Leveraging data analysis toLeveraging data analysis to identify fraud patterns and issues
Satish LalchandDeloitte Financial Advisory Services LLPDeloitte Financial Advisory Services LLP
Jason BeckCISCO
February 18th, 2010This presentation contains general information only and Deloitte Financial Advisory Services LLP is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for suchaccounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.
Deloitte Financial Advisory Services LLP shall not be responsible for any loss sustained by any person who relies on this presentation.
Agenda
Introduction
Current environment and challengesCurrent environment and challenges
Strategies for identifying fraud and leveraging analytics
fData analytics concept and sources of data
Leveraging analytics to identify :1 Vendor fraud1. Vendor fraud2. Employee fraud3. Revenue manipulation4. Foreign Corrupt Practices Act (“FCPA”) and commercial corruption issues
Tools for analysis
Copyright © 2010 Deloitte Development LLC. All rights reserved.1
Questions
Deloitte Survey Indicates that Executives Believe Economic Stress can Lead to Increase in FraudEconomic Stress can Lead to Increase in Fraud
Economic stress can result in increased pressure on professionals to meet earnings and revenue targets and increase risk of misappropriation g g pp pof assets fraud due to layoffs and cost cutting measures.
According to an online survey in October 2008 of 249 executives from a cross section of industries including financial services, industrial manufacturing, energy and utilities, consumer products, and insurance
d t d b C li W k b h lf f D l itt Fi i l Ad iconducted by Compliance Week on behalf of Deloitte Financial Advisory Services LLP, over 90% of respondents expect fraud activity to remain steady or increase1
Copyright © 2010 Deloitte Development LLC. All rights reserved.2
1 http://www.deloitte.com/dtt/cda/doc/content/us_fas_fraud_downturn_survey_v2_290109.pdf
Uptick in Fraud ?
“As economic conditions soften around the globe, fraud risks for
Fraud Fearsa ou d t e g obe, aud s s obusinesses appear to be on the rise. A slowing economy may increase pressure on companies to meet — and often exceed — short-term
Industry ManufacturingFinancialServices Other
Decrease 1 0% 0 0% 0 0%performance goals…It is this mindset in slower economic times that can contribute to increased fraudulent activity.”
significantly 1.0% 0.0% 0.0%
Decrease somewhat 2.0% 5.7% 3.7%
Don’t know 2.0% 5.7% 7.4%y– “Financial Fraud: Does an economic
downturn mean an uptick?”Deloitte Financial Advisory Services LLP
Increasesignificantly 4.9% 3.8% 6.2%
Increase somewhat 40.2% 45.3% 39.5%
Stay the 50% 39 6% 39 5%Stay thesame 50% 39.6% 39.5%
Source:Compliance Week/Deloitte Survey on Fraud (October 2008)
Copyright © 2010 Deloitte Development LLC. All rights reserved.3
Potential Challenges Faced by Internal Audit
• Need to enhance regular internal audit cycle with increased fraud monitoring g– Increase in scope of program– Additional procedures to be performed
• Reduced Internal Audit staff and budgets– Demand for increased cost effectiveness– Most value out of proceduresMost value out of procedures– Aim for high coverage
• Global versus domestic scope• Global versus domestic scope – Internal Audit has a global role– Limit on travel expenses
Need to identify areas and countries to focus on
Copyright © 2010 Deloitte Development LLC. All rights reserved.4
– Need to identify areas and countries to focus on
Potential Challenges Faced by Internal Audit (contd.)
• Affordability of a techology solution– Custom solution to be built ?Custom solution to be built ?– Very large volumes of data– Need for tools to capture, reconcile, analyze, and report data– Data security and confidentialityData security and confidentiality
• Lack of interface to financial and reporting systemsMultiple accounting systems– Multiple accounting systems
– Challenges in procuring data– How do I run my tests on SAP? Oracle?
What do I need to know to get started ?– What do I need to know to get started ?
