Fraud Detection Techniques and

Analysis – Unit 5
 Fraud Risks
Organizations should be prepared to address fraud risks at all three levels:
 FRAUD DETERRENCE AND PREVENTION
o Prevention -based internal controls and behaviors will help mitigate the
risk of opportunity for employees to commit fraud
o Effective screening (and re-screening) of employees
o Exposure assessment to operating environment
o Anti-fraud environment creation and maintenance
o Management fraud awareness and skills training
o Effective compliance programs
o Communication to all employees of the Organization’s fraud policy
 Fraud Risks
 EARLY FRAUD DETECTION
o Detection based internal controls and behaviors
o Clear statement of management detection responsibilities and
accountability
o Detection skills training for managers at all levels and certain key
control focused employees
o Hotlines
o Other tip sources
o Monitoring for red flags and other fraud indicators
o Clear action upon suspicion
 Fraud Risks
 EFFECTIVE FRAUD HANDLING

o Response mechanism (what happens when the alarm sounds)

o Investigation
o Loss recovery
o Control weaknesses related to the theft
o Coordination with law enforcement and prosecutors
o Publicity issues
o Human resources issues
o Employee morale issues
 Internal Controls Breakdown reasons
• Blind trust of employees
• Ignoring control implications of policies, procedures, and reports
• Ignoring behavioral indicators of problems
• Situational incompetence
• Not having information needed to assure transactions are proper
• Not questioning the strange, odd and curious
• Not enough time to do the control procedures
• Not enforcing documentation requirements
• Acceptance of the situation
• Subordination of needs
• Positional immunity
• Conflict of avoidance
• Those in charge intentionally ignore or override procedures
 Fraud Opportunity Risks
• Remote locations
• Areas not well understood by leaders
• Costs allocated to various cost centers
• New functions or systems,
• New products or services
• Areas or departments experiencing rapid growth
• New technology
• Locations or functions about to be closed or sold
• Areas or locations with a history of problems or poor performance
• Joint ventures or similar arrangements
• Records are kept by outsiders (such as agents, contractors, or vendors)
 Behavior & Fraud Detection
• Behaviors involving wrongdoing, misconduct, and fraud usually leave a
trail. These indicators, or red flags, can appear in both organization records
and in personal behavior.
• Managers and employees should be aware of common indicators of
wrongdoing, and follow up appropriately if the indicators are observed in
records or behavior.
Fraud Detection: Using Data Analysis
Techniques to Detect Fraud
 Fraud Types and Tests
Type of fraud Tests used to discover this fraud
Run checks to uncover post office boxes used as addresses
and to find any matches between vendor and employee
Fictitious vendors addresses and/or phone numbers
Be alert for vendors with similar sounding names or more
than one vendor with the same address and phone number
Search for duplicates
Altered invoices Check for invoice amounts not matching contracts or
purchase order amounts
Search for purchase quantities that do not agree with
contract quantities
Goods not received
Check if inventory levels are changing appropriate to
supposed delivery of goods
Review for duplicate invoice numbers, duplicate date, and
Duplicate invoices
invoice amounts
 Fraud Types and Tests (Cont.,)
Type of fraud Tests used to discover this fraud
Compare prices across vendors to see if prices from a
Inflated prices
particular vendor are unreasonably high
Review for unexplained increases in inventory
Determine if purchase quantities of raw materials are
Excess quantities appropriate for production level
purchased Check to see if increases in quantities ordered compare
similarly to previous contracts or years or when compared
to other plants
Search for identical invoice numbers and payments
amounts
Duplicate payments
Check for repeated requests for refunds for invoices paid
twice
Search for duplicates within all company checks cashed;
Carbon copies
conduct a second search for gaps in check numbers
 Fraud Types and Tests (Cont.,)
Type of fraud Tests used to discover this fraud
Determine if high value equipment a company already
Duplicate serial owns is being repurchased by checking serial numbers for
numbers duplicates and involvement of same personnel in
purchasing and shipping processes
Find out if a terminated employee is still on payroll by
comparing the date of termination with the pay period
Payroll fraud
covered by the paycheck and extract all pay transactions
for departure date less than date of current pay period
Reveal transactions not matching contract amounts by
linking Accounts Payable files to contract and inventory
Accounts payable files and examining contract date, price, ordered quantity,
inventory receipt quantity, invoice quantity, and payment
amount by contract
 Fraud detection techniques
• As electronic commerce and transaction processing systems become faster
and more capable of processing an ever-growing number of transactions,
the volume of data undergoing real time processing continues to increase.
