Category Archives: Data Analytics - Page 3

Dr. Fraudster & the Billing Anomaly Continuum

healthcare-fraudThis month’s member’s lecture on Medicare and Medicaid Fraud triggered a couple of Chapter member requests for more specifics about how health care fraud detection analytics work in actual practice.

It’s a truism within the specialty of data analytics having to do with health care billing data that the harder you work on the front end, the more successful you’ll be in materializing information that will generate productive results on the back end.  Indeed, in the output of health care analytics applications, fraud examiners and health care auditors now have a new set of increasingly powerful tools to use in the audit and investigation of all types of fraud generally and of health care fraud specifically; I’m referring, of course, to analytically supported analysis of what’s called the billing anomaly continuum.

The use of the anomaly continuum in the general investigative process starts with the initial process of detection, proceeds to investigation and mitigation and then (depending on the severity of the case) can lead to the follow-on phases of prevention, response and recovery.   We’ll only discuss the first three phases here as most relevant for the fraud examination process and leave the prevention, response and recovery phases for a later post.

Detection is the discovery of clues within the data.  The process involves taking individual data segments related to the whole health care process (from the initial provision of care by the health care provider all the way to the billing and payment for that care by the insurance provider) and blending them into one data source for seamless analysis.  Any anomalies in the data can then be noted.  The output is then evaluated for either response or for follow-up investigation.  It is these identified anomalies that will go on at the end of the present investigative process to feed the detection database for future analysis.

As an example of an actual Medicare case, let’s say we have a health care provider whom we’ll call Dr. Fraudster, some of whose billing data reveals a higher than average percentage of complicated (and costly) patient visits. It also seems that Dr. Fraudster apparently generated some of this billings while travelling outside the country.  There were also referred patient visits to chiropractors, acupuncturists, massage therapists, nutritionists and personal trainers at a local gym whose services were also billed under Dr. Fraudster’s tax ID number as well as under standard MD Current Procedural Terminology (CPT) visit codes.  In addition, a Dr. Outlander, a staff physician, and an unlicensed doctor, was on Dr. Fraudster’s staff and billed for $5 an hour.  Besides Outlander, a Dr. Absent was noted as billing out of Dr. Fraudster’s clinic even though he was no longer associated with the clinic.

First off, in the initial detection phase, its seems Dr. Fraudster’s high-volume activity flagged an edit function that tracks an above-average practice growth rate without the addition of new staff on the claim form.  Another anomalous activity picked up was the appearance of wellness services presented as illness based services.  Also the billed provision of services while travelling is also certainly anomalous.

The following investigation phase involves ascertaining whether various activities or statements are true.  In Dr. Fraudster’s case, evidence to collect regarding his on-staff associate, Dr. Outlander, may include confirmation of license status, if any; educational training, clinic marketing materials and payroll records.  The high percentage of complicated visits and the foreign travel issues need to be broken down and each activity analyzed separately in full detail.  If Dr. Fraudster truly has a high complication patient population, most likely these patients would be receiving some type of prescription regime.  The lack of a diagnosis requirement with associated prescriptions in this case limited the scope of the real-life investigation.  Was Dr. Fraudster prescribing medications with no basis?  If he uses an unlicensed Doctor on his staff, presents wellness services as illness related services, and sees himself (perhaps) as a caring doctor getting reluctant insurance companies to pay for alternative health treatments, what other alternative treatment might he be providing with prescribed medications?  Also, Dr. Fraudster had to know that the bills submitted during his foreign travels were false.  Statistical analysis in addition to clinical analysis of the medical records by actual provider and travel records would provide a strong argument that the doctor had intent to misrepresent his claims.

The mitigation phase typically builds on issues noted within the detection and investigation phases.  Mitigation is the process of reducing or making a certain set of circumstances less severe.  In the case of Dr. Fraudster, mitigation occurred in the form of prosecution.  Dr. Fraudster was convicted of false claims and removed from the Medicare network as a licensed physician, thereby preventing further harm and loss.  Other applicable issues that came forward at trial were evidence of substandard care and medical unbelievability patterns (CPE codes billed that made no sense except to inflate the billing).  What made this case even more complicated was tracking down Dr. Fraudster’s assets.  Ultimately, the real-life Dr. Fraudster did receive a criminal conviction; civil lawsuits were initiated, and he ultimately lost his license.

From an analytics point of view, mitigation does not stop at the point of conviction of the perpetrator.  The findings regarding all individual anomalies identified in the case should be followed up with adjustment of the insurance company’s administrative adjudication and edit procedures (Medicare was the third party claims payer in this case).  What this means is that feedback from every fraud case should be fed back into the analytics system.  Incorporating the patterns of Dr. Fraudster’s fraud into the Medicare Fraud Prevention Model will help to prevent or minimize future similar occurrences, help find currently on-going similar schemes elsewhere with other providers and reduce the time it takes to discover these other schemes.  A complete mitigation process also feeds detection by reducing the amount of investigative time required to make the existence of a fraud known.

As practicing fraud examiners, we are provided by the ACFE with an examination methodology quite powerful in its ability to extend and support all three phases of the health care fraud anomaly identification process presented above.  There are essentially three tools available to the fraud examiner in every health care fraud examination, all of which can significantly extend the value of the overall analytics based health care fraud investigative process.  The first is interviewing – the process of obtaining relevant information about the matter from those with knowledge of it.  The second is supporting documents – the examiner is skilled at examining financial statements, books and records.   The examiner also knows the legal ramifications of the evidence and how to maintain the chain of custody over documents.  The third is observation – the examiner is often placed in a position where s/he can observe behavior, search for displays of wealth and, in some instances, even observe specific offenses.

Dovetailing the work of the fraud examiner with that of the healthcare analytics team is a win for both parties to any healthcare fraud investigation and represents a considerable strengthening of the entire long term healthcare fraud mitigation process.

Where the Money Is

bank-robberyOne of the followers of our Central Virginia Chapter’s group on LinkedIn is a bank auditor heavily engaged in his organization’s analytics based fraud control program.  He was kind enough to share some of his thoughts regarding his organization’s sophisticated anti-fraud data modelling program as material for this blog post.

Our LinkedIn connection reports that, in his opinion, getting fraud data accurately captured, categorized, and stored is the first, vitally important challenge to using data-driven technology to combat fraud losses. This might seem relatively easy to those not directly involved in the process but, experience quickly reveals that having fraud related data stored reliably over a long period of time and in a readily accessible format represents a significant challenge requiring a systematic approach at all levels of any organization serious about the effective application of analytically supported fraud management. The idea of any single piece of data being of potential importance to addressing a problem is a relatively new concept in the history of banking and of most other types of financial enterprises.

