FRAUD ANALYTICS is an effective approach in the fight against fraud; it is indispensable in discovering patterns and aligning trends. It is capable of identifying masses of red flags in financial transactions that indicate fraud has occurred or has the potential risk of occurring. Fraud analytics can be used anywhere. It is well suited to effectively analyze volumes of information within the private, public, or government sectors.
Fraud analytics is rapidly emerging in the fight against white-collar crime; many professionals are using it as an extremely effective means of fraud detection. The technology aspect of fraud analytics is greater than most expect. It allows fraud examiners, analysts, CPAs, auditors, and investigators to analyze data (big or small) without altering the data manner. Fraud analytics has superseded the age-old method of plodding through mountains of paperwork or hit-or-miss statistical sampling.
What is fraud? Fraud encompasses a wide range of illicit practices and illegal acts involving intentional deception or misrepresentation. The Institute of Internal Auditors (IIA) defines fraud as:
any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage.1
And, according to an ACL discussion paper:
Fraud impacts organizations in several areas including financial, operational, and psychological. While the monetary loss from fraud is significant, the full impact of fraud on an organization can be staggering. The losses to reputation, goodwill, and customer relations can be devastating. Fraud can be perpetrated by any employee within an organization or by those from the outside, so it is imperative to have an effective fraud management program in place to safeguard your organization's assets and reputation.2
With the continuing advances in technology, fraud analytics will continue to be in the forefront of preventing and detecting fraud. The financial, law enforcement, consulting, and audit communities need to recognize fraud analytics as a necessary part of their structure.
Fraud analytics is a challenging endeavor, according to Marilyn Peterson, a respected expert in the field of analysis. Fraudsters have updated their technology skills and methodologies to plan and commit sophisticated frauds. Our efforts must be savvier to keep up with the ongoing infrastructure of fraud. Therefore, fraud examiners, investigators, analysts, auditors, and accountants are employing specific analytic skills to help them during some of the most complex investigations.3
The enhanced critical-thinking skills required of fraud analytics compel analysts, auditors, investigators, and CPAs to follow the concepts of logical reasoning, not intuition or gut feelings. Users will draw conclusions, findings, and recommendations based on the known. Greater self-discipline will be essential to remain objective and not to be influenced by external factors. Information and real-time data will be considered with respect to its weight (validity, reliability, and inclusion).
Beyond having knowledge, skills, and abilities, it is essential that one has a clear understanding of what the definition of “substantial knowledge” means as it relates to analysis. Be it strategic analysis, crime analysis, predictive analysis, threat analysis, or financial analysis, the means of fraud analytics must be understood, and the mechanisms associated with the direct correlations must make perfect sense.
Training and continuing education will be the common denominator as fraud analytics continues its rise in the corporate, financial, law enforcement, and public sectors. These are valuable tools for developing the substantive knowledge needed for the most effective analysis.
Fraud analytics has been recommended by the Association of Certified Fraud Examiners (ACFE), the American Institute of Certified Public Accountants (AICPA), and the IIA as an effective means to detect fraud.
WHY USE FRAUD ANALYTICS?
Fraud analytics is used primarily to combat fraud. It provides users with a better way to look at every available transaction.
Fraud analytics (data analysis) has enabled auditors, investigators, analysts, accountants, and other fraud examiners to analyze transactional data to obtain insight into the effectiveness of internal controls and to identify specific areas of fraud risk and fraudulent activities. There is no area off limits to fraud analytics and it is used to analyze payroll and ghost vendor records, accounts payable transactions, or for finding duplicate transactions and/or invoices. Organizations should maintain an effective control system and application. In other words, there is no specific industry that will not benefit from experiencing the capabilities and functionality tools offered in fraud analytics.
Personally and professionally, I have used the fraud analytic tools and recognize that when they are first implemented, it may be difficult to determine what source will be useful in establishing the main goal. When viewing the number of illicit transactions, it may seem relatively small, and to the human eye it is, but the unexplainable transaction highlights a potential area for weakness that can be used to perpetrate fraud.