Copyright © 2010 Deloitte Development LLC. All rights reserved.5
Strategies for Identifying Indicators of Fraud
Approaches Rules Profiling Advanced or Predictive analytics
Blend
• Detect known patterns
• Set up rules to filter suspicious transactions
• Build profiles of customers, transactions, and accounts
analytics• Knowledge
discovery —databases and system
• Combination of existing approaches
• Detect and keep track of new patterns
E al ate set
and system
• Evaluate set of data for learning
Suitable forSuitable for IndustrySuitable forSuitable forunknownpatterns
Suitable forknown
patterns
Industryleading
practices
Suitable forcomplexpatterns
Copyright © 2010 Deloitte Development LLC. All rights reserved.6
Data Analytics — Concept
1. Anomaly testing
Data analyticsEntities
S li2. Profiling
3. External list comparisons
4 Keyword searchesCustomers and agentsEmployees and contractors
Suppliers
4. Keyword searches
Third-partydata sources
Accounting data sources Transactions of entities
Customers and agents
World-Compliance
PEP Data
AR
APEmployeeExpense
and Payroll • Financial Sub ledgers(AP/AR/GL)• Entertainment expenses
Valid address database
User-defineddata sources
Keywords Names of
CustomersGL
AR Vendors123 $17.261233 $14k3433 $49
…
• Entertainment expenses• Payroll• Credit cards/expenses• Expense reimbursement• Time keeping
Copyright © 2010 Deloitte Development LLC. All rights reserved.7
Keywords(advanced)
Names of InterestEmployees
Cash Ledger • Contractor payments
Identifying Potentially Relevant Data Sources
ERP
Generall d
PayrollAccounts
blAccounts
i blledgery
payable receivable
Master Analytic Data Store
Thi d t d t
Internal auditleads
I t i
E-mails, files, and computer images
Third-party data Interviews
Strategic Cost Management
Customer Relationship Management
Call center Sales MarketingManufacturing
Supply chainmanagement
Copyright © 2010 Deloitte Development LLC. All rights reserved.8
g
Leveraging Analytics to Help Identify Potential . . .
• Vendor fraud• Employee fraud
R i l ti• Revenue manipulation• Foreign Corrupt Practices Act (“FCPA”) and commercial corruption
issues
Following slides will outline some potential areas topconsider.
Copyright © 2010 Deloitte Development LLC. All rights reserved.9
Introduction to Vendor Fraud
• Ghost Vendors Di b t S h• Disbursement Schemes
• Conflicts of Interest
The following slides will outline some potential fraud schemes and provide a relevant case studyand provide a relevant case study to consider specific fraud examples for each situation.
Copyright © 2010 Deloitte Development LLC. All rights reserved.10
This scheme represents a fraudster creating and making payments to a fictitious
Vendor Fraud – Ghost VendorsThis scheme represents a fraudster creating and making payments to a fictitious or ghost vendor within the accounts payable system
No Indicators Data Analytic Detection Procedures
1 Insufficient documentation for Vendor set up
Invalid Tax ID
Query vendor master records for invalid/missing information
Invalid Tax ID (ex: 99-9999999)( )
Blanks and Null values
2 Incorrect contact information for VendorsTelephone numbers
Verify validity and type of phone numbers provided by vendorsTelephone numbers
Fax numbers Validate telephone numbers against 3rd
party data sources through batch runs
Match vendors telephone number with company’s telephone numbercompany s telephone number
3 Invalid/Erroneous address information for Vendors
CMRA
Perform address verification Compare vendor address against 3rd
party address database to determine
Copyright © 2010 Deloitte Development LLC. All rights reserved.11
CMRA
PO Box address
Undeliverable address
p ythe validity of the address
This scheme involves the distribution of funds from the company in overbilling or
Vendor Fraud – Disbursement Schemesp y g
other unauthorized disbursement schemes.