Accumulating accurate data starts with an overall vision of how the multiple steps in the process connect to affect the outcome. It’s important for every member of the fraud control team to understand how important each process pre-defined step is in capturing the information correctly — from the person who is responsible for risk management in the organization to the people who run the fraud analytics program to the person who designs the data layout to the person who enters the data. Even a customer service analyst or a fraud analyst not marking a certain type of transaction correctly as fraud can have an on-going impact on developing an accurate fraud control system. It really helps to establish rigorous processes of data entry on the front end and to explain to all players exactly why those specific processes are in place. Process without communication and communication without process both are unlikely to produce desirable results. In order to understand the importance of recording fraud information correctly, it’s important for management to communicate to all some general understanding about how a data-driven detection system (whether it’s based on simple rules or on sophisticated models) is developed.

Our connection goes on to say that even after an organization has implemented a fraud detection system that is based on sophisticated techniques and that can execute effectively in real time, it’s important for the operational staff to use the output recommendations of the system effectively. There are three ways that fraud management can improve results within even a highly sophisticated system like that of our LinkedIn connection.

The first strategy is never to allow operational staff to second-guess a sophisticated model at will. Very often, a model score of 900 (let’s say this is an indicator of very high fraud risk), when combined with some decision keys and sometimes on its own, can perform extremely well as a fraud predictor. It’s good practice to use the scores at this high risk range generated by a tested model as is and not allow individual analysts to adjust it further. This policy will have to be completely understood and controlled at the operational level. Using a well-developed fraud score as is without watering it down is one of the most important operational strategies for the long term success of any model. Application of this rule also makes it simpler to identify instances of model scoring failure by rendering them free of any subsequent analyst adjustments.

Second, fraud analysts will have to be trained to use the scores and the reason codes (reason codes explain why the score is indicative of risk) effectively in operations. Typically, this is done by writing some rules in operations that incorporate the scores and reason codes as decision keys. In the fraud management world, these rules are generally referred to as strategies. It’s extremely important to ensure strategies are applied uniformly by all fraud analysts. It’s also essential to closely monitor how the fraud analysts are operating using the scores and strategies.

Third, it’s very important to train the analysts to mark transactions that are confirmed or reported to be fraudulent by the organization’s customers accurately in their data store.

All three of these strategies may seem very straight forward to accomplish, but in practical terms, they are not that easy without a lot of planning, time, and energy. A superior fraud detection system can be rendered almost useless if it is not used correctly. It is extremely important to allow the right level of employee to exercise the right level of judgment.  Again, individual fraud analysts should not be allowed to second-guess the efficacy of a fraud score that is the result of a sophisticated model. Similarly, planners of operations should take into account all practical limitations while coming up with fraud strategies (fraud scenarios). Ensuring that all of this gets done the right way with the right emphasis ultimately leads the organization to good, effective fraud management.

At the heart of any fraud detection system is a rule or a model that attempts to detect a behavior that has been observed repeatedly in various frequencies in the past and classifies it as fraud or non-fraud with a certain rank ordering. We would like to figure out this behavior scenario in advance and stop it in its tracks. What we observe from historical data and our experience needs be converted to some sort of a rule that can be systematically applied to the data real-time in the future. We expect that these rules or models will improve our chance of detecting aberrations in behavior and help us distinguish between genuine customers and fraudsters in a timely manner. The goal is to stop the bleeding of cash from the account and to accomplish that as close to the start of the fraud episode as we can. If banks can accurately identify early indicators of on-going fraud, significant losses can be avoided.

In statistical terms, what we define as a fraud scenario would be the dependent variable or the variable we are trying to predict (or detect) using a model. We would try to use a few independent variables (as many of the variables used in the model tend to have some dependency on each other in real life) to detect fraud. Fundamentally, at this stage we are trying to model the fraud scenario using these independent variables. Typically, a model attempts to detect fraud as opposed to predict fraud. We are not trying to say that fraud is likely to happen on this entity in the future; rather, we are trying to determine whether fraud is likely happening at the present moment, and the goal of the fraud model is to identify this as close to the time that the fraud starts as possible.

In credit risk management, we try to predict if there will likely be serious delinquency or default risk in the future, based on the behavior exhibited in the entity today. With respect to detecting fraud, during the model-building process, not having accurate fraud data is akin to not knowing what the target is in a shooting range. If a model or rule is built on data that is only 75 percent accurate, it is going to cause the model’s accuracy and effectiveness to be suspect as well. There are two sides to this problem.  Suppose we mark 25 percent of the fraudulent transactions inaccurately as non-fraud or good transactions. Not only are we missing out on learning from a significant portion of fraudulent behavior, by misclassifying it as non-fraud, the misclassification leads to the model assuming the behavior is actually good behavior. Hence, misclassification of data affects both sides of the equation. Accurate fraud data is fundamental to addressing the fraud problem effectively.

So, in summary, collecting accurate fraud data is not the responsibility of just one set of people in any organization. The entire mind-set of the organization should be geared around collecting, preserving, and using this valuable resource effectively. Interestingly, our LinkedIn connection concludes, the fraud data challenges faced by a number of other industries are very similar to those faced by financial institutions such as his own. Banks are probably further along in fraud management and can provide a number of pointers to other industries, but fundamentally, the problem is the same everywhere. Hence, a number of techniques he details in this post are applicable to a number of industries, even though most of his experience is bank based. As fraud examiners and forensic accountants, we will no doubt witness the impact of the application of analytically based fraud risk management by an ever multiplying number of client industrial types.

Bring Your Own Device – Revisited

BYODI was part of a lively discussion the other night at the monthly dinner meeting of one of the professional organizations I belong to between representatives of the two sides of the bring-your-own device (now expanded into bring your own technology!) debate.  And I must say that both sides presented a strong case with equally broad implications for the fraud prevention programs of their various employing organizations.

As I’m sure a majority of the readers of this blog are well aware, the bring-your-own device (BYOD) trend of enabling and empowering employees to bring their own devices (e.g., laptop, smartphones, tablets) evolved some time ago into ‘bring your own technology’ including office applications (e.g., word processing), authorized software (e.g., data analytics tools), operating systems, and other proprietary or open-source IT tools (e.g., software development kits, public cloud, communication aids) into the workplace.

On the pro side of the discussion at our table, it was pointed out that BYOD contributes to the creation of happier employees.  This is because many employees prefer to use their own devices over the often budget-dominated, basic devices offered by their company. Employees may also prefer to reduce the number of devices they carry while traveling; before BYOD, traveling employees would carry multiples of their personal and company provided devices (i.e., two mobile phones/smartphones, two laptops and so forth).

I myself must confess that I brought a personal laptop to work every day for years because it contained powerful investigative support software too expensive for my employer to provide at the time and because a vision problem made it difficult for me to use my desktop. I used my laptop almost daily although it was never connected to the corporate network, making it necessary for me to inconveniently move back and forth between the two devices.

