Data mining life cycle in fraud auditing



Similar documents
Fighting Fraud with Data Mining & Analysis

AGA Kansas City Chapter Data Analytics & Continuous Monitoring

Data Warehousing and Data Mining in Business Applications

3. Current Auditing Computerized Tools

Assessment for Establishing a Whistleblower Hotline:

TECHNOLOGY YOU CAN USE AGAINST THOSE WHO USE TECHNOLOGY FRAUD ANALYTICS: TAKING DATA ANALYSIS TO THE NEXT LEVEL

Using Predictive Analytics to Detect Contract Fraud, Waste, and Abuse Case Study from U.S. Postal Service OIG

Introducing SAP Fraud Management. Jérôme Pugnet

Sharon Kurek, CPA, CFE Director of Internal Audit

Fraud Prevention, Detection and Response. Dean Bunch, Ernst & Young Fraud Investigation & Dispute Services

Business Intelligence and Decision Support Systems

Why is Internal Audit so Hard?

Fraud Awareness Training

Database Marketing, Business Intelligence and Knowledge Discovery

Introduction to Data Mining and Business Intelligence Lecture 1/DMBI/IKI83403T/MTI/UI

A Unique Perspective into the World of Identity Fraud

THE ABC S OF DATA ANALYTICS

Kroll Ontrack Data Analytics. Forensic analysis and visualization of complex data sets to provide intelligence around investigations

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 240 THE AUDITOR S RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 240 THE AUDITOR S RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS

CRISP - DM. Data Mining Process. Process Standardization. Why Should There be a Standard Process? Cross-Industry Standard Process for Data Mining

Procurement Fraud Identification & Role of Data Mining

A Knowledge Management Framework Using Business Intelligence Solutions

Ethics, Fraud, and Internal Control

A STUDY ON DATA MINING INVESTIGATING ITS METHODS, APPROACHES AND APPLICATIONS

SAS. Fraud Management. Overview. Real-time scoring of all transactions for fast, accurate fraud detection. Challenges PRODUCT BRIEF

716 West Ave Austin, TX USA

The Informatica Solution for Improper Payments

AUDIT PROCEDURES RECEIVABLE AND SALES

by: Scott Baranowski, CIA

Presented by: Donald F. Conway, CPA Mercadien, P.C., Certified Public Accountants. Forensic Accounting, Political Corruption & White Collar Offenses

U S I N G D A T A A N A L Y S I S T O M E E T T H E R E Q U I R E M E N T S O F R I S K B A S E D A U D I T I N G S T A N D A R D S

Detect, Prevent, and Deter Fraud in Big Data Environments

FRAUD PREVENTION STRATEGIES FOR HEALTH CARE A FORENSIC ACCOUNTANT S PERSPECTIVE

A Publication of the Center for Audit Quality

Fraud Prevention and Detection in a Manufacturing Environment

Foundations of Business Intelligence: Databases and Information Management

Consideration of Fraud in a Financial Statement Audit

Forensic Audit and Automated Oversight Federal Audit Executive Council September 24, 2009

Business Process Mining for Internal Fraud Risk Reduction: Results of a Case Study

September 28, Audit s Role in Governance, Risk Management and Internal Control

The Auditor s Responsibilities Relating to Fraud in an Audit of Financial Statements

International Journal of Computer Science Trends and Technology (IJCST) Volume 2 Issue 3, May-Jun 2014

DATA MINING TECHNOLOGY. Keywords: data mining, data warehouse, knowledge discovery, OLAP, OLAM.

COURSE OUTLINE. School of Business SCHOOL: Post-Diploma ebusiness, Marketing, and International Business. Customer Relationship Management

Internal Controls and Fraud Detection & Prevention. Harold Monk and Jennifer Christensen

A Framework to Assess Healthcare Data Quality

Using LSI for Implementing Document Management Systems Turning unstructured data from a liability to an asset.

Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained

ISOLATE AND ELIMINATE FRAUD THROUGH ADVANCED ANALYTICS. BENJAMIN CHIANG, CFE, CISA, CA Partner, Ernst and Young Advisory Singapore

Data Mining Applications in Higher Education

HOW TO DETECT AND PREVENT FINANCIAL STATEMENT FRAUD (SECOND EDITION) (NO )

Forensic Accounting. A Glimpse Into Forensic Accounting. Portland State University Professional Nancy Young, CPA, CISA, CFE Moss Adams, LLP

IBM Content Analytics: Rapid insight for crime investigation

Deloitte Forensic Fraud Risk Management

Fundamentals of Computer and Internet Fraud WORLD HEADQUARTERS THE GREGOR BUILDING 716 WEST AVE AUSTIN, TX USA

Dan French Founder & CEO, Consider Solutions

Auditing Applications. ISACA Seminar: February 10, 2012

Contracts Management Software as a Tool for SOX Compliance

Chapter 6 8/12/2015. Foundations of Business Intelligence: Databases and Information Management. Problem:

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com

Internal Auditing & Controls. Examination phase of the internal audit Module 5. Course Name: Internal Auditing & Controls

The Power of Risk, Compliance & Security Management in SAP S/4HANA

Fraud Control Theory

Advanced Analytics for Audit Case Selection

Chapter 6. Foundations of Business Intelligence: Databases and Information Management

SPATIAL DATA CLASSIFICATION AND DATA MINING

U.S. SQUASH Whistleblower Policy

Making Business Intelligence Easy. Whitepaper Measuring data quality for successful Master Data Management

IMPROVING DATA INTEGRATION FOR DATA WAREHOUSE: A DATA MINING APPROACH

Alexander Nikov. 5. Database Systems and Managing Data Resources. Learning Objectives. RR Donnelley Tries to Master Its Data

Expert Systems in Fraud Detection: Expert Knowledge Elicitations in a Procurement Card Context

Completing an Accounts Payable Audit With ACL (Aired on Feb 15)

Using data analytics and continuous auditing for effective risk management

INTERNATIONAL STANDARD ON AUDITING 330 THE AUDITOR S RESPONSES TO ASSESSED RISKS CONTENTS

Impact of Computer-Assisted Audit Techniques on Sarbanes-Oxley Act Sections 404 and 409. Scarlett Choi ACC 626

716 West Ave Austin, TX USA

Best Practices for Managing Bank Transaction Risk Using a Continuous Data Analytics Approach

Discovering, Not Finding. Practical Data Mining for Practitioners: Level II. Advanced Data Mining for Researchers : Level III

RED FLAGS OF FRAUD MAY 13, 2014 IIA AUSTIN CHAPTER

Converting commercial payment data into critical, cost-saving intelligence.

4 Testing General and Automated Controls

Data Mining Solutions for the Business Environment

Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

Consideration of Fraud in a Financial Statement Audit

THE QUALITY OF DATA AND METADATA IN A DATAWAREHOUSE

Data Mining/Fraud Detection. April 28, 2014 Jonathan Meyer, CPA KPMG, LLP

AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING THAT IS INTEGRATED WITH AN AUDIT OF FINANCIAL STATEMENTS:

An Introduction to Data Warehousing. An organization manages information in two dominant forms: operational systems of

Continuous Audit and Case Management For SAP: Prevent Errors and Fraud in your most important Business Processes

Transcription:

Data mining life cycle in fraud auditing ELENA MONICA SABĂU Faculty of Accounting and Management Information Systems Academy of Economic Studies 6, Romană Square, District 1, Bucharest emsabau@gmail.com http://www.ase.ro ANDREI SORIN SABĂU Faculty of Mathematics and Computer Science University of Pitesti 1, Targul din Vale Str., Pitesti, Arges County andrei@asabau.com www.asabau.com LUCIAN CONSTANTIN GABRIEL BUDACIA Faculty of Internal and International Commercial and Financial - Banking Relations Romanian - American University 1B, ExpoziŃiei Ave., District 1, Bucharest lucian.budacia@yahoo.com http://www.rau.ro FLORINEL MARIAN SGĂRDEA Faculty of Accounting and Management Information Systems Academy of Economic Studies 6, Romană Square, District 1, Bucharest sgardeafm@gmail.com http://www.ase.ro Abstract: In the last several years, there has been a greater increase in the prominence of fraud detection. Today auditors are using data mining tools and techniques to examine the entire population of transactions in order to select samples for test controls and identify fraud. While the greatest gains in efficiency can be achieved by maximizing the use of technology, auditors must have access to the data and software tools as well as the techniques and knowledge necessary to make intelligent use of vast amounts of financial and non-financial information in their mission of detecting and deterring fraud. This paper presents the concept of economic fraud, categorizes and compares the different missions of fraud review like financial audit, fraud examination and fraud audit. It defines the concept of data mining and its life cycle from a fraud auditing point of view. Key-Words: data mining, data mining life cycle, economic fraud, fraud audit, data mining program 1 Introduction In the last several years, there has been a greater increase in the prominence of fraud detection. The problems at WorldCom and Enron have emphasized not only the importance of audit but also the devastating effects that fraud can have on a company and its auditors, and highlighted the importance of preventing and detecting fraud. Many corporations managers, employees, stockholders, and government oversight agencies continue to fight with the unprofessional, unethical, and/or downright criminal conduct perpetrated by miscreants from inside and outside corporations. In addition, governments have developed new rules and regulations to ensure accurate financial reporting, such as the Sarbanes-Oxley Act. The Report to the Nation on Occupational Fraud and Abuse, a study conducted by the Association of ISBN: 978-960-474-293-6 55

