Download presentation
Presentation is loading. Please wait.
1
Managing the business risk of fraud using sampling and data mining EZ-R Stats, LLC Managing the Business Risk of Fraud using Sampling and Data Mining Fall 2009 Mike Blakley Presented to:
2
Managing the business risk of fraudEZ-R Stats, LLC PWC Global Survey – Nov, 2009 “Economic crime in a downturn” Sharp rise in accounting fraud over the past 12 months Accounting fraud had grown to 38 percent of the economic crimes in 2009 Employees face increased pressures to : – meet performance targets – keep their jobs – keep access to funding
3
Managing the business risk of fraudEZ-R Stats, LLC Survey findings Greater risk of fraud due to increased incentives or pressures More opportunities to commit fraud, partially due to reductions in internal finance staff While companies are expecting more fraud, they have not done much People who look for fraud are more likely to find it
4
Managing the business risk of fraudEZ-R Stats, LLC Session objectives Understand the framework for managing the business risk of fraud Plan, perform and explain statistical sampling in audits Reduce audit costs using data mining, sequential sampling and other sampling techniques Apply SAS 56, the new SAS suite and the revised (2007) Yellow Book. Run, hands-on, the most productive analytic technique (regression analysis). Use data mining to introduce greater efficiency into the audit process, without losing effectiveness.
5
Managing the business risk of fraudEZ-R Stats, LLC Session agenda - 1 Introduction and the Process for Managing the Business Risk of Fraud Introductions All Around Course Objectives Framework of risk management for fraud Fundamentals of data mining Data mining: The Engine That Drives analysis – Analytics and Regression Sources of Analytics Data Basic and Intermediate ARTs SAS 56 IIA Practice Advisory 2320 The Yellow Book (2007 revision) The Guide – “Managing the Business Risk of Fraud”
6
Managing the business risk of fraudEZ-R Stats, LLC Session Agenda (cont’d) – Sampling refresher Sampling The sampling process Sampling methods RAT-STATS – Random Numbers – Determining Sample Size – Case Study – Attribute sampling – Variable Sampling – Case study – Stratified Sampling – Obtaining and Interpreting the results Other Sampling Approaches DCAA Audit Package Sequential Sampling Overview of the process Attribute Sampling Variable Sampling
7
Managing the business risk of fraudEZ-R Stats, LLC Session Agenda (cont’d) – Linear regression as an audit tool Regression Analysis Overview Terms Statistical basis Charting Regression … Seeing Is Believing Plotting Data – Inserting a “Trend line” Statistical Intervals – Confidence Intervals – Prediction Intervals – Calculation of Statistical “Confidence Bounds” Case Study - Wake County Schools Bus Maintenance
8
Managing the business risk of fraudEZ-R Stats, LLC Session Agenda (cont’d) – Data mining, or How to test 100% Overview Statistical Basis Data Conversion and Extraction Data mining objectives – Classification – Trends – Identification of extremes – Major types of data analysis Numeric Date Text
9
Managing the business risk of fraudEZ-R Stats, LLC Session Agenda (cont’d) – Excel as an Analytics tool Macros Tools – Data Analysis The Macro facility – Adding a little “class” to your audit – VBA – “friend” or “foe”
10
Managing the business risk of fraudEZ-R Stats, LLC Handout (CD) CD with articles and software PowerPoint presentation More info at www.ezrstats.com
11
Managing the business risk of fraudEZ-R Stats, LLC “Cockroach” theory of auditing If you spot one roach….