Our bring-your-own device advocates then went on to say that implementation of a BYOD program can additionally result in a substantial financial savings to IS budgets because employees can use devices and other IS components they already possess. The savings include those made on the cost of purchase of devices by management for employees, on the on-going maintenance of these devices and on data plans (for voice and data services). These savings can then be utilized by the company to enhance its operating margins or to even offer more employee benefits.

Another of the BYOD advocates, employed in the IS division of her company, pointed out that her division was freed by the BYOD program from a myriad of tasks such as desktop support, trouble shooting and end-user hardware maintenance activities. She too agreed that, in her opinion, this saving could be best utilized by the IS division to optimize its budget and resources.  She also pointed out that the popularity of BYODT is due, in part, to the fact that, in her experience, employees, like herself, adopt technology well before their employers and subsequently bring these enhancements to work. Thus, BYOD results in faster adoption of new technologies, which can also be an enabler for employees to be more productive or creative; a competitive advantage for their entire business.  In addition, her right hand table companion made the argument that employees can use their own, familiar device to complete their tasks more efficiently as it gives them the flexibility to quickly customize their device or technology to run faster as per their individual requirements. By contrast, in the case of company-provided devices and technology, such tailoring and customization is often time-consuming as individual employees have to provide proper cost justifications and then seek authorization through cumbersome and time consuming change requests.

On the con side, the internal auditor at our table pointed out that by allowing employees to BYOD, the employers implementing the program have opened a new nightmare for their security managers and administrators and, hence, for their fraud prevention programs. The security governance framework and related corporate security and fraud prevention policies will need to be redefined and a great deal of effort will be required to make each policy efficiently operational and streamlined in the BYOD environment.

Of course, I then had to chime in and offer my two-cents worth that concerns related to privacy and data protection could be perhaps the biggest challenge for BYOD. In industries like health care and insurance that deal with sensitive and confidential data under strict Federal and State guideline such concerns would have to hinder any rollout of BYOD. Such enterprises will be compelled by law to tread cautiously with this trend. With BYODT organizational control over data is blurred. Objections are also always raised when business and private data exist on the same device. Thus, this could certainly interfere with meeting the stringent controls mandated by certain regulatory compliance requirements.

Then our auditor friend pointed out that applications and tools may not be uniform on all devices, which can result in incompatibility when trying to, for example, connect to the corporate network or access a Word file created by another employee who has purchased a newer version.  And what about a lack of consensus among employees; some may not be willing or able to use their personal devices or software for company work.

After listening to (and participating in) the excellent arguments on both sides of the supper table, might I suggest that, the still developing trend and the very real benefits realized from BYOD suggest that the valid concerns (which this blog has certainly raised in the past) might best be considered as normal business challenges and that companies should address BYOD implementation by addressing these challenges. There are certainly steps (as the ACFE has point out) that can be taken to significantly reduce the risk of fraud.

First, establish a well-defined BYOD framework.  This can be done by soliciting input from various business process owners and units of the enterprise regarding how different areas actually use portable gadgets. This helps create a uniform governance strategy. Following are what many consider essential steps for creating a BYOD governance framework:

– -Network access control:

  1. Determine which devices are allowed on the network.
  2. Determine the level of access (e.g., guest, limited, full) that can be granted to these devices.
  3. Define the who, what, where and when of network access.
  4. Determine which groups of employees are allowed to use these devices.

— Device management control:

  1. Inventory authorized and unauthorized devices.
  2. Inventory authorized and unauthorized users.
  3. Ensure continual vulnerability assessment and remediation of the devices connected.
  4. Create mandatory and acceptable endpoint security components (e.g., updated and functional antivirus software, updated security patch, level of browser security settings) to be present on these devices.

— Application security management control:

  1. Determine which operating systems and versions are allowed on the network.
  2. Determine which applications are mandatory (or prohibited) for each device.
  3. Control enterprise application access on a need-to-know basis.
  4. Educate employees about the BYOD policy.

Create a BYOD policy.  Make sure there is a clearly defined policy for BYOD that outlines the rules of engagement and states the company’s expectations. The policy should also state and define minimum security requirements and may even mandate company-sanctioned security tools as a condition for allowing personal devices to connect to company data and network resources.  As far as security polices over BYOD go, such requirements should be addressed by having the IT staff provide detailed security requirements for each type of personal device that is used in the workplace and connected to the corporate network.

So, BYOD provides numerous benefits to the business, the key ones being reducing the IT budget and the IT department’s workload, faster adaptation to newer technology, and making employees happier by giving them flexibility to use and customize their devices to enhance efficiency at work. Of course, various challenges come along with these advantages: increased security measures, more stringent controls for privacy and data protection, and other regulatory compliance. These challenges provide a fundamentally new opportunity for innovation, redefining the governance structure and adoption of underlying technology.  CFE’s can add value to this entire challenge by on-going review of the overall corporate approach to BYODT for its impact on the fraud risk assessment and overall fraud prevention program.

You Can’t Prevent What You Can’t See

uncle-samThe long, rainy Central Virginia fourth of July weekend gave me a chance to review the ACFE’s latest Report to the Nations and I was struck by what the report had to say about proactive data analytics as an element of internal control, especially as applicable to small business fraud prevention.

We’re all familiar with the data analytics performed by larger businesses of which proactive data analytic tests form only a part.  This type of analysis is accomplished with the use of sophisticated software applications that comb through massive volumes of data to determine weak spots in the control system. By analyzing data in this manner, large companies can prevent fraud from happening or detect an ongoing fraud scheme. The Report to the Nations reveals, among other things that, of the anti-fraud controls analyzed, proactive data monitoring and analysis appears to be the most effective at limiting the duration and cost of fraud schemes. By performing proactive data analysis, companies detected fraud schemes sooner, limiting the total potential loss. Data analysis is not a new concept, but, as we all know, with the increasing number of electronic transactions due to advances in technology, analyzing large volumes of data has become ever more complex and costly to implement and manage.

Companies of all sizes are accountable not only to shareholders but to lenders and government regulators.  Although small businesses are not as highly regulated by the government since they are typically not publically financed, small business leaders share the same fiduciary duty as large businesses: to protect company assets. Since, according to the ACFE, the average company loses 5% of revenue to fraud, it stands to reason that preventing losses due to fraud could increase profitability by 5%. When viewed in this light, many small businesses would benefit from taking a second look at implementing stronger fraud prevention controls.  The ACFE also reports that small businesses tend to be victims of fraud more frequently than large businesses because small businesses have limited financial and human resources. In terms of fraud prevention and detection, having fewer resources overall translates into having fewer resources dedicated to strong internal controls. The Report also states that small businesses (less than 100 employees) experience significantly larger losses percentage-wise than larger businesses (greater than 100 employees). Since small businesses do not have the resources to dedicate to fraud prevention and detection, they’re not able to detect fraud schemes as quickly, prolonging the scheme and increasing the losses to the company.

