Forensic Audit and Automated Oversight Federal Audit Executive Council September 24, 2009



Similar documents
Predictive Analysis Risk Analysis

Using Technology to Automate Fraud Detection Within Key Business Process Areas

The Federal Railroad Retirement Board (RRB) and Data Analytics

by: Scott Baranowski, CIA

AGA Kansas City Chapter Data Analytics & Continuous Monitoring

Why is Internal Audit so Hard?

Audit Readiness Essentials

Use of Data Extraction & Analysis Software In a Financial Statement Audit

Opening Statement of Senator Susan M. Collins Chairman, Committee on Homeland Security and Governmental Affairs

Fighting Fraud with Data Mining & Analysis

DISTRIBUTION: ASSISTANT G-1 FOR CIVILIAN PERSONNEL POLICY, DEPARTMENT OF THE ARMY DIRECTOR, PLANS, PROGRAMS, AND DIVERSITY, DEPARTMENT OF THE NAVY

Office of Investigations GEOFFREY CHERRINGTON, DEPUTY ASSISTANT INSPECTOR GENERAL FOR INVESTIGATIONS

ACL WHITEPAPER. Automating Fraud Detection: The Essential Guide. John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances

Leveraging Big Data to Mitigate Health Care Fraud Risk

Procurement Fraud Identification & Role of Data Mining

Using CAAT in Compliance

DoD Methodologies to Identify Improper Payments in the Military Health Benefits and Commercial Pay Programs Need Improvement

OIG Hotline. Overview Examples of Allegations That Should Be Reported to the OIG Hotline Guidelines for Reporting Fraud...

Five-Year Strategic Plan

Internet Access to Information on Office of Inspector General Oversight of Agency Implementation of the American Recovery and Reinvestment Act of 2009

Microsoft Confidential

REPORT ON INDEPENDENT EVALUATION AND ASSESSMENT OF INTERNAL CONTROL FOR CONTRACT OVERSIGHT

GOVERNANCE: Enhanced Controls Needed To Avoid Duplicate Payments

AUDIT REPORT REPORT NUMBER Information Technology Microsoft Software Licenses March 27, 2014

Keith Barger MFS, MCSE, CCE

Department of Homeland Security Office of Inspector General. Audit of Application Controls for FEMA's Individual Assistance Payment Application

Continuous Auditing with Data Analytics

Using Predictive Analytics to Detect Contract Fraud, Waste, and Abuse Case Study from U.S. Postal Service OIG

Implementation of the DoD Management Control Program for Navy Acquisition Category II and III Programs (D )

Department of Homeland Security Office of Inspector General

San Francisco Chapter. Jonathan Shipman, Ernst & Young David Morgan, Ernst & Young

LGMA Qld Governance and Corporate Planning Village Forum

Summary of DoD Office of the Inspector General Audits of DoD Financial Management Challenges

OFFICE OF INSPECTOR GENERAL

Fraud and Fraud Detection. A Data Analytics Approach + Website. Wiley Corporate F&A

Internal Control Review of the Government Purchase Card Program

Fraud Detection & Data Analytics

AUDIT REPORT Audit of Controls over GPO s Fleet Credit Card Program. September 28, 2012

Information overload: How to make data analytics work for the internal audit function

Implementing a New Technology: FPS Successes, Challenges, and Best Practices

Current Uses and Trends in ACL and Data Mining

Funding Invoices to Expedite the Closure of Contracts Before Transitioning to a New DoD Payment System (D )

UNITED STATES DEPARTMENT OF EDUCATION OFFICE OF INSPECTOR GENERAL 400 MARYLAND AVENUE, S.W. WASHINGTON, DC

Forensic Audit Building a World Class Program

INFORMATION TECHNOLOGY: Reservation System Infrastructure Updated, but Future System Sustainability Remains an Issue

NATIONAL OCEANIC AND ATMOSPHERIC ADMINISTRATION. Opportunities to Strengthen Internal Controls Over Improper Payments PUBLIC RELEASE