12
Managing the business risk of fraudEZ-R Stats, LLC “Cockroach” theory of auditing There are probably 30 more that you don’t see…
13
Managing the business risk of fraudEZ-R Stats, LLC Statistics based “roach” hunting Many frauds coulda/woulda/shoulda been detected with analytics
14
Managing the business risk of fraudEZ-R Stats, LLC Overview Fraud patterns detectable with digital analysis Basis for digital analysis approach Usage examples Continuous monitoring Business analytics
15
Managing the business risk of fraudEZ-R Stats, LLC The Why and How Three brief examples ACFE/IIA/AICPA Guidance Paper Practice Advisory 2320-1 Auditors “Top 10” Process Overview Who, What, Why, When & Where Objective 1
16
Managing the business risk of fraudEZ-R Stats, LLC Example 1 Wake County Transportation Fraud Supplier Kickback – School Bus parts $5 million Jail sentences Period of years Objective 1a
17
Managing the business risk of fraudEZ-R Stats, LLC Too little too late Understaffed internal audit Software not used Data on multiple platforms Transaction volumes large Objective 1a
18
Managing the business risk of fraudEZ-R Stats, LLC Preventable Need structured, objective approach Let the data “talk to you” Need efficient and effective approach Objective 1a
19
Managing the business risk of fraudEZ-R Stats, LLC Regression Analysis Stepwise to find relationships – Forwards – Backwards Intervals – Confidence – Prediction Objective 1
20
Managing the business risk of fraudEZ-R Stats, LLC Data outliers Objective 1 Sometimes an “out and out Liar” But how do you detect it?
21
Managing the business risk of fraudEZ-R Stats, LLC Data Outliers Plot transportation costs vs. number of buses “Drill down” on costs – Preventive maintenance – Fuel – Inspection Objective 1
22
Managing the business risk of fraudEZ-R Stats, LLC Scatter plot with prediction and confidence intervals
23
Managing the business risk of fraudEZ-R Stats, LLC Cost of six types of AIDS drugs Example 2 Objective 1a
24
Managing the business risk of fraudEZ-R Stats, LLC Medicare HIV Infusion Costs Objective 1 CMS Report for 2005 South Florida - $2.2 Billion Rest of the country combined - $.1 Billion
25
Managing the business risk of fraudEZ-R Stats, LLC Pareto Chart Objective 1
26
Managing the business risk of fraudEZ-R Stats, LLC Typical Prescription Patterns Example 2 Objective 1a
27
Managing the business risk of fraudEZ-R Stats, LLC Prescriptions by Dr. X Example 2 Objective 1a
28
Managing the business risk of fraudEZ-R Stats, LLC Off-label use Serostim – Treat wasting syndrome, side effect of AIDS, OR – Used by body builders for recreational purposes – One physician prescribed $11.5 million worth (12% of the entire state) Example 2 Objective 1a
29
Managing the business risk of fraudEZ-R Stats, LLC Revenue trends Example 3 Objective 1a
30
Managing the business risk of fraudEZ-R Stats, LLC Dental Billings Example 3 Objective 1a
31
Managing the business risk of fraudEZ-R Stats, LLC Guidance Paper A proposed implementation approach “Managing the Business Risk of Fraud: A Practical Guide” http://tinyurl.com/3ldfza http://tinyurl.com/3ldfza Five Principles Fraud Detection Coordinated Investigation Approach Objective 1b
32
Managing the business risk of fraudEZ-R Stats, LLC Managing the Business Risk of Fraud: A Practical Guide ACFE, IIA and AICPA Exposure draft issued 11/2007, final 5/2008 Section 4 – Fraud Detection Objective 1b
33
Managing the business risk of fraudEZ-R Stats, LLC Guidance Paper Five Sections – Fraud Risk Governance – Fraud Risk Assessment – Fraud Prevention – Fraud Detection – Fraud Investigation and corrective action
34
Managing the business risk of fraudEZ-R Stats, LLC Risk Governance Fraud risk management program Written policy – management’s expectations regarding managing fraud risk
35
Managing the business risk of fraudEZ-R Stats, LLC Risk Assessment Periodic review and assessment of potential schemes and events Need to mitigate risk
36
Managing the business risk of fraudEZ-R Stats, LLC Fraud Prevention Establish prevention techniques Mitigate possible impact on the organization
37
Managing the business risk of fraudEZ-R Stats, LLC Fraud Detection Establish detection techniques for fraud “Back stop” where preventive measures fail, or Unmitigated risks are realized
38
Managing the business risk of fraudEZ-R Stats, LLC Fraud Investigation and Corrective Action Reporting process to solicit input on fraud Coordinated approach to investigation Use of corrective action
