Many have wondered why one would perform analytics for fraud detection (or prevention) in good times (business as usual) and why would you when there is no whistle blown about a fraud suspicion?
Is this not a grey area where people sensitivities are involved and news about investigations can affect the organization’s brand image? Being trolled over social media that becomes painful to counter? But the CFO’s office is the hardest hit when it comes to answering the Board on the financial losses incurred due to fraudulent activities that leaves a gaping hole in finances.
Traditional anomaly detection is conducted routinely by internal or external auditors. But they are insufficient, not backed by powerful tools and the objective and terms of reference for these audits limit the investigation to a certain level and no more.
Often referred to as “Forensic Audit”, fraud detection methods assume great significance because it requires digging deeper than normal audit to examine and investigate internal control failures, conflict of interest, social networks, multiple factors such as behavioural analysis and ability to crunch big data that can extend / expand beyond the time period under the lens.
A prudent and practical approach would be to set up a mechanism that can proactively provide analytics and flag off high risk areas that need immediate attention.
Fraud Analytics is the use of analytical technology with intelligent business rules and techniques, which will help detect improper transactions like bribery, favouritism, working capital leakage, asset misappropriation, etc. either before or after the transaction is done, so that appropriate steps can be taken to prevent further damage.
Fraud Analytics also helps in performance measurement, evaluate internal control failures and deficiencies, standardize and help in constant improvement that would benefit the overall organization and governance.
Fraud perpetrators use a lot of different and unique techniques which are randomized to prevent discovery and therefore, the techniques used for detection has to be one or many of the following:
a. Capable of running automated business rules that throw up anomalies that can be further investigated for false / true positives.
b. Calculation of various statistical parameters like averages (for example average number of calls made, emails exchanged, delays in bill payments, etc.), quantities (for example comparison of total quantities ordered / received / invoiced / returned), performance metrics (e.g. attrition rate pattern amongst certain departments, sales returns peaking immediately after monthly close, etc.), user profiles (e.g., interested party contracts, sudden lifestyle changes by the user, behavioural patterns noticed) etc.
c. Trend analysis using time series distribution.
d. Clustering and classification that can help find patterns and associations within data sets.
e. Algorithms, models and probability distributions of various business activities.
f. Machine learning and neural networks to automatically identify characteristics of fraud and used later with increasing Big data inputs.
Having a Fraud Prevention program for controlling fraud risks is an important part of Enterprise Risk Management and provides your investors, partners and auditors with more confidence on your demonstrated ability to tackle the same in a sustained manner and not on an ad-hoc basis.
The author is Managing Principal - Cyber security & GRC at Lydian Global Business Services. Our GRC practice is focused on cutting edge technology and solutions such as Fraud Analyzer and rich content for GRC programs. For more blogs visit https://www.mylydian.com/blog .
Lydian’s compelling combination of deep industry expertise, custom developed Products and Solutions, well-articulated vision and its ability to mix and match the right set of innovation, keeping customer in mind, helps organizations to derive the additional value that businesses expect from their investments in Enterprise Technologies and Digital Transformation journey. Visit our website https://www.mylydian.com for more information.