Certified Fraud Examiners (ACFE) in 2010, suggests that the median losses for the company were about $160,000. Nearly one third of the fraud schemes caused a loss to the victim organization of more than $500,000 and almost one quarter of all reported cases topped the $1 million threshold. The report by the ACFE also measured the common methods of detecting fraud. Tips and complaints have consistently been the most effective means of detecting frauds, accounted for 35,8%, management review 15,4%, internal audit 11,6%, by accident 11,2%, account reconciliation 8,2%, document examination 6.0%, external audit 5,2%, monitoring 2,6%, police 2,5%, confession 1%, IT controls 0,5%. The ACFE defines occupational fraud and abuse (employee frauds) as: the use of one s occupation for personal gain through the deliberate misuse or theft of the employing organization s resources or assets. and financial statement fraud as: the deliberate misrepresentation of the financial condition of an enterprise accomplished through the intentional misstatement or omission of amounts or disclosures in the financial statements in order to deceive financial statement users. In recent years, professional auditing bodies have developed new audit standards and statements like Statement on Internal Auditing Standards 3 (SIAS 3) Deterrence, Detection, Investigation and Reporting of Fraud, SAS 53 The Auditor s Responsibility to Detect and Report Errors and Irregularities (provides guidelines for auditors in detecting fraud), SAS 99 Consideration of Fraud in a Financial Statement, pressuring more on auditors to deter and detect fraud. The International Federation of Accountants (IFAC) addressed one of the most important issues facing auditors today the responsibility for detecting fraud by releasing an International Standard of Auditing (ISA) entitled The Auditor s Responsibility to Consider Fraud in an Audit of Financial Statements (ISA 240). It states that auditors should be alert to risks of material misstatement due to fraud and are required to assess any such risks encountered during the course of an audit. In exercising the due professional care, external auditors must be ever alert to the possibility of criminal activity, wrongdoing, conflict of interest, inefficiencies, and other abuses, they need to be alert to the possibilities of intentional wrongdoing, errors and omissions, inefficiencies, waste, ineffectiveness, and conflicts of interest (Singleton T., 2010). Financial auditing typically refers to the process of evaluating compliance of financial information with regulatory standards, usually for public companies, by an external, independent entity. The well-publicized SOX incorporates concepts and procedures to deter and to catch fraud in audits of internal controls over financial reporting. However, the focus of financial audits and financial reporting ultimately is concerned with providing reasonable assurance that a material misstatement to financial statements has not occurred, regardless of the reason (Singleton T., 2010). Fraud auditing is a very different term, encouraging the detection and prevention of frauds in commercial transactions. Fraud auditing is the process of detecting, preventing, and correcting fraudulent activities. In the broadest sense, it is an awareness of many components of fraud, such as the human element, organizational behavior, knowledge of fraud, evidence and standards of proof, an awareness of the potentiality for fraud, and an appreciation of the red flags (Singleton T., 2010). The deterrence and detection of fraud, waste, and abuse requires an increasing amount of auditor time and energy. Fraud examiners and investigators are also finding more demand for their services, as companies facing difficult economic times can not afford to have profits wasted or stolen. While the greatest gains in efficiency can be achieved by maximizing the use of technology, auditors must have access to the data and software tools as well as the techniques and knowledge necessary to make intelligent use of vast amounts of financial and non-financial information. 2 Data mining basic concept The electronic environment in which companies operate, along with the controls on that environment, presents an array of complex systems, real-time variances, and worldwide applications. It is a major challenge for auditors to detect fraud in the IT systems. But it also provides a broad range of opportunities for the use of powerful interactive audit software and advanced auditing techniques. Thus, while the business environment is rapidly becoming more complex, there is also an increasing array of audit software, tools, and techniques to assist in fraud investigations. With the ever increasing system complexity, especially the computer-based accounting information systems including enterprise resource planning (ERP) systems, and the vast amount of transactions, it is impractical for auditors to conduct the overall audit manually. Auditing with the computer describes the employment of information technologies by auditors to perform some audit ISBN: 978-960-474-293-6 56

