Using Technology to Automate Fraud Detection Within Key ... · control strategy, including fraud detection Risk and controls management systems in place CA and CM in operation Risk

Using Technology to Automate

Fraud Detection Within Key

Business Process Areas

2013 ACFE Canadian Fraud Conference

September 10, 2013

John Verver, CA, CISA, CMA

Vice President, Strategy

ACL Services Ltd

2 © ACL Services Ltd. ACL | Transforming Audit and Risk

Topics

Fraud detection and integrated audit, risk management and compliance

Role of data analysis technology in fraud detection

Automation of fraud detection analytics and continuous monitoring

Practical steps for implementation

Examples of fraud tests for key business process areas


Integrated Audit, Risk Management, and

Compliance

Enterprise Risk Management gaining momentum

Fraud a key focus area for risk management and control

Increasing trend toward continuous risk and control assessment

Technology is critical but underutilized

“Data driven” risk management, control, and compliance


Technology and Fraud Detection

Surveys by IIA, Big 4, and ACL

Technology: a critical factor for successful performance in risk

management, audit, and fraud detection

Data analysis is the technology expected to have the greatest

impact on effectiveness and productivity.


Fraud and Risk Management

ACL’s 2013 Survey of 2,200 audit, risk management, and

compliance professionals

Internal fraud and abuse area of highest concern


Decide on Strategic Approach

Integrate fraud-detection analytical testing into those of overall

risk management and control?

Automated fraud detection as a standalone function?


Fundamentals of technology for fraud

detection

Analyze 100% populations of transactional data (plus master

data and application control settings)

Identify indicators of fraudulent activities

Overall statistical analysis to indicate anomalies (“don’t know

what you don’t know”)

Specific analysis to identify specific circumstances that indicate

a high probability of fraud

Compare data across different databases and systems

Generate “exceptions”—suspect items for review and

investigation


Capabilities of data analysis

technologies for fraud detection

Pre-built analytic routines

– classification, stratification, duplicate testing, aging, join, match, compare,

statistical analysis, digital analysis (Benford)

Flexibility to support full automation and complex tests

Automated logging

Ability to access and manipulate a broad range of data

Scheduled automatic processing

Security

Workflow and exception management

Dashboard reporting


Continuous Monitoring Model

Access transactional data from disparate sources

Controls & Compliance Rules

Historical and statistical

transactional profiling

Significant Control Breaches

Suspect Transactions

Transactional Data

Data Data Data

Alerts

Findings

Financial & Business Unit Managers & Audit

Management & Audit Action

Immediate notification

of critical exposures

Transactions detailed

for further analysis

Investigations, recoveries, and

improved controls and

procedures

Test transactional data against established internal control

rules and transactional profiles


Audit Analytic Capability Model

Sophistication

Aud

it C

ontr

ibut

ion

Hindsight

Insight

Foresight

Level 4

Automated

Level 5

Monitoring

ad hoc repetitive continuous

Level 3

Managed

Level 2

Applied

Level 1

Basic



Sophistication

Aud

it C

ontr

ibut

ion

Hindsight

Insight

Foresight

Level 4

Automated

Level 5

Monitoring


Level 3

Managed

Level 2

Applied

Level 1

Basic

Ad Hoc 67%

Automated

Repeatable 22%

Continuous 11%

Survey responses: Level of current audit analytics usage



Sophistication

Aud

it C

ontr

ibut

ion

Hindsight

Insight

Foresight

Level 4

Automated

Level 5

Monitoring


Level 3

Managed

Level 2

Applied

Level 1

Basic

0%

Survey responses: Level of highest desired analytics usage

0%

30%

3%

67%


Continuous Monitoring for Fraud

Detection

Timely repeated processing of tests against recent transactions

Provides timely insight and reduces risk of fraud escalation

Actual timing varies according to cycles of the underlying

process

Technically, progression from ad-hoc test processing to

continuous monitoring is not usually complex

Critical issues to address are people and process


Implementation steps for effective and

sustainable fraud detection (1)

