02/18/2010 Meeting - Data Analytics

Leveraging data analysis toLeveraging data analysis to
identify fraud patterns and issues
Satish Lalchand
Deloitte Financial Advisory Services LLPDeloitte Financial Advisory Services LLP
Jason Beck
CISCO
February 18th, 2010
This presentation contains general information only and Deloitte Financial Advisory Services LLP is not, by means of this publication, rendering
accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for suchaccounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such
professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any
decision or taking any action that may affect your business, you should consult a qualified professional advisor.
Deloitte Financial Advisory Services LLP shall not be responsible for any loss sustained by any person who relies on this presentation.

Agenda
Introduction
Current environment and challengesCurrent environment and challenges
Strategies for identifying fraud and leveraging analytics
fData analytics concept and sources of data
Leveraging analytics to identify :
1 Vendor fraud1. Vendor fraud
2. Employee fraud
3. Revenue manipulation
4. Foreign Corrupt Practices Act (“FCPA”) and commercial corruption issues
Tools for analysis
Copyright © 2010 Deloitte Development LLC. All rights reserved.1
Questions

Deloitte Survey Indicates that Executives Believe
Economic Stress can Lead to Increase in FraudEconomic Stress can Lead to Increase in Fraud
Economic stress can result in increased pressure on professionals to
meet earnings and revenue targets and increase risk of misappropriationg g pp p
of assets fraud due to layoffs and cost cutting measures.
According to an online survey in October 2008 of 249 executives from a
cross section of industries including financial services, industrial
manufacturing, energy and utilities, consumer products, and insurance
d t d b C li W k b h lf f D l itt Fi i l Ad iconducted by Compliance Week on behalf of Deloitte Financial Advisory
Services LLP, over 90% of respondents expect fraud activity to remain
steady or increase1
1 http://www.deloitte.com/dtt/cda/doc/content/us_fas_fraud_downturn_survey_v2_290109.pdf

Uptick in Fraud ?
“As economic conditions soften
around the globe, fraud risks for
Fraud Fears
a ou d t e g obe, aud s s o
businesses appear to be on the rise. A
slowing economy may increase
pressure on companies to meet — and
often exceed — short-term
Industry Manufacturing
Financial
Services Other
Decrease
1 0% 0 0% 0 0%
performance goals…It is this mindset
in slower economic times that can
contribute to increased fraudulent
activity.”
significantly
1.0% 0.0% 0.0%
Decrease
somewhat
2.0% 5.7% 3.7%
Don’t know 2.0% 5.7% 7.4%
y
– “Financial Fraud: Does an economic
downturn mean an uptick?”
Deloitte Financial Advisory Services LLP
Increase
significantly
4.9% 3.8% 6.2%
Increase
somewhat
40.2% 45.3% 39.5%
Stay the
50% 39 6% 39 5%
Stay the
same
50% 39.6% 39.5%
Source:
Compliance Week/Deloitte Survey on Fraud (October 2008)

Potential Challenges Faced by Internal Audit
• Need to enhance regular internal audit cycle with increased fraud
monitoringg
– Increase in scope of program
– Additional procedures to be performed
• Reduced Internal Audit staff and budgets
– Demand for increased cost effectiveness
– Most value out of proceduresMost value out of procedures
– Aim for high coverage
• Global versus domestic scope• Global versus domestic scope
– Internal Audit has a global role
– Limit on travel expenses
Need to identify areas and countries to focus on
– Need to identify areas and countries to focus on

Potential Challenges Faced by Internal Audit (contd.)
• Affordability of a techology solution
– Custom solution to be built ?Custom solution to be built ?
– Very large volumes of data
– Need for tools to capture, reconcile, analyze, and report data
– Data security and confidentialityData security and confidentiality
• Lack of interface to financial and reporting systems
Multiple accounting systems– Multiple accounting systems
– Challenges in procuring data
– How do I run my tests on SAP? Oracle?
What do I need to know to get started ?– What do I need to know to get started ?