The ACFE goes on to tell us that certain controls are anti-fraud by nature and can prevent and detect fraud, including conducting an external audit of a set of financial statements, maintaining an internal audit department, having an independent audit committee, management review of all financial statements, providing a hotline to company employees, implementing a company code of conduct and anti-fraud policy, and practicing pro-active data monitoring. While most of these controls are common for large companies, small businesses have difficulty implementing some of them, again,  because of their limited financial and human resources.

What jumped out at me from the ACFE’s Report was that only 15% of businesses under 100 employees currently perform proactive data analysis, while 41.9% of businesses over 100 employees do. This is a sign that many small businesses could be doing a basic level of data analysis, but aren’t. The largest costs associated with data analysis are software costs and employee time to perform the analysis. With respect to employee resources, data analysis is a control that can be performed by a variety of employees, such as a financial analyst, an accountant, an external consultant, a controller, or even the CFO. The level of data analysis should always be structured to fit within the cost structure of the company. While larger companies may be able to assign a full time analyst to handle these responsibilities, smaller companies may only be able to allocate a portion of their time to this task. Given these realities, smaller businesses, need to look for basic data analysis techniques that can be easily implemented.

The most basic data analysis techniques are taught in introductory accounting courses and aren’t particularly complex: vertical analysis, horizontal analysis, liquidity ratios, and profitability ratios. Large public companies are required to prepare these type of calculations for their filings with the Securities and Exchange Commission. For small businesses, these ratios and analyses can be calculated by using two of the basic financial statements produced by any accounting software:  the income statement and the balance sheet. By comparing the results of these calculations to prior periods or to industry peers, significant variances can point to areas where fraudulent transactions may have occurred. This type of data analysis can be performed in a tabular format and the results used to create visual aids. Charts and graphs are a great way for a small business analyst to visualize variances and trends for management.

I like to point out to small business clients that all of the above calculations can be performed with Microsoft Excel and Microsoft Access. These are off-the-shelf tools that any analyst can use to perform even analytical calculations of great complexity. The availability of computing power in Excel and Access and the relatively easy access to audit tools … known as Computer Assisted Audit Techniques (CAAT), have accelerated the analytical review process generally. Combined with access to the accounting server and its related applications and to the general ledger, CAATS are very powerful tools indeed.

The next step would be to consider using more advanced data analysis programs. Microsoft Excel has many features to perform data analysis, and it is probably already installed on many computers within small enterprises. CFE’s might suggest to their clients adding the Audit Control Language (ACL) Add-In to client Excel installations to add yet another layer of advanced analysis that will help make data analytics more effective and efficient. When a small business reaches a level of profitability where it can incorporate a more advanced data analysis program,it can add a more robust tool such as IDEA or ACL Analytics. Improving controls by adding a specialized software program will require financial resources to acquire it and to train employees. It will also require the dedication of time from employees serving in the role of internal examiners for fraud like internal auditors and financial personnel. Professional organizations such as the ACFE and AICPA have dedicated their time and efforts to ensuring that companies of all sizes are aware of the threats of fraud in the workplace. One suggestion I might make to these professional organizations would be to work with accounting software developers and the current developers of proactive data analysis tools to incorporate data analysis reports into their standard products. If a small business had the ability to run an anti-fraud report as a part of their monthly management review of financial statements without having to program the report, it would save a significant amount of company resources and improve the fraud prevention program overall.

To sum up, according to Joseph T. Wells, founder of the ACFE, “data analytics have never been more important or useful to a fraud examiner. There are more places for fraud to hide, and more opportunities for fraudsters to conceal it.” Clearly there are many resources available today for small businesses of almost any size to implement proactive data analysis tools. With the significant advances in technology, exciting new anti-fraud solutions appear on the horizon almost daily; the only thing standing between them and our clients is the decision to pick them up and use them.

The Auditor and the Fraud Examiner

financial-statementsOur Chapter averages about three new members a month, a majority of whom are drawn from the pool of relatively recent college graduates in accounting or finance, most of whom possessing an interest in fraud examination and having a number of courses in auditing under their belts.  From the comments I get it seems that our new members are often struck by the apparent similarities between fraud examination and auditing imparted by their formal training and yet hazy about the differences between the two in actual practice.

But, unlike the financial statement focus in financial auditing, fraud examination involves resolving fraud allegations from inception to disposition. Fraud examination methodology requires that all fraud allegations be handled in a uniform, legal fashion and be resolved on a timely basis. Assuming there is sufficient reason (predication) to conduct a fraud examination, specific examination steps usually are employed. At each step of the fraud examination process, the evidence obtained and the effectiveness of the fraud theory approach are continually assessed and re-assessed. Further, the fraud examination methodology gathers evidence from the general to the specific. As such, the suspect (subject) of the inquiry typically would be interviewed last, only after the fraud examiner has obtained enough general and specific information to address the allegations adequately.  However, just like a financial statement audit, a fraud investigation consists of a multitude of steps necessary to resolve allegations of fraud: interviewing witnesses, assembling evidence, writing reports, and dealing with prosecutors and the courts. Because of the legal ramifications of the fraud examiners’ actions, the rights of all individuals must be observed throughout. Additionally, fraud examinations must be conducted only with adequate cause or predication.

Predication is the totality of circumstances that would lead a reasonable, professionally trained, and prudent individual to believe a fraud has occurred, is occurring, or will occur. Predication is the basis upon which an examination is commenced. Unlike a financial audit, fraud examinations should never be conducted without proper predication. Each fraud examination begins with the prospect that the case will end in litigation. To solve a fraud without complete and perfect evidence, the examiner must make certain assumptions. This is not unlike the scientist who postulates a theory based on observation and then tests it. In the case of a complex fraud, fraud theory is almost indispensable. Fraud theory begins with a hypothesis, based on the known facts, of what might have occurred. Then that hypothesis or key assumption is tested to determine whether it’s provable.

The fraud theory approach involves the following steps, in the order of their occurrence:

  • Analyze available data.
  • Create a hypothesis.
  • Test the hypothesis.
  • Refine and amend the hypothesis.
  • Accept or reject the hypothesis based on the evidence.

With that said, fraud examinations incorporate many auditing techniques; however, the primary differences between an audit and a fraud investigation are the scope, methodology, and reporting. It’s also true that many of the fraud examiners in our Chapter (as in every ACFE Chapter) have an accounting background. Indeed, some of our members are employed primarily in the audit function of their organizations. Although fraud examination and auditing are related, they are not the same discipline. So how do they differ?  First, there’s the question of timing.  Financial audits are conducted on a regular recurring basis while fraud examinations are non-recurring; they’re conducted only with sufficient predication.

