02/18/2010 Meeting - Data Analytics

Leveraging data analysis toLeveraging data analysis to identify fraud patterns and issues

Satish LalchandDeloitte Financial Advisory Services LLPDeloitte Financial Advisory Services LLP

Jason BeckCISCO

February 18th, 2010This presentation contains general information only and Deloitte Financial Advisory Services LLP is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for suchaccounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.

Deloitte Financial Advisory Services LLP shall not be responsible for any loss sustained by any person who relies on this presentation.

Agenda

Introduction

Current environment and challengesCurrent environment and challenges

Strategies for identifying fraud and leveraging analytics

fData analytics concept and sources of data

Leveraging analytics to identify :1 Vendor fraud1. Vendor fraud2. Employee fraud3. Revenue manipulation4. Foreign Corrupt Practices Act (“FCPA”) and commercial corruption issues

Tools for analysis

Copyright © 2010 Deloitte Development LLC. All rights reserved.1

Questions

Deloitte Survey Indicates that Executives Believe Economic Stress can Lead to Increase in FraudEconomic Stress can Lead to Increase in Fraud

Economic stress can result in increased pressure on professionals to meet earnings and revenue targets and increase risk of misappropriation g g pp pof assets fraud due to layoffs and cost cutting measures.

According to an online survey in October 2008 of 249 executives from a cross section of industries including financial services, industrial manufacturing, energy and utilities, consumer products, and insurance

d t d b C li W k b h lf f D l itt Fi i l Ad iconducted by Compliance Week on behalf of Deloitte Financial Advisory Services LLP, over 90% of respondents expect fraud activity to remain steady or increase1


1 http://www.deloitte.com/dtt/cda/doc/content/us_fas_fraud_downturn_survey_v2_290109.pdf

Uptick in Fraud ?

“As economic conditions soften around the globe, fraud risks for

Fraud Fearsa ou d t e g obe, aud s s obusinesses appear to be on the rise. A slowing economy may increase pressure on companies to meet — and often exceed — short-term

Industry ManufacturingFinancialServices Other

Decrease 1 0% 0 0% 0 0%performance goals…It is this mindset in slower economic times that can contribute to increased fraudulent activity.”

significantly 1.0% 0.0% 0.0%

Decrease somewhat 2.0% 5.7% 3.7%

Don’t know 2.0% 5.7% 7.4%y– “Financial Fraud: Does an economic

downturn mean an uptick?”Deloitte Financial Advisory Services LLP

Increasesignificantly 4.9% 3.8% 6.2%

Increase somewhat 40.2% 45.3% 39.5%

Stay the 50% 39 6% 39 5%Stay thesame 50% 39.6% 39.5%

Source:Compliance Week/Deloitte Survey on Fraud (October 2008)


Potential Challenges Faced by Internal Audit

• Need to enhance regular internal audit cycle with increased fraud monitoring g– Increase in scope of program– Additional procedures to be performed

• Reduced Internal Audit staff and budgets– Demand for increased cost effectiveness– Most value out of proceduresMost value out of procedures– Aim for high coverage

• Global versus domestic scope• Global versus domestic scope – Internal Audit has a global role– Limit on travel expenses

Need to identify areas and countries to focus on


– Need to identify areas and countries to focus on

Potential Challenges Faced by Internal Audit (contd.)

• Affordability of a techology solution– Custom solution to be built ?Custom solution to be built ?– Very large volumes of data– Need for tools to capture, reconcile, analyze, and report data– Data security and confidentialityData security and confidentiality

• Lack of interface to financial and reporting systemsMultiple accounting systems– Multiple accounting systems

– Challenges in procuring data– How do I run my tests on SAP? Oracle?

What do I need to know to get started ?– What do I need to know to get started ?


