200 likes | 299 Views
Forensic Techniques And Automated Oversight. Unemployment Insurance Integrity Conference April 19, 2010. Brett Baker, PhD, CPA, CISA. Overview. Forensic Techniques and Automated Oversight Data Mining Techniques Equipment and Software Forensic Approach. Brett M. Baker, PhD, CPA, CISA.
E N D
Forensic Techniques And Automated Oversight Unemployment Insurance Integrity Conference April 19, 2010 Brett Baker, PhD, CPA, CISA
Overview • Forensic Techniques and Automated Oversight • Data Mining • Techniques • Equipment and Software • Forensic Approach Brett M. Baker, PhD, CPA, CISA
Forensic Techniques and Automated Oversight • Definition of Forensic Audit • Audit that specifically looks for financial misconduct, abusive or wasteful activity. • Close coordination with investigators • More than Computer Assisted Audit Techniques (CAATs) • Forensic audit is growing in the Federal government • GAO’s Forensic Audit and Special Investigations (FSI) • Department of Defense Data Mining • Federal outlays are $2 trillion annually • OMB estimates improper payments for Federal government at $98B (4%) • 100% review using automated business rules versus statistical sampling • There is a place for both • Automated Oversight • Continuous monitoring • Quick response Brett M. Baker, PhD, CPA, CISA
FY2008 Improper Payment Estimates Brett M. Baker, PhD, CPA, CISA
What is Data Mining? • Refers to the use of machine learning and statistical analysis for the purpose of finding patterns in data sets. • If You Know Exactly What You Are Looking for, Use Structured Query Language (SQL). • If You Know Only Vaguely What You Are Looking for, Turn to Data Mining. • Most often used (up until recently) in marketing and customer analysis Brett M. Baker, PhD, CPA, CISA
Information Summary Reports Data Facts, numbers Knowledge Descriptive Analytics Wisdom Predictive Analytics Different Levels of Knowledge ACL, IDEA, MS Access SAS, SPSS, ACL, IDEA Clementine Intelligent Miner Enterprise Miner Brett M. Baker, PhD, CPA, CISA
Data Analysis Software - Fosters Creativity • Can perform the tests wanted, instead of being limited to what technical staff can, or will, provide • Not limited to just predetermined data formats and/or relationships • Can create relationships, check calculations and perform comparisons • Can examine all records, not just a sample • Useful for identifying misappropriation of assets and fraudulent financial reporting • Allows limitless number of analytical relationships to be assessed • within large databases • comparing large databases • Identifies anomalies Brett M. Baker, PhD, CPA, CISA
Common Data Analysis Tests and Techniques • Join • Summarization • Corrupt data (conversion) • Blank fields (noteworthy if field is mandatory) • Invalid dates • Bounds testing • Completeness • Uniqueness • Invalid codes • Unreliable computed fields • Illogical field relationships • Trend analysis • Duplicates Brett M. Baker, PhD, CPA, CISA
Use Tight Selection Criteria E.g. Vendor = “Smith Company” Use Looser Selection Criteria E.g. Vendor = “*Smith*” Finds Smith Company, Smith Co., The Smith Manufacturing Company, etc. Simple Queries You Know Exactly What You’re Looking For e.g. All Payments to a Particular Vendor 9
Use Tight Selection Criteria E.g. Payments With Same Contract #, Invoice # and Invoice Amount Few False Positives Use Looser Selection Criteria E.g. Payments With Same Contract # and Invoice # or Same Contract # and Invoice Amount More False Positives More Detected Duplicates Complex Queries You Know The Specific Condition You’re Looking For e.g. Duplicate Payments 10
Subject Matter Experts Can Describe Indicators Translate Indicators to Detection Logic Apply Indicators Against Population Many False Positives Combine Indicators Reduce False Positives 12 1 2 15 5 8 7 4 3 Sophisticated Solutions You Only Know The General Condition You’re Looking For e.g. Fraud Combine Indicators 11
Control Charts Brett M. Baker, PhD, CPA, CISA
Frequency Distribution Anomalous Activity Normal Activity Anomalous Activity Brett M. Baker, PhD, CPA, CISA
Comparing Data Files (Three-Bucket Theory) Vendors Paid and In Vendor Table Vendors Paid but not In Vendor Table Vendors Not Paid Yet Vendor Table Disbursing Transactions Brett M. Baker, PhD, CPA, CISA
Hardware and Software Applications • Hardware • SQL servers • Mainframe (QMF) • Docking stations • Terminal server • Software Applications • Data mining and predictive analytics, e.g., Clementine • Data interrogation – e.g., ACL, IDEA, MS Access, Excel • Statistical analysis – e.g., SPSS and SAS • Link analysis – I2 • Lexis-Nexis • Data conversion utilities (Monarch) • Internet, open-source research • Access to system query tools Brett M. Baker, PhD, CPA, CISA
Forensic Approach • Start with objectives • Structured brainstorming • Consider SME conference • Identify indicators of potential fraud and ways to find in data • Process to identify financial risks • Map out the end-to-end process • Identify systems and key processes • Identify key controls • Identify and obtain transaction-level data • Record layout • Look at 1000 records before examining all records • ACL, IDEA, and Monarch can read virtually any data format • Flat files, Delimited files, Dbase files, MS Access, Report files, …. • No file size limits • Build targeted business rules and run against data • Examine anomalies Brett M. Baker, PhD, CPA, CISA
End-to-End Payment UniverseForensic Audit Approach Personnel Systems $$ Treasury Check People Pay Entitlement Systems Federal Reserve System Accounting Systems Disbursing Systems Commercial Bank Commercial Pay Entitlement Systems Contracting Systems Central Contractor Registry Data Analysis Brett M. Baker, PhD, CPA, CISA
Unemployment Insurance Over-payments Unemployment Benefits Employment Employment Under-payments
How To Apply In Your Organization • Decide What You Are Looking For • Assign Personnel With Analytical Skills • Gather Data • Understand Data and Business Rules • Select Detection Method/Tools • Produce and Research Anomalies • Refine the Detection Process • Discover the Irregular/Illegal Transactions • Improve the Business Process • Automated oversight • Continuous monitoring