monitoring data to understand employee behavior data to understand employee... · monitoring data...

The better the question. The better the answer.�The better the world works.

Monitoring data to

understand employee

behavior

Amos Yogev, Nadav Dar

September 2017

Contents

► Survey findings – Highlights

► ACFE Initiatives

► Data analytics as a monitoring platform

► Detecting fraud and corruption

► Monitoring Bribery and Corruption risks

► Case study

► Closure – Open Discussion

April 2017 EMEIA Fraud Survey 2017of 32

Survey summary – High lights


Survey summary – High lights

Are your employees making ethical choices?► Today’s businesses are operating in an uncertain economic

environment. Popular discontent with globalization, political

instability and slower growth in emerging markets is placing

pressure on companies as they seek alternative ways to meet

ambitious revenue targets.

Monitoring data to understand

employee behaviours

Increased global connectivity means

that a company’s assets are at greater

risk from theft, damage or manipulation

by insiders than ever before.

75%Believe that companies should monitor data to

understand employee behaviours


Monitoring data to understand employee behavior

► An organization’s critical digital and physical assets are at greater risk of theft, damage and manipulation

by insiders than ever before. Increased global connectivity means that anyone with access to company

data, anywhere in the world, can exploit weaknesses in data security. Often, these are trusted

employees who have been permitted access to, or have knowledge of, critical data sources.

► Seventy-five percent of our respondents say their companies should monitor data sources such as

emails, telephone calls or messaging services, and yet, 89% of respondents would consider monitoring

these data sources as a violation of their privacy.


Cyber breach response management


ACFE Initiatives


ACFE InitiativesThe Fraud Tree


ACFE InitiativesHow frauds are detected

Almost 50% by tip

or by accident


ACFE InitiativesDuration of Fraud Schemes


Data analytics as a monitoring platform


Data driven approach

Source of value

An

aly

tics m

atu

rity

Impact on organization

►Leveraging analytics to monitor

process performance across

key business cycles

►Benchmark process metrics

against external performance

indicators

►Integrate analytics into the

annual risk assessment process

Business insight

Insight

Strategic and value

advisor

►Apply predictive modeling

techniques to process

optimization or risk

management.

►Enhance strategic decisioning

with qualitative analytics

Value

►Repeatable process and controls

analytics across key business

cycles: FSCP, P2P, O2C, HR.

►Identification of fraud risk

indicators prevalent in transaction

activity

►Forms the basis for a continuous

monitoring/auditing

Monitor control and

compliance structure

Controls


Analytics provide higher long-term benefits

► Increased insight

► Typically automated collection/evaluation

► High sample sizes/decreased false positives

► Frees up resources to focus on other high-risk areas

► Frequent, faster and more accurate analysis

► Decrease in opportunity for human error

► Incremental and more extensive testing is practical

► Capability/benefit tends to increase with complexity and asthe organization evolves

Relatively higher initial costs for analytics can yield significantly more long-term benefit

Investment

requiredBenefits earned

► Typically Labor-intensive manual collection/evaluation

► Limited samples/relatively infrequent tests

► Narrow time period/stressful remediation

► Test procedures are limited in scope

► Capability/benefit tends to lessen with complexity and as the organization evolves

Traditional method

Data analytics


Forensic analytics maturity model

False Positive RateHigh Low

Str

uctu

red

Da

ta

Detection RateLow High

Un

stru

ctu

red

Da

ta

“Traditional” rules-Based Tests(Excel, ACL, Access, SQL , etc.)

Matching, Grouping, Ordering,

Joining, Filtering

Statistical-Based Analysis(SPSS, Polyanalyst, SAS, etc.)

Predictive Modeling, Anomaly Detection,

Clustering, Risk Ranking

Traditional Keyword Searching(dtSearch)

Keyword Search

Data Visualization & Text Mining(Tableau, Polyanalyst, Spotfire, etc.)

Data visualization, Drill-down into data, Text Mining


Detecting fraud and corruption


Type of Fraud

► There is a great diversity of fraudulent activities which a company can fall victim to; fraud exists at some

level in every company.

Management

• Fraudulent Transactions

• Insider Trading

• Transactions with related parties

• Fraudulent Financial Statements

Customers

• Fake Advertisement

• Incomplete Shipments

• Defective Products

• Price Fixing

Sales Associates

• Fictitious

Customers/Sales

• Expense padding

• FCPA Violations

Employees

• T&E manipulation

• Asset (Cash/Inventory/Fixed Asset or

Data Theft)

• Fake Vendor Schemes

• Phantom employees

Competitors

• Theft of Commercial Secrets

• Employee Bribes

Vendors and

Suppliers

• Incomplete Shipments

• Duplicate Invoicing

• Fictitious / Inaccurate

Invoicing

• Employee Bribes

Company Name


Common Analytics areas

► Cash Disbursements

► General Ledger

► Materials Management &

Inventory Control

► Purchase Order Management

► Salaries & Payroll

► Travel & Expenses

► Vendor Management

► Payment Cards

Asset Misappropriation


Inventory Control


► Sales Analysis

► Travel & Expenses

► Vendor Management

Corruption / FCPA

► Accounts Payable

► Account Receivable

► Deposits

► General Ledger


Inventory Control


► Revenue Recognition /

Procure to Pay

► Sales Analysis

Financial Statement


Classic Techniques for detecting fraud

► Calculation of statistical parameters (e.g., averages, standard deviations, high/low values) – to

identify outliers that could indicate fraud.