No Indicators Data Analytic Detection Procedures
1 Invoices created during non-business hoursSaturdays, Sundays & Public Holidays
Compare the document dates of invoices to a data table comprising of dates for Public Holidays
E N Y D Ch i tEx: New Year Day, Christmas
2 Invoices with fewer digits than standard numbering or sequential invoice numbers
E 111 001 022
Summarize invoice numbers for each vendor to observe hidden pattern
Steadily increasing invoice numbersEx: 111, 001, 022
Invoices that are consistently expedited for payments
Steadily increasing invoice numbers
Calculate the difference between invoice date and check date
3 Payments/Checks without supporting Perform analysis on check register3 Payments/Checks without supporting documentation for goods/services provided
Missing invoices, Purchase Orders
Perform analysis on check registerInvestigate unsupported payments (i.e. checks lacking invoices or P.O.’s)
4 Invoices from two different vendors with Data match on SKU number or
Copyright © 2010 Deloitte Development LLC. All rights reserved.12
4 Invoices from two different vendors with similar/same product/service description with significant price variance
Data match on SKU number or description of a part/product/services provided between 2 unrelated vendors
Vendor Fraud – Conflict of Interest
This scheme involves an employee to vendor or vendor to vendor relationship that may result in preferential treatment
No Indicators Data Analytic Detection Procedures
1 Shared elements (PII) between employees Perform comparison between and vendors
Address
Telephone Number
employee master records and vendor master records
Emergency contact for employees match with vendor contact information
Bank Account Number
SSN/Tax ID
match with vendor contact information
Public Data SourcesPublic Data Sourceswww.411.comwww.blackbookonline.comwww.dogpile.comwww.anywho.com
Copyright © 2010 Deloitte Development LLC. All rights reserved.13
www.peoplesearch.net
Vendor Fraud – Conflict of Interest (contd.)
Data Visualization – Shared Bank Accounts
Copyright © 2010 Deloitte Development LLC. All rights reserved.14
Vendor Fraud Case Study – Manufacturing Company
• Private manufacturing company defrauded by an employee
• Fraudster backgroundPurchasing manager with three years at the CompanyGranted “super user” system accessGranted “super-user” system accessInvolved in fraudulent vendor payment scheme Adept at covering up paymentsEventually terminated for fraudulent usage of p cardEventually terminated for fraudulent usage of p-card
Copyright © 2010 Deloitte Development LLC. All rights reserved.15
Vendor Fraud Case Study – Manufacturing Company (contd )
• Elements of fraudSuper user access allowed fraudster to create vendor accounts
(contd.)
Super-user access allowed fraudster to create vendor accountsPerpetrated fraud through multiple employee log-ins Lack of system control to validate vendor data entry Use of legitimate product data by fraudulent vendor for falsified salesUse of legitimate product data by fraudulent vendor for falsified sales
Copyright © 2010 Deloitte Development LLC. All rights reserved.16
Vendor Fraud Case Study – Manufacturing Company(contd )
• How fraud was detected Unrelated fraudulent action by fraudster triggered questions
(contd.)
Unrelated fraudulent action by fraudster triggered questionsPerformed data analytics on vendor and accounts payable dataUse of legitimate product data by fraudulent vendor
• Monetary outcome of fraud– $650,000
Copyright © 2010 Deloitte Development LLC. All rights reserved.17
Introduction to Employee Fraud
• Ghost Employees• Expense and P-Card Irregularities
P ll• Payroll
The following slides will outline some potential fraud schemes and provide a relevant case studyand provide a relevant case study to consider specific fraud examples for each situation.
Copyright © 2010 Deloitte Development LLC. All rights reserved.18
Employee Fraud – Ghost Employees
This scheme is to create a ghost or a false employee within the employee master data and process payroll for this fictitious employee
Data Analytic DetectionNo Indicators Data Analytic Detection Procedures
1 Insufficient documentation for employees in HR system
Query employee master records for invalid/missing informationHR system invalid/missing information
Blanks and Null values
2 Invalid SSN for employees in the HR system Verify employee social security data against a 3rd party databaseaga st a 3 pa ty database
Ex: SSN of a deceased individual being currently used
3 Employees set up multiple times in the Identify employees with the same p y p pemployee master data
Reissue employee IDs to rehires
y p yname
Perform match of employee names that sound similar
Copyright © 2010 Deloitte Development LLC. All rights reserved.19
Employee Fraud – Expense and P-card Irregularities
This scheme is to create a fictitious expense or p-card transaction
No Indicators Data Analytic Detection ProceduresProcedures
1 Expense transactions just under the approval threshold limit
Identify multiple expense transactions for the same expense type just below approval threshold yp j ppamount
2 High volume or increased dollar value expenses for generic expense types
Profile expense transactions for increased volume and dollar value for specific employees
