Top 25 Tests for Analytic Superheroes

Transcription

1 CLICK TO EDIT MASTER TITLE STYLE. Lots of paragraph Top 25 Tests for Analytic Superheroes Presented by: Phil Lim, Product Manager, ACL Prepared for the 2014 ACFE Fraud Conference June 2014

2 CLICK TO EDIT MASTER TITLE STYLE. Lots of paragraph OBJECTIVE: Superhero combat techniques and analytic superweapons to battle the super villains of FRAUD, WASTE, AND ABUSE

3 CLICK TARGET TO Areas EDIT MASTER TITLE STYLE. Lots of paragraph Travel and Entertainment T&E General Ledger and Record to Report GL/R2R Payroll Including Human Resources / Timekeeping IT Information Technology and Access Purchase to Payment P2P Order to Cash O2C 3

4 CLICK TO EDIT MASTER TITLE STYLE. Lots of paragraph RULES for Analytic Testing

5 CLICK RULES TO for EDIT Analytic MASTER Testing TITLE STYLE. Lots of paragraph copy goes here, and here and RULE here. #1: QUICK WINS Choose a specific, narrow risk where there are likely findings. RULE #2: Use Proper Tools Battling super villains takes analytic super weapons and super powers. What s in your toolbelt? 5

6 CLICK TO EDIT MASTER TITLE STYLE. Lots of paragraph AREA 1: Travel and Entertainment Expenses (T&E)

7 CLICK Data Acquisition TO EDIT MASTER for T&E TITLE STYLE. Lots of paragraph Discover existing data feeds. For organizations using Concur, You re probably already receiving the Standard Accounting Extract (SAE) Which data fields are required? (refer to handout) 7

8 CLICK TO EDIT MASTER TITLE STYLE THE DAILY NEWS. Lots of paragraph THE WORLD S FAVOURITE NEWSPAPER - Since 1879 EXCESSIVE EXPENSES NOW UNDER SCRUTINY OF ANALYTIC SUPERHERO As the new analytic Or how about a single superhero dawns on the transaction limit of $1000? city, evil super villains It's easy to identify the undoubtedly scatter, hiding individual transactions over in the shadow of their lairs, these limits, but what brooding over their next analytic superpowers can move. Perhaps they've we apply to target the been preparing for this transactions that moment for years, were split to avoid scrutiny? organizing their minions and creating their own dark protocols to avoid Surely you can create an analysis to identify single transactions over the limit, capture. $75 individual but the above technique meal limits. $150 hotel per night limits. allows you to target those transactions purposefully

9 CLICK TEST TO #1 EDIT MASTER TITLE STYLE. Lots of paragraph T&E Split Purchases Risk An employee» Fifth submits level two separate expense transactions for a single expense to avoid a transaction limit. Test Identify travel and entertainment (T&E) expenses by the same employee, to the same expense type, on the same date, where each expense is less than the limit, but total to greater than the limit.

10 CLICK TO Analytic EDIT MASTER Superweapon: TITLE STYLE Detecting Splits! Click 1. Define to edit your Master threshold. text styles Click to E.g. edit $75 Master meal text limit styles. Lots of paragraph 2. Filter out transactions below the threshold. 3. Subtotal amounts based on key fields E.g. ACL SUMMARIZE on Employee, Expense Date, Expense Type, SUBTOTAL amount 4. Identify amount subtotals greater than threshold.

11 CLICK TEST TO #2 EDIT MASTER TITLE STYLE. Lots of paragraph T&E Double Dip Risk An employee» Fifth submits level a corporate card transaction receipt as an out-of-pocket (OOP) expense for reimbursement. Test Identify travel and entertainment (T&E) expense transactions where there is both a corporate card transaction and an out-of-pocket (OOP) to the same employee for the same amount.

