Footprints in company data
Corporate fraud is not an uncommon occurrence. And the larger and more complex the company, the greater the opportunities which may exist for ‘enterprising’ staff members to take advantage of their employers.
Ernst & Young’s fraud detection experts hope to change this picture.
According to Thaaniya Isaacs, Director, Legal Technology Services, Ernst & Young Cape Town, the company has developed advanced methods for fraud detection which include analysing data for the identification of ‘footprints’ that fraudsters leave behind.
“The method looks like a spider’s web, and analyses people, processes and technology in eight separate components. The more elements that are analysed, the more resistant companies become to fraud, allowing them to move from a position of resilience against potential fraud,” she says.
Lynette Davids, Fraud Investigations & Dispute Services Director, Ernst & Young, says concentrated and concerted efforts from those charged with governance – internal and external auditors, regulators, law enforcement and others – has led to considerable progress in preventing and detecting fraud.
“Despite this, there is little evidence that clearly indicates any reduction in corporate fraud, with one in five of the companies interviewed in the latest Ernst & Young Global Fraud Survey reporting significant fraudulent activity in the past two years,” she says. Davids adds that the use of information technology in the fight against corporate fraud id indispensable.
Isaacs says data analysis plays a central role in identifying and proving that fraud is taking place. “There are two angles which we take: the first is an analysis of people, process and technology [systems] which can identify the primary causes of and vulnerabilities which may enable fraud. The second is an analysis of data which allows for the identification of anomalies, patterns and problems which may be evidence of inappropriate actions.”
Such an approach, Isaacs says, allows companies to take a proactive approach in identifying and mitigating against fraud. “Company data contains an enormous amount of information which, if looked at in the right way, can reveal a great deal about whether or not fraud is taking place.”
When focusing on data, Isaacs says a five step maturity model is applied. This begins with a general risk analysis which then hones in on specific business processes, such as for example, on procurement.
Multidimensional analysis is then conducted which examines the relationships between processes, cross referencing them – such as identifying correlations between procurement and payroll.
“Business processes are all interlinked and can tell a tale of fraud. For example, address details can indicate links between employees and suppliers,” Isaacs notes, adding that detailed analysis can include many processes across company divisions.
The fourth level includes forensic examination with multidimensional tests and a ‘Truth Table’ methodology developed by Ernst & Young, which Isaacs says is seeks out known fraud ‘footprints’ which are contained in data.
“This allows identification of the most commonly committed frauds in any given organisation and the subsequent prioritization of interventions,” she says.
The final level of analysis uses data for advanced modeling and can predict likely frauds. “This is particularly useful in environments which are prone to fraud such as the short term insurance industry. Using data analysis techniques, risk profiles can accurately predict the likelihood of fraudulent claims,” says Isaacs.
While levels of fraud differ depending on the type of organisation, she says environments where illegal activity is more likely tend to be those where high volumes of transactions take place, where large budgets are expended (procurement), where commission-based sales models are in place, and through the creation of ‘ghost’ employees particularly in companies with a large headcount.
“In such environments, the opportunities for fraud are greater while the risk of detection is perceived to be lower. While the telltale signs of fraud can be quite innocuous, by analysing data and comparing results against globally identified fraud methods, it is possible to detect criminal activity with a high degree of reliability,” Isaacs concludes.