Miscellaneous, Unknown, Other, etc
3 Identical transactions in expense and P-Card system for the same amount.
Query for transactions across expense and P-Cards system with same name amount and similar
Copyright © 2010 Deloitte Development LLC. All rights reserved.20
same name, amount and similar dates
This scheme creates fictitious salary wage and bonus payments
Employee Fraud – PayrollThis scheme creates fictitious salary, wage, and bonus payments
No Indicator Data Analytic Detection Procedures
1 Increased volume of overtime payments Identify exempt employees receiving non-exempt or overtime wages
Identify employees receiving more than one salary payment per paythan one salary payment per pay period
2 Employees with high volume or increased dollar value bonus payments.
Query employee bonus payments and filter results by job title.dollar value bonus payments. and filter results by job title.
Filter employee payroll records for employees receiving bonus payments equal to or greater than salary payments
3 Payroll disbursements to employees who are not in the HR records
Match employee payroll listing to HR records
Copyright © 2010 Deloitte Development LLC. All rights reserved.21
Verify Social Security information with 3rd party data source
Employee Fraud Case Study – Non-Profit Organization
• Non-Profit organization defrauded by multiple employee'sWeak controls surrounding payroll payments– Weak controls surrounding payroll payments
• Backgroundg– Employees set up multiple times in the payroll system– Employees using invalid Social Security Numbers– Ghost employees were associated with Social Security Numbers that were p y y
registered for a death benefit claim
Copyright © 2010 Deloitte Development LLC. All rights reserved.22
Employee Fraud Case Study – Non-Profit Organization(contd )
• Elements of fraudBonus payments were approved in a decentralized manner which allowed
(contd.)
– Bonus payments were approved in a decentralized manner which allowed employees to receive multiple payments
– Two bonus categories existed in the payroll system that did not exist in the payroll manualp y
– Non-eligible employees were receiving longevity bonus payments– Employees setup multiple times in the system were receiving multiple
paychecks and not notifying the company– Pay codes were set up on the fly by the
benefits group
Copyright © 2010 Deloitte Development LLC. All rights reserved.23
Employee Fraud Case Study – Non-Profit Organization(contd )• How fraud was detected
– Performed unexpected relationship testing on employee data and discovered l l i l i i h
(contd.)
employees setup multiple times in the system– Used data analytic techniques on payroll data to determine employees who
were not eligible to receive bonus paymentsIdentified employees who received more than one bonus in the same year– Identified employees who received more than one bonus in the same year
Copyright © 2010 Deloitte Development LLC. All rights reserved.24
Analyzing Multiple Sources - Strategy
PayrollHR Accounts
payableExpense
disbursement
payable
P-card
Address verification Shared elements testing
Accountsreceivables
Vendors
Benford’s law
Duplicate payments
Management reporting
Unexpected relationships
High-risk focus
SSN testing
Overpayments
Manual and special paymentsUnexpected relationships
Test internal controls
Manual and special payments
Client-customized testing
External data Scoring verification
Employee fraud
galgorithms
Vendor fraud
Copyright © 2010 Deloitte Development LLC. All rights reserved.25
Revenue Manipulation
• Understand sales and related transactions– Profile and graph sales, rebates and discount datag p ,– Identify patterns and relationships between parties
• Invoice and returns manipulationp- Suspicious patterns of returns or credits occurring directly after fiscal quarter or year-
ends- Canceling and rebilling of invoices
Ri ht f t / t l t ( id l tt ?)- Right of return v/s actual returns (side letters?)
