Using Transactional Analysis for Effective Fraud Detection · – Management override rated third...
Transcript of Using Transactional Analysis for Effective Fraud Detection · – Management override rated third...
![Page 1: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/1.jpg)
Using Transactional Analysis for Effective Fraud DetectionEffective Fraud Detection
• Date: 15th January 2009
• Nishith Seth• Seth Services .P. Ltd.
• www.sspl.net.in
![Page 2: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/2.jpg)
Fraud Issues & Impact
• Cost
– Indirect costs: image, morale
– Direct costs: 6% revenue loss each year = $660 billion in U.S. (ACFE)
• Compliance/Standards
– Sarbanes-OxleyWestern Europe 3434
VICTIMS OF ECONOMIC CRIME
– SAS 99
Global toll
Western Europe
Central & Eastern Europe
South & Central America
Asia & Pacific
Africa
North America
3434
3737
3838
4141
3939
5151
% respondents
PricewaterhouseCoopers Economic Crime Survey 2003
![Page 3: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/3.jpg)
Detection of Fraud
![Page 4: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/4.jpg)
Detection through Controls
• Best approach for detection: internal controls(E&Y Global Survey 2003)
– Often overridden or not properly understood
– Gaps in controls occur in interfaces between applicationsor systems
• Inadequate internal controls rated second highest
factor contributing to fraudfactor contributing to fraud (KPMG Fraud Survey 2003)
– Management override rated third
– Factors relating to internal controls accounted for 70% of responses
• Opportunity to strengthen controls and procedures
![Page 5: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/5.jpg)
Fraud Detection & Internal Controls
“These (improper) payments occur for many reasons
including insufficient oversight or monitoring, inadequate
eligibility controls, and automated system deficiencies.
However, one point is clear – the basic or root cause of
improper payments can typically be traced to a lack of or
breakdown in internal controls.”breakdown in internal controls.”
GAO report on “Coordinated Approach Needed to Address the Government’s Improper Payments Problems” [August 2002]
![Page 6: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/6.jpg)
The Case for Data Analytics
• Data analytics recommended by AICPA, ACFE, IIAas an effective means to detect fraud
• Aids in risk analysis
• Quickly identifies indicators of fraud
![Page 7: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/7.jpg)
Benefits of Data Analytics
• Close control loopholes before fraud escalates
• Quantifies the impact of fraud
• Cost-effective
• Acts as a deterrent
• Can be automated for continuous auditing
• Provides focus based on risk and probability of fraud• Provides focus based on risk and probability of fraud
• Direct pointers to critical evidence
• Support for regulatory compliance
– Logs for review and evidence
![Page 8: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/8.jpg)
Techniques for Fraud Detection
Many review approaches no longer sufficient
• Sampling
Control Breach
AcceptableRange
Population Sample
Suspicious Transactions
![Page 9: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/9.jpg)
Techniques for Fraud Detection
Many review approaches no longer sufficient
Sampling
Standard reports�Questionable accuracy�Comprehensive tests? �Across systems and processes?�Across systems and processes?�Drill down capability for further analysis?
