1 / 46

Transactional Analysis for Effective Fraud Detection

Transactional Analysis for Effective Fraud Detection. Doug Burton ACL Services Ltd. ELMER IREY Chief of the US Treasury Enforcement Branch and head of the IRS Special Intelligence Unit (formed in 1919 primarily to combat employee crime ) . Instrumental in convicting Al Capone of tax evasion

paul2
Download Presentation

Transactional Analysis for Effective Fraud Detection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Transactional Analysis for Effective Fraud Detection Doug Burton ACL Services Ltd.

  2. ELMER IREYChief of the US Treasury Enforcement Branch and head of the IRS Special Intelligence Unit (formed in 1919 primarily to combat employee crime) • Instrumental in convicting Al Capone of tax evasion • Served as an ally and partner to law enforcement • Americas first high profile Forensic Accountant

  3. Today’s Objectives • The magnitude of fraud • Fraud detection and internal controls • The role of technology • Continuous monitoring for fraud

  4. Occupational Fraud and Abuse • “The use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the employing organization’s resources or assets” • “Deception brought about by the willful misrepresentation of significant material facts, or silence when good faith requires expression, resulting in material damage to one who relies on those facts and has a reasonable right to do so” • “An intentional act which is concealed, resulting in a personal benefit to the perpetrator and resulting in harm to the organization”

  5. 5,000 Employees X $ 4,500 $ 2,250,000 Annual Cost of Fraud What is Your Cost of Fraud? • U.S. organizations lose about $4,500 per employee annually as a result of occupational fraud and abuse* • How many employees do you have? * Association of Certified Fraud Examiners, 2002 Report to the Nation on Occupational Fraud and Abuse

  6. $ 10,000,000 Annual Revenue X .06 $ 600,000 Annual Cost of Fraud What is Your Cost of Fraud? • U.S. organizations, on average, lose 6% of revenues to fraud. • This represents a potential loss of $600 billion to fraud annually within the U.S. • What is your annual gross revenue ? * Association of Certified Fraud Examiners, 2002 Report to the Nation on Occupational Fraud and Abuse

  7. What is Your Cost of Fraud? In addition to the direct cost of fraud, there are significant indirect costs: • Loss of consumer confidence = reduced revenues • Negative PR image = lower stock values • Low employee morale = lower productivity • Inability to retain and attract qualified staff

  8. 13% Examples: Occupational Fraud and Abuse • Embezzlement/asset misappropriations • Bribery • Bid-rigging • Conflict of interest • Fraudulent statements 85% 2%

  9. Other Statistics… • Most commonly detected through “tips” • Next most common is by accident • Only 7% of fraudsters had prior fraud-related convictions • Know your F.A.C.T.S.*(“Fraud is Always Committed by Trusted Souls”) • Average fraud scheme lasts 18 monthsbefore detection • More stats: www.cfenet.com/media/statistics.asp * Kate Head – University of South Florida

  10. Fraud Detection and Internal Controls “These (improper) payments occur for many reasons including insufficient oversight or monitoring, inadequate eligibility controls, and automated system deficiencies. However, one point is clear – the basic or root cause of improper payments can typically be traced to a lack of or breakdown in internal controls.” GAO report on “Coordinated Approach Needed to Address the Government’s Improper Payments Problems” [August 2002]

  11. Sarbanes-Oxley Requirements Section 302 - Management certification to integrity of Internal Controls must address 4 key points: • Statement of management’s responsibility for establishing and maintaining adequate internal controls • Management’s assessment of the effectiveness of internal controls to include all fraud involving management and employees with significant roles in internal control • A statement identifying the framework used by management as a criteria for evaluating control effectiveness • A statement that the independent accountant has also issued an attested to management’s assessment of internal control.

  12. Commonly Detected Frauds • Accounts payable • Phantom vendors • Purchasing • Purchase splitting • Kickbacks • Purchase cards • Inappropriate, unauthorized purchases • Telecom • Inappropriate use of telephone system

  13. Data Analysis in Fraud Detection

  14. Data Analysis in Fraud Detection • Los Angeles Unified School District - Belmont Learning Center • ACL use resulted in the identification of fraud and abuse in excess of $70 million • Fictitious vendors • Duplicate payments • Over-billing • No competitive bidding • Policy violations • Exceeding purchasing limits • Improper coding

  15. The Traditional Role of the Auditor in Detecting Fraud • Typically a reactive role – tips • Based on examining selected samples of transactions • Testing of existing controls • ACFE survey says 90% of managers place their confidence in internal controls • Limited use of technology

  16. The Traditional Role of the Auditor in Detecting Fraud • Typically a reactive role The longer frauds go undetected, the larger the potential for loss and the smaller the chances of recovery

  17. The Traditional Role of the Auditor in Detecting Fraud • Based on examining samples of transactions 10,000 Employees X 26 Pay Periods 260,000 paychecks/transactions 1 check .0004 % 10 checks .004 % 100 checks .04 % 1,000 checks .4 %

  18. The Traditional Role of the Auditor in Detecting Fraud • Testing of existing controls 46% of frauds occurred because of insufficient controls An additional 40% of frauds exploited situations where controls were ignored

  19. The Traditional Role of the Auditor in Detecting Fraud • Limited use of technology Both the AICPA and the ACFE specifically refer to the use of data analysis to assist in fraud detection

  20. The Role of Technology in Fraud Detection and Investigation • Perform risk analysis • Look for indicators of fraud • Review 100% of transactions • Compare data within different databases and computer systems • Determine impact of fraud • Proactive tests • Continuous monitoring

