Dr. Kishore Singh & Prof. Peter Best Department of Accounting,...
Transcript of Dr. Kishore Singh & Prof. Peter Best Department of Accounting,...
![Page 1: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/1.jpg)
Dr.KishoreSingh&Prof. PeterBestDepartmentofAccounting,Finance&Economics
GriffithUniversity
![Page 2: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/2.jpg)
Introduction� ModernERPsystemsrecordseveralthousandsoftransactionsdaily
� Difficulttofindafewinstancesofanomalousactivitiesamonglegitimatetransactions
� CA/CMsystemsperformsubstantialanalytics,butmayproducelengthyreportsà informationoverload
� Approachesthatreducetheburdenofexcessiveinformationaremorelikelytocontributetotheoveralleffectivenessoftheauditprocess
� Weaddressthisissuebydemonstratingtheuseofvisualization topresentinformationgraphically
![Page 3: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/3.jpg)
Visualization� Anytechnologythatenableusersto'see'information-helpsthembetterunderstandandputitintoanappropriatecontext
� Patterns,trendsandcorrelationsthatmaygoundetectedintext-baseddataà exposedandrecognisedwithlesseffort.
� Highvolumedata- visualizedasacollectionofpointsintwo-dimensionalspace
![Page 4: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/4.jpg)
FrameworkforResearch� Thevisualizationsdevelopedinthispaperarebasedonnode-linkdiagrams
� Eachnodeisshownasapoint,circle,polygon,orsomeothergraphicalobject,andeachedgeisshownasalineorcurveconnectingthetwonodes
� Nodesareplacesintwo-dimensionalspace,andedgesrepresentrelationshipsbetweenthenodes
� Whynode-linkdiagrams?Theysimplifyidentificationofrelationships
� Goal- createarepresentationthatmakesunderlyingdataunderstandableandvisuallyappealing
![Page 5: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/5.jpg)
AnomalyDetectioninAccountsPayable� Keymethodstodetect
� violationsinsegregationofduties� knownfraudschemes
� Wefocusontheformer
� ACFE(2014)- keyindicatorsforfraudsarelackofinternalcontrolsoranabilitytooverrideexistinginternalcontrols
� E.g.- toperpetrateavendorfraudanemployee- createsshellcompanyandsubmitfictitiousinvoicesforpayment
� Tosuccessfullyperpetratethisschemerequiresviolationofsegregationofdutiesbycreating(ormodifying)vendormasterrecords,andenteringinvoicesforpayment
![Page 6: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/6.jpg)
Question1� Whattypesofvisualizationsmayassistauditorsindiscoveringpotentialanomaliesinaccountspayabletransactiondata?
� LittleandBest(2003)proposedthefollowingtwoseparationofdutiesprinciplesforaccountspayable� separationofmasterrecordmaintenancefromtransactionentry� separationofpaymentsandchequeentryfrominvoicedataentry
� Motivation- usersthathavetheseauthorizationsarecapableofcreatingshellcompaniesandpayingfictitiousinvoiceswithoutbeingdetected.
![Page 7: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/7.jpg)
VisualizationstoDetectAPFraud� Thefollowingnode-linkvisualizationsareproducedinthisstudytodetectviolations inSoDs:
� Usersperformingvendormaintenance,enteringinvoiceandprocessingpayments
� Usersperformingvendormaintenanceandprocessingpayments� Usersperformingvendormaintenanceandenteringinvoices� Usersenteringinvoicesandprocessingpayments
![Page 8: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/8.jpg)
SpecialCase� Modifyexistinglegitimatevendor– changevendorsbankingdetailstemporarilytofraudulentaccount,processpayment,revertvendorsbankingdetailstotheoriginalvalues(flipping)
![Page 9: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/9.jpg)
Visualizationstodetectspecialcase� Vendorssharingbankaccounts– ifanemployeesetsupshellcompanyto
perpetratevendorfraudanduseacommonaccounttohavepaymentssentto,thenamongstthevisualizationofvendorbankaccounts,itwillappearthatbothalegitimatevendorandoneormoreothervendorssharedthesamebankaccountatsomepoint
� Vendorswithmultiplebankaccounts– shouldanemployeetemporarilyorpermanentlymodifyanexistinglegitimatevendorsbankingdetails(forgenuineorfraudulentreasons),thenthesechangesvisuallyappearasthoughthevendorhadmorethanonebankaccountatsomepoint
� Timelineanalysisforvendorbankaccountchanges(relatestovendorswithmultiplebankaccounts)–listoftransactionsthatareprocessedtoanyoralllistedbankaccountsthatavendorhadatsomepoint
![Page 10: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/10.jpg)
FindingCollusion� Challenging- no“silverbullet”� Employeescolludetoovercomewell-designedinternalcontrols
� Visualizationsproducedinthisstudyhavethepotentialtohighlightsuchactivitieswhichmayassistanauditorindirectingtheirinvestigations
![Page 11: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/11.jpg)
Question2� Howcanadatasetbeusedtodynamicallyproducevisualizationswithoutuserintervention?