The scope of the examination in a financial audit is general (the scope of the audit is a general examination of financial data) while the fraud examination is conducted to resolve specific allegations.

An audit is generally conducted for the purpose of expressing an opinion on the financial statements or related information.  The fraud examination’s goal is to determine whether fraud has occurred, is occurring, or will occur, and to determine who is responsible.

The external audit process is non-adversarial in nature. Fraud examinations, because they involve efforts to affix blame, are adversarial in nature.

Audits are conducted primarily by examining financial data. Fraud examinations are conducted by (1) document examination; (2) review of outside data, such as public records; and (3) interviews.

Auditors are required to approach audits with professional skepticism. Fraud examiners approach the resolution of a fraud by attempting to establish sufficient proof to support or refute an allegation of fraud.

As a general rule during a financial fraud investigation, documents and data should be examined before interviews are conducted. Documents typically provide circumstantial evidence rather than direct evidence. Circumstantial evidence is all proof, other than direct admission, of wrongdoing by the suspect or a co-conspirator.  In collecting evidence, it’s important to remember that every fraud examination may result in litigation or prosecution. Although documents can either help or harm a case, they generally do not make the case; witnesses do. However, physical evidence can make or break the witnesses. Examiners should ensure that the evidence is credible, relevant, and material when used to support allegations of fraud.

From the moment evidence is received, its chain of custody must be maintained for it to be accepted by the court. This means that a record must be made when the item is received or when it leaves the care, custody, or control of the fraud examiner. This is best handled by a memorandum of interview by the custodian of the records when the evidence is received.

Fraud examiners are not expected to be forensic document experts; however, they should possess adequate knowledge superior to that of a lay person.

In fraud investigations, examiners discover facts and assemble evidence. Confirmation is typically accomplished by interviews. Interviewing witnesses and conspirators is an information-gathering tool critical in the detection of fraud. Interviews in financial statement fraud cases are different than those in most other cases because the suspect being interviewed might also be the boss.

In conclusion, auditing procedures are indeed often used in a financial statement fraud examination. Auditing procedures are the acts or steps performed by an auditor in conducting the review. According to the third standard of fieldwork of generally accepted auditing standards, “The auditor must obtain sufficient appropriate audit evidence by performing audit procedures to afford a reasonable basis for an opinion regarding the financial statements under audit.”  Common auditing procedures routinely used during fraud examination, as during financial statement examination, are confirmations, physical examination, observation, inquiry, scanning, inspection, vouching, tracing, re-performance, re-computation, analytical procedures, and data mining; these are all vital tools in the arsenal of both practitioners as well as of all financial assurance professionals.

The Expert & the Internet

expert-witnessesPart of the wrap up process our Chapter performs following each of our two day seminars is a review of attendee question topics.  As nearly all of them do, our recent ‘Investigating on the Internet: Research Tools for Fraud Examiners’ seminar elicited a number of thoughtful questions, several from attendees whose practices include testimony as an expert witness and employment as legal consultants.   From the tenor and content of the questions it appears that these CFEs were acting as experts and consultants in the legal process by assisting attorneys with the financial details of a suit, and testifying about these practices at trial. In such cases CFE’s analyze documents and transactions, both internet based and hard copy, showing how the fraud was accomplished and, when possible, who the most likely perpetrators were. The CFE acts as a guide and adviser for the attorney in assembling the case, and, sometimes, as a major participant as an expert witness in explaining the ways of fraud to a judge and jury.

Experts, in general, are brought in when required by law, as in malpractice suits where a member of a profession, say a physician, has to explain the infraction against professional by-laws or principles; where key points are deemed sufficiently technical or complex, like “cooking-the-books” schemes involving intricate accounting manipulations; or for assisting (some would say, for swaying) the jury in making its final decision.  Federal Rule of Evidence 702 tells us that an expert witness with appropriate knowledge and credentials may testify in any proceeding where scientific, technical, or specialized knowledge will shed light on the dispute.  Even in cases that don’t go to trial, experts may still be involved in mediation, arbitration, settlement conferences, or summary judgment motions. Experts contribute value to the trial process in a myriad of ways. They provide background information to guide and frame a case; during discovery they investigate, run tests, advise on depositions, prepare other witnesses, make exhibits, and respond to the opposition’s discovery requests; they file written opinions, which are entered as evidence into the court record; and they testify in actual proceedings should the case actually make it to a courtroom.

Once they accept a case, many experts immediately begin utilizing on and off-line tools to start the process of assembling a narrative version of the events. This detailed summary of the facts of the case serves as the raw material for rendering an official opinion. It’s important that the narrative text be written with care and professionalism. The text may (and probably will) have to be produced during discovery. Additionally, a well-written narrative helps the client attorney in preparing and executing the case at trial.  As our speaker, Liseli Pennings, pointed out, perhaps the thorniest challenge for CFEs, once they’re engaged to work on a case, is setting a value on business losses due to fraud. Even though financially related information available on the internet and elsewhere can be of great value in estimating the loss, there may be several methods appropriate for evaluating net worth/net loss appropriate to a given case, each rendering a different number at the end. And regardless of the numbers, there’s always the human element.

Article V. of the Association of Certified Fraud Examiners Code of Professional Ethics states:

A fraud examiner, in conducting examinations, will obtain evidence or other documentation to establish a reasonable basis for any opinion rendered.  No opinion shall be expressed regarding the guilt or innocence of any person or party.

The rule that prohibits opinions regarding the guilt or innocence of any person or party is a rule of prudence. Clearly, it’s prudent for a Certified Fraud Examiner to refrain from usurping the role of the jury. In a courtroom, no good attorney would ask a Certified Fraud Examiner for such a conclusion, and no alert judge would allow such testimony. The fraud examiner’s job is to present the evidence in his report. Such evidence might constitute a convincing case pointing to the guilt or innocence of a person. But a clear line should be drawn between a report that essentially says “Here is the evidence” and one that steps over the line and says “He is the guilty (innocent) person.”  Nevertheless, there is a fine line between recommending action – forwarding the evidence to a law enforcement agency or filing a complaint or lawsuit – and giving an opinion on guilt or innocence. Certified Fraud Examiners may make such recommendations because they think the evidence is strong enough to support a case. They might even have a conclusion about whether the suspect committed a crime. The rule does not prohibit the Certified Fraud Examiner, under the proper circumstances, from accusing the person under investigation. However, the ultimate decision of whether a person is “guilty” or “innocent” is for a jury to determine. The CFE is free to report the facts and the conclusions that can be drawn from those facts, but the decision as to whether or not a person is guilty of a crime is a decision for the judge or jury.

