BACKGROUND
Even though some organisations are
disinclined to report fraud, it is still necessary to try to prevent and detect
it. There is, however, some confusion over who exactly is responsible for this
task, with many non-auditors having the misconception that it is the duty of
auditors, internal or external, to uncover fraud. From the external auditors’
perspective, their role is to say whether the financial statements fairly
represent the operations of the company. Internal auditors would argue that
revealing fraud is not their ultimate goal – they aim to test the effectiveness
of internal controls. In reality, it’s much more likely that errors rather than
frauds will be found during an audit.
Under the
Companies (Auditor’s Report) Order, 2020 – CARO 2020 – the Statutory Auditor is
required to report on fraud and whistle-blower complaints as below:
(a) Has there
been any fraud by the company or any fraud done on the company? Has any such
fraud been noticed or reported at any time of the year? If yes, the nature and
amount involved have to be reported.
(b) Whether
the auditors of the company have filed a report in Form ADT-4 with the Central
Government as prescribed under the Companies (Audit and Auditors) Rules, 2014?
(c) In case of
receipt of whistle-blower complaints, whether the complaints have been
considered by the auditor.
While
uncovering fraud may not be an auditor’s main responsibility, there is
certainly a variety of tools, tests and processes that can be utilised to
detect it. And data analytics increases the chances of uncovering fraud.
WHAT IS FORENSIC
ACCOUNTING?
Forensic
accounting is a specialty practice area where accounting, auditing and
investigative skills are used to analyse information that is suitable for use
in a court of law.
Forensic
accountants are often engaged to quantify damages in instances related to fraud
and embezzlement, as well as on matters involving insurance, personal injury,
business disputes, business interruption, divorce and marital disputes,
construction, environmental damages, cyber-crime, products liability, business
valuation and more.
What is
fraud investigation?
Fraud investigation is the process of
resolving allegations of fraud from inception to disposition. Standard tasks
include obtaining evidence, reporting, testifying to findings and assisting in
fraud detection and prevention.
Developing an
investigation plan includes:
(i) Review and gain a basic
understanding of key issues.
(ii) Define the goals of the
investigation.
(iii) Identify whom to keep
informed.
(iv) Determine the terms of
reference and timeline for completion.
(v) Address the need for law
enforcement assistance.
(vi) Define team member roles and
assign tasks.
(vii) Outline the course of
action.
(viii) Prepare the organisation
for the investigation.
What is
fraud analytics?
Fraud
analytics is an integral part of fraud investigation. Fraud analytics combines
analytic technology and techniques with human interaction to help detect
potential improper transactions, such as those based on fraud and / or bribery,
either before the transactions are completed or as they occur.
The process of
fraud analytics involves gathering and storing relevant data and mining it for
patterns, discrepancies and anomalies. The findings are then translated into
insights that can allow a company to manage potential threats before they occur
as well as develop a proactive fraud and bribery detection environment.
KEY REASONS FOR USING DATA ANALYTICS FOR FRAUD DETECTION
Forensic data
analysis tools help organisations to fully realise or realise to a credible
extent early fraud detection, increased business transparency and reduced costs
of their anti-fraud programme.
Some of the
key reasons for using forensic data analysis tools are:
(A) Early fraud detection.
(B) Ability to detect fraud that
could not be detected earlier.
(C) Faster response in
investigations.
(D) Increased business
transparency.
(E) Getting the business to take
more responsibility for managing the company’s anti-fraud programme.
(F) Reduced costs of the
anti-fraud programme.
Case
study on fraud analytics – ‘Procure to Pay’
‘Procure to
Pay’ is one of the major areas of success with fraud analytics. The main
objective is to check for the validity of items. This encompasses supplier
overpricing, invalid invoices, frauds of various types, accidental duplication
and simply picking up out-of-control expenses.
Some of the
illustrative fraud analytics tests for visualisation and / or red flag
detection are:
1. Analyse purchases or payments
by value bands and identify unusual trends.
2. Test for splitting,
particularly below threshold authority limits.
3. Summarise by type of payment
– regular supplier, one-time supplier, etc.
4. Analyse by period to
determine seasonal fluctuations.
5. Analyse late shipments for
impact on jobs, projects, or sales orders due.
6. Reconcile orders received
with the purchase orders to identify shipments not ordered.
7. Report on purchasing
performance by location.
8. Summarise item delivery and
quality and compare vendor performance.
9. Compare accrued payables to
received items to reconcile to general ledger.
10. Check for continued purchases
despite high rate of returns, rejections, or credits.