• Channel stuffingEvidence of higher discounts or returns post quarter end Profile data by product and- Evidence of higher discounts or returns post quarter end. Profile data by product and customer groups to see outliers.
- Unusual or extended payment terms, modification of standard system settings
Copyright © 2010 Deloitte Development LLC. All rights reserved.26
Revenue Manipulation (contd.)
• Fictitious Sales– Reconcile sales, inventory, cash receipts and general ledger– Unusual patterns of inventory movement– Unusual patterns of sales entries– Manual adjustments and transactions– Transactions entered by unauthorized persons– Sales posted on non-working days
• Bill and HoldA l i f hi t d bill t t d l ti- Analysis of ship to and bill to customers and locations
- Inventory movement related to invoices- Evidence of customer inventory being stored in warehouse
• Refreshing Receivables- Analysis of revenue recognition date against aging of receivables - Re-invoicing and manipulation of receivables
Copyright © 2010 Deloitte Development LLC. All rights reserved.27
g p
Revenue Dimensions- Identification of Outliers
Time period• Year• Quarter• Month
Datapopulation
Subgroup• Customer• Sales• Discounts• Returns
M t i
• Rebates• Reversals• Adjustments
Metrics• Amount • Debit/credit• Ratios• TrendsSubgroup
• Location• Division
Copyright © 2010 Deloitte Development LLC. All rights reserved.28
• Division• Product
*Millions of records aggregated
The Foreign Corrupt Practices Act
•Enacted in 1977 and amended in 1998 by the International Anti-Bribery Act of 1998 which implements anti-bribery conventions of the Organization for Economic Co-operation and Development
•Prohibits any U.S. person to make a payment to a foreign official for the purpose of obtaining or retaining business for or with, or directing business to, any person. Applies to foreign firms and persons who take any act in furtherance of such corrupt payments while in the United States. The term “foreign official” includes anyone working for a government owned or managed institution or enterprise. Also includes employees of international organizations (UN, IMF, etc.)
•Specifies no materiality, making it illegal to offer anything of value as a bribe, including cash or non-cash items
•Distinguishes between bribery and facilitation payments as long as permitted under laws of the host country
•Requires companies whose securities are listed in the q pUnited States to meet its accounting provisions: make and keep books/records that provide transparency of transactions; devise and maintain an adequate system of internal controls
Copyright © 2010 Deloitte Development LLC. All rights reserved.29
Why focus on FCPA?
• Number of enforcements 1 so far in 2009 is consistent with the record setting number of enforcements in 2007 and 2008
• Settlements are becoming costly– December 2008: Siemens 2 – $800 Million – Highest ever– January 2009: Halliburton 3 – $559 Million – Highest for a U.S. companyy $ g p y
• Business is international
• Corporate transaction volumes, information captured about transactions, and corresponding data volumes continue to grow exponentially
Copyright © 2010 Deloitte Development LLC. All rights reserved.30
1 http://www.gibsondunn.com/publications/Pages/2009Mid-YearFCPAClientAlert.aspx2 http://blogs.wsj.com/law/2008/12/15/siemens-settles-in-us-for-800-mil-leaving-for-german-authorities/3 http://blogs.wsj.com/law/2009/01/26/halliburton-breaks-fcpa-settlement-record-for-us-companies/
What FCPA Challenges do Companies Face?
Identifying FCPA violations and anomalies can be tedious and complex, and often requires significant resources. Foreign language, culture, q g g g g , ,distributed decision making, distributor networks, etc. can all be challenges as well.
