Post on 10-Feb-2016
description
Unemployment Insurance Integrity ConferenceApril 19, 2010
Forensic TechniquesAnd
Automated Oversight
Brett Baker, PhD, CPA, CISA
2
Overview
• Forensic Techniques and Automated Oversight• Data Mining• Techniques• Equipment and Software• Forensic Approach
Brett M. Baker, PhD, CPA, CISA
3
Forensic Techniques and Automated Oversight
• Definition of Forensic Audit– Audit that specifically looks for financial misconduct, abusive or
wasteful activity. – Close coordination with investigators– More than Computer Assisted Audit Techniques (CAATs)
• Forensic audit is growing in the Federal government– GAO’s Forensic Audit and Special Investigations (FSI)– Department of Defense Data Mining
• Federal outlays are $2 trillion annually– OMB estimates improper payments for Federal government at $98B (4%)
• 100% review using automated business rules versus statistical sampling– There is a place for both
• Automated Oversight– Continuous monitoring– Quick response
Brett M. Baker, PhD, CPA, CISA
FY2008 Improper Payment Estimates
Brett M. Baker, PhD, CPA, CISA
5
What is Data Mining?
• Refers to the use of machine learning and statistical analysis for the purpose of finding patterns in data sets. – If You Know Exactly What You Are Looking for, Use
Structured Query Language (SQL).– If You Know Only Vaguely What You Are Looking for,
Turn to Data Mining.• Most often used (up until recently) in marketing
and customer analysisBrett M. Baker, PhD, CPA, CISA
6
Different Levels of Knowledge
Information Summary Reports
KnowledgeDescriptive Analytics
WisdomPredictive Analytics
DataFacts, numbers
ACL, IDEA, MS Access
SAS, SPSS, ACL, IDEA
ClementineIntelligent MinerEnterprise Miner
Brett M. Baker, PhD, CPA, CISA
7
• Can perform the tests wanted, instead of being limited to what technical staff can, or will, provide
• Not limited to just predetermined data formats and/or relationships
• Can create relationships, check calculations and perform comparisons
• Can examine all records, not just a sample• Useful for identifying misappropriation of assets
and fraudulent financial reporting• Allows limitless number of analytical relationships
to be assessed– within large databases– comparing large databases
• Identifies anomalies
Data Analysis Software - Fosters Creativity
Brett M. Baker, PhD, CPA, CISA
8
Common Data Analysis Tests and Techniques
• Join• Summarization• Corrupt data (conversion)• Blank fields (noteworthy if field is mandatory)• Invalid dates• Bounds testing• Completeness• Uniqueness• Invalid codes• Unreliable computed fields• Illogical field relationships• Trend analysis• Duplicates
Brett M. Baker, PhD, CPA, CISA
99
• Use Tight Selection Criteria– E.g. Vendor = “Smith Company”
• Use Looser Selection Criteria– E.g. Vendor = “*Smith*”
• Finds Smith Company, Smith Co., The Smith Manufacturing Company, etc.
You Know Exactly What You’re Looking For e.g. All You Know Exactly What You’re Looking For e.g. All Payments to a Particular VendorPayments to a Particular Vendor
Simple Queries
1010
• Use Tight Selection Criteria– E.g. Payments With Same Contract #, Invoice
# and Invoice Amount
– Few False Positives• Use Looser Selection Criteria
– E.g. Payments With Same Contract # and Invoice #
or Same Contract # and Invoice Amount– More False Positives– More Detected Duplicates
You Know The Specific Condition You’re Looking For e.g. Duplicate Payments
Complex Queries
1111
• Subject Matter Experts Can Describe Indicators– Translate Indicators to Detection Logic
• Apply Indicators Against Population– Many False Positives
• Combine Indicators – Reduce False Positives
You Only Know The General Condition You’re Looking For e.g. Fraud
Sophisticated Solutions
1 5 72 8 4
12 15 3
Combine Indicators
Control Charts
Brett M. Baker, PhD, CPA, CISA
Normal Activity AnomalousActivity
AnomalousActivity
Frequency Distribution
Brett M. Baker, PhD, CPA, CISA
DisbursingTransactions
Vendor Table
VendorsNot Paid
Yet
VendorsPaid andIn Vendor
Table
VendorsPaid but not
In VendorTable
Comparing Data Files(Three-Bucket Theory)
Brett M. Baker, PhD, CPA, CISA
15
Hardware and Software Applications
• Hardware– SQL servers– Mainframe (QMF)– Docking stations– Terminal server
• Software Applications– Data mining and predictive analytics, e.g., Clementine– Data interrogation – e.g., ACL, IDEA, MS Access, Excel– Statistical analysis – e.g., SPSS and SAS– Link analysis – I2– Lexis-Nexis– Data conversion utilities (Monarch)– Internet, open-source research– Access to system query tools
Brett M. Baker, PhD, CPA, CISA
16
Forensic Approach
• Start with objectives• Structured brainstorming
– Consider SME conference– Identify indicators of potential fraud and ways to find in data– Process to identify financial risks
• Map out the end-to-end process – Identify systems and key processes– Identify key controls
• Identify and obtain transaction-level data – Record layout– Look at 1000 records before examining all records– ACL, IDEA, and Monarch can read virtually any data format
• Flat files, Delimited files, Dbase files, MS Access, Report files, ….• No file size limits
• Build targeted business rules and run against data• Examine anomalies
Brett M. Baker, PhD, CPA, CISA
17
End-to-End Payment UniverseForensic Audit Approach
AccountingSystems
Federal Reserve SystemCommercial
PayEntitlement
Systems
Disbursing Systems
People Pay Entitlement
Systems
PersonnelSystems
CommercialBank
$$ Treasury Check
ContractingSystems
Data Analysis
CentralContractorRegistry
Brett M. Baker, PhD, CPA, CISA
Unemployment Benefits
EmploymentEmployment
Over-payments
Under-payments
Unemployment Insurance
20
How To Apply In Your Organization
• Decide What You Are Looking For• Assign Personnel With Analytical Skills• Gather Data• Understand Data and Business Rules• Select Detection Method/Tools• Produce and Research Anomalies• Refine the Detection Process• Discover the Irregular/Illegal Transactions• Improve the Business Process
– Automated oversight– Continuous monitoring