39
Managing the business risk of fraudEZ-R Stats, LLC “60 Minutes” – “World of Trouble” 2/15/09 – Scott Pelley – Fraud Risk Governance – “one grand wink-wink, nod-nod “ – Fraud Risk Assessment - categorically false – Fraud Prevention – “my husband passed away” – Fraud Detection - We didn't know? Never saw one. – Fraud Investigation and corrective action - Pick-A- Payment losses $36 billion
40
Managing the business risk of fraudEZ-R Stats, LLC Section 4 – Fraud Detection Detective Controls Process Controls Anonymous Reporting Internal Auditing Proactive Fraud Detection Objective 1b
41
Managing the business risk of fraudEZ-R Stats, LLC Proactive Fraud Detection Data Analysis to identify: – Anomalies – Trends – Risk indicators Objective 1b
42
Managing the business risk of fraudEZ-R Stats, LLC Fraud Detective Controls Operate in the background Not evident in everyday business environment These techniques usually – – Occur in ordinary course of business – Corroboration using external information – Automatically communicate deficiencies – Use results to enhance other controls
43
Managing the business risk of fraudEZ-R Stats, LLC Examples of detective controls Whistleblower hot-lines (DHHS and OSA have them) Process controls (Medicaid audits and edits) Proactive fraud detection procedures – Data analysis – Continuous monitoring – Benford’s Law
44
Managing the business risk of fraudEZ-R Stats, LLC Specific Examples Cited Journal entries – suspicious transactions Identification of relationships Benford’s Law Continuous monitoring Objective 1b
45
Managing the business risk of fraudEZ-R Stats, LLC Data Analysis enhances ability to detect fraud Identify hidden relationships Identify suspicious transactions Assess effectiveness of internal controls Monitor fraud threats Analyze millions of transactions Objective 1b
46
Managing the business risk of fraudEZ-R Stats, LLC Continuous Monitoring of Fraud Detection Organization should develop ongoing monitoring and measurements Establish measurement criteria (and communicate to Board) Measurable criteria include:
47
Managing the business risk of fraudEZ-R Stats, LLC Measurable Criteria – number of fraud allegations fraud investigations resolved Employees attending annual ethics course Whistle blower allegations Messages supporting ethical behavior delivered by executives Vendors signing ethical behavior standards
48
Managing the business risk of fraudEZ-R Stats, LLC Management ownership of each technique implemented Each process owner should: – Evaluate effectiveness of technique regularly – Adjust technique as required – Document adjustments – Report modifications needed for techniques which become less effective
49
Managing the business risk of fraudEZ-R Stats, LLC Practice Advisory 2320-1 Analysis and Evaluation International standards for the professional practice of Internal Auditing Analytical audit procedures – Efficient and effective – Useful in detecting Differences that are not expected Potential errors Potential irregularities
50
Managing the business risk of fraudEZ-R Stats, LLC Analytical Audit Procedures May include – Study of relationships – Comparison of amounts with similar information in the organization – Comparison of amounts with similar information in the industry
51
Managing the business risk of fraudEZ-R Stats, LLC Analytical audit procedures Performed using monetary amounts, physical quantities, ratios or percentages Ratio, trend and regression analysis Period to period comparisons Auditors should use analytical audit procedures in planning the engagement
52
Managing the business risk of fraudEZ-R Stats, LLC Factors to consider Significance of the area being audited Assessment of risk Adequacy of system of internal control Availability and reliability of information Extent to which procedures provide support for engagement results
53
Managing the business risk of fraudEZ-R Stats, LLC Peeling the Onion Fraud Items Possible Error Conditions Population as Whole Objective 1c
54
Managing the business risk of fraudEZ-R Stats, LLC Fraud Pattern Detection Target Group Round Numbers Benford’s Law GapsUnivariateDuplicatesDay of WeekHolidayTrend LineStratification Market Basket Objective 1d
55
Managing the business risk of fraudEZ-R Stats, LLC Digital Analysis (5W) Who What Why Where When Objective 1e A little about the basics of digital analysis….