Strategies for Identifying Indicators of Fraud

Approaches Rules Profiling Advanced or Predictive analytics

Blend

• Detect known patterns

• Set up rules to filter suspicious transactions

• Build profiles of customers, transactions, and accounts

analytics• Knowledge

discovery —databases and system

• Combination of existing approaches

• Detect and keep track of new patterns

E al ate set

and system

• Evaluate set of data for learning

Suitable forSuitable for IndustrySuitable forSuitable forunknownpatterns

Suitable forknown

patterns

Industryleading

practices

Suitable forcomplexpatterns


Data Analytics — Concept

1. Anomaly testing

Data analyticsEntities

S li2. Profiling

3. External list comparisons

4 Keyword searchesCustomers and agentsEmployees and contractors

Suppliers

4. Keyword searches

Third-partydata sources

Accounting data sources Transactions of entities

Customers and agents

World-Compliance

PEP Data

AR

APEmployeeExpense

and Payroll • Financial Sub ledgers(AP/AR/GL)• Entertainment expenses

Valid address database

User-defineddata sources

Keywords Names of

CustomersGL

AR Vendors123 $17.261233 $14k3433 $49

…

• Entertainment expenses• Payroll• Credit cards/expenses• Expense reimbursement• Time keeping


Keywords(advanced)

Names of InterestEmployees

Cash Ledger • Contractor payments

Identifying Potentially Relevant Data Sources

ERP

Generall d

PayrollAccounts

blAccounts

i blledgery

payable receivable

Master Analytic Data Store

Thi d t d t

Internal auditleads

I t i

E-mails, files, and computer images

Third-party data Interviews

Strategic Cost Management

Customer Relationship Management

Call center Sales MarketingManufacturing

Supply chainmanagement


g

Leveraging Analytics to Help Identify Potential . . .

• Vendor fraud• Employee fraud

R i l ti• Revenue manipulation• Foreign Corrupt Practices Act (“FCPA”) and commercial corruption

issues

Following slides will outline some potential areas topconsider.


Introduction to Vendor Fraud

• Ghost Vendors Di b t S h• Disbursement Schemes

• Conflicts of Interest

The following slides will outline some potential fraud schemes and provide a relevant case studyand provide a relevant case study to consider specific fraud examples for each situation.


This scheme represents a fraudster creating and making payments to a fictitious

Vendor Fraud – Ghost VendorsThis scheme represents a fraudster creating and making payments to a fictitious or ghost vendor within the accounts payable system

No Indicators Data Analytic Detection Procedures

1 Insufficient documentation for Vendor set up

Invalid Tax ID

Query vendor master records for invalid/missing information

Invalid Tax ID (ex: 99-9999999)( )

Blanks and Null values

2 Incorrect contact information for VendorsTelephone numbers

Verify validity and type of phone numbers provided by vendorsTelephone numbers

Fax numbers Validate telephone numbers against 3rd

party data sources through batch runs

Match vendors telephone number with company’s telephone numbercompany s telephone number

3 Invalid/Erroneous address information for Vendors

CMRA

Perform address verification Compare vendor address against 3rd

party address database to determine


CMRA

PO Box address

Undeliverable address

p ythe validity of the address

This scheme involves the distribution of funds from the company in overbilling or

Vendor Fraud – Disbursement Schemesp y g

other unauthorized disbursement schemes.


1 Invoices created during non-business hoursSaturdays, Sundays & Public Holidays

Compare the document dates of invoices to a data table comprising of dates for Public Holidays

E N Y D Ch i tEx: New Year Day, Christmas

2 Invoices with fewer digits than standard numbering or sequential invoice numbers

E 111 001 022

Summarize invoice numbers for each vendor to observe hidden pattern

Steadily increasing invoice numbersEx: 111, 001, 022

Invoices that are consistently expedited for payments

Steadily increasing invoice numbers

Calculate the difference between invoice date and check date

3 Payments/Checks without supporting Perform analysis on check register3 Payments/Checks without supporting documentation for goods/services provided

Missing invoices, Purchase Orders

Perform analysis on check registerInvestigate unsupported payments (i.e. checks lacking invoices or P.O.’s)

4 Invoices from two different vendors with Data match on SKU number or


4 Invoices from two different vendors with similar/same product/service description with significant price variance

Data match on SKU number or description of a part/product/services provided between 2 unrelated vendors

Vendor Fraud – Conflict of Interest

This scheme involves an employee to vendor or vendor to vendor relationship that may result in preferential treatment


1 Shared elements (PII) between employees Perform comparison between and vendors

Address

Telephone Number

employee master records and vendor master records

Emergency contact for employees match with vendor contact information

Bank Account Number

SSN/Tax ID

match with vendor contact information

Public Data SourcesPublic Data Sourceswww.411.comwww.blackbookonline.comwww.dogpile.comwww.anywho.com


www.peoplesearch.net

Vendor Fraud – Conflict of Interest (contd.)