![Page 10: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/10.jpg)
Techniques for Fraud Detection
Many review approaches no longer sufficient
• Samples…details missing
• Standard reports
• ERP application controls
– Inconsistent effectiveness
– Test rules rather than transactions– Test rules rather than transactions
– Seldom compare data from disparate systems, nor look for control breaches
Need independent, comprehensive, complete testing
![Page 11: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/11.jpg)
Use of Spreadsheets
• Risk considerations– Complexity and size
– Purpose and use
– Number of users
– Frequency and extent of changes
– Potential for error• Recent audits of 54 spreadsheets found that 91% had errors*• Recent audits of 54 spreadsheets found that 91% had errors*
• 30-90% of spreadsheets suffer from at least one major error*
• Limitations– Data from diverse system
– Volumes, file sizes
“The Use of Spreadsheets: Considerations for Section 404 ofthe Sarbanes-Oxley Act,” PwC, July 2004
![Page 12: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/12.jpg)
Challenges
• Volumes and accuracy of data
• Growing complexity and diversity of systems
30
40
50
60
%
Continual changes in business processesCreative fraudsters
0
10
20
30
DIVERSITY COMPLEX IT DATA INTEGRITY DATA VOLUMES
ACL/IIA Webinar: Driving Internal Audit Value andPerformance, June 2005
![Page 13: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/13.jpg)
Specialized Data Analysis Software
• Review 100 percent of transactions
• No limit on file size
• Compare data from different applications & systems
• Perform tests that are designed for audit and control purposes
• Conduct tests proactively • Conduct tests proactively
• Ability to automate high-risk areas to catch fraud before it escalates
• Maintain comprehensive logs of all activities performed
![Page 14: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/14.jpg)
Data Analytics Approaches
Increased frequencyTargets risk across entire
Continuous
AuditingRepeated
Audit TestsPre-defined tests
Timely
Ad Hoc
AnalysisProject based
Point-in-time Targets risk across entire organization
Highly efficientScalable, sustainable
Timely
Automated
Repeatable
Efficient
Point-in-time
Investigative, exploratory
First step toward automation
![Page 15: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/15.jpg)
Continuous Auditing
Repeated Review
Continuous Auditing
Ab
ility
to
Tak
e A
ctio
n
Strong
Periodic Review (Audit), or
System Reports
Review
Ab
ility
to
Tak
e A
ctio
n
Less More
Weak
Frequency of Analysis
![Page 16: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/16.jpg)
Continuous Auditing Benefits
• Key to ensuring internal controls are in place and operating effectively
• Exposes control weaknesses to prevent fraud
• Reveals anomalies close to time they occur to detect fraud early
• Existence is a deterrent • Existence is a deterrent
![Page 17: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/17.jpg)
Integrated Assurance
TE
CH
NO
LO
GY
Ad Hoc AnalysisAd Hoc Analysis Continuous AuditingContinuous Auditing
Data Access & AnalyticsData Access & Analytics
OS/390SERVER
AIXSERVER
LINUXSERVER
OS/400SERVER
WINDOWSSERVER
ACLDesktop Edition
Direct Linkfor SAP R/3
Purchase-to-Payment CycleTravel & Entertainment ExpensesPurchasing Cards Payroll Order-to-Cash CycleGeneral Ledger
Continuous Controls MonitoringContinuous Controls Monitoring
Continuous MonitoringContinuous Monitoring
Training Support ImplementationTraining Support Implementation
TE
CH
NO
LO
GY
SERVEREDITION
SERVEREDITION
SERVEREDITION
SERVEREDITION
SERVEREDITION
![Page 18: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/18.jpg)
Application Areas for Data Analytics
• Accounts payable
– Phantom vendors
• Purchasing
– Purchase splitting
– Kickbacks
• Purchase cards• Purchase cards
– Inappropriate, unauthorized purchases
• Travel & Entertainment Expenses
– Duplicate claims, inappropriate activity
• Payroll
– Ghost Employees
![Page 19: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/19.jpg)
Data Analysis Techniques
• Drill-down analysis
– Review large population and determine true areas of risk
– Isolate “red flags” and drill down
• Exception analysis
– Begin with entire population and filter for transactions matching specific criteria
• File matching
– Compare separate data files and look for disparities or matches (e.g., phantom vendors)
![Page 20: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/20.jpg)
Examples of Fraud Tests: Payables
• Questionable invoices
– Invoices without a valid P.O.
– Sequential invoices
• Over-billing
– Quantity shipped less than quantity ordered
– Item shipped of lower value than item ordered
• Duplicate invoices• Duplicate invoices
– Multiple invoices for same item description
– Invoices for same amount on the same date
– Multiple invoices for same P.O. and date
UK Supplier of Construction Materials Simple test uncovered £1.5 million worth of duplicate
invoices billed over three years.
![Page 21: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/21.jpg)
Examples of Fraud Tests: Purchases
• Questionable purchases
– P.O./invoices with amount paid > amount received
– Purchases of consumer items
• Split purchases
– Similar transactions for same vendor within specific timeframe
• Inflated prices
– Compare prices to standard price lists or to historical prices– Compare prices to standard price lists or to historical prices
• Phantom vendors
– Vendor/employee comparison
– Vendor has mail drop as sole address
Retail Company Employee submitted invoices for non-existent service
from phantom vendor (his wife).
