monitoring data to understand employee behavior data to understand employee... · monitoring data...
TRANSCRIPT
The better the question. The better the answer.�The better the world works.
Monitoring data to
understand employee
behavior
Amos Yogev, Nadav Dar
September 2017
Page 2
Contents
► Survey findings – Highlights
► ACFE Initiatives
► Data analytics as a monitoring platform
► Detecting fraud and corruption
► Monitoring Bribery and Corruption risks
► Case study
► Closure – Open Discussion
April 2017 EMEIA Fraud Survey 2017of 32
Page 4
Survey summary – High lights
Are your employees making ethical choices?► Today’s businesses are operating in an uncertain economic
environment. Popular discontent with globalization, political
instability and slower growth in emerging markets is placing
pressure on companies as they seek alternative ways to meet
ambitious revenue targets.
Monitoring data to understand
employee behaviours
Increased global connectivity means
that a company’s assets are at greater
risk from theft, damage or manipulation
by insiders than ever before.
75%Believe that companies should monitor data to
understand employee behaviours
April 2017 EMEIA Fraud Survey 2017of 32
Page 5
Monitoring data to understand employee behavior
► An organization’s critical digital and physical assets are at greater risk of theft, damage and manipulation
by insiders than ever before. Increased global connectivity means that anyone with access to company
data, anywhere in the world, can exploit weaknesses in data security. Often, these are trusted
employees who have been permitted access to, or have knowledge of, critical data sources.
► Seventy-five percent of our respondents say their companies should monitor data sources such as
emails, telephone calls or messaging services, and yet, 89% of respondents would consider monitoring
these data sources as a violation of their privacy.
April 2017 EMEIA Fraud Survey 2017of 32
Page 9
ACFE InitiativesHow frauds are detected
Almost 50% by tip
or by accident
April 2017 EMEIA Fraud Survey 2017of 32
Page 12
Data driven approach
Source of value
An
aly
tics m
atu
rity
Impact on organization
►Leveraging analytics to monitor
process performance across
key business cycles
►Benchmark process metrics
against external performance
indicators
►Integrate analytics into the
annual risk assessment process
Business insight
Insight
Strategic and value
advisor
►Apply predictive modeling
techniques to process
optimization or risk
management.
►Enhance strategic decisioning
with qualitative analytics
Value
►Repeatable process and controls
analytics across key business
cycles: FSCP, P2P, O2C, HR.
►Identification of fraud risk
indicators prevalent in transaction
activity
►Forms the basis for a continuous
monitoring/auditing
Monitor control and
compliance structure
Controls
April 2017 EMEIA Fraud Survey 2017of 32
Page 13
Analytics provide higher long-term benefits
► Increased insight
► Typically automated collection/evaluation
► High sample sizes/decreased false positives
► Frees up resources to focus on other high-risk areas
► Frequent, faster and more accurate analysis
► Decrease in opportunity for human error
► Incremental and more extensive testing is practical
► Capability/benefit tends to increase with complexity and asthe organization evolves
Relatively higher initial costs for analytics can yield significantly more long-term benefit
Investment
requiredBenefits earned
► Typically Labor-intensive manual collection/evaluation
► Limited samples/relatively infrequent tests
► Narrow time period/stressful remediation
► Test procedures are limited in scope
► Capability/benefit tends to lessen with complexity and as the organization evolves
Traditional method
Data analytics
April 2017 EMEIA Fraud Survey 2017of 32
Page 14
Forensic analytics maturity model
False Positive RateHigh Low
Str
uctu
red
Da
ta
Detection RateLow High
Un
stru
ctu
red
Da
ta
“Traditional” rules-Based Tests(Excel, ACL, Access, SQL , etc.)
Matching, Grouping, Ordering,
Joining, Filtering
Statistical-Based Analysis(SPSS, Polyanalyst, SAS, etc.)
Predictive Modeling, Anomaly Detection,
Clustering, Risk Ranking
Traditional Keyword Searching(dtSearch)
Keyword Search
Data Visualization & Text Mining(Tableau, Polyanalyst, Spotfire, etc.)
Data visualization, Drill-down into data, Text Mining
April 2017 EMEIA Fraud Survey 2017of 32
Page 16
Type of Fraud
► There is a great diversity of fraudulent activities which a company can fall victim to; fraud exists at some
level in every company.
Management
• Fraudulent Transactions
• Insider Trading
• Transactions with related parties
• Fraudulent Financial Statements
Customers
• Fake Advertisement
• Incomplete Shipments
• Defective Products
• Price Fixing
Sales Associates
• Fictitious
Customers/Sales
• Expense padding
• FCPA Violations
Employees
• T&E manipulation
• Asset (Cash/Inventory/Fixed Asset or
Data Theft)
• Fake Vendor Schemes
• Phantom employees
Competitors
• Theft of Commercial Secrets
• Employee Bribes
Vendors and
Suppliers
• Incomplete Shipments
• Duplicate Invoicing
• Fictitious / Inaccurate
Invoicing
• Employee Bribes
Company Name
April 2017 EMEIA Fraud Survey 2017of 32
Page 17
Common Analytics areas
► Cash Disbursements
► General Ledger
► Materials Management &
Inventory Control
► Purchase Order Management
► Salaries & Payroll
► Travel & Expenses
► Vendor Management
► Payment Cards
Asset Misappropriation
► Materials Management &
Inventory Control
► Purchase Order Management
► Sales Analysis
► Travel & Expenses
► Vendor Management
Corruption / FCPA
► Accounts Payable
► Account Receivable
► Deposits
► General Ledger
► Materials Management &
Inventory Control
► Purchase Order Management
► Revenue Recognition /
Procure to Pay
► Sales Analysis
Financial Statement
April 2017 EMEIA Fraud Survey 2017of 32
Page 18
Classic Techniques for detecting fraud
► Calculation of statistical parameters (e.g., averages, standard deviations, high/low values) – to
identify outliers that could indicate fraud.
