DATA ANALYSIS Flashcards
Data Analysis Checklist
• Ensure data validity and data integrity.
• Consider data format and structure
Count the zeros. Perform a preliminary analysis to ensure that the key strategic issue you are about to develop is worth the effort before initiating your fraud investigation.
• Consider the spectrum of distinct levels of aggregation at which fraud monitoring is required. Determine the lowest level (transaction level), the highest level (multiparty criminal conspiracies), and the intervening layers that may be present in your industry and respective data.
• Begin with the end in mind.
Evaluating Data Analysis Software
• Data import/export capabilities. Considering your data format and structure, how easily is data imported/exported?
• Data visualisation. How easy is it to move your data from a spreadsheet into a graphic for analysis and interpretation?
• Look for a suite of tools. Just as there is not one screwdriver for every job, there is not only one software program for your fraud intelligence efforts. Choose the most appropriate set of tools per your data and then select the software that best fits your current and future needs.
• Develop a two-pronged effort of using the computer to acquire fraud intelligence. Use commercial
software currently on the market and begin collaborative activities with the academics at
your local university. There are numerous software packages in various stages of development in academia that are in need of data to test their product. This can prove to be a win-win for both parties. You have the data and the academics have the prototype software.
Evaluating Data Mining Consultants
- Innovation. The data mining environment is relatively new. How does the individual stay current? Look for professional associations, publications, and training in your area of investigation.
- Creativity. Can the individual work in a creative environment, such as fraud intelligence? Can the individual work unsupervised and be expected to produce results? Since fraud is a moving target, how has a past client’s platform altered from the original investigation? Why/how did that occur? What were the results?
- Experience. Does the individual have experience in the type of investigation you are planning? Does the individual have experience in the type of software/tools you are planning to use? Does the individual have experience in the type of data you have?
Fraud Detection Techniques for Accounts Payable
VENDOR SUMMARY TOTALS PERIOD ONE TO PERIOD TWO COMPARISON
This is a basic analytical report to identify trends in a vendor’s purchase history. A trend analysis should be completed to identify key vendors with whom activity has increased or decreased substantially. This can best be assessed using the dollar and percentage variance fields, which can be added as calculated fields in Excel. Based on the changes in the business environment and/or new company projects, a reasonableness assessment should be performed on the vendor changes.
Fraud Detection Techniques for Accounts Payable DESCRIPTIVE STATISTICS/BENFORD’S LAW ANALYSIS
The descriptive statistics provide maximum amount, minimum amount, average amount, and other high-level statistics. These statistics should be reviewed for reasonableness; for example, a high number of negative amounts or a maximum amount that looks too high might not be reasonable.
Then a Benford’s Law analysis of the first two digits of your data, as well as a list of all amounts from highest to lowest frequency, is provided for review. Benford’s Law maintains that certain digits show up more than others. A “1” will appear as the first non-zero digit roughly 30 percent of the time; “2” will be the leading digit 18 percent of the time; “9” will
lead off only 4.6 percent of the time. Zero is most likely to be the second digit, appearing 12 percent of the time. With Benford’s Law, you can tell if someone fakes data that are derived from other data. It can also identify errors within the data that appear “out of place” given their frequency of appearance
Fraud Detection Techniques for Accounts Payable ABOVE AVERAGE PAYMENTS TO A VENDOR (MORE THAN TWO TIMES THE AVERAGE)
Unusually large payments to a vendor in relation to the average are a sign of error (e.g., a key-punch error) or fraud (e.g., a kickback scheme in which the vendor is paid additional amounts that are kicked-back to the employee entering the payment into the system).For vendors with unusual payments above the average, a sample of the “average” payment invoices, as well as the unusual payment invoices should be reviewed. The reasonableness of the purchase should be assessed based on the documentation reviewed. The auditor should be keenly aware of the potential for a key punch error regarding the unusual payment and/of the possibility of the vendor purposely overcharging the organization.
Fraud Detection Techniques for Accounts Payable DUPLICATE PAYMENT TESTING
Duplicate payments to vendors normally represent errors that the computer system was unable to detect. In most systems, a check will be made as to whether the vendor number, invoice number, and amount are the same. This test could be run to ensure this basic control is operational and also to test for other permutations of duplication. Any results from this test should be reviewed first for trends. For example, rent payments that occur on a monthly basis may appear to be duplicate payments when, in fact, they are simply regularly occurring payments. Note also that certain accounting packages allow the issuance of partial payments (e.g., a payment to the same vendor with the same invoice number and amount). Therefore,
the auditor should determine whether the system allows such payments and, if so, omit them
prior to running this application.
Voided checks should also be reviewed; if a payment is made first on a regular check and
then on a voided one, only one payment was technically made.
Fraud Detection Techniques for Accounts Payable EMPLOYEE-TO-VENDOR ADDRESS MATCH
This test identifies identical or similar fields between the master tables of vendors and employees in an attempt to identify fraudulent payments to employees. While this test explains how to complete this task for addresses, the same could be done for phone numbers, tax identification numbers, and other personal information.
Once the results are produced, the auditor should scan them to determine if there are any valid address matches between the employee and vendor tables. As a next step, a Query Sheet could be created of the actual invoices posted to any questionable vendor to determine if they are fraudulent. Two notes when completing this review are:
• Because this exercise may detect fraud, it may be beneficial to locate the invoices or vendor information independent of the accounts payable department (who may be culpable for creating the false vendor account).