Data Visualization – Shared Bank Accounts


Vendor Fraud Case Study – Manufacturing Company

• Private manufacturing company defrauded by an employee

• Fraudster backgroundPurchasing manager with three years at the CompanyGranted “super user” system accessGranted “super-user” system accessInvolved in fraudulent vendor payment scheme Adept at covering up paymentsEventually terminated for fraudulent usage of p cardEventually terminated for fraudulent usage of p-card


Vendor Fraud Case Study – Manufacturing Company (contd )

• Elements of fraudSuper user access allowed fraudster to create vendor accounts

(contd.)

Super-user access allowed fraudster to create vendor accountsPerpetrated fraud through multiple employee log-ins Lack of system control to validate vendor data entry Use of legitimate product data by fraudulent vendor for falsified salesUse of legitimate product data by fraudulent vendor for falsified sales


Vendor Fraud Case Study – Manufacturing Company(contd )

• How fraud was detected Unrelated fraudulent action by fraudster triggered questions

(contd.)

Unrelated fraudulent action by fraudster triggered questionsPerformed data analytics on vendor and accounts payable dataUse of legitimate product data by fraudulent vendor

• Monetary outcome of fraud– $650,000


Introduction to Employee Fraud

• Ghost Employees• Expense and P-Card Irregularities

P ll• Payroll

The following slides will outline some potential fraud schemes and provide a relevant case studyand provide a relevant case study to consider specific fraud examples for each situation.


Employee Fraud – Ghost Employees

This scheme is to create a ghost or a false employee within the employee master data and process payroll for this fictitious employee

Data Analytic DetectionNo Indicators Data Analytic Detection Procedures

1 Insufficient documentation for employees in HR system

Query employee master records for invalid/missing informationHR system invalid/missing information

Blanks and Null values

2 Invalid SSN for employees in the HR system Verify employee social security data against a 3rd party databaseaga st a 3 pa ty database

Ex: SSN of a deceased individual being currently used

3 Employees set up multiple times in the Identify employees with the same p y p pemployee master data

Reissue employee IDs to rehires

y p yname

Perform match of employee names that sound similar


Employee Fraud – Expense and P-card Irregularities

This scheme is to create a fictitious expense or p-card transaction

No Indicators Data Analytic Detection ProceduresProcedures

1 Expense transactions just under the approval threshold limit

Identify multiple expense transactions for the same expense type just below approval threshold yp j ppamount

2 High volume or increased dollar value expenses for generic expense types

Profile expense transactions for increased volume and dollar value for specific employees

Miscellaneous, Unknown, Other, etc

3 Identical transactions in expense and P-Card system for the same amount.

Query for transactions across expense and P-Cards system with same name amount and similar


same name, amount and similar dates

This scheme creates fictitious salary wage and bonus payments

Employee Fraud – PayrollThis scheme creates fictitious salary, wage, and bonus payments

No Indicator Data Analytic Detection Procedures

1 Increased volume of overtime payments Identify exempt employees receiving non-exempt or overtime wages

Identify employees receiving more than one salary payment per paythan one salary payment per pay period

2 Employees with high volume or increased dollar value bonus payments.

Query employee bonus payments and filter results by job title.dollar value bonus payments. and filter results by job title.

Filter employee payroll records for employees receiving bonus payments equal to or greater than salary payments

3 Payroll disbursements to employees who are not in the HR records

Match employee payroll listing to HR records


Verify Social Security information with 3rd party data source

Employee Fraud Case Study – Non-Profit Organization

• Non-Profit organization defrauded by multiple employee'sWeak controls surrounding payroll payments– Weak controls surrounding payroll payments

• Backgroundg– Employees set up multiple times in the payroll system– Employees using invalid Social Security Numbers– Ghost employees were associated with Social Security Numbers that were p y y

registered for a death benefit claim


Employee Fraud Case Study – Non-Profit Organization(contd )

• Elements of fraudBonus payments were approved in a decentralized manner which allowed

(contd.)