Strategies for Identifying Indicators of Fraud
Approaches Rules Profiling Advanced or
Predictive
analytics
Blend
• Detect
known
patterns
• Set up rules to
filter suspicious
transactions
• Build profiles
of customers,
transactions,
and accounts
analytics
• Knowledge
discovery —
databases
and system
• Combination of
existing
approaches
• Detect and
keep track of
new patterns
E al ate set
and system
• Evaluate set
of data for
learning
Suitable forSuitable for IndustrySuitable forSuitable for
unknown
patterns
Suitable for
known
patterns
Industry
leading
practices
Suitable for
complex
patterns

Data Analytics — Concept
1. Anomaly testing
Data analyticsEntities
S li
2. Profiling
3. External list comparisons
4 Keyword searchesCustomers and agents
Employees and contractors
Suppliers
4. Keyword searches
Third-party
data sources
Accounting
data sources Transactions of entities
Customers and agents
World-
Compliance
PEP Data
AR
AP
Employee
Expense
and Payroll • Financial Sub ledgers
(AP/AR/GL)
• Entertainment expenses
Valid address
database
User-defined
data sources
Keywords Names of
CustomersGL
AR Vendors
123 $17.26
1233 $14k
3433 $49
…
• Entertainment expenses
• Payroll
• Credit cards/expenses
• Expense reimbursement
• Time keeping
Keywords
(advanced)
Names of
InterestEmployees
Cash
Ledger • Contractor payments

Identifying Potentially Relevant Data Sources
ERP
General
l d
Payroll
Accounts
bl
Accounts
i blledger
y
payable receivable
Master Analytic
Data Store
Thi d t d t
Internal audit
leads
I t i
E-mails, files, and
computer images
Third-party data Interviews
Strategic Cost Management
Customer Relationship Management
Call center Sales Marketing
Manufacturing
Supply chain
management
g

Leveraging Analytics to Help Identify Potential . . .
• Vendor fraud
• Employee fraud
R i l ti• Revenue manipulation
• Foreign Corrupt Practices Act (“FCPA”) and commercial corruption
issues
Following slides will outline
some potential areas top
consider.

Introduction to Vendor Fraud
• Ghost Vendors
Di b t S h• Disbursement Schemes
• Conflicts of Interest
The following slides will outline
some potential fraud schemes
and provide a relevant case studyand provide a relevant case study
to consider specific fraud
examples for each situation.

This scheme represents a fraudster creating and making payments to a fictitious
Vendor Fraud – Ghost Vendors
This scheme represents a fraudster creating and making payments to a fictitious
or ghost vendor within the accounts payable system
No Indicators
Data Analytic Detection
Procedures
1 Insufficient documentation for Vendor set up
Invalid Tax ID
Query vendor master records for
invalid/missing information
Invalid Tax ID (ex: 99-9999999)( )
Blanks and Null values
2 Incorrect contact information for Vendors
Telephone numbers
Verify validity and type of phone
numbers provided by vendorsTelephone numbers
Fax numbers Validate telephone numbers against 3rd
party data sources through batch runs
Match vendors telephone number with
company’s telephone numbercompany s telephone number
3 Invalid/Erroneous address information for
Vendors
CMRA
Perform address verification
Compare vendor address against 3rd
party address database to determine
CMRA
PO Box address
Undeliverable address
p y
the validity of the address

This scheme involves the distribution of funds from the company in overbilling or
Vendor Fraud – Disbursement Schemes
p y g
other unauthorized disbursement schemes.
No Indicators
Procedures
1 Invoices created during non-business hours
Saturdays, Sundays & Public Holidays
Compare the document dates of
invoices to a data table comprising of
dates for Public Holidays
E N Y D Ch i tEx: New Year Day, Christmas
2 Invoices with fewer digits than standard
numbering or sequential invoice numbers
E 111 001 022
Summarize invoice numbers for each
vendor to observe hidden pattern
Steadily increasing invoice numbersEx: 111, 001, 022
Invoices that are consistently expedited for
payments
Steadily increasing invoice numbers
Calculate the difference between
invoice date and check date
3 Payments/Checks without supporting Perform analysis on check register3 Payments/Checks without supporting
documentation for goods/services provided
Missing invoices, Purchase Orders
Perform analysis on check register
Investigate unsupported payments (i.e.
checks lacking invoices or P.O.’s)
4 Invoices from two different vendors with Data match on SKU number or
4 Invoices from two different vendors with
similar/same product/service description with
significant price variance
Data match on SKU number or
description of a part/product/services
provided between 2 unrelated vendors