As Liseli pointed out caution as to information reliability is the by-word for every use of internet based information in general and use by expert witnesses is no exception. According to discovery rules governing expert testimony, everything the expert says or writes about the case after being hired is subject to discovery by opposing counsel. That means everything: internet downloads, narrative versions of the case, comments to the press or law enforcement, hypothetical reconstructions, even notes can be demanded and used by the opposing party.  However, CFE’s acting as expert witnesses need to be aware of the consulting expert exception.

Experts may consult on the attorney’s work product, i.e., materials the attorney prepares as background for a case. While performing background work, the expert is said to be working as an associate of the attorney, so the exchange is protected…they are two professionals conferring. However, once the expert is hired as a witness, and begins entering opinions as part of the attorney’s case, there is no privilege for any contribution the expert makes. The distinction is something like this: when acting as “witnesses,” experts are bringing official information to the court, and so must disclose any contact with the case; when experts act as “consultants” or “associates” for attorneys or law enforcement, they are only assisting the attorney, and do not have to disclose their involvement in the case.

There is one trap for the unwary. The rule is that if an expert will testify at trial, everything s/he does regarding the case must be turned over to the other side. If an expert works only as a consultant to the attorney, then her work product is not discoverable. However, if a testifying expert reviews the work of the consultant expert, then the work of the consultant expert will be discoverable. Just remember this, if you are hired to testify at trial, anything you used to form your opinion will be subject to review by the opposing party. This includes information downloaded from the internet, notes from other experts, documents received from the plaintiff or defendant, and any documents or notes from the attorney. Be sure to consult with the attorney before you review anything. If the attorney has not given the document to you, then ask before you read. Otherwise, you may inadvertently destroy the confidentiality or privilege of the material.

The utilization of internet based information resources introduces yet another layer of complexity to the employment of CFE’s as expert witnesses and/or attorney consultants.  The information available is often vast, almost instantly available and constantly changing.  Practitioners and their client attorneys must decide on a case by case basis whether it’s best utilized in the role of a consultant or in that of an expert witness.

RVACFES May Event Sold Out!

Liseli_2

On behalf of the Central Virginia Chapter and our partners the Virginia State Police and national ACFE, our Chapter officers would like to thank each of you, all our Chapter members and training attendees who made our May Event such a resounding success!  Taught by Liseli Pennings, Deputy Training Director for the ACFE, ‘Investigating on the Internet – Research Tools for Fraud Examiners’ presented a treasure trove of information for the effective utilization of hundreds of readily available on-line resources and tools to support every step of even the most complex fraud investigation and subsequent prosecution.

Liseli_1As the course makes clear, investigations today can be undertaken solely through the investigative resources a computer offers. But there are so many tools available to a fraud examiner beginning an online investigation that it can be difficult to sort out the applicable resources. By better understanding computer and Internet media, examiners can more efficiently conduct investigations and save valuable time and money. While fraud examiners can easily begin searching the Internet without a plan, they will benefit if they develop a strategy prior to conducting a search. Employing a focused search strategy can save time, maintain direction, and make better use of resources.

Liseli presented two analytical techniques designed to analyze the following in an investigative scenario:

SWOT Analysis

— Strengths
— Weaknesses
— Opportunities
— Threats

The SWOT methodology can help professionals achieve the goals of a due diligence investigation or when evaluating a company or person. SWOT is also suited for investigating a product, market, organization, or business venture. Additionally, investigations that entail comparing financial aspects to other companies or markets, such as analyzing one small business or cost in relation to the competition, can benefit from this type of analysis. If an investigator is conducting a search on an individual, it provides analysis into life aspects and characteristics of the person. This method can also be used to conduct a risk assessment that details what an organization can and cannot do, as well as alert the examiner to potential threats and opportunities.

CARA Analysis

Commonly used by law enforcement and private investigators to develop information on a subject, the CARA method analyzes:

— Characteristics
— Associations
— Reputation
–Affiliations

This type of analysis can be used to gain an understanding of an individual rather than a company.

Electronic evidence can change with usage and be altered by improper or purposeful mishandling and storage. Electronic evidence such as social media pages and blog posts can be deliberately removed or altered. Examiners should never assume that a website or post that was available one day will be there the next. Capturing information as it is found is essential because the subjects of an investigation often delete websites and social media profiles. Web pages can be preserved by selecting print screen and pasting the screen capture into a document. When possible, examiners should capture the time, date, time zone, or any other information that can prove when or where data was captured. Not doing so could lead to timeline inconsistencies and contradict alibis when used as evidence and could result in evidence being dismissed due to inaccuracies. It could also affect the examiner’s credibility and negatively impact the case if brought to trial.

When using public and paid-access databases to conduct research, it is important to determine the age of the information. If the date that the information was aggregated is not listed, examiners should look for other sources of information that do include dates.  Examiners must recognize that there are often delays in the reporting and dissemination of information from the sources used by these types of databases.

Some state or local databases might only compile information from certain cities or counties. Examiners who do not find the information they are looking for on a particular site might believe that the information does not exist or that the subject does not have an arrest record when in fact the jurisdiction in question is not included on that site or database. For this reason, it’s important to gain an understanding of exactly which jurisdictions a database covers and what type of information it provides. Determining how long the website or database retains information is also important. Some only retain information for a certain period of time (e.g., five, ten, or twenty years). Furthermore, many databases archive their records after a set number of years to allow faster searches on current information. In such cases, the examiners should search the archived database for information, try another source, or hire a service to conduct a manual record search at the local level. Examiners should avoid the assumption that a lack of records means that an incident did not occur when in fact the database simply might not have the records the examiners need.

Most websites and databases have disclaimers and disclosure statements that users should thoroughly review. Some public and paid databases contain disclosure statements informing users that the subject is notified when someone searches for their information. One such example is when credit header or certain background information is accessed online. The person to whom the information belongs is usually notified when searches pertaining to credit information are conducted with permission by an employer, but notifications can also be enacted when searching other databases for basic information. This could have a significant impact on an investigation. Disclosure practices vary from company to company and across various jurisdictions. It is crucial that examiners review all disclaimers as they will often indicate when the database was last updated or caution that information is not always current or accurate. As such, all information found online should be corroborated for accuracy and all disclaimers should be read thoroughly. Another important legal aspect to consider regarding public and private databases is the dissemination clause-if one exists. Finally, there can be legal ramifications for disseminating third-party information to attorneys or courts, or for using information compiled from certain sources. Sometimes permission is required before disclosing information. Therefore, it is important to read all legal notices and consult an attorney if unsure how to proceed.

Again, our thanks go out to all for making this May event one of our most informative and successful ever!