![Page 22: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/22.jpg)
Examples of Fraud Tests: P-Cards
• Split purchases to avoid purchasing card limits– Purchases processed as two or more separate transactions
– Identified by isolating purchases from specific vendors within short periods of time
• Favored vendors for kickbacks– Trend analysis to compare current transaction volumes to previous
time periodtime period
• Suspicious purchases– Transactions that occur on weekends, holidays, or vacations
US Government Agency Monitored 12 million transactions, identified
$38 million in suspect transactions
![Page 23: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/23.jpg)
Examples of Fraud Tests: T&E
• Duplicate claims
– Submitting claims twice
• Tracking “no receipt” claims
– Isolate expenses without receipts and identify underlyingtrends through profiling techniques
• Threshold reviews
– Track personnel exceeding thresholds– Track personnel exceeding thresholds
• Inappropriate activity
– Compare expenses to travel records to ensure expensesclaimed for valid trips
Financial Services Firm Identified a single expense fraud worth $30,000 and in excess of
200 instances of expense abuse in one month.
![Page 24: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/24.jpg)
Process & Analytic Examples
Vendor Maintenance
Vendor Maintenance RequisitionsRequisitions PurchasingPurchasing ReceivingReceiving PayablesPayables PaymentsPayments
Sub Processes
Purchase-to-Payment
PurchasingCards
Payroll T&E Expenses
General Ledger
Enterprise Business Processes
Order-to-Cash
Vendor Maintenance
Vendor Maintenance RequisitionsRequisitions PurchasingPurchasing ReceivingReceiving PayablesPayables PaymentsPayments
Sub Processes
PaymentsPayments
Purchase-to-Payment
PurchasingCards
Payroll T&E Expenses
General Ledger
Enterprise Business Processes
Order-to-CashPurchase-to-Payment
Pre-defined Analytics
Analytic Analytic Analytic Analytic Analytic Analytic Analytic Analytic
Analytic Analytic Analytic Analytic Analytic Analytic Analytic Analytic
CompletenessCompleteness ValidityValidityAccuracyAccuracyAuthorizationAuthorizationSegregation of
DutiesSegregation of
DutiesRegulatoryRegulatory
Efficiency & EffectivenessEfficiency & Effectiveness
Control Objectives
CompletenessCompleteness ValidityValidityAccuracyAccuracyAuthorizationAuthorizationSegregation of
DutiesSegregation of
DutiesRegulatoryRegulatory
Efficiency & EffectivenessEfficiency & Effectiveness
Control Objectives
AuthorizationAuthorization
Pre-defined Analytics
Analytic Analytic Analytic Analytic Analytic Analytic Analytic Analytic
Analytic Analytic Analytic Analytic Analytic Analytic Analytic Analytic
Approval LimitsApproval Limits
Split PaymentsSplit Payments
![Page 25: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/25.jpg)
Key Consideration
1. Build a profile of potential frauds to be tested
2. Analyze data for possible indicators of fraud
3. Automate the detection process through continuous
auditing/monitoring of high-risk business functions to auditing/monitoring of high-risk business functions to
improve controls
4. Investigate and drill down into emerging patterns
5. Expand scope and repeat as necessary
![Page 26: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/26.jpg)
Summary
• Regulatory and corporate governance initiatives demand
a focus on fraud detection/prevention and assurance
that internal controls are effective
• Technology has proven to be effective tool in fighting
fraud and monitoring effectiveness of internal controls –fraud and monitoring effectiveness of internal controls –
but is under-used
• Continuous auditing and monitoring has grown rapidly;
offers effective way to overcome challenges of fraud
detection and the new regulatory environment
![Page 27: Using Transactional Analysis for Effective Fraud Detection · – Management override rated third – Factors relating to internal controls accounted for 70% of responses • Opportunity](https://reader030.fdocuments.in/reader030/viewer/2022041114/5f21b8305fe726031120baf3/html5/thumbnails/27.jpg)
www.sspl.net.in