Vendor Fraud – Conflict of Interest
This scheme involves an employee to vendor or vendor to vendor relationship that
may result in preferential treatment
No Indicators
Procedures
1 Shared elements (PII) between employees Perform comparison between
and vendors
Address
Telephone Number
employee master records and
vendor master records
Emergency contact for employees
match with vendor contact information
Bank Account Number
SSN/Tax ID
match with vendor contact information
Public Data SourcesPublic Data Sources
www.411.com
www.blackbookonline.com
www.dogpile.com
www.anywho.com
www.peoplesearch.net

Vendor Fraud – Conflict of Interest (contd.)
Data Visualization – Shared Bank Accounts

Vendor Fraud Case Study – Manufacturing Company
• Private manufacturing company defrauded by an employee
• Fraudster background
Purchasing manager with three years at the Company
Granted “super user” system accessGranted “super-user” system access
Involved in fraudulent vendor payment scheme
Adept at covering up payments
Eventually terminated for fraudulent usage of p cardEventually terminated for fraudulent usage of p-card

(contd )
• Elements of fraud
Super user access allowed fraudster to create vendor accounts
(contd.)
Super-user access allowed fraudster to create vendor accounts
Perpetrated fraud through multiple employee log-ins
Lack of system control to validate vendor data entry
Use of legitimate product data by fraudulent vendor for falsified salesUse of legitimate product data by fraudulent vendor for falsified sales

(contd )
• How fraud was detected
Unrelated fraudulent action by fraudster triggered questions
(contd.)
Unrelated fraudulent action by fraudster triggered questions
Performed data analytics on vendor and accounts payable data
Use of legitimate product data by fraudulent vendor
• Monetary outcome of fraud
– $650,000

Introduction to Employee Fraud
• Ghost Employees
• Expense and P-Card Irregularities
P ll• Payroll
The following slides will outline
some potential fraud schemes
and provide a relevant case studyand provide a relevant case study
to consider specific fraud
examples for each situation.

Employee Fraud – Ghost Employees
This scheme is to create a ghost or a false employee within the employee master
data and process payroll for this fictitious employee
No Indicators
Procedures
1 Insufficient documentation for employees in
HR system
Query employee master records for
invalid/missing informationHR system invalid/missing information
Blanks and Null values
2 Invalid SSN for employees in the HR system Verify employee social security data
against a 3rd party databaseaga st a 3 pa ty database
Ex: SSN of a deceased individual being
currently used
3 Employees set up multiple times in the Identify employees with the samep y p p
employee master data
Reissue employee IDs to rehires
y p y
name
Perform match of employee names
that sound similar

Employee Fraud – Expense and P-card Irregularities
This scheme is to create a fictitious expense or p-card transaction
No Indicators
ProceduresProcedures
1 Expense transactions just under the approval
threshold limit
Identify multiple expense
transactions for the same expense
type just below approval thresholdyp j pp
amount
2 High volume or increased dollar value
expenses for generic expense types
Profile expense transactions for
increased volume and dollar value
for specific employees
Miscellaneous, Unknown, Other, etc
3 Identical transactions in expense and P-Card
system for the same amount.
Query for transactions across
expense and P-Cards system with
same name amount and similar
same name, amount and similar
dates

This scheme creates fictitious salary wage and bonus payments
Employee Fraud – Payroll
This scheme creates fictitious salary, wage, and bonus payments
No Indicator
Procedures
1 Increased volume of overtime payments Identify exempt employees receiving
non-exempt or overtime wages
Identify employees receiving more
than one salary payment per paythan one salary payment per pay
period
2 Employees with high volume or increased
dollar value bonus payments.
Query employee bonus payments
and filter results by job title.dollar value bonus payments. and filter results by job title.
Filter employee payroll records for
employees receiving bonus
payments equal to or greater than
salary payments
3 Payroll disbursements to employees who are
not in the HR records
Match employee payroll listing to HR
records
Verify Social Security information
with 3rd party data source

Employee Fraud Case Study – Non-Profit Organization
• Non-Profit organization defrauded by multiple employee's
Weak controls surrounding payroll payments– Weak controls surrounding payroll payments
• Backgroundg
– Employees set up multiple times in the payroll system
– Employees using invalid Social Security Numbers
– Ghost employees were associated with Social Security Numbers that werep y y
registered for a death benefit claim

(contd )
• Elements of fraud
Bonus payments were approved in a decentralized manner which allowed
(contd.)
– Bonus payments were approved in a decentralized manner which allowed
employees to receive multiple payments
– Two bonus categories existed in the payroll system that did not exist in the
payroll manualp y
– Non-eligible employees were receiving longevity bonus payments
– Employees setup multiple times in the system were receiving multiple
paychecks and not notifying the company
– Pay codes were set up on the fly by the
benefits group