56
Managing the business risk of fraudEZ-R Stats, LLC Who Uses Digital Analysis Traditionally, IT specialists With appropriate tools, audit generalists (CAATs) Growing trend of business analytics Essential component of continuous monitoring Objective 1e
57
Managing the business risk of fraudEZ-R Stats, LLC What - Digital Analysis Using software to: – Classify – Quantify – Compare Both numeric and non-numeric data Objective 1e
58
Managing the business risk of fraudEZ-R Stats, LLC How - Assessing fraud risk Basis is quantification Software can do the “leg work” Statistical measures of difference –C–Chi square –K–Kolmogorov-Smirnov –D–D-statistic Specific approaches Objective 1e
59
Managing the business risk of fraudEZ-R Stats, LLC Why - Advantages Automated process Handle large data populations Objective, quantifiable metrics Can be part of continuous monitoring Can produce useful business analytics 100% testing is possible Quantify risk Repeatable process Objective 1e
60
Managing the business risk of fraudEZ-R Stats, LLC Why - Disadvantages Costly (time and software costs) Learning curve Requires specialized knowledge Objective 1e
61
Managing the business risk of fraudEZ-R Stats, LLC When to Use Digital Analysis Traditional – intermittent (one off) Trend is to use it as often as possible Continuous monitoring Scheduled processing Objective 1e
62
Managing the business risk of fraudEZ-R Stats, LLC Where Is It Applicable? Any organization with data in digital format, and especially if: – Volumes are large – Data structures are complex – Potential for fraud exists Objective 1e
63
Managing the business risk of fraudEZ-R Stats, LLC Disadvantages of digital analysis Cost – Software – Training – Skills not widely available Time consuming – Development costs – Testing resources
64
Managing the business risk of fraudEZ-R Stats, LLC Objective 1 Summarized Three brief examples CFE Guidance Paper “Top 10” Metrics Process Overview Who, What, Why, When & Where Objective 1
65
Managing the business risk of fraudEZ-R Stats, LLC Objective 1 - Summarized Understand the framework for managing the business risk of fraud Plan, perform and explain statistical sampling in audits Reduce audit costs using data mining, sequential sampling and other sampling techniques Apply SAS 56, the new SAS suite and the revised (2007) Yellow Book. Run, hands-on, the most productive analytic technique (regression analysis). Use data mining to introduce greater efficiency into the audit process, without losing effectiveness. Next is plan, perform …
66
Managing the business risk of fraudEZ-R Stats, LLC Statistical Sampling Brief History / Timeline Overview Attribute Sampling – Compliance Variable Sampling – Numeric Estimates
67
Managing the business risk of fraudEZ-R Stats, LLC History of Sampling Basis is two laws/theorems of probability Law of Large Numbers Central Limit Theorem
68
Managing the business risk of fraudEZ-R Stats, LLC Law of large numbers
69
Managing the business risk of fraudEZ-R Stats, LLC Time Line - LLN Indian mathematician Bramagupta 600 AD Italian mathematician Cardon 1500’s Statement without proof that empirical statistics improve with more trials
70
Managing the business risk of fraudEZ-R Stats, LLC Time line LLN (continued) Jacob Bernoulli first to prove in 1713 Foundation for central limit theorem
71
Managing the business risk of fraudEZ-R Stats, LLC Central limit theorem Classic measure Mean of a sufficiently large number of random samples will be approximately normally distributed.
72
Managing the business risk of fraudEZ-R Stats, LLC The traditional explanation
73
Managing the business risk of fraudEZ-R Stats, LLC Central Limit Theorem See it in action today Any population Large number of samples Average is “normally” distributed
74
Managing the business risk of fraudEZ-R Stats, LLC History of Central Limit Theorem French mathematician Abraham de Moivre 1733 – approximate distribution from tossing coin (heads/tails) Ho hum reaction French Mathematician LaPlace – expanded it Ho hum reaction
75
Managing the business risk of fraudEZ-R Stats, LLC History of CLT (cont’d) Russian mathematician Lyapunov Proof in 1901 Same reaction
76
Managing the business risk of fraudEZ-R Stats, LLC Industrial revolution Manufacturing Engineering Excitement!