► Classification – to find patterns amongst data elements.

► Stratification of numbers – to identify unusual (i.e., excessively high or low) entries.

► Joining different diverse sources – to identify matching values (such as names, addresses, and

account numbers) where they shouldn’t exist.

► Duplicate testing – to identify duplicate transactions such as payments, claims, or expense report

items.

► Gap testing – to identify missing values in sequential data where there should be none.

► Summing of numeric values – to identify control totals that may have been falsified.

► Validating entry dates – to identify suspicious or inappropriate times for postings or data entry

► Text mining


Find Hidden Money… Recover Erroneous, Negligent or Fraudulent Payments

DifferentVendor ID

SameDate

ExactSameAmount

DifferentInvoice #

Same Reference /Job Code

Similar namesSome with sameaddress


Forensic Analytics Example Exact and Fuzzy Matching

► Employee Consultants

► Direct Payments

► Friends & Family Program


Monitoring Bribery and Corruption risks


Monitoring Bribery and Corruption risks

Two Broad Provisions of the FCPA:

► Anti-bribery: Prohibits bribery (corrupt payments) to foreign officials to obtain or retain business

► Books and records: Requires companies with securities registered under the Securities

Exchange Act of 1934 to make and keep appropriate books and records and to maintain a

system of adequate internal accounting controls.

DOJ’s 10 elements of effective compliance

How will the regulators determine the effectiveness of a

program?

1.Commitment from senior management

2.Code of conduct and compliance policies and procedures

3.Compliance program oversight, autonomy and resources

4.Risk assessment

5.Training and continuing advice

6.Incentives and disciplinary actions

7.Third-party due diligence and payments

8.Confidential reporting and internal investigation

9.Continuous improvement: periodic testing and review

10.Pre-acquisition due diligence and post-acquisition

integration


Advanced data analyticsUse of analytics in anti-corruption assessments

Higher Risk Transactions

Vendors not in VMF

or one-time vendors

GL Account or vendor type

Text Analytics

(concept or keyword)

“Geospatial” searches to identify where spending is

occurringRound amounts

Low/high amount outliers

Transactions below authorization or

documentation thresholds


EY / ACFE Library of ‘Keywords’(Over 3,000 terms in various languages)

Rationalization Incentive/ Pressure Opportunity

…I deserve it

…nobody will find out

…gray area

…they owe it to me

…everybody does it

…fix it later

…the company can afford it

…not hurting anyone

…won’t miss it

…don’t get paid enough

…make the number

…don’t let the auditor find out

…don’t leave a trail

…not comfortable

…why are we doing this

…pull out all the stops

…do not volunteer information

…want no part of this

…only a timing difference

…not ethical

…special fees

…client side storage

…off the books

…cash advance

…side commission

…backdate

…no inspection

…no receipt

…smooth earnings

…pull earnings forward


Corruption Perceptions Index 2016

April 2017 EMEIA Fraud Survey 2017

Case study


Case studyT&E review - Risk ranking criteria

Background

► $450 million in total T&E

analyzed over 24 month period,

covering 36,000 employees

► Objective: Risk rank the

36,000 employees by level and

business unit from highest to

lowest risk

► Approach: Developed around

40 targeted T&E expense

related tests into a risk model

► Result: Identified over $8

million in potential recoveries

(abuse, waste, fraud, potential

bribery & corruption) as well as

several internal controls

improvements

► Result: Developed a

repeatable methodology for

future audits


Case studyT&E review - Employee risk matrix

► Employees are prioritized based on:

► Number of tests an employee’s T&E transaction hit upon

► The individual importance/weighting of each test

Sorted from 1 to 36,000!

We focused on the top 500.

Ranked across approximately 40 tests.

Data has been sanitized.


Case studyT&E review - Visual Dashboards

Who entertained whom, where, what and for how much?”


Case studyT&E review - Employee Risk Scoring


Closure


ClosureRoadmap - Three year projected maturity capability


More information


For more information on our services contact:

► Nadav Dar, CPA (Isr.), Senior Manager, Fraud Investigation & Dispute

Services, EY Israel

►

Mobile: +972-50-7861906 [email protected]

mailto:[email protected]

monitoring data to understand employee behavior data to understand employee... · monitoring data...

Documents