(contd )
• How fraud was detected
– Performed unexpected relationship testing on employee data and discovered
l l i l i i h
(contd.)
employees setup multiple times in the system
– Used data analytic techniques on payroll data to determine employees who
were not eligible to receive bonus payments
Identified employees who received more than one bonus in the same year– Identified employees who received more than one bonus in the same year

Analyzing Multiple Sources - Strategy
Payroll
HR
Accounts
payable
Expense
disbursement
payable
P-card
Address verification Shared elements testing
Accounts
receivables
Vendors
Benford’s law
Duplicate payments
Management reporting
Unexpected relationships
High-risk focus
SSN testing
Overpayments
Manual and special paymentsUnexpected relationships
Test internal controls
Manual and special payments
Client-customized testing
External data Scoring
verification
Employee fraud
g
algorithms
Vendor fraud

Revenue Manipulation
• Understand sales and related transactions
– Profile and graph sales, rebates and discount datag p ,
– Identify patterns and relationships between parties
• Invoice and returns manipulationp
- Suspicious patterns of returns or credits occurring directly after fiscal quarter or year-
ends
- Canceling and rebilling of invoices
Ri ht f t / t l t ( id l tt ?)- Right of return v/s actual returns (side letters?)
• Channel stuffing
Evidence of higher discounts or returns post quarter end Profile data by product and- Evidence of higher discounts or returns post quarter end. Profile data by product and
customer groups to see outliers.
- Unusual or extended payment terms, modification of standard system settings

Revenue Manipulation (contd.)
• Fictitious Sales
– Reconcile sales, inventory, cash receipts and general ledger
– Unusual patterns of inventory movement
– Unusual patterns of sales entries
– Manual adjustments and transactions
– Transactions entered by unauthorized persons
– Sales posted on non-working days
• Bill and Hold
A l i f hi t d bill t t d l ti- Analysis of ship to and bill to customers and locations
- Inventory movement related to invoices
- Evidence of customer inventory being stored in warehouse
• Refreshing Receivables
- Analysis of revenue recognition date against aging of receivables
- Re-invoicing and manipulation of receivables
g p

Revenue Dimensions- Identification of Outliers
Time period
• Year
• Quarter
• Month
Data
population
Subgroup
• Customer
• Sales
• Discounts
• Returns
M t i
• Rebates
• Reversals
• Adjustments
Metrics
• Amount
• Debit/credit
• Ratios
• TrendsSubgroup
• Location
• Division
• Division
• Product
*Millions of records aggregated

The Foreign Corrupt Practices Act
•Enacted in 1977 and amended in 1998 by the International Anti-Bribery Act of 1998 which implements
anti-bribery conventions of the Organization for Economic Co-operation and Development
•Prohibits any U.S. person to make a payment to a foreign official for the purpose of obtaining or retaining
business for or with, or directing business to, any person. Applies to foreign firms and persons who take
any act in furtherance of such corrupt payments while in the United States. The term “foreign official”
includes anyone working for a government owned or managed institution or enterprise. Also includes
employees of international organizations (UN, IMF, etc.)
•Specifies no materiality, making it illegal to offer anything of
value as a bribe, including cash or non-cash items
•Distinguishes between bribery and facilitation payments
as long as permitted under laws of the host country
•Requires companies whose securities are listed in theq p
United States to meet its accounting provisions: make
and keep books/records that provide transparency of
transactions; devise and maintain an adequate system
of internal controls

Why focus on FCPA?
• Number of enforcements 1 so far in 2009 is consistent with the record
setting number of enforcements in 2007 and 2008
• Settlements are becoming costly
– December 2008: Siemens 2 – $800 Million – Highest ever
– January 2009: Halliburton 3 – $559 Million – Highest for a U.S. companyy $ g p y
• Business is international
• Corporate transaction volumes, information captured about transactions,
and corresponding data volumes continue to grow exponentially
1 http://www.gibsondunn.com/publications/Pages/2009Mid-YearFCPAClientAlert.aspx
2 http://blogs.wsj.com/law/2008/12/15/siemens-settles-in-us-for-800-mil-leaving-for-german-authorities/
3 http://blogs.wsj.com/law/2009/01/26/halliburton-breaks-fcpa-settlement-record-for-us-companies/