• Technological challenges– Very large volumes of data– Multiple accounting systemsMultiple accounting systems– Data security, data protection, and confidentiality
Copyright © 2010 Deloitte Development LLC. All rights reserved.31
Very Large Volumes of Data
• No materiality thresholds for FCPA violations– Can’t just sample top X transactionsCan t just sample top X transactions
• Reduce data volumes to a manageable amount through a combination of entity filtering and fraud testingof entity filtering and fraud testing– Identify and filter for higher risk entities and locations– Composite testing of related payments and employee expenses for
anomaliesanomalies– Prioritize transaction review based on a risk scoring methodology
Copyright © 2010 Deloitte Development LLC. All rights reserved.32
FCPA Transaction Review Process
Full dataset extracted from one or more accounting systems
Filter transactions based on entity screening and classification
Further filter based on fraud testing and risk scoring
Review source documents and other backup
materials
Copyright © 2010 Deloitte Development LLC. All rights reserved.33
Entity Filtering
• Identity and flag entities that are: – Government vendors/customers/suppliers– Agents– Consultants
L i ti d hi i i– Logistics and shipping companies– Sales personnel that deal with government entities– EtcEtc.
• Compare customers and vendors to a PEP* list to pidentify potentially risky entities.
* PEP Li ti f liti ll E d P
Copyright © 2010 Deloitte Development LLC. All rights reserved.34
* PEP: Listing of politically Exposed Persons
Composite Testing
• Test related payments and employee expenses using a combination of general fraud tests and risk scoring
• Transactional Based Fraud Tests– Amounts approaching approval thresholds– Amounts approaching approval thresholds– Sequential invoices– Transactions on non-working days
• Transactional Risk ScoringAdd i hi h i k j i di i– Addresses in high risk jurisdictions
– Consulting/logistics/shipping companies– Entertainment accounts and other accounts of interest
Copyright © 2010 Deloitte Development LLC. All rights reserved.35
– Entertainment accounts and other accounts of interest
Prioritized Raw Data
• Review transactions based on risk of participating entities and number of fraud tests “failed”
• Expand review to additional transactions as needed
Copyright © 2010 Deloitte Development LLC. All rights reserved.36
Multiple Accounting Systems/Data Security
• Multiple Source Data Systems– Data is often distributed across accounting systems in
multiple countries.– It is not always sufficient to test every system
independentlyindependently.– Need a method for consolidating data and testing it
uniformly across systems
• Data SecurityKeeping data sec re hen transporting/consolidating– Keeping data secure when transporting/consolidating
– Personally Identifiable Information
Copyright © 2010 Deloitte Development LLC. All rights reserved.37
FCPA Case Study
• Global manufacturing company proactively reviews international transactional accounting data to mitigate the risk of fraud– First phase review consisted of over 2.6 million general ledger
entriesentries– Based on entity filtering, PEP list matching, transactional fraud
tests and targeted keyword searches the population of transactions was reduced to approximately 250 transactionstransactions was reduced to approximately 250 transactions which were manually reviewed and confirmed.
Copyright © 2010 Deloitte Development LLC. All rights reserved.38
F t t id h l ti t l
Tools for analysisFactors to consider when selecting a tool:
1. Size of your dataNumber of linesNumber of linesSpace neededAs data volume increases, it will become necessary to select a more powerful analysis tool
2. FormatText files, spreadsheet, database may contain raw data.
3. ComplexityBasic v/s advanced analysisProgramming needed for logic ?
Copyright © 2010 Deloitte Development LLC. All rights reserved.39
Tools for analysis
1. ACLCommon tool used by internal audit teamsBuilt in tests
2. MS EXCELSpreadsheet allowing sorting and filteringAbility to create pivot tables and graphs to identify anomaliesChallenges: Data can be accidently over written, preserving data integrity, comparing data across sources, grouping data across sources.
3. MS ACCESSStarting database toolAbility to create complex relationships between multiple data sets Build reports and interface for data reviewChallenges: Performance depends on computer being used limited multi user capabilityChallenges: Performance depends on computer being used, limited multi user capability.
4. MS SQL SERVERAdvanced database platform
Copyright © 2010 Deloitte Development LLC. All rights reserved.40
Ability to write complex logic and work with large volumes of dataChallenges: Requires technical knowledge and programming skills
About DeloitteDeloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of memberDeloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.
Copyright © 2010 Deloitte Development LLC. All rights reserved.Member of Deloitte Touche Tohmatsu
Top Related