Define overall objectives, including decision on fraud detection

as part of an overall risk management and control testing vs.

standalone function

Assign roles and responsibilities

Define fraud risks to be tested—“fraud risk universe”

For each fraud risk, establish data analysis fraud detection test

in terms of:

– data requirements

– data access processes

– analysis logic


Implementation steps for effective and

sustainable fraud detection (2)

Coordinate with IT department

Develop tests

Validate tests

Establish timing and responsibilities for automated test

processing

Establish workflow and responsibilities for exception

management and resolution

Implement reporting processes


Fraud tests for key business process

areas

Start with core set of basic tests for a business process area

Progressively build and implement a broader “library” of tests

for different business process areas

In practice, organizations may establish large libraries of tests

over a period of time

Fraud specialist or auditor is often in best position to

understand specific fraud risks in given business process

Develop analytics to reflect

1. known risks

2. potential risks in circumstances that are not likely to be foreseen

(DKWYDK)


Examples of fraud tests for Purchase to

Pay (1)

P.O. with blank / zero amount

Split P.O.s (multiple under approval threshold)

Duplicate invoices (same #, same amount same date, same

vendor same amount)

Invoice amount paid > goods received

Invoices with no matching receiving report

Multiple invoices for same P.O. and date

Pattern of sequential invoices from a vendor


Examples of fraud tests for Purchase to

Pay (2)

Unapproved vendors

Suspect purchases of consumer items

Employee and vendor with same:

– Name

– Address

– Phone number

– Bank account number

Vendor address is a mail drop

Payment without invoice

Vendor master—changes for brief periods


Examples of fraud tests for Procurement

Cards

Purchases of consumer items

Suspect vendors

Prohibited merchant codes

Transactions made on weekends or holidays

Split transactions (multiple items under threshold)

Duplicate purchases (same item multiple employees)


Examples of fraud tests for Order to

Cash

Unusually high sales discounts

Unusually high credit terms or limits

Frequent credit memos to the same customer

Shipments where employee address matches the ship address


Examples of fraud tests for Payroll /HR

Terminated employees still on payroll

Multiple employees with same address

Unusually high O/T amounts and rates

Invalid SSNs

Unusually high commissions


Examples of fraud tests

More information on fraud tests by business process and

industry is available on www.acl.com

Other resources include:

– TBD

http://www.acl.com/


Best Practices for Integrated Fraud Detection

An integrated approach for technology in Audit, Risk,

and Control

Technology and data analysis as an integral part of risk and

control strategy, including fraud detection

Risk and controls management systems in place

CA and CM in operation

Risk and controls management systems integrate with fraud

detection objectives and audit risk assessment and planning

“Data Driven Risk Management”

“Data Driven Fraud Detection”


Los Angeles Unified School District—Belmont

Learning Center

Data analysis use resulted in the identification of fraud and

abuse in excess of $70 million Fictitious vendors

Duplicate payments

Overbilling

No competitive bidding

Policy violations Exceeding purchasing limits

Improper coding

Some Real World Case Studies


U.S. government agency

– $6.5 billion in annual procurement card purchases

Situation

– Millions of transactions occur each year

– Management oversight limited due to large number of

direct reports

– Organization encouraged to spend more using P-cards

due to rebate program

– Bad publicity resulted in more oversight from Congress





Approach

– Used data analysis to monitor 12 million transactions

– 38 indicators of inappropriate transactions established

and compared to actual data

– Data from disparate sources integrated including

employee listings, authorizations, merchant

restrictions, credit limits





Result

– Identified $38 Million in suspect transactions (13,500

transactions or 0.001%)

– 2,000 cardholders flagged for further investigation

– Created timely and cost-effective reporting system to

follow-up with vendors and banks in subsequent

recovery process



For more information

John Verver

Vice President, Strategy

ACL Services

[email protected]

www.acl.com

Tel. (604) 646 4230

Documents

Using Technology to Automate Fraud Detection Within Key ... · control strategy, including fraud detection Risk and controls management systems in place CA and CM in operation Risk