• This growth in turn places even greater demands on fraud detection
systems, particularly with regard to the timely detection of potentially
fraudulent behavior.
• In order to meet these increasing demands, the underlying fraud detection
techniques are becoming ever more complex.
 Fraud detection through statistical
analysis
• Statistical analysis in fraud detection is the application of statistical
techniques and related number theory to the analysis of information with a
view to identify irregular or statistically inconsistent data.
• The more common statistical analysis techniques currently being applied in
fraud detection systems consist of the following:
o Regression analysis;
o Correlation analysis;
o Dispersion analysis;
o Benford’s Law.
 Fraud detection through statistical
analysis
Regression analysis;
• The analysis helps to determine the relationship between two or
more variables
Correlation analysis;
• is used to describe the strength of the relationship.
Dispersion analysis:
• It helps to study the variability of items
Benford’s Law
• Deriving from the work of Frank Benford in the late 1930s,
Benford’s Law expresses the notion that, with certain assumptions,
the smaller digits (e.g., 1 and 2) occur rather more frequently as the
leading digit in numbers
 Fraud detection through pattern and
relationship analysis
Pattern analysis
• By examining simple patterns and relationships between data items,
missing or anomalous data can be readily identified. Unlike statistical
analysis techniques, pattern and relationship analysis rely solely on
examining past events and developing a profile of common behaviors
Sequencing
• Sequencing involves an examination of a dataset with a view to identify
either missing or abnormal data elements.
Duplicate investigation
• Duplicate investigation is a relatively simple concept that can be used
to readily identify abnormal entries and essentially involves a search
for duplicate values within a given dataset
 Fraud detection through pattern and
relationship analysis
Historical trend analysis
• Historical trend analysis, as the name implies, utilizes past trends to
determine if current values are worth further investigation.
Ratio analysis
• Just as investors use key financial ratios (e.g., profit to earnings) to
determine the viability of an investment, computer forensics can use
ratios to identify potentially fraudulent transactions occurring within an
organization.
 Dealing with vagueness in fraud
detection
• In essence, the use of fuzzy logic allows fraud detection to deal with the
gray areas of fraud whereby neither a yes or no is the best answer for a
given fraud rule in a particular scenario.
• Fuzzy logic has been used very successfully in certain commercial
applications such as household appliances and video cameras.
 Signatures in fraud detection
• Signatures can then be used to detect fraudulent activity through one of the
following methods
o Profile-based detection
o Anomaly-based detection
• Profile-based detection involves the comparison of current transaction behavior
against known fraudulent behavior.
• On the other hand, anomaly based detection compares current transaction behavior
against legitimate known past behavior for the same user or entity.
• In both instances, the fraudulent behavior or past behavior is represented by
signatures
 Fraud Detection - Data Mining
• Data mining refers to extracting or “mining” knowledge from
large amount of data.
• There are a number of data mining techniques like clustering,
neural networks, regression, multiple predictive models
 Fraud Detection - Data Mining
• Data mining and statistics help to anticipate and quickly detect fraud and
take immediate action to minimize costs.
• Through the use of sophisticated data mining tools, millions of transactions
can be searched to spot patterns and detect fraudulent transactions.