77
Managing the business risk of fraudEZ-R Stats, LLC Student’s T William Gosset - 1908 Guinness Brewery
78
Managing the business risk of fraudEZ-R Stats, LLC SAS 39 Effective June, 1983 Exposure draft for revision in 2009
79
Managing the business risk of fraudEZ-R Stats, LLC Attribute sampling Buonaccorsi (1987) Refined calculations Few software packages use it
80
Managing the business risk of fraudEZ-R Stats, LLC Overview Sample size calculations Attribute sampling Variable sampling Random number generators
81
Managing the business risk of fraudEZ-R Stats, LLC Sample size calculation It’s a guess… Every package – different answer Need to know the population But that’s why you’re taking a sample!
82
Managing the business risk of fraud using sampling and data mining EZ-R Stats, LLC Attribute Sampling Using RAT-STATS Unrestricted populations
83
Managing the business risk of fraudEZ-R Stats, LLC Session Objectives 1. Understand what is attribute sampling and when to use it 2. Understand unrestricted populations 3. Overview of the process using RAT-STATS 4. Understand the formula behind the computations
84
Managing the business risk of fraudEZ-R Stats, LLC Attribute sampling “Attribute” Compliance testing Signatures on approval documents, attachment of supporting documentation, etc.
85
Managing the business risk of fraudEZ-R Stats, LLC Statistical approach Recommended Economical Efficient Requires determination of a sample size
86
Managing the business risk of fraudEZ-R Stats, LLC Overview of process Determine the sampling objective – Confidence – Precision Determine required sample size Identify samples to be selected based upon random numbers Pull the sample and test Compute the sampling results (i.e. estimate of range)
87
Managing the business risk of fraudEZ-R Stats, LLC How this is done in RAT-STATS The sampling parameters are first developed by the auditor RAT-STATS is used to compute sample size RAT-STATS used to generate random numbers Pull the sample and test Enter results in RAT-STATS to compute estimates
88
Managing the business risk of fraudEZ-R Stats, LLC Step 1 – Develop sampling parameters 1. Size of population 2. Expected error rate 3. Required confidence 4. Required precision
89
Managing the business risk of fraudEZ-R Stats, LLC Step 2 – Obtain the random numbers Done by entering info into RAT-STATS Output can be a variety of sources: – Text File – Excel – Microsoft Access – Print File
90
Managing the business risk of fraudEZ-R Stats, LLC Step 3 – Pull the sample Each random number selected corresponds with an item Put the selected item on a separate schedule
91
Managing the business risk of fraudEZ-R Stats, LLC Step 4 - Test each selected item Generally requires reviewing documents
92
Managing the business risk of fraudEZ-R Stats, LLC Step 5 – Compute the results Enter summary information into RAT-STATS Output can be in a variety of formats: – Excel – Microsoft Access – Text File – Print File – Printer
93
Managing the business risk of fraudEZ-R Stats, LLC That’s It! Now we’ll see an actual demo using the RAT-STATS software Excel population of 5,000 invoices Results of test of attributes stored in the worksheet
94
Managing the business risk of fraud using sampling and data mining EZ-R Stats, LLC Variable Sampling Using RAT-STATS Unrestricted populations
95
Managing the business risk of fraudEZ-R Stats, LLC Session Objectives 1. Understand what variable sampling is and when to use it 2. Understand unrestricted populations 3. Overview of the process using RAT- STATS 4. Understand the formula behind the computations
96
Managing the business risk of fraudEZ-R Stats, LLC Variable sampling “Variable” Estimating account balances Estimating transaction totals
97
Managing the business risk of fraudEZ-R Stats, LLC Statistical approach Recommended Economical Efficient Requires determination of a sample size
98
Managing the business risk of fraudEZ-R Stats, LLC Overview of process Determine the sampling objective – Confidence – Precision Determine required sample size Identify samples to be selected based upon random numbers Pull the sample and test Compute the sampling results (i.e. estimate of range)
99
Managing the business risk of fraudEZ-R Stats, LLC How this is done in RAT-STATS The sampling parameters are first developed by the auditor RAT-STATS is used to compute sample size RAT-STATS used to generate random numbers Pull the sample and test Enter results in RAT-STATS to compute estimates
100
Managing the business risk of fraudEZ-R Stats, LLC Step 1 – Develop sampling parameters 1. Probe sample 2. Statistical measure 3. Excel formula
101
Managing the business risk of fraudEZ-R Stats, LLC Step 1 – Develop sampling parameters 1. Size of population 2. Average value 3. Standard deviation
102
Managing the business risk of fraudEZ-R Stats, LLC Step 2 – Obtain the random numbers Done by entering info into RAT-STATS Output can be a variety of sources: – Text File – Excel – Microsoft Access – Print File
103
Managing the business risk of fraudEZ-R Stats, LLC Step 3 – Pull the sample Each random number selected corresponds with an item Put the selected item on a separate schedule
104
Managing the business risk of fraudEZ-R Stats, LLC Step 4 - Test each selected item Generally requires reviewing documents Example data contains both “examined” and “audited” value.