12 CLICK TO Analytic EDIT MASTER Superweapon: TITLE STYLE Detecting Double Dips Click 1. Bucket to edit transactions Master text into styles groups using a conditional computed field Click for to payment edit Master type text styles. Lots of paragraph copy goes E.g. here, OOP, and Corporate here and Card here. 2. Determine whether there are any transactions by same employee with the same amount» Fifth but level different payment types

13 CLICK TEST TO #3 EDIT MASTER TITLE STYLE. Lots of paragraph T&E Gasoline, Mileage, and Car Rentals Risk An employee» Fifth submits level a gasoline expense when using a personal vehicle for corporate travel. Test Identify travel and entertainment (T&E) expense transactions where there is both a corporate card transaction and an out-of-pocket (OOP) to the same employee with the same amount.

14 CLICK TO Analytic EDIT MASTER Superweapon: TITLE STYLE Detecting Correlations Click 1. If transactions to edit Master are text on one styles table, EXTRACT the different type of Click transactions to edit Master to different text styles. tables Lots of paragraph T&E Transactions Mileage 2. JOIN tables together based on key fields to identify correlations that either should or shouldn t exist Mileage Expense Reports w Both Gasoline JOIN on Expense Report #

15 CLICK TEST TO #4 EDIT MASTER TITLE STYLE. Lots of paragraph T&E Expense Profiling Risk A corporate culture exists where travel and entertainment (T&E) expenses are not well controlled. Test Identify average expense transaction sizes by business unit/division/department.

16 CLICK TO Analytic EDIT MASTER Superweapon: TITLE STYLE Calculating Averages Per Category Click 1. SUMMARIZE to edit Master by the text key styles field(s) to get totals and counts, calculate Click average to edit Master text styles. Lots of paragraph copy goes E.g. here, Summarize and here and on Department here. & Expense Type, subtotalling on expense amount Dept Exp Type Amount COUNT Average Sales W NAM» Fifth Airfare level Sales W NAM Meals Marketing Meals Marketing Hotels Be aware of: Hotel charges per nights

17 CLICK TEST TO #5 EDIT MASTER TITLE STYLE. Lots of paragraph T&E Excessive Group Meals Risk Documentation of group meal attendees is incomplete, creating a compliance or policy issue. Test Identify average amount of group meals per attendee; report cases where the average amount per attendee is greater than a specified threshold.

18 CLICK TEST TO #6 EDIT MASTER TITLE STYLE. Lots of paragraph T&E Round Amounts Risk Transactions with round amounts may be an indication of use for purchasing gift cards or cash advances. Test Identify transactions with amounts that are divisible by a specified divisor, totaling greater than a specified threshold for an employee.

19 CLICK TEST TO #7 EDIT MASTER TITLE STYLE Click T&E to edit High Master Average text styles Value Merchants. Lots of paragraph copy goes Employee here, and creates here and a fictitious here. invoice or receipt Second Or sets level up a credit card merchant account for a small business Uses Third corporate level card or expense process to syphon funds Risk A fictitious merchant has been set up by an employee to fraudulently claim funds for services or goods that are not for business purposes. Test Identify merchants where the average amount per employee using that merchant is high.

20 CLICK High Average TO EDIT Value MASTER Merchants TITLE Example STYLE Employee Merchant Expense Payment Type # of Unique Avg Per Amount Emps Employee Shannon U. Simmons WESTCOAST TOOL SALES & CARD Lots of paragraph Shannon U. Simmons WESTCOAST TOOL SALES & CARD Shannon U. Simmons WESTCOAST TOOL SALES & CARD Shannon U. Simmons WESTCOAST TOOL SALES & CARD Shannon U. Simmons WESTCOAST TOOL SALES & OOP Shannon U. Simmons WESTCOAST TOOL SALES & OOP Idona F. Bryan REBOOT COMUNICATIONS LTD 8025 CARD Elliott F. Nielsen PRODUCTION 4280 CARD Ian Carlson PRODUCTION CARD Hayley E. Blankenship ITSMF INC CARD Hayley E. Blankenship ITSMF INC CARD

21 CLICK TO EDIT MASTER TITLE STYLE. Lots of paragraph AREA 2: Record to Report (R2R) / General Ledger (GL)

22 CLICK Data Acquisition TO EDIT MASTER for Record TITLE to Report STYLE and General Ledger. Lots of paragraph 1.Some of the largest data sets 2.Posting dates vs effective dates vs entered dates vs modified dates 3.Reversed entries 22

23 CLICK TEST TO #8 EDIT MASTER TITLE STYLE Suspicious Keyword in Journal Entries. Lots of paragraph Risk Posted entries may not be authorized or valid. Test Identify any journal entries containing descriptions that could indicate an invalid or suspicious entry.