What FCPA Challenges do Companies Face?
Identifying FCPA violations and anomalies can be tedious and complex,
and often requires significant resources. Foreign language, culture,q g g g g , ,
distributed decision making, distributor networks, etc. can all be
challenges as well.
• Technological challenges
– Very large volumes of data
– Multiple accounting systemsMultiple accounting systems
– Data security, data protection, and confidentiality

Very Large Volumes of Data
• No materiality thresholds for FCPA violations
– Can’t just sample top X transactionsCan t just sample top X transactions
• Reduce data volumes to a manageable amount through a combination
of entity filtering and fraud testingof entity filtering and fraud testing
– Identify and filter for higher risk entities and locations
– Composite testing of related payments and employee expenses for
anomaliesanomalies
– Prioritize transaction review based on a risk scoring methodology

FCPA Transaction Review Process
Full dataset extracted from one or more accounting
systems
Filter transactions based on entity
screening and classification
Further filter based on fraud
testing and risk scoring
Review source
documents and
other backup
materials

Entity Filtering
• Identity and flag entities that are:
– Government vendors/customers/suppliers
– Agents
– Consultants
L i ti d hi i i– Logistics and shipping companies
– Sales personnel that deal with government entities
– EtcEtc.
• Compare customers and vendors to a PEP* list top
identify potentially risky entities.
* PEP Li ti f liti ll E d P
* PEP: Listing of politically Exposed Persons

Composite Testing
• Test related payments and employee expenses using a
combination of general fraud tests and risk scoring
• Transactional Based Fraud Tests
– Amounts approaching approval thresholds– Amounts approaching approval thresholds
– Sequential invoices
– Transactions on non-working days
• Transactional Risk Scoring
Add i hi h i k j i di i– Addresses in high risk jurisdictions
– Consulting/logistics/shipping companies
– Entertainment accounts and other accounts of interest
– Entertainment accounts and other accounts of interest

Prioritized Raw Data
• Review transactions based on risk of participating
entities and number of fraud tests “failed”
• Expand review to additional transactions as needed

Multiple Accounting Systems/Data Security
• Multiple Source Data Systems
– Data is often distributed across accounting systems in
multiple countries.
– It is not always sufficient to test every system
independentlyindependently.
– Need a method for consolidating data and testing it
uniformly across systems
• Data Security
Keeping data sec re hen transporting/consolidating– Keeping data secure when transporting/consolidating
– Personally Identifiable Information

FCPA Case Study
• Global manufacturing company proactively reviews
international transactional accounting data to mitigate
the risk of fraud
– First phase review consisted of over 2.6 million general ledger
entriesentries
– Based on entity filtering, PEP list matching, transactional fraud
tests and targeted keyword searches the population of
transactions was reduced to approximately 250 transactionstransactions was reduced to approximately 250 transactions
which were manually reviewed and confirmed.

F t t id h l ti t l
Tools for analysis
Factors to consider when selecting a tool:
1. Size of your data
Number of linesNumber of lines
Space needed
As data volume increases, it will become necessary to select a more powerful analysis
tool
2. Format
Text files, spreadsheet, database may contain raw data.
3. Complexity
Basic v/s advanced analysis
Programming needed for logic ?

Tools for analysis
1. ACL
Common tool used by internal audit teams
Built in tests
2. MS EXCEL
Spreadsheet allowing sorting and filtering
Ability to create pivot tables and graphs to identify anomalies
Challenges: Data can be accidently over written, preserving data integrity, comparing data across
sources, grouping data across sources.
3. MS ACCESS
Starting database tool
Ability to create complex relationships between multiple data sets
Build reports and interface for data review
Challenges: Performance depends on computer being used limited multi user capabilityChallenges: Performance depends on computer being used, limited multi user capability.
4. MS SQL SERVER
Advanced database platform
Ability to write complex logic and work with large volumes of data
Challenges: Requires technical knowledge and programming skills

About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of memberDeloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, and its network of member
firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for
a detailed description of the legal structure of Deloitte Touche Tohmatsu and its member firms. Please
see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its
subsidiaries.
Copyright © 2010 Deloitte Development LLC. All rights reserved.
Member of Deloitte Touche Tohmatsu

02/18/2010 Meeting - Data Analytics

More Related Content

What's hot (17)

Similar to 02/18/2010 Meeting - Data Analytics (20)

Recently uploaded (20)

02/18/2010 Meeting - Data Analytics