work, referred to as computer assisted auditing tools (CAATs). Generalized audit software (GAS) is an automated package originally developed in-house by professional auditing firms. It can be used by the auditor mostly in the execution and documentation phase (planning, analysis tools, calculation tools, sample selection tools, data manipulation tools, documents preparation tools). The techniques used by GAS should be employed appropriately to accomplish the audit objectives. Those techniques are: test data, integrated test facility, parallel simulation, system testing, continuous auditing). Data mining is a set of computer-assisted techniques designed to automatically mine large volumes of integrated data, for new, hidden or unexpected information, or patterns. In recent years, data mining has been studied extensively, especially on supporting customer relationship management (CRM) and fraud detection. The limitation of current CAATs combined with significant levels of fraud suggests the need for additional analytical procedures for an effective detection of economic fraud. 3 Fraud data mining life-cycle In the traditional sense, data mining is the use of data extraction software to examine data. Today, auditors are using data mining tools and techniques to examine the entire population of transactions in order to select samples for test controls and identify fraud. The general process model for data mining (CRISP-DM) can be successfully extended for fraud detection data mining projects. 3.1 Business understanding This initial phase converts project objectives and requirements from a business perspective into a data mining problem definition. The fraud audit is defined as a set of audit procedures performed over a business transaction population in order to increase the likelihood of identifying fraud. Using data mining in fraud audit or Fraud data mining is the process of obtaining and analyzing transactional data to identify anomalies or patterns indicative of a specific fraud scheme (Vona L., 2008). The objective is to find a discrete number of transactions that can be examined using fraud audit procedures. Fraud auditing final purpose is to identify one fraudulent transaction and afterwards have the audit plan dictate how the sample containing the transaction will be extended. Various data mining tools and techniques are used to identify transactions consistent with a specific fraud scheme. The resultant data provides the basis for identifying the fraud scheme variations, concealment strategies and associated red flags, and the fraud opportunity. (Vona L., 2008) 3.2 Data understanding Starting with an initial data collection, the auditor proceeds with various activities helping him get familiar with the data structure and actual data content. Multiple data sources are not uncommon and there may be more than one type. Interrogating each data source can also produce results in different formats. It is during this phase the auditor understands how data is being populated and retrieved across all data sources. For data sources directly accessible from a database, the database schema is being analyzed including table relations consisting of primary and foreign keys, data insertion procedures, various SQL triggers on different types of SQL operations. Not all data sources can be queried directly. In some cases the data can only be accessed through various third party software applications or web services. In order to retrieve the data, the auditor needs to be familiar with the corresponding APIs (application programing interface) or WSDL (web service description language) models. 3.3 Data preparation This phase covers all activities to construct the final data set from the initial raw data. It also includes data integration combining all data sources (databases, third party software applications, web services) into a single, central repository. Not all available data is relevant for fraud auditing. Restricting the initial data set to only the necessary, complete and consistent data will drastically improve the accuracy and reduce the resource requirements of subsequent data mining operations in terms of memory, disk space and cpu usage. Table and attribute selection are being applied to only target relevant data. With the knowledge of database schemas containing detailed information about each database table field, correlations can be established between a given fraud scheme and existing data. Table fields containing different type of information can be used for different type of fraud analysis. Duplicate and sequential data analysis can be performed on transaction control numbers, stratified data analysis can be performed on transaction codes allowing various types of data aggregations, change and circumvention analysis can be performed on various account types. ISBN: 978-960-474-293-6 57