24 CLICK TEST TO #9 EDIT MASTER TITLE STYLE. Lots of paragraph GL Stratification of Accounts Risk Posted entries may not be authorized or valid. Test Stratify a particular general ledger account to look for journal entries that are outside of the normal range of values posted to the account.

25 CLICK GL Stratification TO EDIT MASTER Example TITLE STYLE. Lots of paragraph 25

26 CLICK TEST TO #10 EDIT MASTER TITLE STYLE. Lots of paragraph GL Entries with Outlier Amounts Risk Posted entries may not be authorized or valid. Test Select journal entries that deviate more than two standard deviations from the average posted amount to the account.

27 CLICK TO EDIT MASTER TITLE STYLE. Lots of paragraph AREA 3: Payroll (PAY), Timekeeping, and Human Resources (HR)

28 CLICK Data Acquisition TO EDIT MASTER for Payroll, TITLE Timekeeping, STYLE and Human Resources Click Key systems to edit Master text styles. Lots of paragraph copy HR goes Data here, and here and here. Employee Second Master level data: employee names, statuses, start dates and end dates, salaries, titles, reporting structures Payroll Transaction data Pay checks: deductions, pay codes Timekeeping data Timesheets: worked hours, approvals, overtime Common Application Systems Peoplesoft, Kronos, ADP 28

29 CLICK TEST TO #11 EDIT MASTER TITLE STYLE. Lots of paragraph PAYROLL - Multiple Salary Increases Risk Unauthorized salary increases create an opportunity for fraud or waste. Test Identify any employees with more than three different base salaries in the past 12 months.

30 CLICK TEST TO #12 EDIT MASTER TITLE STYLE. Lots of paragraph PAYROLL - Timesheet Self-Editing Risk Unauthorized changes to historical paycodes may represent an opportunity for waste and fraud. Test Identify any employees that have applied more than a certain threshold of paycode edits to their own timecards within the investigation period.

31 CLICK TEST TO #13 EDIT MASTER TITLE STYLE. Lots of paragraph PAYROLL Phantom Employees Risk Phantom» employees Fifth level on the payroll may be used to channel funds to an unauthorized party, or as a vehicle for fraud. Test Identify duplicate employee records where there is more than one employee associated with the same bank account or address.

32 CLICK TO EDIT MASTER TITLE STYLE. Lots of paragraph A quick pause General Indicators of Fraud, Waste, and Abuse

33 CLICK General TO Indicators EDIT MASTER TITLE STYLE TEST. Lots of paragraph copy goes here, Sensitive and here Data Changes and here. R Thresholds & Splits Employee Termination/Leave Timing Round Amounts Ask yourself, In the process that I m examining, how would these indicators manifest? DOCS OK Duplicates & Double Dips Outliers Conflicts of Interest Segregation of Duties Optional Data Elements Keywords 33

34 CLICK General TO Indicators EDIT MASTER TITLE STYLE. Lots of paragraph Payment Thresholds & Splits TEST R Employee Termination/Leave Sensitive Data Changes Timing Round Amounts Purchase Receiving Payroll Revenue Expenses TEST R Thresholds Employee Termination/Leave Sensitive Data Changes Timing Round Amounts DOCS OK Duplicates & Double Dips Outliers Conflicts of Interest Segregation of Duties Optional Data Elements Keywords DOCS Duplicates & Double Dips Outliers Conflicts of Interest OK Segregation of Duties Optional Data Elements Keywords 34

35 CLICK TO EDIT MASTER TITLE STYLE. Lots of paragraph AREA 4: Information Technology and Information Systems (IT)

36 CLICK TEST TO #14 EDIT MASTER TITLE STYLE. Lots of paragraph IT Segregation of Duties Risk An employee s temporary access or changes in role may allow a breach in segregation of duties to occur Test Identify invoices where the creator or modifier of the invoice is also the creator or modifier of the vendor