� Pre-processeddataà sourcedataforvisualizations� VisualizationsproducedinGraphviz� Opensourcegraphvisualizationsoftware� UsestheDOTlanguagetodescribegraphs� InDOT- threetypesofobjects
� Graphs� Nodes� Edges
� Graphsmaybeundirectedordirected
![Page 12: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/12.jpg)
Howdoesitwork?� SeverallayoutprogramsavailableinGraphviz� TakedescriptionsofgraphswritteninDOT(syntax),andproducediagrams
� Forexample� Thissyntax:digraphG{Hello->World}� Produces:
![Page 13: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/13.jpg)
Question2version2� Howcanapre-processeddatasetbeusedtodynamicallycreateDOTcodewhichmaybeusedtoproducenode-linkvisualizationsinGraphviz?
� DOTissimpleyetcomplex� Severalattributesneedtobedefinedforgraphs,nodesandedges� Nodesà ellipses,boxes,recordsorplaintext(nooutline)� Nodeà polygonorrecord-based� Defaultnodelabelisitsname� Nodeandedgelabelsneedtobesetexplicitly� Multi-linelabelsarepossible� Colourattributescanbespecifiedfornodesandedges� Othercharacteristics- orientation,size,spacingandplacementareallconfigurable
![Page 14: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/14.jpg)
DOTExample� Thisvisualizationdemonstratesrelationshipamongusersandtypesoftransactionstheyperform
� Itrequires74linesofDOTcode� MorecomplexvisualizationsmaypotentiallycontainhundredsorthousandsoflinesofDOTcodethatmayvaryfromonevisualizationtothenext
![Page 15: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/15.jpg)
DOTCodeforExample� AsectionoftheDOTcodetoproducethepreviousvisualization
![Page 16: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/16.jpg)
TheSolution� Graphvizcodewriter– blackboxsolution
� Requiresfiltered/pre-processeddataset� Sixstepprocess
![Page 17: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/17.jpg)
GraphVizCodewriterprocess� Step1
� Readpre-processeddataintocodewriter� Step2
� Definetypeofgraph(e.g.directed),preconfigureattributes� Step3
� Extractallusernodesfromdatasetandpreconfiguretheirattributes(SQLSelect)
� Step4� Extractalltransactionnodesfromdatasetandpreconfigure
� Step5� Findassociationsbetweenuser andtransaction nodes,establishedges,preconfigureattributes
� Step6� ExportDOTfileforusebuylayoutprogram
![Page 18: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/18.jpg)
ImplementationandTesting� TestedonSAPERPsystemofalargeorganization
� Theyprovidedasampleofaccountingtransactiondatawhichincludedbetween500,000and800,000individualtransactionsacrossthevariousdatatables,forasixmonthperiod
� Investigation� ViolationsinSoDs� Anomaliesrelatingtovendorbankaccounts
![Page 19: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/19.jpg)
Usersperformingvendormaintenance,enteringinvoiceandprocessingpayments(Note:multipleedgesfromausernodetoaspecifictransactioncodenodeindicatethattheuserhasentered
thesametransactiontypeacrossmultiplecompanycodeswithintheSAPERPsystem)
![Page 20: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/20.jpg)
Usersperformingvendormaintenanceandprocessingpayments(Note:multipleedgesfromausernodetoaspecifictransactioncodenodeindicatethattheuserhasentered
thesametransactiontypeacrossmultiplecompanycodeswithintheSAPERPsystem)
![Page 21: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/21.jpg)
Usersperformingvendormaintenanceandenteringinvoices(Note:multipleedgesfromausernodetoaspecifictransactioncodenodeindicatethattheuserhasentered
thesametransactiontypeacrossmultiplecompanycodeswithintheSAPERPsystem)
![Page 22: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/22.jpg)
Usersenteringinvoicesandprocessingpayments(Note:multipleedgesfromausernodetoaspecifictransactioncodenodeindicatethattheuserhasentered
thesametransactiontypeacrossmultiplecompanycodeswithintheSAPERPsystem)
![Page 23: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/23.jpg)
Vendorssharingbankaccounts
![Page 24: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/24.jpg)
Vendorswithmultiplebankaccounts
![Page 25: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/25.jpg)
Timelineanalysisforvendorbankaccountchanges
Thisisapayment
![Page 26: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/26.jpg)
Detailedactivitiesofasingleriskyuser
![Page 27: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/27.jpg)
Targetingaspecificvendortoidentifywhichusersthathaveinteractedwiththevendor
![Page 28: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/28.jpg)
Potentialto“see”relationshipsamongmultipleusersandcommonvendors
What’sgoingonhere?