SYSTEMS AND CONTROLS. Management Assurances FEDERAL MANAGERS FINANCIAL INTEGRITY ACT (FMFIA) ASSURANCE STATEMENT FISCAL YEAR (FY) 2012

Strategies for Achieving Successful Audit Outcomes. Presented by: Noah Leiden, CPA Partner Patrick J. Fitzgerald, CPA Director

IBM QRadar Security Intelligence April 2013

DCAA New Tactics in Obtaining Contractor Internal audit reports

Unauthorized Use of the GPC Page 1 of 29 Welcome to Unauthorized Use of the GPC

Hexaware E-book on Predictive Analytics

ISOLATE AND ELIMINATE FRAUD THROUGH ADVANCED ANALYTICS. BENJAMIN CHIANG, CFE, CISA, CA Partner, Ernst and Young Advisory Singapore

Using Forensic Accounting to Detect Fraud in Public Service Organizations. Kevin M. Bronner, Ph.D. 1

Audit Report OFFICE OF INSPECTOR GENERAL. Farm Credit Administration s Purchase Card Program A Auditor-in-Charge Sonya Cerne.

Data Mining: Unlocking the Intelligence in Your Data. Marlon B. Williams, CPA, ACDA Partner, IT Advisory Services Weaver

Standards of. Conduct. Important Phone Number for Reporting Violations

U S I N G D A T A A N A L Y S I S T O M E E T T H E R E Q U I R E M E N T S O F R I S K B A S E D A U D I T I N G S T A N D A R D S

STATE OF NORTH CAROLINA

Sharon Kurek, CPA, CFE Director of Internal Audit

Acquisition. Controls for the DoD Aviation Into-Plane Reimbursement Card (D ) October 3, 2002

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL. Doug A. Ringler, C.P.A., C.I.A. AUDITOR GENERAL ENTERPRISE DATA WAREHOUSE

Security strategies to stay off the Børsen front page

Citibank Presents: Techniques for Establishing a Successful Audit Process

Data Analytics: Applying Data Analytics to a Continuous Controls Auditing / Monitoring Solution

AUDIT TIPS FOR MANAGING DISASTER-RELATED PROJECT COSTS

Status of Enterprise Resource Planning Systems Cost, Schedule, and Management Actions Taken to Address Prior Recommendations

Enterprise Forensics and ediscovery (EnCase) Privacy Impact Assessment

Audit of the Administrative and Loan Accounting Center, Austin, Texas

Transcription:

Forensic Audit and Automated Oversight Federal Audit Executive Council September 24, 2009 Dr. Brett Baker, CPA, CISA Assistant Inspector General for Audit U.S. Department of Commerce OIG

Overview Forensic Audit and Automated Oversight Data Mining Techniques Equipment and Software Forensic Approach 2

Forensic Audit and Automated Oversight Definition of Forensic Audit Audit that specifically looks for financial misconduct, abusive or wasteful activity. Close coordination with investigators More than Computer Assisted Audit Techniques (CAATs) Forensic audit is growing in the Federal government GAO s Forensic Audit and Special Investigations (FSI) DoDIGData Mining Federal outlays are $2 trillion annually Approximately 11,000 OIG staff to provide oversight OMB estimates improper payments for Federal government at $72B (4%) GAGAS requires tests for fraud in audit work 100% review using automated business rules versus statistical sampling There is a place for both Automated Oversight Continuous monitoring Quick response 3

FY2008 Improper Payment Estimates

Data Versus Information An Endless Maze of Data... but No Information 5

What is Data Mining? Refers to the use of machine learning and statistical analysis for the purpose of finding patterns in data sets. If You Know Exactly What You Are Looking for, Use Structured Query Language (SQL). If You Know Only Vaguely What You Are Looking for, Turn to Data Mining. Most often used (up until recently) in marketing and customer analysis 6

Different Levels of Knowledge Data Facts, numbers Information Summary Reports ACL, IDEA Knowledge Descriptive Analytics SAS, SPSS, ACL, IDEA Wisdom Predictive Analytics Clementine Intelligent Miner Enterprise Miner 7