► Classification – to find patterns amongst data elements.
► Stratification of numbers – to identify unusual (i.e., excessively high or low) entries.
► Joining different diverse sources – to identify matching values (such as names, addresses, and
account numbers) where they shouldn’t exist.
► Duplicate testing – to identify duplicate transactions such as payments, claims, or expense report
items.
► Gap testing – to identify missing values in sequential data where there should be none.
► Summing of numeric values – to identify control totals that may have been falsified.
► Validating entry dates – to identify suspicious or inappropriate times for postings or data entry
► Text mining
April 2017 EMEIA Fraud Survey 2017of 32
Page 19
Find Hidden Money… Recover Erroneous, Negligent or Fraudulent Payments
DifferentVendor ID
SameDate
ExactSameAmount
DifferentInvoice #
Same Reference /Job Code
Similar namesSome with sameaddress
April 2017 EMEIA Fraud Survey 2017of 32
Page 20
Forensic Analytics Example Exact and Fuzzy Matching
► Employee Consultants
► Direct Payments
► Friends & Family Program
April 2017 EMEIA Fraud Survey 2017of 32
Page 22
Monitoring Bribery and Corruption risks
Two Broad Provisions of the FCPA:
► Anti-bribery: Prohibits bribery (corrupt payments) to foreign officials to obtain or retain business
► Books and records: Requires companies with securities registered under the Securities
Exchange Act of 1934 to make and keep appropriate books and records and to maintain a
system of adequate internal accounting controls.
DOJ’s 10 elements of effective compliance
How will the regulators determine the effectiveness of a
program?
1.Commitment from senior management
2.Code of conduct and compliance policies and procedures
3.Compliance program oversight, autonomy and resources
4.Risk assessment
5.Training and continuing advice
6.Incentives and disciplinary actions
7.Third-party due diligence and payments
8.Confidential reporting and internal investigation
9.Continuous improvement: periodic testing and review
10.Pre-acquisition due diligence and post-acquisition
integration
April 2017 EMEIA Fraud Survey 2017of 32
Page 23
Advanced data analyticsUse of analytics in anti-corruption assessments
Higher Risk Transactions
Vendors not in VMF
or one-time vendors
GL Account or vendor type
Text Analytics
(concept or keyword)
“Geospatial” searches to identify where spending is
occurringRound amounts
Low/high amount outliers
Transactions below authorization or
documentation thresholds
April 2017 EMEIA Fraud Survey 2017of 32
Page 24
EY / ACFE Library of ‘Keywords’(Over 3,000 terms in various languages)
Rationalization Incentive/ Pressure Opportunity
…I deserve it
…nobody will find out
…gray area
…they owe it to me
…everybody does it
…fix it later
…the company can afford it
…not hurting anyone
…won’t miss it
…don’t get paid enough
…make the number
…don’t let the auditor find out
…don’t leave a trail
…not comfortable
…why are we doing this
…pull out all the stops
…do not volunteer information
…want no part of this
…only a timing difference
…not ethical
…special fees
…client side storage
…off the books
…cash advance
…side commission
…backdate
…no inspection
…no receipt
…smooth earnings
…pull earnings forward
April 2017 EMEIA Fraud Survey 2017of 32
Page 27
Case studyT&E review - Risk ranking criteria
Background
► $450 million in total T&E
analyzed over 24 month period,
covering 36,000 employees
► Objective: Risk rank the
36,000 employees by level and
business unit from highest to
lowest risk
► Approach: Developed around
40 targeted T&E expense
related tests into a risk model
► Result: Identified over $8
million in potential recoveries
(abuse, waste, fraud, potential
bribery & corruption) as well as
several internal controls
improvements
► Result: Developed a
repeatable methodology for
future audits
April 2017 EMEIA Fraud Survey 2017of 32
Page 28
Case studyT&E review - Employee risk matrix
► Employees are prioritized based on:
► Number of tests an employee’s T&E transaction hit upon
► The individual importance/weighting of each test
Sorted from 1 to 36,000!
We focused on the top 500.
Ranked across approximately 40 tests.
Data has been sanitized.
April 2017 EMEIA Fraud Survey 2017of 32
Page 29
Case studyT&E review - Visual Dashboards
Who entertained whom, where, what and for how much?”
April 2017 EMEIA Fraud Survey 2017of 32
Page 32
ClosureRoadmap - Three year projected maturity capability
April 2017 EMEIA Fraud Survey 2017of 32
Page 33
More information
April 2017 EMEIA Fraud Survey 2017of 32
For more information on our services contact:
► Nadav Dar, CPA (Isr.), Senior Manager, Fraud Investigation & Dispute
Services, EY Israel
►
Mobile: +972-50-7861906 [email protected]