105
Managing the business risk of fraudEZ-R Stats, LLC Step 5 – Compute the results Enter summary information into RAT-STATS Output can be in a variety of formats: – Excel – Microsoft Access – Text File – Print File – Printer
106
Managing the business risk of fraudEZ-R Stats, LLC That’s It! Now we’ll see an actual demo using the RAT-STATS software Excel population of 5,000 invoices Audited values stored in the worksheet
107
Managing the business risk of fraud using sampling and data mining EZ-R Stats, LLC Attribute Sampling Using RAT-STATS Stratified populations
108
Managing the business risk of fraudEZ-R Stats, LLC Session Objectives 1. Understand what is stratification and when to use it 2. Overview of the process using RAT-STATS
109
Managing the business risk of fraudEZ-R Stats, LLC Stratified sampling “Strata” Homogenous More efficient in some instances
110
Managing the business risk of fraudEZ-R Stats, LLC Overview of process Separation into strata Determine the sampling objective – Confidence – Precision Determine required sample size Identify samples to be selected based upon random numbers Pull the sample and test Compute the sampling results (i.e. estimate of range)
111
Managing the business risk of fraudEZ-R Stats, LLC How this is done in RAT-STATS The sampling parameters are first developed by the auditor RAT-STATS is used to compute sample size RAT-STATS used to generate random numbers Pull the sample and test Enter results in RAT-STATS to compute estimates
112
Managing the business risk of fraudEZ-R Stats, LLC Step 1 – Develop sampling parameters 1. Size of population 2. Expected error rate 3. Required confidence 4. Required precision
113
Managing the business risk of fraudEZ-R Stats, LLC Step 2 – Obtain the random numbers Done by entering info into RAT-STATS Output can be a variety of sources: – Text File – Excel – Microsoft Access – Print File
114
Managing the business risk of fraudEZ-R Stats, LLC Step 3 – Pull the sample Each random number selected corresponds with an item Put the selected item on a separate schedule
115
Managing the business risk of fraudEZ-R Stats, LLC Step 4 - Test each selected item Generally requires reviewing documents
116
Managing the business risk of fraudEZ-R Stats, LLC Step 5 – Compute the results Enter summary information into RAT-STATS Output can be in a variety of formats: – Excel – Microsoft Access – Text File – Print File – Printer
117
Managing the business risk of fraudEZ-R Stats, LLC That’s It! Now we’ll see an actual demo using the RAT-STATS software Excel population of 5,000 invoices Results of test of attributes stored in the worksheet
118
Managing the business risk of fraud using sampling and data mining EZ-R Stats, LLC Variable Sampling Using RAT-STATS Stratified populations
119
Managing the business risk of fraudEZ-R Stats, LLC Session Objectives 1. Understand what stratified sampling is and when to use it 2. Populations benefiting from stratified sampling 3. Overview of the process using RAT- STATS 4. Understand the formula behind the computations
120
Managing the business risk of fraudEZ-R Stats, LLC Stratified variable sampling “Stratified” “Variable” Estimating amounts Narrower standard deviation
121
Managing the business risk of fraudEZ-R Stats, LLC Overview of process Determine the sampling objective – Confidence – Precision Determine required sample size Identify samples to be selected based upon random numbers Pull the sample and test Compute the sampling results (i.e. estimate of range)
122
Managing the business risk of fraudEZ-R Stats, LLC How this is done in RAT-STATS The sampling parameters are first developed by the auditor RAT-STATS is used to compute sample size RAT-STATS used to generate random numbers Pull the sample and test Enter results in RAT-STATS to compute estimates
123
Managing the business risk of fraudEZ-R Stats, LLC Step 1 – Develop sampling parameters 1. Probe sample 2. Statistical measure 3. Excel formula
124
Managing the business risk of fraudEZ-R Stats, LLC Step 1 – Develop sampling parameters 1. Number of strata 2. Size of population 3. Average value 4. Standard deviation
125
Managing the business risk of fraudEZ-R Stats, LLC Step 2 – Obtain the random numbers Done by entering info into RAT-STATS Multi-stage random numbers Output can be a variety of sources: – Text File – Excel – Microsoft Access – Print File
126
Managing the business risk of fraudEZ-R Stats, LLC Step 3 – Pull the sample Each random number selected corresponds with an item in a strata Put the selected item on a separate schedule
127
Managing the business risk of fraudEZ-R Stats, LLC Step 4 - Test each selected item Generally requires reviewing documents Example data contains both “examined” and “audited” value.
