Invoice Number Vendor Number Amount A $1, A $1,035.71

Transcription

1 Fraud Detection: Using Data Analysis Techniques A new approach being used for fraud prevention and detection involves the examination of patterns in the actual data. The rationale is that unexpected patterns can be symptoms of possible fraud. A simple example of the application of this technique is the search for duplicate transactions, such as the same invoice number - vendor number: Duplicate Transactions Invoice Number Vendor Number Amount A $1, A $1, Ordinarily, one would expect that invoice number - vendor number combinations, would be unique. Therefore, the existence of transactions with the same invoice number - vendor number combinations would be an unexpected pattern in the data. The identification of possible duplicate transactions would be a possible symptom of fraud that should be examined. However, fraud symptoms are only that symptoms - and care should be taken to properly investigate the transactions before jumping to conclusions. Transactions that look like duplicates may simply be progress payments or equal billing of monthly charges. It is possible to search for duplicates on one or more key fields. Even Amounts Another digital analysis technique is to identify even dollar amounts, numbers that have been rounded up, such as $ or $5, The existence of even amounts may be a symptom of possible fraud and should be examined. The MOD() function in ACL can easily identify these types of even numbers. For example: MOD(Amount,100) = 0 will identify transactions that are a multiple of 100, such as $ and $700.00, and also $1,200 and $25,000, but would not identify transactions with Amounts of $200.23, or $ MOD(Amount,1000)=0 will identify transactions with Amounts that are multiples of 1,000, such as $27,000, but would not identify transactions with Amounts of $ or $22, Case Study: Even Amounts Travel expenses had always be a concern for the auditors as controls were a weak. Employees had a maximum per diem rate when traveling, but had to submit actual receipts to cover the expenses. Maximums were also established for meals: Breakfast $10.00, Lunch $20.00 and Dinner $30.00 and for Hotel $ The auditors used the MOD() function to identify transactions that were multiples of $10.00 or multiples of $ These transactions were compared to the manual receipts to ensure that the amounts expensed were appropriate.

2 The manual review determined that some people were charging the maximum rates for meals and hotels even though the receipts did not justify the amounts. Ratio Analysis Another useful fraud detection technique is the calculation of ratios for key numeric fields. Like financial ratios that give indications of the relative health of a company, data analysis ratios point to possible symptoms of fraud. Three commonly employed ratios are: the ratio of the highest value to the lowest value (Maximum/Minimum); the ratio of the highest value to the next highest (Maximum/2 nd Highest); and the ratio of the current year to the previous year. For example, auditors concerned about prices paid for a product, could calculate the ratio of the Maximum Unit Price to the Minimum Unit Price for each product (NATO Stock Number). If the ratio is close to 1, then they can be sure that there is not much variance between the highest and lowest prices paid. However, if the ratio is large, this could be an indication that too much was paid for the product in question. Product Line Max Min Ratio Product Product Product 1 has a large difference in the unit price between the minimum and maximum (ratio of 1.85); whereas Product 2 has a smaller variance in the unit prices (ratio of 1.01). Audit should review the transactions for the unit prices of $235 and $127 for Product 1 to ensure the proper payments were made. Paying abnormally high unit prices for products may be a symptom of kickbacks in the contracting area. The ratio of the maximum to the 2 nd highest value can also highlight possible frauds. For example, examining the pattern of payments made to vendors can be revealing. In this case, a large ratio could indicate an anomaly in the data. Customer Max 2 nd Highest Ratio XYZ Corp. $100,080 $ 26, ABC Corp. $103,429 $101, A large ratio indicates that the Maximum value is significantly larger than the second highest value. Auditors and fraud investigators would be interested in these unusual transactions as they represent a deviation from the norm. Unexplained deviations could