• Because it is common to pay employee travel and entertainment expenses or employee
advances, this should be the key reason to not consider the payments fraudulent. If possible, the vendor file should be filtered for all employee travel and entertainment vendor accounts prior to running this test.
Fraud Detection Techniques for Accounts Payable
IDENTIFYING PAYMENTS MADE AFTER PERIOD END FOR VALID LIABILITIES AT PERIOD END
This report works to identify unrecorded liabilities. A common scheme is for an organization
to “hold” an invoice by not entering it into the system. Then, after period end, the invoice
will be entered into the system, thereby evading the expense charge in the period under
review.
The invoices identified in this test should be reviewed for reasonableness and materiality. If
not material, further test work may not be considered necessary. If material, trends may be
identified in the types of invoices or the vendor. The final analysis should include pulling the
actual invoices to determine whether they are for services rendered or products received
before the period end.
Fraud Detection Techniques for Accounts Payable
IDENTIFY EXCEEDED PURCHASE ORDERS
This report works to identify authorization issues within an accounts payable process
whereby the invoices paid exceed the approved purchase order amounts. Aside from
assessing the authorized limits, this reports tests the system control that should not allow an
invoice to be paid above a predetermined limit (normally between 5 and 10 percent).
The report may also highlight frauds:
• In which a valid purchase order is provided to authorize payment, yet inflated payments
are made to assist the fraudster in some way.
• In which vendors working with an employee create a purchase order with valid unit
prices, yet inflate those prices when the invoices are sent.
This test may highlight a control issue within the computer system, (which should check for
exceeded purchase orders), or it may identify numerous overrides to the computer system.
These overrides may be within the normal course of business (e.g., purchase order prices
were meant to be at the invoice price rate, but were entered in error on the purchase order),
but may also highlight fraudulent activity. Regardless, the auditor should walk through the
process of entering a purchase order and associated invoices to understand the system
controls. Once understood, the differences presented in this test can be investigated by
vouching to purchase order and invoice documentation
Fraud Detection Techniques for the General Ledger
STRATIFY GENERAL LEDGER DETAIL INFORMATION
The stratification report should be reviewed for:
• Unreasonably large balances for which the activity could be queried for recalculation and
proper classification
• A high number of transactions with low accumulated activity for possible consolidation
• Planning detailed testing of the journal entry approval process
Fraud Detection Techniques for the General Ledger JOURNAL ENTRY GAP TESTS
Gaps may signal incomplete data processing or, in the situation of journal entries, possible hidden entries. Gaps in the journal entry sequence should be reviewed with the accounting department. The
test work should answer the following questions:
• What procedures are in place to document and approve all gaps in the sequences?
• How are gaps communicated to management?
Fraud Detection Techniques for the General Ledger IDENTIFY NONSTANDARD JOURNAL ENTRIES MADE IN A TIMEFRAME AFTER YEAR
END RELATED TO SPECIFIC ACCOUNTS
Nonstandard journal entries are generally those that are posted manually, rather than through an automated feed from a fixed asset or accounts receivable sub-ledger. Such entries are more prone to error and fraud mainly due to human error, the judgment applied to support the entry, and the possibility of an override by management in authorizing the entry. This is especially true for entries made just after year end (related to the prior year), as these entries are more prone to be adjustments for the fiscal year’s annual reporting.
Given the above, the test for these entries should include:
• Reviewing the journal entry and associated supporting documentation
• Ensuring the approvals are appropriate for the size and nature of the journal entry
• Assessing whether Generally Accepted Accounting Principles (GAAP) are being applied
Fraud Detection Techniques for the General Ledger SUMMARISE ACTIVITY BY USER ACCOUNT
This test looks for:
• Standard names such as “default” or “test.” These names usually have equally simple passwords for a hacker to guess and should generally be avoided. Replacements to these generic user IDs would be specific IDs associated with the person using the system (e.g., “jsmith”).
• Unrecognized or terminated employees. This test focuses on the responsiveness within the MIS function to ensure that only authorized employees have system access. Compare the list created by this test to an active employee roster to spot any violations.
• Users who have access beyond their level of responsibility. This access may highlight a
nonsegregation of duties in which a person has an opportunity to commit fraud by being able to initiate, authorize, and/or record a transaction.
The resulting report should be reviewed bearing in mind the above considerations.
Recommended steps include:
• Delete default passwords and replace them with specific IDs
• Delete employees who are not on the active employee roster
• Review users who are posting high activity or who may have access to other non-segregated functions and assess whether other controls are needed to mitigate the such individuals’ access
Fraud Detection Techniques for Revenue
MISSING/UNUSUAL CUSTOMER MASTERFILE INFORMATION/MATCH TO PRIOR YEAR
FOR CHANGES
This report will identify changes in the customer masterfile, such as additions and deletions.
Given that most systems do not track the changes in the customer masterfile (e.g., there is no “Last Maintained on Date” field), this report is sometimes the only means of determining changes in the customer master. The fraud examiner should review major additions and/or deletions to the customer masterfile. Given that there is a high potential for fraud on newly added customers (e.g.,
posting false sales invoices to phony customer accounts to inflate period-end sales balances),
the names and addresses for such customers should be reviewed against employees with the
ability to enter invoices into the system. This can be done using the accounts payable test described in this book that matched vendor addresses to employee addresses. Since this exercise may detect fraud, it may be beneficial to locate the invoices or customer files independent of the accounts receivable department (which may be culpable for creating the false customer accounts).