 Digit analysis and fraud detection
• Digit analysis is an auditing technique developed around the concept of
analyzing the actual digits making up the numbers contained within a
dataset. Essentially, it seeks to identify abnormalities within individual
numbers by examining
o Digit and number patterns;
o Round number occurrences;
o Duplicate numbers;
o The relative size of numbers.
 Digit analysis and fraud detection
• Digit analysis is based principally on the mathematical theory known as
Benford’s Law
• Digit and number pattern analysis principally involves an analysis of the
frequency of the first two digits occurring within a number, whereby the
actual frequencies of the first two digits are compared with the expected
frequencies as described by Benford’s Law
 Digit analysis and fraud detection
• Round number occurrences seek to measure the extent and frequency of
rounding thereby alerting the examiner to potential manipulation or
invention.
• Round numbers, for the purpose of digital analysis, are defined as
‘‘numbers that are divisible by 100 or 1,000 without leaving a remainder’’
 Fraud detection tools
• The software tools currently used to detect fraudulent behavior fall into one
of two categories.
• There are dedicated data mining tools that have fraud detection capabilities,
and there are data extraction and analysis tools the core function of which
is the detection of anomalous activity.
 Fraud detection tools
• The top five data mining products with fraud detection capabilities, as rated
by Abbott, Matkovsky, and Elder include the following:
o Clementine by Integral Solutions Ltd;
o Darwin by Thinking Machines;
o Enterprise Miner by SAS Institute;
o Intelligent Miner for Data by IBM;
o Pattern Recognition Workbench by Unica Technologies Inc.
 Building a fraud analysis model
Drawing on the more commonly used methodologies, it is possible to identify
a number of clearly defined phases that the data analysis process undergoes
when applied to fraud detection
• Problem definition: The nature of the problem and the final objectives are
identified and documented
• Business analysis or modeling stage: The business and information
technology environment is defined and clear rules developed to identify
activity that is either acceptable or unacceptable.
• Data acquisition stage: The primary data is identified and extracted from an
organization’s information technology infrastructure
• Knowledge discovery stage: The primary data is analyzed according to the
rules developed in the modeling stage
• Evaluation and validation stage: The results of the analyses are reviewed
and evaluated
Drawing on the key features of a number of data analysis models, it is possible
to construct a simple seven-stage model
Building a fraud analysis model
 Building a fraud analysis model
Stage 1: Define objectives
• The objective definition stage is the starting point of the fraud analysis
process.
• Before considering how to analyze the data, it is important to first consider
the key objectives.
 Building a fraud analysis model
Stage 2: Environmental scan
• The environmental scan seeks to identify key
systems and sources of data that are pertinent
to the meeting of the stated objectives.
• During the environmental scan, consideration
is given not only to internal systems and data
sources, but also to external sources of data.
 Building a fraud analysis model
Stage 3: Data acquisition
• The data acquisition stage takes place when the source data is extracted, cleansed,
enriched, and reviewed.
• Extraction is the duplicating of raw data from the various sources identified by the
environmental scan.
 Building a fraud analysis model
Stage 4: Define fraud rules
• The definition of fraud rules relates to the identification and development
of appropriate measures and indicators of fraudulent activity within an
organization.
• The fraud rules bring together the objectives of the fraud analysis and the
business processes that underlie normal business behavior.
 Building a fraud analysis model
Stage 5: Develop analysis methodology
• The development of an analysis methodology
involves the identification of relevant and
appropriate analysis techniques to achieve the
stated objectives.
 Building a fraud analysis model
Stage 6: Data analysis
• The data analysis stage involves the application of the chosen technology
and techniques, and the application of the fraud rules in the analysis of the
acquired data.
 Building a fraud analysis model
Stage 7: Review results
• The final stage in the fraud analysis process is the review of analysis
results. The success of this stage is very much dependent upon a number of
factors. These include
o The clarity of the output;
o The knowledge of the reviewer (both in terms of business processes
and identifying fraudulent activity);
o The reviewer’s ability to interpret the output;
o The accuracy of the source data;
o The application of the most appropriate analysis techniques and
technology.