A main principle in using fraud analytics in fraud detection is that in order to test and monitor internal controls effectively, organizations must analyze all relevant transactions against all parameters, across all systems and all applications. Only by examining transactions at the source level can we be assured of their integrity and accuracy. Accuracy and integrity are both critical elements and are of great importance when dealing with potential fraud. Nontransparent records or blank fields are key indicators of fraud or potential frauds that can go unnoticed.
If you are wondering why fraud analytics is a critical element in financial investigations, audits, and receivables and payables, just ask the ACFE, the AICPA, and the IIA. All are strong advocates for using fraud analytic systems to assist in fraud detection.
As the fraud detection industry progresses with tools to assist with fraud analytics and the implementation of such warranted strategies, here are a few approaches to help you start the process:
- Employ strategic targeting.
- Complete and identify information on targets and potentials.
- Use an investigative plan.
- Employ critical-thinking skills.
- Apply problem-solving methodologies.
- Organize complex data thoroughly.
- Use the most up-to-date fraud analytics techniques and software.
- Develop an effective case for prosecutorial measures.
Fraud analytics is also widely used in strategic targeting, which involves choosing cases or fraud examinations based on established criteria that allow users to focus on the examination efforts.
CASE STUDY
Betty Bumble, Certified Fraud Examiner, targets cases involving monetary thresholds. In a simple example, she selects cases that contain profits of fraud that are known to have exceeded amounts of $100,000, $600,000, or $2,000,000. Persons who are in a position of trust (e.g., doctors, lawyers, accountants, bankers) are known to take advantage of the financially naive or the elderly. Others may perceive the deterrent value of the fraud examination: Does the completion of an examination discourage others or cause them to doubt whether they should take part in frauds? Some criminal organizations may use a combination of the above or other criteria to select or prioritize their targets. One must be savvy to decipher and/or construct a “threat matrix” that displays targets, assigning a specific value to each and selecting the target that attains the highest numerical value.
Strategic targeting is also based on certain indicators of fraud types that have been parlayed through experience. Fraud schematics can easily be divided into six types: (1) accounting anomalies, (2) internal control weaknesses, (3) analytical anomalies, (4) flattering lifestyles, (5) unusual behaviors, and (6) complaints.4
As we employ new technology, the use of critical-thinking skills holds promise in fraud analytics. Critical thinking in fraud analytics, and for most any type of analysis, should be honed at each opportunity. Critical thinking merely means viewing what you know in addition to what you need to know; it requires you to establish your questions and assumptions beforehand while deciphering preliminary conclusions.
Critical thinking causes us to ask this most simple question: Is there anything missing? Then it leads us to work toward filling in the gaps by knowledge base or theory. Critical thinking requires that we question the information we have gained and the facts in such a way that we can understand the actions and actors more accurately.
THE EVOLUTION CONTINUES
Fraud analytics is a useful tool for investigators, auditors, accountant and fraud examiners to detect the most inherent means of fraudulent transactions. Analytics helps to calculate and determine fraudulent activity that has occurred or which has the potential to. One can never set boundaries as to how the process will unfold.
Excel spreadsheets have been the master tool for securing data. But with multiple fraud analytic tools accessible to examine not only a fraction but also the vast majority of complex transactions, we can only hope that the development of these tools will enhance the strategies and methods of those who continue to combat fraud throughout their specific industries. The tools discussed in this book offer a glimpse on how to incorporate various methodologies into one streamlined method of practice.
Ideally, the use of fraud analytic tools will reduce the cost associated with relying solely on the “traditional” methods of analysis. The tools reduce regulatory exposure for organizations, and will afford results in a more timely identification of possible fraudulent activity.
Figure 2.1 illustrates the strategy cycle that assists in determining the specific steps to consider prior to starting the analysis process. As the fraud examiner deciphers the data, the steps should be followed carefully.