128
Managing the business risk of fraudEZ-R Stats, LLC Step 5 – Compute the results Enter summary information into RAT-STATS Output can be in a variety of formats: – Excel – Microsoft Access – Text File – Print File – Printer
129
Managing the business risk of fraudEZ-R Stats, LLC That’s It! Now we’ll see an actual demo using the RAT-STATS software Excel population of 5,000 invoices Divided into three strata Audited values stored in the worksheet
130
Managing the business risk of fraudEZ-R Stats, LLC Objective 2 - Summarized Understand the framework for managing the business risk of fraud Plan, perform and explain statistical sampling in audits Reduce audit costs using data mining, sequential sampling and other sampling techniques Apply SAS 56, the new SAS suite and the revised (2007) Yellow Book. Run, hands-on, the most productive analytic technique (regression analysis). Use data mining to introduce greater efficiency into the audit process, without losing effectiveness. Next is cost reduction …
131
Managing the business risk of fraudEZ-R Stats, LLC Techniques for cost reduction Optimize sample size (most “bang” for the buck) Skip sampling – review 100% of transactions using computer assisted audit techniques (CAATs)
132
Managing the business risk of fraudEZ-R Stats, LLC Sample optimization Sequential sampling
133
Managing the business risk of fraudEZ-R Stats, LLC University of Hawaii Banana aphids
134
Managing the business risk of fraudEZ-R Stats, LLC Sequential sampling Banana aphids
135
Managing the business risk of fraudEZ-R Stats, LLC 100% test using CAATs Provides complete coverage Best practice Basis for continuous monitoring Repeatable process
136
Managing the business risk of fraudEZ-R Stats, LLC Objective 3 - Summarized Understand the framework for managing the business risk of fraud Plan, perform and explain statistical sampling in audits Reduce audit costs using data mining, sequential sampling and other sampling techniques Apply SAS 56, the new SAS suite and the revised (2007) Yellow Book. Run, hands-on, the most productive analytic technique (regression analysis). Use data mining to introduce greater efficiency into the audit process, without losing effectiveness. Next is Yellow Book and SAS 56 …
137
Managing the business risk of fraudEZ-R Stats, LLC Yellow book standards Standards regarding statistical sampling and IT
138
Managing the business risk of fraudEZ-R Stats, LLC General standards 3.43 Technical Knowledge and competence “The staff assigned to conduct an audit or attestation engagement under GAGAS must collectively possess the technical knowledge, skills, and experience necessary to be competent for the type of work being performed before beginning work on that assignment. The staff assigned to a GAGAS audit or attestation engagement should collectively possess: “
139
Managing the business risk of fraudEZ-R Stats, LLC Stat sampling and IT Skills appropriate for the work being performed. For example, staff or specialist skills in (1) statistical sampling if the work involves use of statistical sampling; (2) information technology
140
Managing the business risk of fraudEZ-R Stats, LLC SAS 56 – Analytical procedures Requires use of analytic review procedures for: Audit planning Overall review stages
141
Managing the business risk of fraudEZ-R Stats, LLC SAS 56 – Analytical Review Encourages use of analytical review Provides guidance “A wide variety of analytical procedures may be useful for this purpose.”