37 CLICK TEST TO #15 EDIT MASTER TITLE STYLE. Lots of paragraph IT Privileged User Access Risk Users with elevated access for system administration or maintenance abuse their access Test Identify prohibited activities by super users for review by management

38 CLICK TO EDIT MASTER TITLE STYLE. Lots of paragraph AREA 5: Purchase to Payment (P2P)

39 CLICK Data Acquisition TO EDIT MASTER for Purchase TITLE to STYLE Payment. Lots of paragraph copy Key Data goes Elements here, and here and here. Requisitions, Purchase Orders, Receivables Invoices, Payments Vendors, Vendor Addresses, Vendor Bank Accounts Common Application Systems SAP, Oracle Applications, Peoplesoft, JDE, Lawson 39

40 CLICK TEST TO #16 EDIT MASTER TITLE STYLE. Lots of paragraph P2P Employee Vendor Match Risk Vendors matching employee addresses may be used to channel funds to an employee in an unauthorized manner Test Identify invoices to vendors matching the numeric address of an employee

41 CLICK TO Analytic EDIT MASTER Superweapon: TITLE STYLE Matching Address Data Click 1. Easiest to edit way Master to match text address styles data is using numeric match using the Click INCLUDE() to edit Master function text on styles. address Lots and of paragraph postal code: Second INCLUDE( 123 level Main St , ) becomes

42 CLICK TEST TO #17 EDIT MASTER TITLE STYLE. Lots of paragraph P2P Non-PO Purchases Risk Vendor payments not following the standard purchasing process present a higher risk Test Identify vendors with non-po transactions greater than a specified threshold

43 CLICK TEST TO #18 EDIT MASTER TITLE STYLE Click to P2P edit Master Duplicate text Payments styles. Lots (Duplicate of paragraph Vendors) Risk Multiple vendors Fourth level exist in the payables system leading to duplicate payments Test Identify invoices with the same amount, to different vendors, with one of: Same numeric address Same bank account Same vendor tax id Same vendor name Same invoice document reference

44 CLICK TEST TO #19 EDIT MASTER TITLE STYLE P2P Duplicate Payments (miskeying invoice number). Lots of paragraph Risk A miskeying of the invoice number leads to a duplicate payment Test Identify invoices with the same amount, to the same vendor, with different invoice number pattern

45 CLICK TEST TO #20 EDIT MASTER TITLE STYLE. Lots of paragraph P2P Blanket Receipts Risk Purchases» Fifth for level services or multiple scheduled shipments are received all at once, creating a recognition issue and a risk that the services/goods are never received. Test Identify purchase receipts larger than a threshold where the largest related invoice is smaller than a certain percentage of the purchase receipt.

46 CLICK Blanket TO Receipts EDIT MASTER Scenario TITLE #1 STYLE. Lots of paragraph copy goes Purchase here, and here Order and here. $100K Receipts Invoices $35K $35K 46

47 CLICK Blanket TO Receipts EDIT MASTER Scenario TITLE #1 STYLE. Lots of paragraph copy goes Purchase here, and here Order and here. Receipts Invoices $100K $35K $35K $35K $35K 47

48 CLICK Blanket TO Receipts EDIT MASTER Scenario TITLE #2 STYLE. Lots of paragraph copy goes Purchase here, and here Order and here. Receipt $100K $100K Invoice $5K 48

49 CLICK TEST TO #21 EDIT MASTER TITLE STYLE. Lots of paragraph P2P Vendor Master Changes Risk Critical data elements of a vendor may be manipulated to channel funds to an unauthorized party Test Identify vendors where critical data elements (address, bank account number, name) have changed more than X times in a short time.

50 CLICK TEST TO #22 EDIT MASTER TITLE STYLE. Lots of paragraph P2P Early Payments Risk Early payments present an opportunity cost of capital and may be an indication of a conflict of interest between an employee and vendor. Test Based on a standard payment term and cost of capital rate, identify early payments that have created an opportunity cost greater than a threshold.

