Fraud Detection: What’s Under the Rug?
By Penny Borjas
Identifying fraud has always been an important goal for organizations across the globe. The current economic turmoil, however, is pushing fraud detection higher on everyone’s priority list. Unfortunately, few companies are taking advantage of technology solutions that can actively target key risk areas – instead of relying on sporadic hotline calls or anonymous tips.
According to the 2008 Report to the Nation from the Association of Certified Fraud Examiners, over 50 percent of fraud was detected through tips or by accident. Of the fraudulent activities detected by tips, a full 31 percent came through hotline calls. While any method that successfully uncovers fraud is valuable, it’s astonishing that more companies don’t use technology to proactively pursue fraud.
As a fraud manager for a global food and beverage company, I’m focused on understanding the risks within my organization and the industry at large. I need to know what our standard data looks like and how to find areas where red flags might emerge. There’s a common misconception that large organizations have all the necessary resources to develop and maintain airtight controls. In my experience, however, the sheer volume of data can become overwhelming. There are so many transactions that large companies can quickly lose control over their information – a virtual invitation for people to take advantage of loopholes and dark corners in the data. I’ve also had managers say, “There are just too many transactions. We can’t look for just the anomalies in the millions of records.”
Thanks to the power of audit analytics, there’s nothing to stop an organization from proactively targeting and even preventing fraud. Technology makes it possible to quickly analyze complete data populations. Instead of pulling random samples or relying on those all-too-rare hotline calls, you can actively target specific data patterns, activities and exceptions that uncover fraud.
Here are three case studies that demonstrate how proactive data mining can expose fraudulent activities.
Time and attendance analysis
When I was working in the health care industry, we developed a technology-based project to monitor staff time and attendance data. Health care professionals (such as physicians, nurses and specialists) are paid in different ways, depending on the nature of their positions, the work, and the facility. All the pay rates have unique electronic codes, so my team began by pulling the code for staff members working on-call. We looked at typical on-call data and learned what would comprise accurate coding. We then set up constraints and exception conditions, such as a maximum number of consecutive hours spent on-call. We used audit analytics to pull the files and quickly ran the data through our script.
Immediately, we found staff members who had supposedly worked on-call 24 hours a day, seven days a week (an impossibility) or were paid for on-call time while they were away on vacation. It was an extremely fast, straightforward data analysis project that quickly highlighted potential time and attendance fraud.
Expense reports
In another former position, I worked for an organization with approximately 300,000 employees worldwide. As the Fraud Manager for the Accounts Payable department, I was running a test on employee expense reports when I noticed something unusual in the data. At this organization, the expense reporting tool was designed to communicate with the credit card vendor’s system in order to download travel and expense credit charges directly into the employee’s expense report. When an employee loaded the expense report with charges from the credit card, a data indicator confirmed that this action had been completed. There were also data identifiers that indicated whether a line item expense should be paid to the credit card vendor or reimbursed to the employee.
Looking through the data, it became clear that one particular employee was manually entering credit card charges into the expense reports and having the expense paid to the credit card vendor. After a broader review, a trend emerged and we discovered that this employee had already cheated the organization out of approximately US$50,000. The employee traveled frequently and simply added fictitious hotel and catering charges to the expense reports so a balance would appear on the credit card. The employee then used the credit balance to purchase personal items. Once again, our basic data testing revealed unusual trends and led us to a significant corporate control issue.
Inappropriate fueling charges
My current employer has a large fleet of delivery vehicles, so naturally, fuel is a major operational expense. In some areas of the United States and Canada, company delivery vehicles are fueled before they hit the road, but in many places, the drivers receive purchase cards to buy fuel. There are currently 3,000 of these cards issued to drivers with an estimated monthly spending total of US$3.1 million. We have standard operating procedures for card usage, but in reality, each driver carries the fuel card around the clock and knows the authorization codes for use at the pump. Unfortunately, it’s not difficult for a driver to get a personal transaction past an overworked manger assigned to review the purchases.
My team felt there was a significant risk associated with these cards and developed a technology-based analysis to test our hypothesis. We conducted two tests. The first checked to see if any of the drivers were fueling on their days off, and the second looked for drivers who were fueling outside of their work hours. We quickly gathered the electronic data files, examined the “normal” data, and performed the analysis.
The project immediately found employees using the fuel cards for personal purchases and sent a clear message that employee transactions were being closely monitored. Between June and July 2008, our company saw a US$1.4 million drop in fuel costs, despite record prices at the pumps during those two months. It was a huge success, and these tests are now performed monthly. An unanticipated success was the breaking down of silos within our company. Though initiated by the search for fraud, the fuel card project became a collective, multi-department effort that got various departments working together towards the same goal.
---
These three projects not only uncovered corporate fraud; they also revealed process weaknesses and widespread data errors that required tighter monitoring. Proactive fraud detection prevents revenue loss, supports stronger internal controls, and provides efficient, measurable results. Risk areas can be targeted without personal bias and companies can regain power over their data – regardless of their size, location or industry.
So if you’ve always relied on hotline calls, accidents and random tips, how can you start a proactive fraud detection program? My team always begins by brainstorming. We ask ourselves, “What types of fraud are we looking for?” It’s critical to be focused. Decide whether you’re targeting fictitious vendors, abuse, kickbacks or another activity entirely.
Next, identify what accurate, standard data looks like when it’s stored in your databases. How can you identify something that’s out of place? What are the exceptions? What are the acceptable conditions and limits? Draw the boundaries in your data and focus in on a straightforward test. It’s a great way to get quick hits and find areas that need deeper review.
Finally, it’s critical to have the right tools. Today’s audit analytics are extremely fast, powerful and flexible. They make it simple to pull files without IT intervention or time delays and give you the ability to quickly analyze complete data populations. You simply need to know what information is stored electronically within your organization. The power then lies in accessing multiple databases and bringing the information together for analysis.
The global economic downturn has made fraud detection more important than ever before. It’s a critical way to prevent revenue leakage, promote a secure corporate environment, and retain full control over your internal data. Human nature teaches us that people are less likely to breach controls when they know management is actively looking and monitoring the transactions. And while every industry has its own unique risks (such as the fuel cards for our fleet of delivery drivers), there are many common areas that everyone can target, such as Accounts Payable, receivables, purchase cards, financial support, and human resources.
In today’s economy, don’t wait for a tip-off. Harness the power of technology and packaged analytic tests to identify fraud now. If you can identify a risk, it’s a substantial corporate control, and you’ve captured the data electronically, then go for it. You’re probably going to find fraud.
Penny Borjas, CFE, CIA, B.A., is a Certified Fraud Examiner and Internal Auditor with a diverse background in health care, manufacturing, government, and financial / banking industries. Her work as an internal auditor has covered operational, financial, fraud, compliance and IT engagements.
Penny has spent more than 10 years reviewing financial and operational electronic data to reveal anomalies that could indicate fraudulent activity. She is equally well versed in identifying opportunities to improve business processes and boost efficiency. To contact Penny, email her at: pennyborjas@cokecce.com. Penny has also served as a trainer for audit analytics technology company ACL Services Ltd.
The opinions, beliefs and viewpoints expressed by the various authors and forum participants on this web site do not necessarily reflect the opinions, beliefs and viewpoints of AuditNet®