– Bonus payments were approved in a decentralized manner which allowed employees to receive multiple payments

– Two bonus categories existed in the payroll system that did not exist in the payroll manualp y

– Non-eligible employees were receiving longevity bonus payments– Employees setup multiple times in the system were receiving multiple

paychecks and not notifying the company– Pay codes were set up on the fly by the

benefits group


Employee Fraud Case Study – Non-Profit Organization(contd )• How fraud was detected

– Performed unexpected relationship testing on employee data and discovered l l i l i i h

(contd.)

employees setup multiple times in the system– Used data analytic techniques on payroll data to determine employees who

were not eligible to receive bonus paymentsIdentified employees who received more than one bonus in the same year– Identified employees who received more than one bonus in the same year


Analyzing Multiple Sources - Strategy

PayrollHR Accounts

payableExpense

disbursement

payable

P-card

Address verification Shared elements testing

Accountsreceivables

Vendors

Benford’s law

Duplicate payments

Management reporting

Unexpected relationships

High-risk focus

SSN testing

Overpayments

Manual and special paymentsUnexpected relationships

Test internal controls

Manual and special payments

Client-customized testing

External data Scoring verification

Employee fraud

galgorithms

Vendor fraud


Revenue Manipulation

• Understand sales and related transactions– Profile and graph sales, rebates and discount datag p ,– Identify patterns and relationships between parties

• Invoice and returns manipulationp- Suspicious patterns of returns or credits occurring directly after fiscal quarter or year-

ends- Canceling and rebilling of invoices

Ri ht f t / t l t ( id l tt ?)- Right of return v/s actual returns (side letters?)

• Channel stuffingEvidence of higher discounts or returns post quarter end Profile data by product and- Evidence of higher discounts or returns post quarter end. Profile data by product and customer groups to see outliers.

- Unusual or extended payment terms, modification of standard system settings


Revenue Manipulation (contd.)

• Fictitious Sales– Reconcile sales, inventory, cash receipts and general ledger– Unusual patterns of inventory movement– Unusual patterns of sales entries– Manual adjustments and transactions– Transactions entered by unauthorized persons– Sales posted on non-working days

• Bill and HoldA l i f hi t d bill t t d l ti- Analysis of ship to and bill to customers and locations

- Inventory movement related to invoices- Evidence of customer inventory being stored in warehouse

• Refreshing Receivables- Analysis of revenue recognition date against aging of receivables - Re-invoicing and manipulation of receivables


g p

Revenue Dimensions- Identification of Outliers

Time period• Year• Quarter• Month

Datapopulation

Subgroup• Customer• Sales• Discounts• Returns

M t i

• Rebates• Reversals• Adjustments

Metrics• Amount • Debit/credit• Ratios• TrendsSubgroup

• Location• Division


• Division• Product

*Millions of records aggregated

The Foreign Corrupt Practices Act

•Enacted in 1977 and amended in 1998 by the International Anti-Bribery Act of 1998 which implements anti-bribery conventions of the Organization for Economic Co-operation and Development

•Prohibits any U.S. person to make a payment to a foreign official for the purpose of obtaining or retaining business for or with, or directing business to, any person. Applies to foreign firms and persons who take any act in furtherance of such corrupt payments while in the United States. The term “foreign official” includes anyone working for a government owned or managed institution or enterprise. Also includes employees of international organizations (UN, IMF, etc.)

•Specifies no materiality, making it illegal to offer anything of value as a bribe, including cash or non-cash items

•Distinguishes between bribery and facilitation payments as long as permitted under laws of the host country

•Requires companies whose securities are listed in the q pUnited States to meet its accounting provisions: make and keep books/records that provide transparency of transactions; devise and maintain an adequate system of internal controls


Why focus on FCPA?

• Number of enforcements 1 so far in 2009 is consistent with the record setting number of enforcements in 2007 and 2008

• Settlements are becoming costly– December 2008: Siemens 2 – $800 Million – Highest ever– January 2009: Halliburton 3 – $559 Million – Highest for a U.S. companyy $ g p y

• Business is international

• Corporate transaction volumes, information captured about transactions, and corresponding data volumes continue to grow exponentially


1 http://www.gibsondunn.com/publications/Pages/2009Mid-YearFCPAClientAlert.aspx2 http://blogs.wsj.com/law/2008/12/15/siemens-settles-in-us-for-800-mil-leaving-for-german-authorities/3 http://blogs.wsj.com/law/2009/01/26/halliburton-breaks-fcpa-settlement-record-for-us-companies/

What FCPA Challenges do Companies Face?