Investigating on the Internet

online-investigationThis May our Chapter, along with our partners the Virginia State Police and national ACFE will be hosting a two day seminar – ‘Investigating on the Internet – Research Tools for Fraud Examiners’.  This in-depth session will be taught by Liseli Pennings, Deputy Training Director for the ACFE.  We’ll begin enrolling students in mid-March, so pencil in the dates, May 18th and 19th!

Fraud examiners now have the ability to gain insights from, and test correlations with, a vast array of investigative relevant information on the Internet, which can be as diverse as suspect competitor information, regulatory filings, and conversations on social media.  Such analytics can provide CFE investigators with a variety of capabilities from investigative planning and risk assessment to fieldwork. They also enable fraud examination practitioners to provide clients with more compelling information about every experienced fraud.

Internet based investigation tools can be classified into three broad categories:

–Retrospective statistical analysis, used to gain deeper insight into important sub-processes in financial and operational areas related to the investigation subject.

–Forward-looking models, built to predict which areas of the business are riskier or simply require a greater level of fraud prevention focus.

–Advanced visualization analytics, used to help transform the investigation by providing deep analytical insights and actionable information through visual tools like interactive charts and dynamic graphics. In short, investigation on the internet has rapidly evolved from simply allowing CFE’s the ability to provide perspective in hindsight to helping them assemble rich digital views of the present investigative situation. Investigative, internet based analytics provide investigators with the potential to dramatically increase the value of the insights they can provide clients at every level of the examination from evaluation of business risks, to suspect analysis, and on to prosecutorial issues and challenges.

The first step in deploying internet based investigative tools effectively is determining the exact fraud scenario that needs to be addressed – what are the features constituting the scenario under review? Once specific fraud features have been identified, on-line analytical capabilities can be used to source facts, drive understanding, and generate knowledge by addressing three general questions:

–What data can be leveraged to enhance understanding of the exact fraud scenario and improve the performance of its investigation? It’s important to understand the source of the on-line data available and the systems and processes that produce it. Effective data evaluation by the examiner supports the accuracy, completeness, and reliability of the data used in her investigation.

–What is known about the general type of business processes related to the fraud?

–Exactly what fraud scenario is suspected to have transpired and why? What steps should be taken by the client immediately?

Canny use of the internet by the trained investigator can play an important role in answering these questions with a view to optimizing immediate investigative performance. The knowledgeable examiner can frequently look at on-line data from within the organization and outside it, with a focus on patterns, data mining and optimization, data visualization, advanced algorithms, neural analysis, and social networks.

These data can provide powerful insight into every aspect of our cases under investigation. In addition to examination field-work one of the most important uses of internet based investigative tools is to enhance fraud risk management. Analytics available on-line from the ACFE and others help provide a clearer understanding of risks and furnish insights as to how they can be mitigated. Ultimately, the objective is to develop and implement an analytical capability that provides the individual CFE with greater insight into the control failures associated with each major category of fraud. A second important use for internet analytics is to develop a deeper understanding of common fraud related issues. Once a potential issue has been identified, analytics can source the facts (e.g., what does the data tell us about the issue?), drive understanding of the facts (e.g., what has happened?), and generate knowledge (e.g., why did it happen?) to ultimately build a more complete presentation of fraud report findings. A third area for CFE’s to consider is how to leverage the use of the analytics performed for the fraud examination for use by the client throughout their organization. In this regard, the CFE’s report can become an important change agent, driving fraud prevention insights throughout the organization. Business managers and leaders of other organizational risk functions have a need to understand fraud risks and the correlations between data. In many cases, fraud investigative tools developed for use during a fraud examination can evolve into valuable fraud prevention tools and ownership can be transferred to business or functional leaders for ongoing use.

Consider keeping the following in mind when using internet based investigative tools in your investigation:

–Establish a clear understanding of what you’re trying to achieve in your investigation and ensure a linkage to examination planning. This should translate into defined objectives that drive the strategy and long-term vision for the use of the tools as well as surface near-term opportunities.

–Know the data.  It’s important for examiners to understand both the data they have and the data they don’t have when determining how and where to begin using the internet as an investigative tool. This knowledge also prioritizes efforts to collect what’s missing for future analyses and for enhancements to the data driven investigative program.

–Start with a targeted, ad hoc program which will likely yield greater benefits in terms of speeding insights, learning, and long term value. Take the time to learn first and then deploy necessary capabilities across your tool kit.

–Lever existing cumulative insights. These ever building insights may provide clues related to the risks and related fraud scenarios to start with, jump-starting the investigative program and build consistency with prior initiatives.

–Take steps to develop a written plan early on in every examination to take action and measure results accurately. Don’t forget that the client organization, systems, and processes that support fraud response and control remediation must be able to take action working with the insights that your final report provides.

Fraud examiners stand at the beginning of a new era in the use of internet based data to enhance the entire fraud examination life cycle. Taking the steps outlined above can help individual practitioners realize gains in effectiveness and efficiency while providing enhanced investigative services.

Please make plans to join your fellow RVACFE Chapter members and guests for an outstanding learning experience on May 18th and 19th.  You won’t be disappointed!

Before You Pay that Invoice!


HandOnMouseDuring our April 2015 training event, ‘Using Analytics to Detect Fraud’, our speaker, Bethmara Kessler, gave a fascinating, real life example from her own practice of how detailed analytic analysis could be especially helpful in addressing false billing frauds.  In addition, she explained at length just how this type of fraud works. In a false billing scheme, an employee or outside party creates false vouchers or submits false invoices to a target organizational payer. These documents cause the payer to issue payments for goods or services that are either completely fictitious or overstated in price. The perpetrator then collects the fraudulent payments/checks and converts them for personal use. Another type of billing fraud involves buying personal goods or services with company money.

A false billing fraud affects the purchasing cycle, causing the company to pay for nonexistent or non-essential goods or services. Most false billing frauds involve a service, since it is easier to conceal a service that is never performed than to conceal goods never received. As Bethmara’s example demonstrated, the most common billing scheme is setting up one or more bogus vendors.   There are several ways to do this. The most common is to create a fictitious vendor (often called a shell company), open a bank account in the shell company’s name, and bill the victimized company. The perpetrator then creates an invoice and sends it to his employer. Invoices can be professionally produced via computer and desktop publishing software, typewritten, or even prepared manually. Often, the most difficult aspect of a fraudulent billing scheme is getting the false invoice approved and paid. In many instances of billing fraud, the person perpetrating the fraud is also the person in the company who is authorized to approve invoices for payment. Another popular means of getting invoice approval is to submit invoices to an inattentive, trusting, or “rubber-stamp” manager. Furthermore, perpetrators often create false supporting documents to facilitate approvals and payments, e.g., voucher packages.