FRAUD PREVENTION AND DETECTION IN FRAUD ANALYTICS
According to an ACFE article:
Fraud prevention and detection are related, but are not the same thing. Prevention encompasses policies, procedures, training, and communication that stop fraud from occurring, whereas detection focuses on activities and techniques that promptly recognize whether fraud has occurred or is occurring.
FIGURE 2.1 Fraud Analytics Strategies
Source: ACFE Fraud Magazine (March/April 2006). Reprinted with permission of the Association of Certified Fraud Examiners.
While prevention techniques do not ensure fraud will not be committed, they are the first line of defense in minimizing fraud risk. One key to prevention is promoting from the board down throughout the organization an awareness of the fraud risk management program, including the types of fraud that may occur.
Meanwhile, one of the strongest fraud deterrents is the awareness that effective detective controls are in place. Combined with preventive controls, detective controls enhance the effectiveness of a fraud risk management program by demonstrating that preventive controls are working as intended and by identifying fraud if it does occur. Although detective controls may provide evidence that fraud has occurred or is occurring, they are not intended to prevent fraud.
Every organization is susceptible to fraud, but not all fraud can be prevented, nor is it cost effective to try. An organization may determine it is more cost effective to design its controls to detect, rather than prevent, certain fraud schemes. It is important that organizations consider both fraud prevention and fraud detection.5
INCENTIVES, PRESSURES, AND OPPORTUNITIES
According to the ACFE article:
Motives for committing fraud are numerous and diverse. One executive may believe that the organization's business strategy will ultimately be successful, but interim negative results need to be concealed to give the strategy time. Another needs just a few more pennies per share of income to qualify for a bonus or to meet analysts' estimates. The third executive purposefully understates income to save for a rainy day.
The fraud risk identification process should include an assessment of the incentives, pressures, and opportunities to commit fraud. Incentive programs should be evaluated—by the board for senior management and by management for others—as to how they may affect employees' behavior when conducting business or applying professional judgment (e.g., estimating bad debt allowances or revenue recognition). Financial incentives and the metrics on which they are based can provide a map to where fraud is most likely to occur. There may also be nonfinancial incentives, such as when an employee records a fictitious transaction so he or she does not have to explain an otherwise unplanned variance. Even maintaining the status quo is sometimes a powerful enough incentive for personnel to commit fraud.
Also important, and often harder to quantify, are the pressures on individuals to achieve performance goals or other targets. Some organizations are transparent, setting specific targets and metrics on which personnel will be measured. Other organizations are more indirect and subtle, relying on corporate culture to influence behavior. Individuals may not have any incremental monetary incentive to fraudulently adjust a transaction, but there may be ample pressure—real or perceived—on a person to act fraudulently. [This is the very reason that fraud analytics is needed.]
Meanwhile, opportunities to commit fraud exist throughout organizations and may be reason enough to commit fraud. These opportunities are greatest in areas with weak internal controls and a lack of segregation of duties. However, some frauds, especially those committed by management, may be difficult to detect because management can often override the controls.6
NOTES
1. Institute of Internal Auditors, International Standards for the Professional Practice of Internal Auditing, 2010.
2. ACL Services Ltd., “Fraud Detection Using Data Analytics in Government Organizations,” discussion paper, 2010. www.acl.com/pdfs/DP_Fraud_detection_GOVERNMENT.pdf
3. Marilyn B. Peterson, “Analyze This and That,” ACFE white paper. (March/April 2006).
4. W. S. Albrecht, C. C. Albrecht, C. O. Albrecht, and M. F. Zimbelman, Fraud Examinations, 3rd ed. (Independence, KY: South-Western College Publishing, 2008).
5. IIA, AICPA, and ACFE, “Managing the Business Risk of Fraud: A Practical Guide,” 2012, pp. 8–9. www.acfe.com/uploadedFiles/ACFE_Website/Content/documents/managing-business-risk.pdf. Reprinted with permission of the Association of Certified Fraud Examiners.
6. Ibid., p. 23.