors are not identified on a timely basis
Monitoring vs. Traditional Approach
Page 36Page 36Page 36 Page 36
Identify potential instances of non-compliance on a timely basis
Implement measures to fill gaps in the existing control environment
Improve/augment the qualitative nature of data being captured
Objective basis for quantifying system-wide risk
Monitor compliance and ongoing risk of newly acquired businesses
Uncover and eliminate high risk 3rd party relationships
Evaluate training regimens
Improve/augment existing IA protocols
Assess overall compliance with the books & records provisions of the FCPA and other pertinent laws
Additional Ongoing Benefits Include…
Page 37Page 37Page 37 Page 37
Q & A