Unearthing fraud with forensic data mining

Filed under: News | Tags:,

First sophisticated computer systems swoop in, brushing away surface dust to excavate potential fraud — experts call this forensic data mining.

Then certified fraud examiners sift through the dirt and muck to determine if data is occupational fraud or sloppy bookkeeping — also known as forensic data analysis.

Each suspected fraud case is unique, but they all have a common characteristic — the “potato-chip theory — you can’t just eat one,” said Bob Johnson, a certified fraud examiner and president of Robert D. Johnson, an accounting firm.

Once an employee gets away with a small amount of fraud, he or she is emboldened, increasing the amount and frequency of theft.

Data mining programs help fraud examiners focus on specific risk areas. Rather than selecting a sample or digging through records, Johnson said, they can search electronic files for specific attributes of fraud.

Small companies most vulnerable

Small companies are especially vulnerable to occupational fraud because there is little or no oversight.
The owner is often too busy to ask questions or look at bank statements, and typically trusts the bookkeeper or manager implicitly.
“Small businesses generally do a poor job of proactively detecting fraud. Less than 10 percent of small companies had anonymous fraud reporting systems, and less than 20 percent had internal audit departments, conducted surprise audits, or conducted fraud training for their employees and managers.”
Companies with 100 or fewer employees suffer a median fraud loss of $190,000. For companies with 100 to 999 employees, the median loss is $179,000 — compared to $120,000 for 1,000 to 9,999 employees and $150,000 for 10,000 or more employees.
In the cases reviewed for the ACFE’s 2006 report, organizations with anonymous fraud hotlines suffered a median loss of $100,000, vs. a median loss of $200,000 for organizations without hotlines.

Source: 2006 Association of Certified Fraud Examiners’ Report to the Nation on Occupational Fraud & Abuse.

Rand Gambrell, a CFE and managing consultant of forensics and dispute consulting at BKD, said forensic teams can recover electronic data from desktop and laptop computers, external hard drives, USB flash drives, cell phones and personal digital assistants — and detect the use of data destruction tools.

Common areas in which data mining is used include employees and payroll, vendors and accounts payable, expense reimbursement, loans (for financial institutions), sales and inventory.

The data examined includes employees with no deductions, no sick/vacation/time off, payroll activity subsequent to termination and employee vs. department vs. company baselines (dollars and hours).

Benford’s Law of Expected Frequencies is used to analyze the first and second digits of all checks and payments. Fictitious payments tend to disrupt the normal pattern, Gambrell said.

Name and address mining includes phonetic matching, anagram searches, duplicate employee identifications or Social Security numbers, proximity of employees to vendors by converting addresses to GPS coordinates and overlaying them on a map, nonexistent or invalid addresses, etc.

“This is analysis on steroids,” Gambrell said. “We used to only be able to do sampling — to look at a few vendors, addresses or payments. Now we can look at an entire population of data and identify patterns.”

Some fraud schemes are rather simple, but can still be difficult to detect, Gambrell said. Such as the case in which the CEO of a nonprofit used his organization’s credit card to buy gas for all the employees of his construction company.

And with advances in technology and sophisticated means of committing fraud, examiners need all the help and computer programs they can get.

“Fraud has changed — but so has our ability to detect it,” Johnson said.
The FBI does “proactive analysis” through a system called Investigative Data Warehouse, said Karen Benz, supervisory special agent for a white-collar crime squad in Colorado.
“IDW allows the review of data — that once took days or months — in minutes or seconds,” Benz said.

Data analysis can lead to detection of mortgage fraud, bank fraud, corporate fraud, securities fraud, money laundering and terrorism financing, she said.
And, for most companies, it’s never too soon to use forensic data mining or to set up hotlines for anonymous tips.

“It’s not a question of if, but when, fraud will be committed in a company,” said Jim Vogt, certified fraud examiner and senior vice president of treasury management at Vectra Bank. “All too often we make suggestions to companies, but they don’t (implement) them” until after fraud is detected.

“A responsible company will put deterrents in place,” he said. “Be up front — let your employees know that controls are in place and that you run regular tests. Part of deterrence is to tell people.”

Human nature, Vogt said, is to trust people. But deterrents don’t have to be about mistrust.
“You are doing your employees a favor to have controls and separation of duties in place,” he said. “You are protecting your employees.”

Some of the red flags that may indicate employees are committing occupational fraud include wanting to handle all the complaints, or “workaholics” who refuse to take vacations or relinquish control of their turf, or employees living beyond their means or dissatisfied with their jobs.
Fraud is in every profession, and it will never go away.

“As long as we have business — and a medium of exchange,” Johnson said, “we’ll have fraud.”