How can Big Data/Analytics detect and prevent fraud?

By: Ramsundar Kesavan

One of the much awaited and highly appreciated moves among the Indian Inc. is the New Companies Act 2013. In fact in the recent news as many as 17 firms have been probed by the government's investigation arm the Serious Fraud Investigation Office (SFIO) for corporate frauds in the current financial year (2014-2015?) so far. The government has taken a number of measures to curb and prevent corporate frauds like making fraud a substantive offence and providing statutory status to SFIO, under the new companies’ law.

Fraud is detected in many ways, or at least one tries to detect it in many ways. Conventionally, many corporate relied most on its internal control activities and the internal auditor to prevent and detect fraud. If this isn’t sufficient, risk management systems, a whistle-blowing hotline, an investigations department, new technologies or other measures are installed, corresponding to the need the company experiences. The technological improvement that’s partly responsible for the increasing trend in fraud is also part of the solution. Also data explosion happening in corporate’s ERP or financial systems or any other IT application system. With more and more economic liberalization across the globe, many corporate are expanding their business horizon geographically. The times being what they are, no company stays in its current state for long. As a result, many corporate find that they are running multiple ERP systems or instances of the same system. Imagine how many purchase orders will be created in a year. With data explosion, identifying fictitious purchase order, transaction etc will be very challenging to corporate so as to ensure that their organization is in goods books of the regulatory authorities. Prevention and detection technologies are implemented, tested, customized and commercialized. The term ’big data analytics’ is buzzing in the market and in the minds of CXOs. Can this big data analytics provides an answer to better fraud detection and improve the internal control framework so as to prevent the fraud recurrence

1. What is fraud and some numbers

Corporate Fraud in laymen’s language is “Activities undertaken by an individual or company that are done in a dishonest or illegal manner, and are designed to give an advantage to the perpetrating individual or company. Corporate fraud schemes go beyond the scope of an employee's stated position, and are marked by their complexity and economic impact on the business, other employees and outside parties”.  The typical reason why people commit fraud according to Mr. Donald Cressey, Criminologist was explained in something called as the Fraud Triangle.

According to recent survey conducted by Deloitte “Indian Fraud Survey Edition I, December 2014” reveals that, diversion/ theft of funds or goods, bribery and corruption, and regulatory non-compliance were the top three fraud concerns faced by the organizations. Now if we look at the fraudster, senior management was identified as most susceptible to commit fraud, whereas external parties were least likely to commit fraud, as per survey respondents. Further, over 50 percent of survey respondents felt that procurement; sales and distribution functions were most vulnerable to fraud, indicating that greater business exposure to external stakeholders such as vendors, suppliers, customers, and distributors could significantly increase the risk of fraud.

Procurement Fraud:- The PwC (PricewaterhouseCoopers) Global Economic Crime Survey 2014 showed 29 percent of organizations had experienced procurement fraud. Procurement fraud can be defined as illegal conduct by which the offender gains an advantage, avoids an obligation or causes damage to his organization. Some of the types of procurement fraud includes collusion between employees and vendors, vendors defrauding the company, collusion among vendors within an industry, bribery etc.

2. Challenges faced by corporate in detecting fraud:-

The main factors that propagate indulging in the fraud are lack of internal control, inadequate redressal of reported fraud cases, unrealistic target linked to monetary compensation, diminishing ethical values, senior management override of controls etc. According to ACFE 2014 report to the nation, in nearly one-third of the cases, the victim organization lacked the appropriate internal controls to prevent the fraud, which reinforces the importance of targeted anti-fraud controls. A lack of controls played an even bigger role in those cases affecting small businesses; this was attributed as the primary weakness at more than 41% of cases at organizations with fewer than 100 employees.

Globally there are some major changes in regulations like Foreign Corrupt Practices Act of USA, new/updated COSO’s (Committee of Sponsoring Organization) internal control principles etc are looking for effective fraud management. The sheer volume of loss attributed to fraud is pressuring companies to devise solutions to prevent and identify fraud, while continuing to provide a positive and customized experience for an increasingly sophisticated customer. In order to achieve a more accurate and less intrusive fraud detection system, most of the corporate have started relying and investing on big data analytics technology for compliance and governance.

3. Big Data Analytics & Data Mining

The current information age is overwhelmed by data. More and more information is stored in databases and turning these data into knowledge creates a demand for new, powerful tools. Data analysis techniques used before were primarily oriented toward extracting quantitative and statistical data characteristics. These techniques facilitate useful data interpretations and can help to get better insights into the processes behind the data. These interpretations and insights are the sought knowledge.

Using data mining new patterns can be discovered. If data mining results in discovering meaningful patterns, data turns into information. Patterns that are novel, valid and potentially useful are not merely information, but knowledge. One speaks of discovering knowledge, before hidden in the huge amount of data, but now revealed. This brings us to the term ’Knowledge Discovery’, which is usually called in the same breath as ’Data Mining’.

After clarifying the terms data mining, it is worth looking at literature using the techniques for the purpose of fraud detection. The learning may be classified into two categories: ’supervised’ and ’unsupervised’ learning. In supervised learning, samples of both fraudulent and non-fraudulent records are used. This means that all the records available are labeled as ’fraudulent’ or ’non-fraudulent’. After building a model using these training data, new cases can be classified as fraudulent or legal. Of course, one needs to be confident about the true classes of the training data, as this is the foundation of the model. Another practical issue is the availability of such information. Furthermore, this method is only able to detect frauds of a type which has previously occurred. In contrast, unsupervised methods don’t make use of labeled records. These methods seek for accounts, customers, suppliers, etc. that behave ’unusual’ in order to output suspicion scores, rules or visual anomalies, depending on the method

4. How Big Data Analytics will help in forensic analysis of procurement fraud?

Big data Analytics  is the use of advanced analytic techniques against very large, diverse data sets that include different types such as structured/unstructured, streaming/batch, and different sizes from terabytes to zettabytes.

The process involves the following stages

Analytics helps in unearthing new fraud trends, irregular transactions and gives a whole new look to relationship indicators. The main advantage of leveraging data analytics in forensic analysis is its ability to analyze 100% of the transactions (it is not sample based). This is the place where analytics meets with audit considerations. In typical audit scenario, the auditors would be looking for audit points based on sampling technique like

1. Is there a proper segregation of duties

2. Are changes made to the Vendor Master File without approval or support?

3. Who has the access to modify the vendor master files

4. Are there any periodic review of vendor master file and edit made to the vendor master file

5. Interview few personnel in procurement process

6. Reviewing supporting documentation for all payments to vendors

The procurement cycle is fundamental to the profitability of an organization, especially in times when top line growth is challenged. By leveraging technological advances in data analytics repercussions of breach of trust, loss of public trust, legal fines or sanctions, or damaged share price can be avoided to an extent by detecting fraud. Alongside whistleblower programs, IT controls/ Data Analytics is considered a key channel to detect fraud. This can be used for a periodic diagnostic review to identify any red flags in historical transactions; it is of greater importance to use these tools proactively for continuous fraud monitoring which would involve real-time or near real-time analysis of transactions across business functions so that any misconduct can be identified and controlled before the damage is done. Once the fraud is detected, how this fraud happened has to be analyzed to confirm whether internal control weaknesses exist. This will help the internal control specialist and internal audit team to device better cost effective control and newer ways to monitor the same so as to achieve a streamlined governance and compliance.

(Ramsundar Kesavan, a chartered accountant and working as risk management consultant at Robert Bosch Engineering & Business Solutions Pvt Ltd,)