Fraud Control Activities: Using Data to Uncover Fraud—Knowledge is Power!
By Ali Wagner, MACCT, CFE, REDW Financial Forensics & Litigation Services Analyst
No organization is immune to fraud risk. And—as we’ve said before—there’s no time like the present to ramp up anti-fraud efforts in your organization. In our five-part Internal Audit Awareness Month series, we’re addressing core principles of fraud risk management to help you discover, assess and strategize methods to stay ahead of the fraud game in your organization.
In Part 3, we’ll address key fraud control activities…
We’ll show you how to go from reactive to proactive by identifying key assessment tools, and by laying out organizational steps to activate your already-available data and implement role-based anti-fraud training for your team.
Fraud Control Activities: Using Data to Uncover Fraud
A powerful and holistic fraud risk management (FRM) program uses data analytics to prevent, detect, and investigate fraud. While the most advanced organizations are leveraging robotics, machine learning, and artificial intelligence, many anti-fraud analytics tests can be easily implemented and enhanced by using basic spreadsheet software.
As discussed in Part 2 of this series—when in doubt, start small with a pilot approach to reduce initial investment and gain quick wins for your organization’s fraud risk management program.
Among fraud control activities, many noteworthy analytics techniques have been developed over time and each can bring unique benefits and insights; however, not all analytics techniques are created equal. Some are better suited to certain objectives and analyses than others. The diagram below outlines five different analytics techniques, ranging from simple to advanced, that are commonly used during a fraud risk assessment:
When implementing your anti-fraud analytics program, it’s important to note two things:
- You can and should leverage the results of your fraud risk assessment to inform your analytics strategy and priorities.
- Analytics capabilities will evolve with your fraud risk management program.
Over time you should consider integrating more advanced analytics procedures, such as text mining, statistical analysis, and pattern/link analysis, to further your capabilities and enhance your fraud control activities and overall anti-fraud analytics program. Questions? Contact Ali Wagner.
Prioritizing predictive analytics enables you to identify instances of potential fraud before they even occur.
The Association of Certified Fraud Examiners (ACFE) developed a comprehensive interactive tool, a set of Anti-Fraud Data Analytics Tests, which provides numerous data analytics test structures that can be used to help identify red flags in various occupational fraud schemes. We highly recommend referencing it to infuse data into your anti-fraud efforts.
See also the structure of the ACFE’s Fraud Tree, which you can use to drill down to a specific fraud scheme type and see options for relevant data analytics tests.
Connecting Fraud Assessment to Your Data:
- Choose your analytic techniques. Using your fraud risk assessment, map prioritized fraud schemes to potential data sources and assess availability of relevant data. Then utilize the ACFE’s Anti-Fraud Data Analytics Tests to make informed selections on the best tests to help protect your organization.
- Collect data. Work with relevant stakeholders across your organization to identify and collect relevant data to your selected fraud schemes. Extract, transform/normalize, and validate the data to ensure it will provide meaningful results when analyzed.
- Execute your analytics techniques and tests. After initiating your chosen techniques and tests, iterate and modify each process based on the data, its quality, and user feedback. Testing should be ongoing and will require refining models to ensure effectiveness and the relevance and accuracy of results.
- Report findings and observations to relevant stakeholders. Reporting should be in line with the established fraud risk management governance structure established in Part 1 of this series.
- Implement overall remediation and corrective action activities based on the response strategies identified through your fraud risk assessment and your fraud risk management governance structure. What changes need to be made to your FRM efforts so far? All remediation and corrective action should align to your overall FRM program vision, strategy and long-term goals.
While it informs and helps to refine your organization’s fraud prevention efforts, data analytics is only one type of fraud control activity that you should consider. It is advisable to orchestrate a multitude of controls customized to your organization to best prevent and detect fraud.
Knowledge is power; make it specific
Part 1 of this series covered the need to develop and deploy mandatory organization-wide anti-fraud training. However, training shouldn’t stop there.
Customizing the content of training based on specific employee and team roles creates a legitimate connection of knowledge for employees to easily link anti-fraud efforts to their day-to-day responsibilities. Not only does role-based, anti-fraud training empower your employees to better identify suspicious activity, but through it, management can also communicate your organization’s commitment to high ethical standards and give team members a valued role in fraud prevention.
Developing a Role-Based Training Program
- Determine roles for development and oversight. Responsibilities and oversight for role-based trainings should align to your fraud risk management governance structure and also define responsibilities across the monitoring process.
- Determine where to initially focus training efforts based on the results of other FRM activities. For example, you might choose to focus on an area of the business with the highest level of fraud risk or the most significant control gaps as determined by your fraud risk assessment.
- Develop training materials. Consider the training best practices noted in the figure below.
- Deliver your targeted, role-based training, evaluate effectiveness and periodically adapt. Following delivery, evaluate the effectiveness of your training using an established methodology and adapt the training periodically based on both the results of your evaluation and on any changes in the organization’s fraud risks or operations.
You can leverage the processes you have in place for organization-wide anti-fraud training (as established in Part 1) to perform these steps for your targeted role-based training efforts, as well.
How REDW Can Help
For questions or assistance in using data to uncover fraud, developing role-based fraud prevention trainings, implementing other fraud control activities, or if you have concerns that fraud has occurred, please contact REDW Financial Forensics & Litigation Services Analyst Ali Wagner, or REDW Principals Ed Street or Jessica Bundy.
Our professional team maintains specialized training and credentials in the area of fraud examination and maintains considerable experience performing thorough analyses of indicators and allegations of fraud for both private and government organizations. We respect client concerns and conduct examinations in a discreet manner to minimize any disruption of operations.
Learn more about our commitment to integrity and objectivity in performing a fraud examination.
Stay tuned for Part 4 in REDW’s #InternalAuditAwarenessMonth series: Fraud Investigation & Corrective Action: Groundwork for Ethical Investigations
Sources of Information:
ACFE 2020 Report to the Nations. Copyright 2020 by the Association of Certified Fraud Examiners, Inc.
ACFE The Anti-Fraud Playbook: The Best Defense Is a Good Offense. Copyright 2020 by the Association of Certified Fraud Examiners, Inc.
Fraud Risk Management Guide Executive Summary. Copyright 2016 by the Committee of Sponsoring Organizations of the Treadway Commission and the Association of Certified Fraud Examiners, Inc.
Cyber-attacks are increasing. How is your firm managing business risk? Participate in our Risk Management Survey.