Identifying FCPA violations and anomalies can be tedious and complex, and often requires significant resources. Foreign language, culture, q g g g g , ,distributed decision making, distributor networks, etc. can all be challenges as well.

• Technological challenges– Very large volumes of data– Multiple accounting systemsMultiple accounting systems– Data security, data protection, and confidentiality


Very Large Volumes of Data

• No materiality thresholds for FCPA violations– Can’t just sample top X transactionsCan t just sample top X transactions

• Reduce data volumes to a manageable amount through a combination of entity filtering and fraud testingof entity filtering and fraud testing– Identify and filter for higher risk entities and locations– Composite testing of related payments and employee expenses for

anomaliesanomalies– Prioritize transaction review based on a risk scoring methodology


FCPA Transaction Review Process

Full dataset extracted from one or more accounting systems

Filter transactions based on entity screening and classification

Further filter based on fraud testing and risk scoring

Review source documents and other backup

materials


Entity Filtering

• Identity and flag entities that are: – Government vendors/customers/suppliers– Agents– Consultants

L i ti d hi i i– Logistics and shipping companies– Sales personnel that deal with government entities– EtcEtc.

• Compare customers and vendors to a PEP* list to pidentify potentially risky entities.

* PEP Li ti f liti ll E d P


* PEP: Listing of politically Exposed Persons

Composite Testing

• Test related payments and employee expenses using a combination of general fraud tests and risk scoring

• Transactional Based Fraud Tests– Amounts approaching approval thresholds– Amounts approaching approval thresholds– Sequential invoices– Transactions on non-working days

• Transactional Risk ScoringAdd i hi h i k j i di i– Addresses in high risk jurisdictions

– Consulting/logistics/shipping companies– Entertainment accounts and other accounts of interest


– Entertainment accounts and other accounts of interest

Prioritized Raw Data

• Review transactions based on risk of participating entities and number of fraud tests “failed”

• Expand review to additional transactions as needed


Multiple Accounting Systems/Data Security

• Multiple Source Data Systems– Data is often distributed across accounting systems in

multiple countries.– It is not always sufficient to test every system

independentlyindependently.– Need a method for consolidating data and testing it

uniformly across systems

• Data SecurityKeeping data sec re hen transporting/consolidating– Keeping data secure when transporting/consolidating

– Personally Identifiable Information


FCPA Case Study

• Global manufacturing company proactively reviews international transactional accounting data to mitigate the risk of fraud– First phase review consisted of over 2.6 million general ledger

entriesentries– Based on entity filtering, PEP list matching, transactional fraud

tests and targeted keyword searches the population of transactions was reduced to approximately 250 transactionstransactions was reduced to approximately 250 transactions which were manually reviewed and confirmed.


F t t id h l ti t l

Tools for analysisFactors to consider when selecting a tool:

1. Size of your dataNumber of linesNumber of linesSpace neededAs data volume increases, it will become necessary to select a more powerful analysis tool

2. FormatText files, spreadsheet, database may contain raw data.

3. ComplexityBasic v/s advanced analysisProgramming needed for logic ?


Tools for analysis

1. ACLCommon tool used by internal audit teamsBuilt in tests

2. MS EXCELSpreadsheet allowing sorting and filteringAbility to create pivot tables and graphs to identify anomaliesChallenges: Data can be accidently over written, preserving data integrity, comparing data across sources, grouping data across sources.

3. MS ACCESSStarting database toolAbility to create complex relationships between multiple data sets Build reports and interface for data reviewChallenges: Performance depends on computer being used limited multi user capabilityChallenges: Performance depends on computer being used, limited multi user capability.

4. MS SQL SERVERAdvanced database platform


Ability to write complex logic and work with large volumes of dataChallenges: Requires technical knowledge and programming skills

About DeloitteDeloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of memberDeloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.

Copyright © 2010 Deloitte Development LLC. All rights reserved.Member of Deloitte Touche Tohmatsu

02/18/2010 Meeting - Data Analytics

Technology

Transcript of 02/18/2010 Meeting - Data Analytics