Using Analytics to Successfully Detect Fraud

This post has already been read 759 times!
0 Flares Twitter 0 Facebook 0 0 Flares ×

According to a 2016 study, typical organizations lose about 5% of revenues to fraud.[1] The Society of Fraud of Fraud Examiners estimates that in the US alone, over $600 billion in white collar crime takes place annually. As business transactions become more complex and transactions move at a rapidly increasing pace, fraud is a problem for all types and sizes of enterprises.

As more companies adopt big data solutions, KPMG produced a series of trusting data in a variety of commercial industries and situations. As concerns about fraud apply across all industries, the following article helps to explain how certain forms of data should be applied to help provide a higher level of confidence.

Using Analytics to Successfully Detect FraudNormally, companies use data and analytics (D&A) to identify suspicious information to help identify potential indicators of fraudulent activities. In addition, D&A can be used to monitor employee behavior as well. However, before any actions should be taken to counter suspected fraud, there should be a high degree of confidence that the data does reveal actionable information. Indeed, getting it wrong can be worse than the actual damages of suspected fraud. Indeed, the potential legal ramifications of false charges are what make some companies pull back when it comes to pursuing fraudulent activities by customers or employees. According to recent research by KPMG, very few companies are employing analytics successfully for the detection of fraud. Research shows that many companies aren’t sure enough or confident enough to design and implement a D&A fraud detection program that can ensure success and confidence.

It is of utmost importance that the sources of data for analysis should include the processes in which an employee could possibly influence a transaction, such as employee expense reports, accounts payable and any transaction that includes the handling of cash. Needless to say, the data has to be accurate and up-to-date, and the sources of the data need to be well-known and understood.

Fraud detection data should be based on key metrics and established variations from the norms. Just identifying variations can lead to unintentional mistakes in procedure rather than intentional fraud. A critical step is being able to discern false positives of the real thing. While data alone does not tell the whole story, it is a starting point and a “heads up” of where to look for potential fraud. This is where the analysis portion of the D&A comes in. However, before the actual process of investigation takes place, the validity of the “trigger” data must have a high level of confidence and trust. According to the KPMG research, too many false positives might cause corporate leaders to lose confidence in the process. If each potential case is investigated aggressively, employees and other stakeholders could also lose faith in the program and trust in their employer.

More companies are including data analysis for fraud protection, but the adoption has been too slow. This is mainly due to the lack of knowledge needed to establish a long-term, comprehensive algorithm for fraud detection. Programs that include machine learning and AI must be alert for programming routines that may generate large populations of false positives, which require time and resources to examine and these techniques require considerable time, effort and resources of the company.

A very important consideration for any D&A fraud program is maintaining ethical integrity. This entails that all stakeholders agree to the fraud detection and analysis policies and procedures. Management should make sure that any fraud detection policies and procedures be considered acceptable by such stakeholders as employees, suppliers, customers, business partners, and regulators.  In the opinion of KPMG researchers, this integrity is the most important because “it addresses some of the most sensitive areas of the relationship between the company and its stakeholders, in which trust plays a vital role.”

The most sensitive part of any fraud detection and action program is the manner in which the investigation is carried out. Fraud examiners are trained how to comply with legal requirements of a civil or criminal investigation such as chain of custody of evidence and how to conduct investigative interviews. Not many companies have staff with this sort of training to handle things internally. Given the rather serious bite that fraud can take out of revenue, it makes sense to have a program that includes either internal or external experts to take on the sensitive and potentially explosive investigative and action portion of the fraud prevention program. Keep in mind that important customers and their employees can be on the wrong end of the problem.  Most companies would choose to resolve fraud problems internally rather than through outside regulatory entities. The theory is that stakeholders prefer to have more control over the situation than opening it up to outside scrutiny or even awareness.

In summary, billions of dollars of revenue are lost each year due to fraud. It makes sense for most companies to have a formalized and proven fraud prevention program in place. However, the key to alerting potential fraudulent situations can be much more effective when employing data and analytics before taking any concrete action. This requires the development of a high degree of confidence in the data and what analysis may imply before taking any subsequent actions.

Bottomline, it is much better to have a fraud protection in place than not to at least send the message that management is watching and ready to take action. Indeed, given the size and ubiquity of fraud, it would be negligent not to have such a policy in place.

[1] 2016 Report to the Nations on Occupational Fraud and Abuse, Association of Certified Fraud Examiners (ACFE).


Additional Reading

Statistically Speaking – When is data “significant?”

About Using Big Data: The Three Core Dependencies You Can’t Live Without


If you liked this article, we'll be happy to send you one email a month to let you know the newest edition of the MetaOps/MetaExperts MegEzine has been published. Just fill the form below.