Data analytics, the essential and underutilized tool in detecting, assessing, and preventing fraud

The unrelenting advancement of technology is affecting virtually every aspect of our lives.  And as technology becomes more pervasive, so do schemes to commit fraud. Fraudsters are taking advantage of users’ inexperience with newer technology and weaknesses in the controls to perpetuate these schemes.  This is proving to be a challenge for evaluators, auditors and investigators in their efforts to identify and detect fraud.  However, technology is also a tool that can help prevent and detect fraud. Data analysis techniques can search for the symptoms on fraud that are buried in the millions of transactions flowing through the business process.

KPMG in the article “Using Analytics to Successfully Detect Fraud” ( stated that the use of analytics is critical as fraudsters become increasingly more tech-savvy.  However, this requires access to reliable data and the ability to access and analyze the data.

Data is the life blood of all business processes and not having an ability to monitor and assess fraud risks and critical controls can result in a failure to anticipate or detect a hemorrhage situation where cash, intellectual property or key competitive or personal information is flowing out of the organization and into the hands of fraudsters.

Analytics can provide organizations with the ability to proactively identify fraud risk and detect instances of fraud earlier.  The Association of Certified Fraud Examiners (ACFE) Report to the Nations 2016 ( reported a 50% reduction in duration and a 60% reduction in losses when proactive data analytics were used.

The book “Computer –Aided Fraud Prevention and Detection: A Step-by-Step Guide” describes two approaches used to identify fraud risks and control exposures.  The first looks at control weaknesses and assesses how these exposures could be exploited.  The second starts with the key information or data fields and examines who could modify or manipulate these critical pieces of information; and then assesses the controls that should be in place to prevent this from happening.  The essential element of both approaches is examining the business process from the perspective of the fraudster – basically who can do what and why.

The first approach encourages you to think about the possible control weaknesses; and to answer four questions:

  • Who could benefit from the control weaknesses?
  • How could they be involved?
  • What can they influence, control or affect to permit the fraud to occur?
  • Can they Act alone or is Collusion Required?

By looking at the adequacy and effectiveness of critical controls you can identify the critical opportunities for fraud.

The second approach starts with the key fields and identifies the key controls that should be in place.  You are encouraged to consider the key pieces of information required by the business process; and ask five questions:

  • Who can create, modify or delete this information?
  • Why might they do this?
  • What are the key controls to prevent this from happening?
  • What tests can be performed to see if someone is committing a fraud?
  • What is the source of the data and does it have integrity?

Once you have identified a control weakness or key fields that could be altered in order to commit a fraud, the next step is to examine the actual data.

There are two types of symptoms of fraud that may occur in the data known and unknown.  The ideal situation is one where the risks are measurable and the symptoms known.  In these cases, it is possible to develop specific tests to look for symptoms.  However, sometimes the symptoms are not well-known or understood.  Another approach looks for anomalies or patterns in the data to detect symptoms of fraud – unknown symptoms.  Fraud in particular, often looks different than a normal transaction – but is hidden by the volume of transactions.  The fraudulent transactions often follow an unusual pattern or trend, such as an excessive use of management override to bypass key controls.  By filtering, sorting, summing, and performing other manipulations on the data, the fraud transactions often stand out.  A filter can easily identify instances where contracting authority was exceeded (e.g. contracts over the contracting limit for the individual) or avoided (e.g. split contracts).  A simple sort on credit card number, insurance policy number, invoice number, vendor name, employee number, etc will quickly reveal transactions that are not within the normal pattern (e.g. insurance policies that start with ‘9’ where all others start with the year “2014”).  Examining key dates can find fraud – for example reviewing the date the contract bid was submitted to find bids submitted after bid close date; or identifying patterns in the contracts such as the ‘last bid wins’.  A review of the completeness and integrity of the data can highlight fraudulent transactions – for example, examining mandatory fields to identify instances where there is no employee number, or an invalid employee number, but the employee is still being paid; or negative receipt quantities where the receiving clerk is entering negative “receipts” to lower the inventory levels in the inventory system and then stealing the “excess” items.  Comparisons of data in different systems can also identify frauds such as persons on the payroll who are not in the employee database or can highlight unusual rates of pay.

Data analysis can provide you with an indication of where to look and what to look for.  It can focus your review; and help you to rule out transactions that are correct.  In addition, with known frauds, you can use it to size the extent of the loss.  You can also use it to see if the same symptoms are occurring elsewhere.  Finally, in many cases, data analysis will be a direct pointer to the critical evidence – the forged check, the serial number of the stolen item, or the evidence of collusion.

Leave a comment