![Page 29: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/29.jpg)
Benford’sLaw:LawofLargeNumbers� Benford'slaw oflargenumbers,givesexpectedfrequenciesofdigitsinnumericaldata.
� Analysisofthefirsttwodigitsforvendorinvoicesrevealedlargedeviationsat11,22,27,36,45,54 and67.
� Othersmallerdeviationswerealsoobservedbutappearedinsignificant.
� 36wasselected asthiswasthelargest. Theinvestigationrevealed1217invoicetransactions,allcontaining36 asthefirsttwodigits.� Severalidentical amountsappearedtohavebeenrecordedforthesamevendors.Thesetransactionswereenteredbydifferentusers.Afollowupinvestigationwasconductedandseveralduplicateinvoiceswerediscovered.(Furtherdetailsofthisinvestigationwerenotprovidedbytheorganization).
![Page 30: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/30.jpg)
Benford’sAnalysis
![Page 31: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/31.jpg)
Validation� ReviewedbytheExecutiveDirector– InformationSystemsAuditofatopinternationalaccountingfirm,stated:‘…Automatedfrauddetectionsoftwarecanprovideinternalauditorswithatooltoefficientlyassessthepresenceoffraudwithinanorganization….Ingeneral,Ifoundthefunctionalityofthetooltobeuseful.TheuserinterfacewouldrequireaminimalleveloftrainingandsomelevelofunderstandingoftheSAPapplication,whichisareasonableconstraint.Thegraphsandvisualizationsclearlycommunicatedamessageforthereader.’
![Page 32: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/32.jpg)
Feedbackfromauditingpractitioners� Feedbackfromapanelofauditingpractitionerswasverypositive.
� Theyfoundthevisualizationseasytounderstand,andusefulinaggregatinglargevolumesofdata.
� Visualizationswereseenasenablingidentificationofrelationshipsorpatternsindatathatwouldotherwisebedifficultintextualdata.
� Overall,thepanelratedthevisualizationsasinnovativeandimportanttoolsinafraudinvestigator'stoolkit
![Page 33: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/33.jpg)
Conclusion� Newandevolvingopportunitiesforfraudsters� ThousandsoftransactionsdailygeneratethousandsoflinesofdatainERPsystem- novelapproachesrequiredtoleveragetheamountofdata
� Hiddenamonggigabytesofdatamaypossiblybefraudulenttransactions- nearimpossibletodetect.
� Forensicanalystsandauditorsseekingnewandinnovativemethodstodiscoverfraud
� Completefrauddetectionischallenging- no“silverbullet”� Visualization,whencombinedwithothermethodologies,mayimproveanauditor’sabilitytoidentifysuspiciousactivitiesnototherwiseidentifiable,andtoencouragefurtherinvestigations.
![Page 34: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/34.jpg)
� KSingh&PBest(2016)InteractivevisualanalysisofanomalousaccountspayabletransactionsinSAPenterprisesystems.ManagerialAuditingJournal31(1),35-63
� Little,A.&Best,P.J.(2003)AframeworkforseparationofdutiesinanSAPR/3environmentManagerialAuditingJournal18(5), 419-430
� ACFE(2014)ReporttotheNationonOccupationalFraudandAbuse, http://www.acfe.com/rttn. Accessed:2June2014
References
![Page 35: Dr. Kishore Singh & Prof. Peter Best Department of Accounting, …raw.rutgers.edu/docs/wcars/37wcars/Presentations/37WCARS-1_6-K… · Griffith University. Introduction Modern ERP](https://reader036.fdocuments.net/reader036/viewer/2022063013/5fcdc8ad997fda74cf23e0d2/html5/thumbnails/35.jpg)