51 CLICK TO EDIT MASTER TITLE STYLE. Lots of paragraph AREA 6: Order to Cash (O2C)

52 CLICK TEST TO #23 EDIT MASTER TITLE STYLE. Lots of paragraph O2C Channel Stuffing Risk Sales orders created during critical periods (e.g. at the end of the fiscal quarter) are sold in higher quantity than necessary and/or heavily discounted, resulting in an overstatement in revenues or overpayment of commissions. Test Identify patterns of potential channel stuffing in sales representatives, sales management, or sales branches/locations.

53 CLICK Channel TO Stuffing EDIT MASTER Example TITLE STYLE. Lots of paragraph Average Weekly Sales Sales Location Beg Of Normal End Of Qtr % Increase Qtr Sales Location Third level Sales Location Sales Location Sales Location Sales Location

54 CLICK Channel TO Stuffing EDIT MASTER Approach TITLE STYLE. Lots of paragraph (1) Identify the critical periods for the organization, and define timeframes for beginning of periods and end of periods. e.g., Fiscal Quarters, 2 weeks prior to end of FQ, 1 week after FQ(2) Define the key fields that will be used for identifying patterns. (2) Define the key fields that will be used for identifying patterns. e.g., customer account number, sales representative number, sales location branch number, product number, etc. (3) Calculate key metrics that would be monitored for identifying patterns. e.g., Average weekly volumes by a sales location branch for the beginning of quarter weeks, end of quarter weeks, and regular weeks. (4) Based on the key fields in (2) and metrics in (3), identify suspicious outlier patterns. e.g., Sales location > 20% difference between average end of quarter week volume and average beginning of quarter week volume. 54

55 CLICK TEST TO #24 EDIT MASTER TITLE STYLE. Lots of paragraph O2C Customer Credit Limits Risk Credit limits to customers are not reviewed on a regular basis Test Identify customers with unusual credit limits or with credit limits that have not been reviewed in more than X months

56 CLICK TEST TO #25 EDIT MASTER TITLE STYLE. Lots of paragraph O2C Sanctioned Customer Testing Risk The organization is doing business with an entity that is on a sanction list by the US government Test Report transactions with customers having names matching the SAM list (System for Award Management, sam.gov)

57 CLICK TO EDIT MASTER TITLE STYLE. Lots of paragraph Dealing with False Positives

58 CLICK Remediation TO EDIT Workflow MASTER TITLE STYLE. Lots of paragraph Lack of Commitment to Remediate False Positives How do we measure the value? 58

59 CLICK Remediation TO EDIT Workflow MASTER TITLE STYLE. Lots of paragraph Lack of Commitment to Remediate False Positives How do we measure the value? Another Excel report that sits on a shared drive/inbox Impact: wasted effort, missed opportunities, weaker control 59

60 CLICK Remediation TO EDIT Workflow MASTER TITLE STYLE. Lots of paragraph Lack of Commitment to Remediate False Positives How do we measure the value? Document the root cause for false positives Previously Reported Need to Whitelist Analytic Logic Issue Immaterial Not Investigated Implement a workflow for each of the root causes 60

61 CLICK Example TO Workflow EDIT MASTER TITLE STYLE. Lots of paragraph New Exception: copy goes Weekend/Holiday here, and here and here. PCARD Manager PCARD purchase Initial Review by PCARD Admin Approval and Review Add to Whitelist Data Analyst Closed No Issue Closed Corrected Need to Whitelist Analytic Logic Issue Previously Reported Immaterial Not Investigated Corrected Adjust Analytic Logic Auditor Closed Not Investigated Sample Closed Exceptions Process Governance 61

62 CLICK Remediation TO EDIT Workflow MASTER TITLE STYLE Measuring key metrics Ratio of closed corrected. Lots of paragraph exceptions and false positives (analytic efficiency) Total and Count of closed Lack of Commitment corrected exceptions trended to Remediate Fourth level (improved control) Overall spend trend (improved control) False Positives How do we measure the value? Analytic efficiency can be measured for each analytic individually Don t be afraid to adjust and decommission 62

63 CLICK TO EDIT MASTER TITLE STYLE. Lots of paragraph For more information please contact me: Phil Lim