Data Analysis Software - Fosters Creativity Can perform the tests wanted, instead of being limited to what technical staff can, or will, provide Not limited to just predetermined data formats and/or relationships Can create relationships, check calculations and perform comparisons Can examine all records, not just a sample Useful for identifying misappropriation of assets and fraudulent financial reporting Allows limitless number of analytical relationships to be assessed within large databases comparing large databases Identifies anomalies 8

Common Data Analysis Tests and Techniques Join Summarization Corrupt data (conversion) Blank fields (noteworthy if field is mandatory) Invalid dates Bounds testing Completeness Uniqueness Invalid codes Unreliable computed fields Illogical field relationships Trend analysis Duplicates 9

Control Charts

Frequency Distribution Anomalous Activity Normal Activity Anomalous Activity

Comparing Data Files (Three-Bucket Theory) Vendors Not Paid Yet Vendors Paid and In Vendor Table Vendors Paid but not In Vendor Table Vendor Table Disbursing Transactions

Hardware and Software Applications Hardware SQL servers Mainframe (QMF) Docking stations Terminal server Software Applications Data mining and predictive analytics, e.g., Clementine Data interrogation e.g., ACL, IDEA, MS Access, Excel Statistical analysis e.g., SPSS and SAS Link analysis I2 Lexis-Nexis Data conversion utilities (Monarch) Internet, open-source research Access to system query tools 13

Forensic Audit Approach Audit objectives and audit universe Work with investigations Structured brainstorming Consider SME conference Identify indicators of potential fraud and ways to find in data Process to identify financial risks Map out the end-to-end process Identify systems and key processes Identify key controls Identify and obtain transaction-level data Record layout 1000 record dump ACL, IDEA, and Monarch can read virtually any data format Flat files, Delimited files, Dbase files, MS Access, Report files,. No file size limits Build targeted business rules and run against data Examine anomalies 14

End-to-End Payment Universe Forensic Audit Approach Personnel Systems Accounting Systems Contracting Systems Central Contractor Registry People Pay Entitlement Systems Commercial Pay Entitlement Systems Disbursing Systems $$ Treasury Check Federal Reserve System Commercial Bank Data Analysis 15

Growing a Forensic Audit Capability Developing an organization-wide capability All audit staff should have basic skill with ACL, IDEA, Access Forensic audit units perform more sophisticated analyses Phased development Staffing system savvy, critical thinking, analytical, business process knowledge Hardware and software Training.then immediate application to work Standard audit programs should include data analysis steps Include data analysis measures in staff performance plans Reporting Forensic Audit Results Tables Process flows.30,000 feet Forensic techniques used in audit can help improve process recommend them 16

DoD Joint Purchase Card Review (2002) Purpose Develop an automated oversight capability to identify anomalies in purchase card data that may indicate fraud or abuse Joint effort of all Defense audit and investigation organizations Transaction Universe 12 million purchase card transactions ($6.5B) 200,000 cardholders and 40,000 authorizing officials Data mining Results Developed 46 fraud indicators from SME conferences 6.5 million transactions (1+ indicator) 13,393 transactions (combinations of indicators) 2066 cardholders and 1604 approving officials in 752 locations 8243 transactions (researched by auditors ) 1250 questioned transactions (some level of misuse) Outcomes - 175 cases with adverse action and 75 investigations opened - Capability to embed data mining indicators in credit card company systems to promote continuous monitoring

Top Performing Combinations 97% Adult Internet sites, Weekend/Holidays 67% Purchases from 1 vendor, CH=AO 57% Adult Internet sites 57% Internet transactions, 3rd party billing 53% Interesting vendors, many transactions 43% Even dollars, near limit, same vendor, vendor business w/few CHs

Examples of Misuse and Abuse Splitting procurements Purchasing goods or services which, although for a valid governmental purpose, are prohibited on a purchase card Purchasing items for which there is no government need Engaging in fraudulent activity Invoices were being certified without being reviewed.

Way Ahead Set up working group to see where the OIG community is with forensic audit and automated oversight Offer assistance to OIGs on development and expansion of capabilities

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information