A perpetrator can also use a shell company to perpetrate a pass-through billing scheme: the perpetrator places orders for goods with his shell company, has his shell company order the goods from a legitimate supplier at market prices, and then sells those goods to his employer at inflated prices. The fraud lies in the fact that the victimized company is buying the goods it needs from an unauthorized vendor at inflated prices. The perpetrator “profits” from the inflated prices gained while acting as an unauthorized “middle man” in a necessary company transaction.

Rather than utilizing shell companies to over-bill, some employees generate false disbursements through invoices of non-accomplice vendors. In what is called a pay and return scheme, the perpetrator makes an error in a vendor payment to facilitate the theft. One way to do that is to overpay or double-up on payments, request a check from the vendor for the excess, and steal the check when it arrives. Another scenario is to pay the wrong vendor by placing vendor checks in the wrong envelopes, then calling the vendors to explain the mistake and requesting the return of the checks. When the checks return, they are stolen. The support documents are sent through the accounts payable system a second time; and these checks are sent to the proper vendors.

Another scheme involves purchasing personal items with company money. One popular way to do this is to make a personal purchase, then run the unauthorized invoice through the accounts payable system. If the perpetrator is not in a position to approve the purchase, s/he may have to create a false purchase order to make the transaction appear legitimate or alter an existing purchase order and have an accomplice in receiving remove the excess merchandise.

Another way to purchase personal items with company money is to have the company order merchandise, then intercept the goods when they are delivered. To avoid having the merchandise delivered to the company, the perpetrator often will have it diverted to his home or some other address, such as a spouse’s business address. A third way to purchase personal items with company money is to make personal purchases on company credit cards. No matter which of the approaches is used, the perpetrator will either keep the purchases for personal use or turn the purchase into cash (or a credit card refund) by returning the merchandise.

Bethmara pointed out that, in some ways, it’s easier to conceal a billing fraud than other frauds – but in other ways, it’s harder. It’s easier in that the perpetrator does not have to remove cash or inventory from company premises; instead, the company mails her a check. It’s more difficult in that, when the perpetrator creates a bogus vendor or shell company, he has to come up with a name, mailing address (often the fraudster’s home address or a postal box), and phone number (often a home phone number); open a bank account in the shell company’s name (usually requiring him to file or forge articles of incorporation) or in his own name; deposit and withdraw money; and create and send vendor invoices. Any of these can lead back to the perpetrator, making it easier to find him once the fraud is detected and the shell company identified.

Depending on the scheme and organizational controls in place, the perpetrator may have to falsify or alter a purchase requisition, purchase order, receiving report, or vendor invoice, or fool or force the authorizing person to approve or forge an authorization. Perpetrators involved in a pay and return fraud usually have to intercept any checks that are returned.

Finally, Bethmara presented a number of red flags usually present when a false billing fraud is taking place, including:

  • An unexplained increase in services performed (services that were paid for, but never performed);
  • Payments to unapproved vendors;
  • Invoices approved without supporting documents;
  • Falsified or altered voucher documents; for example, altering a purchase order after its approval;
  • Inflated prices on purchases or orders of unnecessary goods and services;
  • Payments to an entity controlled by an employee;
  • Multiple payments on the same invoice or over payments on an invoice;
  • Personal purchases with company credit cards or charge accounts;
  • Excessive returns to vendors, or full payment not received for items returned;
  • A vendor with a post office box address.

On July 23, 2015 our Chapter will be hosting a one-day ACFE seminar entitled, ‘Fraud Prevention’.  Our speaker, Chis Rosetti, will be presenting a host of effective measures anti-fraud practitioners and client management can take to prevent the false billing and other common frauds so eloquently described by Bethmara Kessler and Jerry Sacks at our recent prior events (8 high quality CPE for just $150.00). Hope you can join us!

RVACFES April Seminar Sold Out!

Attendees_2

On behalf of our Central Virginia Chapter and our co-sponsors the Virginia State Police and national ACFE, I want to thank all of you, our Chapter members and more than 80 attendees for making our April two day seminar, ‘Using Analytics to Detect Fraud’ such a resounding success!

Bethmara_3Our nationally renowned speaker, Bethmara Kessler, the Chief Audit Executive at the Campbell Soup Company, shared her extensive experience as a fraud examiner and field audit leader in the application of analytics to a wide range of differing fraud scenarios.

BethMara began by defining data analytics, as it applies to fraud examination, as the use of analytics software to identify trends, patterns, anomalies, and exceptions within data. She emphasized that numerous data analytics techniques exist to assist internal auditors, external auditors, forensic accountants, investigators, and fraud examiners in uncovering red flags in data and focusing on the areas of greatest risk. BethMara gave examples of data analysis techniques being used re-actively (i.e., in response to frauds that have already occurred) or proactively (i.e., as a means to monitor data to identify signs of fraud). Data analysis technology is especially useful when fraud is hidden in large volumes of data and manual reviews are ineffective. If fraud is a needle in a haystack, data analytics tells us where in the haystack to look for it. Performing data analysis techniques, including the necessary data extraction and cleansing, requires a combination of fraud investigation skills, technical savvy, relevant industry knowledge, and common-sense judgment.

BethMara went on to emphasize that fraud examiners must be able to:

–Translate knowledge of their organization and understanding of common fraud indicators into analytics tests.
— Effectively employ the technological tools used for analyzing the data.
— Resolve any errors in data output due to incorrect logic or scripts.
— Apply their fraud investigation skills to the data analysis results in order to detect potential instances of fraud.

Attendees_1

Our speaker next recommend that all seminar participants read the ACFE’s 2014 Report to the Nations on Occupational Fraud and Abuse. According to the report, 42 percent of frauds reported by survey respondents were detected by whistle-blowers. That means nearly 60 percent of frauds were detected by other means. Effective and continuous data analysis might allow for the detection of frauds long before a whistle-blower notices any wrongdoing.

Data analysis techniques alone are unlikely to detect fraud; human judgment is needed to decipher results. For example, many techniques use automated software or applications to apply logic to large volumes of data to find anomalies or exceptions. Once these anomalies are identified, the fraud examiner can perform a more detailed review of the results to determine whether there are signs that fraud has occurred.

Data that is relevant to analytically supported fraud examinations comes from numerous sources and takes numerous forms, including:

— Accounting and financial data
— Human resources data
— Customer data
— Vendor data
— Internal communications and documents
— External bench-marking data

The bottom line is that to conduct an effective examination, a fraud examiner must take a comprehensive approach and apply all appropriate analytical tests to all relevant data. The more creative fraudsters get in hiding their schemes, the more creative the fraud examiner must become in analyzing data to detect these schemes. For this reason, it is essential that fraud investigators consider both structured and unstructured data when planning their engagements. It is also important that the fraud examiner not only be knowledgeable about the data to be analyzed, but also consider how a fraudster would use the data to commit and conceal fraud.

All in all, a most successful seminar for which all participants receive high marks!

Training_Academy_2