Big risks and big data
By Roderick M. Vega
First published in BusinessWorld (04/07/2014 – p.S1/6)
CONSIDER, if you will, an analogy. Oceans are vast bodies of water that offer an abundance of marine life and resources. Yet at the same time, that immensity of size and scope means that any kind of meaningful fishing is daunting without proper skills and equipment.
Imagine now, that ocean as the vast body of data and information that flows through the average company in a given year. Sales, collections, purchases, payments, transactions, communications, e-mails, invoices, reports, spreadsheets, and more — and you’re trying to fish for information to protect your company from significant risks such as fraud and misconduct. One of the skills and equipment in this case will be forensic data analytics (FDA) to net you the right results — to catch those big and small fishes among corporate fraudsters.
Ernst & Young released in February this year a report titled, “Big risks require big data thinking: Global forensic data analytics survey 2014.” The survey revealed interesting information and insights on the benefits, challenges and lessons learned by companies across different countries and industries in their use of FDA. It reported that companies — especially those looking to grow in markets where the perceived incidences of fraud, bribery and corruption are high — consider the increasing regulatory compliance requirements and aggressive enforcement trends by regulators as major factors in the design and use of FDA to mine their “big data.”
Big data is defined as high-volume, high-velocity and high-variety information assets that demand cost-effective, innovative forms of information processing for enhanced insight and decision-making. FDA allows companies to collect and use information culled from their data to identify and investigate aberrations, such as improper payments, anomalous patterns of behavior and trends, or suspicious transactions, to better prevent fraud, corruption and bribery.
The interesting thing to note, however, is that while 72% of the 450 executives interviewed for the survey believe that emerging big data technologies can play a key role in fraud prevention and detection, only 7% know of specific big data technologies available, such as model-based mining and visual analytic tools. Worse, only 2% of respondents actually use big data processing capabilities in their internal FDA systems. This implies that most business leaders know they need to better manage their big data, but don’t really know how to go about it.
FDA enhances the risk assessment process because it allows for better comparison of data to improve fraud-risk decision-making, while also improving audit planning or investigative fieldwork. By sifting through data thoroughly, FDA can help identify potential misconduct that a less sophisticated system might have missed.
Of those surveyed, 82% also believe that FDA allows for earlier detection of misconduct — a significant benefit considering that, in over 1,300 incidents of fraud, it took a median of 18 months to detect them (from the latest Association of Certified Fraud Examiners Report to the Nations on Occupational Fraud and Abuse).
Modern FDA systems also allow the analysis of non-traditional or unstructured data formats in addition to structured data formats. Text mining, for example, uses new data sources such as social media, free-text fields of accounts journals, and others.
FDA is commonly deployed across the organization in various testing areas. The following are just a few examples:
• Payment streams, accounts payable analysis — altered invoices, duplicate of fake invoices, inflated prices, suspicious payment descriptors, and approver conflicts;
• Vendor/employee master analysis and comparisons — fictitious vendors, vendor risk ranking, background due diligence, and conflicts of interest;
• Payroll — ghost employees, falsified wages, and commission schemes;
• Bribery and corruption — bid rigging, conflicts of interest, contract compliance, kickbacks, and illegal gratuities; and
• Financial misstatement — fictitious revenues, concealed liabilities, improper disclosures, and overstated assets.
The primary users or beneficiaries of FDA include executive management (81%) and boards (68%). Internal audit is the top user or beneficiary at 84%.
SOME FDA CHALLENGES
Ownership of FDA programs. It appears from the E&Y survey that most companies do not have a functional department that clearly owns FDA implementation in anti-fraud/anti-corruption and compliance programs. In most companies, the FDA function is lodged with the executive management, the legal/compliance departments, or internal audit.
Lacking clear ownership can put a company at risk with respect to maximizing FDA benefits and securing executive sponsorship. This may result in gaps as well as duplicated efforts.
One of the leading FDA practices we see emerging in some companies is sharing “ownership” across a select group of individuals from multiple departments. This assigns specific functions and accountability to individuals. For example, internal audit may take the lead role for FDA, coordinating with legal and compliance to ensure that fraud risks are being addressed, while liaising with IT to ensure that data is available on demand.
Small size of data volumes being analyzed. The survey showed that a majority of companies work with data volumes that do not match the size of their business. The report indicated that 42% of companies with revenues from $1 million to $1 billion are working with data sets under 10,000 records. For companies with over $1 billion in revenue, 71% report working with data sets of over 1 million records. These numbers are far from big data, which raises the question of whether companies are missing out on fraud detection or prevention opportunities by not mining larger data sets.
Effective fraud detection involves analyzing hundreds of thousands, if not millions, of records in the company’s data universe. This is even truer for data-intensive industries, such as financial services. It may therefore be advisable for companies to increase the size of the data volumes reviewed, using sophisticated FDA tools to streamline and cost-optimize the process.
Getting the right tools and expertise. The survey also showed that many companies use only basic spreadsheet and database tools for their FDA programs. Other companies use only in-house developed tools that may not have the requisite data perspective to manage all categories of data mining (e.g. keyword searches, business intelligence information, and others). Some companies also feel that their people need more training, not just in mining their data, but also in analyzing it.
Companies should invest in getting the right talents and software tools for effective data analysis. The competencies can include database management and data analysis skills, as well as anti-fraud and accounting related skills. They should also consider the various sophisticated FDA tools available to find one that integrates and scales organically with their current data systems.
In today’s dizzyingly complex business environment, acquiring, analyzing and understanding data can mean all the difference in ensuring smooth sailing for a company’s anti-fraud/anti-corruption agenda. However, there is still much work to be done to fully realize the potential benefits of FDA. It requires sustained leadership support, shared-ownership among cross-functional departments, better tools and the right skills sets in executing FDA and interpreting the results. FDA integration is a journey, not a destination.
Roderick M. Vega is a partner of SGV & Co.
This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinion expressed above are those of the author and do not necessarily represent the views of SGV & Co.