250 likes | 407 Views
Data analytics in the audit March 18, 2011 Keith Barger, Principal, Advisory Services & Forensic Technology Services Practice Leader Keith.Barger@us.gt.com. Overview. Speaker background Introduction What is fraud? Data analytics: Defined Data analytics: Practical use Case studies
E N D
Data analytics in the auditMarch 18, 2011Keith Barger, Principal, Advisory Services & Forensic Technology Services Practice LeaderKeith.Barger@us.gt.com
Overview • Speaker background • Introduction • What is fraud? • Data analytics: Defined • Data analytics: Practical use • Case studies • Wrap up / Q & A
Keith Barger • ATF – 18+ years of special agent • Technical operation • Big 4 – Director • Forensic Technology and e-Discovery • Grant Thornton – Principal, Practice Leader • Forensic & Litigation Services • Forensic Technology Services
Introduction • Fraud examiners and internal/external auditors utilize data analytics to aid in revealing potential concerns, enabling the detection of fraudulent circumstances as early as possible
What is fraud? • A general concept that refers generally to any intentional act committed to secure an unfair or unlawful gain. Financial fraud typically falls into the following categories: • Fraudulent financial transactions and reporting • Misappropriation of assets • Revenue of assets gained by fraudulent or illegal acts • Expenditures or liabilities avoided for inappropriate purpose • Improperly obtained assets and costs / expenses avoided • Other misconduct (e.g., conflicts of interest, insider trading, theft of trade secrets, etc.)
What is fraud? (continued) • Public reports related to fraud occurrences • Association of Certified Fraud Examiners 2008 Report to the Nation • Occupational fraud schemes tend to be extremely costly • The median loss caused by occupational frauds $175,000 • More than 25% of the fraud involved losses of more than $1M • Critical Perspectives on Accounting, 2010 • 90% of the frauds occur at the senior executive level • PCAOB proposed Auditing Standard indicates • Controls related to the preventions, identification, and detection of fraud often have a pervasive effect on the risk of fraud
What is fraud? (continued) • Goals of fraud risk management • Understand fraud and misconduct risks that can undermine their business objectives • Reduce exposure to corporate liability, sanctions, and litigation • Achieve the highest levels of business integrity through sound corporate governance and intelligence, and internal policies and controls
Data analytics: Defined • Data analytics is the science of examining raw data with the purpose of drawing conclusions about that information
Data analytics: Defined (continued) • A data analytic aided program • Information technology and use of computer based audit techniques such as data analytics can significantly improve the effectiveness of a corporate fraud risk management program and corporation investigations • The data analytics program can be generally outlined as: • Consideration of potential fraud schemes and scenarios • Assessment at various levels: globally (corporate-wide), significant business units, substantial account levels • Testing of the effectiveness of the internal policies and controls • On-going monitoring and evaluations on a periodic and random frequency to access performance and effectiveness
Data analytics: Defined (continued) • Key benefits of data analytics • Rapidly evaluate large amounts of data which could mitigate fraud risks and/or detect fraud • Capable of analyzing large data set and oftentimes, 100% of the relevant data • Abilities to apply similar analysis routines to various data sets without excess development time
Data analytics: Defined (continued) • How good is your data? • Data quality is essential to interoperability and should be evaluated based on: • How do you verify the completeness or data? • Accuracy • Consistency on data formats, naming conventions and precision • Do data sources triangulate? • Exportability and portability • How easy can the data be exported? • Audit trail • How much effort is required to uncover the change in data values and accountability of the changes?
Data analytics: Defined (continued) • Data integrity • Data normalization and standardization is often required before computerize tools start analyzing corporate financial and transactional data
Data analytics: Practical use • Examples of potential fraud risks in financial management system • Fraudulent financial reporting • General ledger • Misappropriation of assets • Asset management and asset retirement calculation • Unauthorized or improper receipt and expenditures • GL, Account payable, time and expense management, purchase care program • Management override of transactions • Transaction audit trails • Theft and improper use of material and resource • Asset management, inventory management and human resource
Data analytics: Practical use (continued) • Journal entries (JE) / General ledger (GL) • Account payable (AP) / Purchasing • Account receivable (AR) / Sales • Payroll / Human resource (HR) • Time and expense / HR • FCPA / Anti-bribery and corruption • Sales and use tax • Purchase card program • Regulation and compliance
Data analytics: Practical use (continued)Industry agnostic • Software license review • Financial risk management • Dispute resolution • Healthcare regulatory compliance • Pharmaceutical regulatory compliance (Medicaid pricing) • Contract compliance • Royalty audits • Construction cost recovery • Financial restatements • Fraud risk management (Sub-prime lending) • Financial investigations
Data analytics: Practical use (continued) • Effective use of Benford's law • Benford's law has been providing investigators with a simple, yet effective, tool for detecting fraudulent transactions • Choose appropriate data sets that conform to the distribution • Consider large concentration of assigned numbers or firm-specific numbers • Verify upper and lower number boundaries
Data analytics: Practical use (continued) • User activity and accountability • Most established financial management systems have a built in function to record chronological sequence of activities. The logged records show who has accessed the system and what operations he or she had performed during a given period of time • Audit trail helps to identify fraudulent transactions based on • User name or ID (e.g., unauthorized or blocked users) • Entry timestamps (e.g., created or updated during questionable period of time) • Volume of transactions (e.g.: unnecessary access) • Audit trail also assists on identifying management override of transactions and process flow
Data analytics: Practical use (continued) • Through continuous monitoring of the operations, controls and procedures, weak or poorly designed or implemented controls can be corrected or replaced • A technology-aided anti-fraud program can be periodically executed and as frequent as needed • Random execution and manual test review helps to enhance the quality of the program • A real time "red flags" response system can alert management for immediately actions
Case study – Government agency anti-fraud program • Directed and oversaw an anti-fraud program with regard to government grant disbursements related to disaster recovery • The program involved development of a data repository and analytics to identify fraud, waste and abuse across several areas ranging from false claims, duplicate benefits, grant calculation verification, and construction-related fraud • Large number of data sources and terabytes of data were accessed, on an on-going basis, to retrieve program related data from a variety of government and private agencies
Case study – Government agency anti-fraud program (continued) • Data marshalling procedures were conducted on database servers and accounted for the normalization • Approximately 3,500 data analytic routines and queries were executed against the data to identify anomalous and outlier data • Weekly reports were compiled which outlined the current analytic results and the overall status of the program
Case study – Insurance company internal investigation • Applied data analytics to claims data • Performed analysis of 130,000+ transactions • 5 years worth of data analyzed • Work performed in ½ time 100% manual review • Internal control weaknesses identified
Case study – Forensic in the audit program • Grant Thornton is implementing a data analytics program helping external auditors to conduct a comprehensive analysis and identify potential "red flags" related to clients' accounting practices • The program utilizes customizable analytical routines and queries to evaluate data records from clients' ledger systems
Wrap up / Q & A • Sampling vs. complete review • Rapid turn around with streamline reporting • Cost matches client's need • Flexible and fully customizable to specific industries