11. Track scheduled receipt dates
versus actual receipt dates.
12. Identify price increases
higher than acceptable percentages.
13. Capture invoices without a
valid purchase order.
14. Find invoices for more than
one purchase order authorisation.
15. Isolate and extract pricing
and receipt quantity variations by vendor and purchase order.
16. Filter out multiple invoices
just under approval cut-off levels.
17. Detect invoice payments on
weekends or public holidays.
18. Find high value items being
bought from a single vendor.
19. Aging analysis of open orders
beyond a specified number of months.
20. Changes to orders in terms of
quantity and unit price after receipt of material.
21. Orders raised after receipt of
material and / or after receipt of supplier’s bills.
22. Sequential orders raised on
suspect vendors.
23. Backdating of orders.
24. Same material being bought
under different material codes.
25. Same material being bought
from the same vendor on different payment terms and / or delivery terms.
26. Payments to vendors initiated
and approved by the same user.
27. Same vendor having multiple
vendor codes of which one or more code/s have debit balances (on account of
advances) while other code/s are receiving bill-based payments without
adjusting the on-account advances.
28. Duplicate bill payments to a
vendor against the same invoice and order – exact match on invoice.
29. Duplicate bill payments to a
vendor against the same invoice and order – near match on invoice (fuzzy
pattern-based match).
30. Material bought at a higher
price from a vendor when there is an open order within the system for the same
material pending delivery at a lower price.
The examples
given in this article are based on use of IDEA Data Analysis Tool. However, a
reader can choose and use any Data Analytical Tool for conducting such fraud
analytics.
Case
Study 1 – Using Benford’s Law in IDEA Software to identify Vendor Payment
splitting and / or skimming
In this tool Benford’s Law has been
incorporated for easy detection of red flags. Any significant alteration to the
natural flow of numbers is identified in the form of a graph. The graph
containing many specialised views is designed to identify common forms of
fraud.
Benford’s Law
lets you compare your data under review for patterns predicted by Benford’s Law
of Digital Analysis. Spot irregularities by analysing digits in numerical data
sets to capture potential fraud (exploratory analytics). Apply the Benford’s
Law – Last 2 Digits Test, to detect skimming and circumvention of vendor
payments just below a threshold approval limit as seen in the ‘Highly
Suspicious’ red bars in the Benford’s screenshot below.
Case
Study 2 – Apply the Relative Size Factor (RSF) test to capture Vendor Payment
outliers
The purpose of
the Relative Size Factor (RSF) test is to identify anomalies where the largest
amount for subsets in a given key is outside the norm for those subsets. This
test compares the top two amounts for each subset and calculates the RSF for
each. The RSF test utilises the largest and the second largest amount to
calculate a ratio based on purchases that are grouped by vendors in order to
identify potential fraudulent activities in invoice payment data, as has often
been suggested in fraud examination literature.
Case Study 3 – Apply the Fuzzy Duplicate test to
capture duplicate pattern matches
The Fuzzy
Duplicate task identifies pattern-based matching (similar) records within
selected character field/s and then groups them based on their degree of
similarity. Identify multiple similar records within selected character fields
to detect data entry errors, multiple data conventions for recording
information and fraud. Generate a potential list of pattern matching duplicates
on the Inventory Description in an Inventory Master Dump.
Case
Study 4 – Apply Anti-Bribery and Corruption checks through Search on a General
Ledger narration field
A search
provides keyword searching capabilities to find text within fields in a database
without the need to write code / equations to execute the search criteria.
Anti-bribery and corruption checks can be applied through Search on a General
Ledger to look for the narration field containing key words like ‘gift’,
‘donation’, ‘suspense’ and other such text.
CONCLUSION
Incorporating
an anti-fraud programme for internal auditors (even for external / statutory
auditors) is extremely important, irrespective of the requirement of the law as
the top management and stakeholders are moving towards ‘zero tolerance’ of such
incidents. If a process / area has been reviewed / audited and later there are
incidents of fraud detected, then there is always a close scrutiny of the work
carried out by the internal auditor.
With the
advent of technology and the data explosion, it is necessary for the internal
auditor to employ data analytics tools and techniques, or ‘Fraud Analytics’,
for:
*
comprehensive coverage of process / area under review,
* storing
evidence using the analytics tool on the steps taken for each test, full
coverage of the period under review or even sample selection,
* devising and
completing various tests for detecting any anomaly or red flags,
* focusing on
transactions / areas which show patterns which deviate from the norms.