  21. Discovering Fraud Electronically – Three Approaches • Drill-down Analysis • Review large population and determine true areas of risk • Isolate “red flags” and drill down • Attribute Sampling • Begin with entire population and filter for transaction matching specific criteria • File Matching • Compare separate data files and look for disparities or matches (e.g. phantom vendors)

  22. The Role of Technology in Fraud Detection and Investigation • Data analysis will provide: • Indication of where to look • Indication of the depth and scope of the problem • Direct pointers to critical evidence • Proof • Findings

  23. Examples of Fraud Tests • Questionable Purchases • P.O. with blank / zero amount • P.O. / invoices with amount paid > amount received • Questionable purchases of consumer items

  24. Examples of Fraud Tests • Questionable Invoices • Invoices without a valid P.O. • Invoices from vendors not in vendor file • Invoices for more than P.O. authorization • Multiple invoices for same item description • Vendors with duplicate invoice numbers • High/inconsistent prices

  25. Examples of Fraud Tests • Questionable Invoices • Invoices for same amount on the same date • Multiple invoices for same P.O. and date • Sequential invoices • Invoices with no matching receiving report • New or non-approved vendors

  26. Examples of Fraud Tests • “Phantom” and other vendor tests • Vendor/employee name match • Employee and vendor with same address orphone number • Vendor address is a mail drop • High number of returns by vendor • Payment without invoice • Missing inventory • Duplicate documents

  27. Moderate Risk Moderate to High Risk High Risk Low Risk Moderate Risk Moderate to High Risk Low Risk Low Risk Moderate Risk Assessing Risk Measure $ Impact Based on Expected Occurrences HIGH HIGH MODERATE Probability of Occurrence MODERATE LOW MODERATE LOW HIGH Financial Impact

  28. Challenges to Effective Fraud Detection • Data sampling • Disparate data sources; complex IT systems • Ad hoc analysis

  29. Issues With Sampling • Sampling is only effective with problemsthat are relatively consistent throughout a data population • Fraudulent transactions by nature do not occur randomly • Fraudulent transactions often fall “within bounds” for standard testing and therefore do not get flagged

  30. Examine Abnormalities Random Sample

  31. Acceptable Range Establish Appropriate Parameters

  32. Benford’s Law Testing • What is it? • Benford’s Law tells us that numbers occur with predictable frequency within a “natural” population • The digits 1 – 9 appear with declining frequency: • 1 = 30% • 9 = 4.6% • This natural rule, applied to a numeric population, can point to numbers appearing more frequently than normal, thus being suspect

  33. Benford’s Law - Example • Audit review of physician billings • Benford’s Law testing identified a “spike” in the number 3 • Of these records, 22 percent were submitted by one doctor • Subsequent analysis revealed impossibly high daily billings

  34. Compare Information from Disparate Data Sources Access data from two or more separate sources

  35. Compare Information from Disparate Data Sources Access data from two or more separate sources Convert/harmonize data into comparable structures

  36. Compare Information from Disparate Data Sources Access data from two or more separate sources Convert/Harmonize data into comparable structures Combine data into single or related file for analysis

  37. Compare Information from Disparate Data Sources Access data from two or more separate sources Convert/Harmonize data into comparable structures Combine data into single or related file for analysis Exceptions

  38. Fraud Detection throughContinuous Monitoring • Data analysis is used in fraud detection & investigation to identify & document fraudulent activities • Part of overall fraud detection plan • Investigate and document issues identified • Continuous monitoring analyzes three key areas: • Identifies anomalies within data files/transactions • Examines 100% of the data (not sampling) • Timely identification (not suspicious transactions) • Runs automatically (user-defined frequency); reports anomalies to designated individuals for investigation

  39. DATA FRAUD TESTS ANALYSIS Reporting Medium Continuous Monitoring Process • Other Sources: • Master Files • Related Data • Other References Primary Transaction Data Data Output

  40. Data Analysis in Fraud Detection • A US government agency with $6.5 billion in annual procurement card purchases used data analysis to monitor expenditures • Indicators of inappropriate transactions were established and compared to actual data • Data from disparate sources were integrated including employee listings, authorizations, merchant restrictions, credit limits • $38 Million in suspect transactions were identified • A timely and cost-effective reporting system was created to follow-up with vendors and banks in the subsequent recovery process

  41. Data Analysis in Fraud Detection • A large healthcare insurer was defrauded of more than $25 million in claims • A routine claims audit identified an abnormal number of transactions of a certain value (through data analysis) • By implementing a continuous monitoring application, the organization may have identified the anomalies earlier in the process • Fraud exposure would have been reduced • Process improvements would have been identified

  42. Benefits of Continuous Monitoring • Confirms/validates effectiveness of controls • Mitigates deficient control structures • Monitors data from disparate systems to provide holistic view of transactions • Provides independent assurance • Identifies further process improvement opportunities • Identifies suspicious transactions in a timely manner • Reduces waste, enhances recoveries

  43. Status of Continuous Monitoring • Fastest growing area within audit and control community • Increasingly more common in organizations • Organizational challenges for widespread implementation: • Technological barriers; difficulties of access to data • Assumption that effective application controls are in place • Perception that sampling is an effective control assessment methodology • Lack of detailed understanding of exactly what and how to test • Recommendation – seek expert advice

  44. Implementation of a Fraud Detection Program • Build a profile of potential frauds which can then be tested • Analyze data to identify possible indicators of fraud • Implement continuous monitoring of high-risk business functions to automate the detection process • Investigate and drill down into patterns which emerge via data analysis/detection process

  45. Thank you!

  46. For More Information Doug Burton ACL Services Ltd. Doug_burton@acl.com 604-646-4201

More Related