Exclusion and inclusion filters further reduce the data set. Based on exclusion and inclusion theory, homogeneous transaction populations are being generated, excluding non relevant transactions for a given fraud schemas and including relevant ones. Both filters need to be applied in order to have full control on data reduction. In addition to the above, data merging can be performed with the help of aggregation functions, such metrics being widely used in fraud detection. Inconsistent and incomplete data is being removed as part of the cleansing process which stands out for fraud auditing compared to other data mining projects. Because in fraud auditing incomplete and inconsistent data can signal a fraud schema, special precautions need to be taken in order to ensure the data cleansing process doesn t eliminate fraud evidence. 3.4 Modeling against fraud data profile For each fraud schema various data mining techniques are being applied with their parameters being calibrated to optimal values. These techniques can be largely classified into four main classes with clustering, classification, regression and association rule learning tasks. Data mining methods used in the fraud audit process belong to all four classes and can be classified into the following categories: data description, dependency analysis, classification analysis, cluster analysis, outlier analysis, evolution analysis. 3.5 Sampling plan evaluation Each data mining technique can generate different data groups or samples containing transactions consistent with the given fraud scheme. In this phase a data mining technique or a combination of data mining techniques producing the best results is being selected as the sampling method for the given fraud schema. The main selection criteria is the rate of false positives, transaction identified as matching the fraud risk but being in fact non fraudulent. 3.6 Sample generation With the selection of data mining techniques for the given fraud schema, sampling is now possible. Fraud data mining is all about searching for a specific error. The approach to sampling is focused, nonrandom, and biased toward the given fraud scheme. The intent is not to offer an opinion on the effectiveness of the internal controls, but to search for fraudulent transactions. (Vona L., 2008). 3.7 Audit analytical procedures Performing audit analytical procedures over the data mining generated sample will yield audit evidence whether or not fraud is present within the sample. Audit analytical procedures typically involve performing test controls including observations, investigations, and account reconciliations. Following the conducted tests a reasonable assurance can be obtained against the verified data, allowing auditors to emit the audit opinion. 3.8 Sample expansion policies Each fraud schema has its own expansion policy allowing additional, related data to be retrieved. Such policies are conduction following an unqualified audit opinion in order to discover the full fraud extent throughout the company. 4 Conclusions Dealing with intricate transactions in large volume requires a considerable more effort from an increasing qualified personnel, more advanced tools to capture, analyze, present and report data. This increases costs and reduces the overall profitability. Covering the entire transaction data population, data mining techniques can increase fraud auditing accuracy at a fraction of the cost. Some techniques capable of unsupervised learning are even capable to automatically adapt to new fraud schemas and patterns. No data mining technique can produce meaningful results from invalid or inaccurate data. Prior to any data modeling, it is vital to prepare the raw data by performing selection, cleaning and formatting operations. Given a population of transactions, the business understanding and data understanding life cycle stages are conducted once for all fraud schemas. The remaining life cycle stages are influenced by the targeted fraud schema and are conducted separately, multiple times for each fraud schema. This keeps the number of false positives to a minimum having different data mining implementations for different fraud schemas. References: [1] ACFE, 2010 ACFE Report to the nations on ocupational fraud and abuse, Technical report- Global fraud survey 2010, 2010. [2] G.Apparao, Arun Singh, G.S.Rao, B.Lalitha Bhavani, K.Eswar, D.Rajani, Financial Statement Fraud Detection by Data Mining, Int. J. of Advanced Networking and ISBN: 978-960-474-293-6 58

Applications, Volume: 01 Issue: 03, 2009, Pp: 159-163. [3] G.J. Bologna, Lindquist R.J., Fraud Auditing and Forensic Accounting (2ed.), JohnWiley&Sons, 1995. [4] P. Chapman, J. Clinton, R. Kerbet, T. Khabaza, T. Reinartz, C.Shearer, R. Wirth, CRISP-DM 1.0, Step by step data mining guide, NCR Systems Engineering Copenhagen, 2000. [5] G. D. Coderre, Fraud Detection. Using Data Analysis Techniques to Detect Fraud, Global Audit Publications, 1999. [6] T. W. Singleton, A. J. Singleton, fraud auditing and forensic accounting, Fourth ed, JohnWiley&Sons, 2010). [7] L.W. Vona, Fraud risk assessment: building a fraud audit program, John Wiley & Sons, Inc., 2008. [8] J.T. Wells, Principles of Fraud Examination, JohnWiley&Sons, 2005. ISBN: 978-960-474-293-6 59

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information