Date post: | 11-Apr-2017 |
Category: |
Documents |
Upload: | jason-plumridge |
View: | 292 times |
Download: | 4 times |
DATA ANALYTICS
A DIGITAL RESPONSE TO A CRIMINAL REVOLUTION
Jason R. Plumridge
Director & Principal Consultant
Vestinex Pty Ltd
DISCUSSION POINTS
What does “Data Analytics” truly mean?
Application & Relevance to Fraud Prevention & Detection
What is CAAT’s?
Will Data Analytics be useful?
Data Analytical Process – Identification to Post Analysis Reporting
Data Sources and Extraction
Standard Tests – Detection of Fraud & Other Criminal Activities
Industry Relevant Tools for Basic Data Analytics
Other World Applications for Data Analytical Testing
DATA ANALYTICS – WHAT DOES IT
ACTUALLY MEAN?
Data Analytics - A process of inspecting, cleaning, transforming, and modelling data with the goal of highlighting useful information, suggesting conclusions, and supporting decision making.
Data Mining is a particular data analysis technique that focuses on modelling and knowledge discovery for predictive rather than purely descriptive purposes.
Business Intelligence - Covers data analysis that relies heavily on aggregation (summarisation) , focusing on business information.
Predictive Analytics focuses on application of statistical or structural models for predictive forecasting or classification.
Text Analytics - Applies statistical, linguistic, and structural techniques to extract and classify information from textual sources, a species of unstructured data.
All of the above are varieties of data analysis.
APPLICATION & RELEVANCE TO FRAUD
PREVENTION & DETECTION
Data analysis technology enables auditors and fraud examiners to:
Analyse business data to test the effectiveness of internal controls
To identify transactions that may indicate fraudulent activity or the heightened risk of fraud.
Data analysis also provides an effective way to be more proactive in the fight against fraud.
Provides the ability to test 100% of the records or any size sample
Enables investigations professionals to focus investigation actions on those transactions that are suspicious or are identified as areas of weaknesses
Data analysis technology also enables organisations to:
Conduct ad hoc analysis based on a report of wrongdoing or to perform repeatable automated procedures, for continuous auditing and monitoring
Provide insight into the integrity of financial and business operations through transactional analysis.
Improves the ability to better assess and manage business risk.
COMPUTER ASSISTED / AIDED AUDIT
TECHNIQUES (CAATS)
CAATs – Computer Assisted / Aided Audit Techniques
Serves as an important tool for auditor /fraud examiner to evaluate the control environment in an efficient and effective manner and increase the detection of potential fraud and corruption or other control weaknesses
Increased audit coverage, more thorough and consistent analysis of data, and reduction in risk.
Can be performed using varying types of tools and techniques
CAATs may be used in performing various audit procedures including:
Tests of details of transactions and balances, General Ledger, Payroll, Suppliers / Vendors etc.
Confirmation of Financial System Operations / Calculations
Compliance tests of IS general controls (IT Focussed)
Compliance tests of IS application controls (IT Focussed)
WILL DATA ANALYTICS BE USEFUL?
Utilising Data Analytics to detect and prevent Fraud & Corruption
requires an understanding of:
The areas in which fraud and corruption can occur within the organisation
What fraudulent or corrupt activity is expected to look like in the data
What data sources are required to test for indicators of fraud and corruption
What data and in what format is the data available for use in data analytical tools
There is a requirement to critically understand what the examination is
expected to achieve:
What is our goal or objective in conducting the analytics – Is this a fishing
expedition?
Will data analytics realistically be able to support our goals and objectives?
Do we have the skills and experience available to us to conduct the analysis?
DATA ANALYTICAL PROCESS – PLANNING
TO POST ANALYSIS REPORTING
The standard process of analytics consists of the following phases / processes:
Determine Scope & Requirements
Understand the purpose of the analysis, define the objectives & profile potential fraud schemes
Identify & Extract Information Sources
Identify the relevant data sets, extract the data in a useable format (consider legal ramifications of data integrity
if conducting and investigation and consider computer forensics) & verify the data as accurate after extraction
Data Extraction & Preparation
Cleanse the data sets, de-duplication of data if relevant, reformat as required (maintaining records of all changes
made to the data set), transform the data into the require sets for import into test tools.
Testing & Interpretation
Determine testing regime to be applied, conduct standard and unique tests as per the objectives, record results
(Note: Most commercial tools generate and audit log for this purpose)
Interpret the results of the data tests and identify potential issues, weaknesses or suspicious transactions and
activities
Post Analysis Phase
Prepare data testing report (if a consulting, investigation analysis or audit)
Determine required preventative tests to be applied on a schedule for fraud and corruption prevention
activities as part of an overall data analysis program
DATA SOURCES & EXTRACTION
Data Sources for use in Data Analytics can come from a variety of sources which will need to be determined with your client based on the requirements and purpose of the analysis. These could include the following:
Financial System Files (General Ledger, Accounts Payable, Vendor Master File, Suppliers, Employees Data)
Payroll Files
Procurement & Purchase Records
Information Security Audit Logs (For IT Analysis – Access Logs, Event Logs, Webserver Logs etc.)