3 be symptoms of fraud. In a number of cases, high ratios have identified payments incorrectly made to the vendor. Case Study - Doctored Bills The auditors reviewed the patient billing system to determine if the appropriate charges were being assessed the patient s healthcare providers. An initial analysis of the data was performed to calculate the ratio of the highest and lowest charges for each procedure. The auditing standards required that procedures with a ratio of Highest/Lowest greater than 1.30 be noted and additional review performed. This quarter, three procedures had ratios higher than 1.30, the highest ratio being A filter was set to identify the records related to the three procedures in question and additional analysis was performed. This quickly determined that one doctor was charging significantly more than the other doctors, for the same procedures. A comparison of the charges from the billing system with the payments recorded in the Accounts Receivable system, revealed that the doctor was skimming some of the payment received. The amount recorded in the receivable system was in line with the usual billing amount for the procedures. The doctor was unable to justify the higher prices, or explain the difference in the billing and the receivable systems. Trend Analysis Analysis of trends across years, or across departments, divisions, etc. can be very useful in detecting possible frauds. Another useful calculation is the ratio of the current year to the previous year. A high ratio indicates a significant change in the totals. Case Study - Contracting Kickbacks Johnathan, one of the contracting officers, had devised a great scheme in which he won and so did the companies who were willing to do business under his conditions. Companies who were not willing to provide him with a little extra - would not get the contract. The auditors decided to use digital analysis as part of their review of the contracting section. One of the analyses calculated the total contract amount by vendor for each of the past two years. A ratio of current year to previous year was calculated and the statistics command was used to look at the minimum, maximum, average and highest and lowest 5 ratios. While the average was close to 1.0 the highest and lowest 5 values showed that some companies had significant decreases in business, while others had experienced significant increases in business. The auditors review the detailed for all companies that had a ratio of less than 0.7 or more than The detailed records were extracted to a file and totals were calculated by contracting officer. For companies that had seen an increase in business, the results

4 revealed that Johnathan had raised many of the contracts. In comparison, Johnathan had raised no contracts with the companies that had seen a decrease in business. The auditors learned of Johnathan s kickback scheme when they interviewed salesmen from the companies that had ratios less than 0.7. Interviews with salesmen from the firms that had increased sales by 1.30 or more added credence to the fraud accusations. Benford s Law More advanced techniques take data analysis to another level, examining the actual frequency of the digits in the data. Benford s Law, developed by Frank Benford in the 1920 s, makes predictions on the occurrence of digits in the data. Benford s Law concludes that the first digit in a large number of transactions (10,000 plus) will be a 1 more often than a 2 ; and a 2 more often than a 3. In fact, the likelihood of the first digit taking on a value decreases as the value of the digit increases. Benford calculates that the first digit will be a 1 about 30%, whereas 9 only has an expected frequency of about 5% as the first digit (Ted Hill, American Scientist, July-August 1998, pp ). Benford s Law calculates the expected frequencies (rounded to three decimal places) for first and second digits as follows: Digit Frequency Frequency (First Digit) (Second Digit) However, not all data will have distributions as predicted by Benford s Law. Sometimes there is valid rationale for certain numbers occurring more frequently than expected. For example, if a company sends a large of amount of correspondence via courier, and the cost is a standard rate ($6.12) for sending a package of under one pound, then the first digit 6 or the first two digits 61 may occur more often than predicted by Benford s Law. Guidelines for deciding whether the data will comply with the Law include: there should be no set maximum or minimum; there should be no price break points ($6.12 for all packages under 1 pound, $7.13 for package more than 1 pound and less than 2 pounds); and

5 numbers should not be assigned, such as policy numbers, social insurance numbers, etc. Given Benford s Law, we would expect that valid, unaltered data to follow the predicted frequencies. Data that meets the above criteria, but fails to follow the expected frequencies, may include fraudulent amounts (Mark J. Nigrini, PhD., Digital Analysis: a computer-assisted data analysis technology for internal auditors, 1998). An analysis of the frequency distribution of the first digits or second digits can detect abnormal patterns in the data and may identify possible frauds. An even more focused test can be used to examine the frequency distribution of the first two digits (FTD). The formula for the expected frequencies is: Expected FTD Frequency = log(1+1/ftd) Therefore, the expected frequency of 13 is log(1+1/13). The expected frequencies range from for 10, to for 99 (Mark J. Nigrini, PhD., Digital Analysis: a computer-assisted data analysis technology for internal auditors, 1998). Case Study: Signing Authority The auditors were investigating possible fraud in the contracting section where thousands of contracts were raised every month. They used Benford s Law to examine the first two

6 digits of the Contract Amount. The results of their analysis revealed that the digits 49 were in the data more often than expected. Classify on the contracting office for all contracts with 49 as the first two digits determined that the contracting manager was raising contracts for amounts in the range $49,000 to $49,999 to avoid contracting regulations. Contracts under $50,000 could be sole-sourced; contracts $50,000 or higher had to be submitted to the bidding process. He was raising contracts just under the financial limit and directing them to a company owned by his wife. Conclusions Digital Analysis, an advanced application of data analysis, is a new tool for auditors and fraud investigators interested in preventing and detecting fraud. In fact, digital analysis is a case where millions of transactions make the identification of fraud symptoms easier to find then when there are only a few thousand transactions. The patterns in the data become more obvious and focus attention on the fraud. Dave Coderre Author of The Fraud Toolkit; Fraud Detection: Using Data Analysis Techniques to Detect Fraud and CAATTs and Other BEASTs for Auditors Dave_Coderre@hotmail.com