Text Files, CSV, Spreadsheets, Databases
Note: Almost any data set can become the subject of an analysis provided the data you are intending to analyse to identify the problem is linked to that data set
STANDARD TESTS – DETECTION OF
FRAUD AND OTHER CRIMINAL ACTIVITIES
Standard Tests for Fraud and Corruption include but are not limited to
the following types of tests:
Duplicate Bank Account Numbers – Customers / Employees
Employee Account / Vendor Account Comparison
Transactions on Weekend (or out of Business Hours)
Transactions above or outside of Delegation
Sequential Data Analysis – Cheque Numbers etc.
Duplicate Transactions
Rounding of Values
Structured Transaction Entries – Just under a limit or on a particular day each period
Benfords Law – Tests for unexpected occurrences of digits in naturally occurring data
sets
Matches across data sets to detect similar data – Names, Addresses, Bank Details etc.
ABN Verification Tests
STANDARD TESTS – EXAMPLE 1
Sequential Data Analysis – What do we notice about the data?
Cheque ID Cheque Date Amount Payee ID Payee Name Memo
10 2/02/2013 $352.45 1111 Joe Bloggs Pty Ltd Electrical Works
11 3/02/2013 $6,872.56 2222 Jim Smith Constructions
12 27/03/2013 $23.47 3333 Officeworks Pty Ltd Stationery
14 28/03/2013 $10,426.13 4444 P&G Concreting Driveway Repairs
15 26/03/2013 $9,999.99 5555 ABC Enterprises Pty Ltd Corporate Wardrobe & Laundry
16 1/04/2013 $426.78 6666 Little Pig Catering Pty Ltd Corporate BD Event
Missing Chq 13?
Where is it? Potential Structuring
under auto notification limit No description ?? Legitimate or Not?
Why is the date before the
previous cheque date?
Transactions on Weekend
STANDARD TESTS – EXAMPLE 2
Employee & Vendor Bank Account Details Match
Employee Details File
Employee ID Employee Name Address Suburb BSB Acc Num
1234 Dave Mitchell 74 Crawford Ave Gymea NSW 626-123 123456
1323 Stuart English 1/26 Hornsby Ln Hornsby NSW 634-444 987654
1452 Mike O'Donnell 674 Pacific Highway Gordon NSW 132-999 108946
Vendor Master File
Vendor ID Vendor Name Address Suburb BSB Acc Num
6666 Pig Catering 153 George Street Sydney NSW 555-343 983645
5555 ABC Enterprises 1024 Pacific Hwy Turramurra NSW 634-444 987654
1111 Joe Bloggs Pty Ltd 24 Laurel Street Willoughby NSW 676-453 1766233
Duplicate Account Details
What could it mean? – English is running a legitimate business which contracts to the organisation? ABC Enterprises is a Ghost Vendor? Or a Data Entry Error?
STANDARD TESTS – EXAMPLE 3
Ghost Employee Records
Employee Details File
Employee
ID Employee Name Address Suburb BSB Acc Num
1234 Dave Mitchell 74 Crawford Ave Gymea NSW 626-123 123456
1323 Stuart English 1/26 Hornsby Ln Hornsby NSW 634-444 987654
1452 Mike O'Donnell 674 Pacific Highway Gordon NSW 132-999 108946
6645 Jim Murphy 78/234 Lindfield Rd Lindfield NSW 524-980 168729
7873 Sean Gorman 14 Smith Street Glenfield NSW 536-764 928746
9827 Jason Plumridge 64 Dodgy Terrace Parramatta NSW 132-999 108946
5533 Sue Mitchell 74 Crawford Ave Gymea NSW 626-123 123456
Duplicate Employee
Bank Accounts -
Different Names
Did you spot the other duplicate accounts which may be legitimate?
Spouses working for same organisation?
TOOLS TO ENABLE BASIC DATA
ANALYTICAL TECHNIQUES
IDEA – Caseware
ACL Analytics
MS Excel or Other Spreadsheet Program
MS Access or Other Database Program
SAS Analytics – More Complex
Orange – Non Commercial – Open Source
OTHER WORLD APPLICATIONS FOR DATA
ANALYTICS TESTING IN BUSINESS
Predictive Business Intelligence
Analysis of Customer Spend Types and Habits
Ability to market particular products to particular consumers based on
demographics and preferences
Trend Analysis – Reputation in the Market Place – What are the Social Media sources
saying about your organisation
Identifying facility or product production process wastage
Information Technology Monitoring & Audit
Security Reviews – Authorisation & Access
Licensing Management and Audit
Assess the Electricity Usage of data centres – Do you need to run all servers all the
time?
SUMMARY – KEY POINTS
Data Analytics is essential to the ongoing management and prevention
of fraud and corruption within organisations
You do not need to have the data analytics capabilities of Big Business to
benefit from the analysis of data in your organisation at a reasonable
level of cost
You can analyse almost any data set provided the data set contains the
answers to the questions you are asking
You need to understand where the data resides, what it can tell you and
you need to establish a plan and objectives for the analysis
Consider implementation of data analytics on both a reactive and
preventative / monitoring basis for the best results
Ensure that any data set utilised is extracted using a sound methodology
which can be explained in a court if the analysis and the data on which it
is based may become the subject of an investigation
CONTACT DETAILS
Jason Plumridge
Director & Principal Consultant
Vestinex Pty Ltd
Ph: 0417 703 638
Web: http://www.vestinex.com.au
Facebook: https://www.facebook.com/Vestinex
Twitter: https://twitter.com/vestinex @vestinex