142
Managing the business risk of fraudEZ-R Stats, LLC Objective 4 - Summarized Understand the framework for managing the business risk of fraud Plan, perform and explain statistical sampling in audits Reduce audit costs using data mining, sequential sampling and other sampling techniques Apply SAS 56, the new SAS suite and the revised (2007) Yellow Book. Run, hands-on, the most productive analytic technique (regression analysis). Use data mining to introduce greater efficiency into the audit process, without losing effectiveness. Next is linear regression …
143
Managing the business risk of fraudEZ-R Stats, LLC Next Metric 1. Outliers 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates
144
Managing the business risk of fraudEZ-R Stats, LLC Trend Busters Does the pattern make sense? 7 - Trends
145
Managing the business risk of fraudEZ-R Stats, LLC Trend Busters Linear regression Sales are up, but cost of goods sold is down “Spikes” 7 – Trends
146
Managing the business risk of fraudEZ-R Stats, LLC Purpose / Type of Errors Identify trend lines, slopes, etc. Correlate trends Identify anomalies Key punch errors where amount is order of magnitude 7 – Trends
147
Managing the business risk of fraudEZ-R Stats, LLC Linear Regression Test relationships (e.g. invoice amount and sales tax) Perform multi-variable analysis 7 – Trends
148
Managing the business risk of fraudEZ-R Stats, LLC How is it done? Estimate linear trends using “best fit” Measure variability (standard errors) Measure slope Sort descending by slope, variability, etc. 7 – Trends
149
Managing the business risk of fraudEZ-R Stats, LLC Trend Lines by Account - Example Results Generally the trend is gently sloping up, but two accounts (43870 and 54630) are different. AccountNSlopeStd Err 32451181.2300.87 43517171.0704.3 32451271.0230.85 43517321.0100.36 43870230.3402.36 5463056-0.5601.89 7 – Trends
150
Managing the business risk of fraudEZ-R Stats, LLC Scatter plot with prediction and confidence intervals
151
Managing the business risk of fraudEZ-R Stats, LLC Objective 5 - Summarized Understand the framework for managing the business risk of fraud Plan, perform and explain statistical sampling in audits Reduce audit costs using data mining, sequential sampling and other sampling techniques Apply SAS 56, the new SAS suite and the revised (2007) Yellow Book. Run, hands-on, the most productive analytic technique (regression analysis). Use data mining to introduce greater efficiency into the audit process, without losing effectiveness. Next is data mining …
152
Managing the business risk of fraudEZ-R Stats, LLC Basis for Pattern Detection Analytical review Isolate the “significant few” Detection of errors Quantified approach Objective 6
153
Managing the business risk of fraudEZ-R Stats, LLC Understanding the Basis Quantified Approach Population vs. Groups Measuring the Difference Stat 101 – Counts, Totals, Chi Square and K-S The metrics used Objective 2
154
Managing the business risk of fraudEZ-R Stats, LLC Quantified Approach Based on measureable differences Population vs. Group “Shotgun” technique Objective 2a
155
Managing the business risk of fraudEZ-R Stats, LLC Detection of Fraud Characteristics Something is different than expected Objective 2a
156
Managing the business risk of fraudEZ-R Stats, LLC Fraud patterns Common theme – “something is different” Groups Group pattern is different than overall population Objective 2b
157
Managing the business risk of fraudEZ-R Stats, LLC Measurement Basis Transaction counts Transaction amounts Objective 2c
158
Managing the business risk of fraudEZ-R Stats, LLC A few words about statistics (the “s” word) Detailed knowledge of statistics not necessary Software packages do the “number- crunching” Statistics used only to highlight potential errors/frauds Not used for quantification Objective 2d
159
Managing the business risk of fraudEZ-R Stats, LLC How is digital analysis done? Comparison of group with population as a whole Can be based on either counts or amounts Difference is measured Groups can then be ranked using a selected measure High difference = possible error/fraud Objective 2d
160
Managing the business risk of fraudEZ-R Stats, LLC Demo in Excel of the process Based roughly on the Wake County Transportation fraud Illustrates how the process works, using Excel
161
Managing the business risk of fraudEZ-R Stats, LLC Histograms Attributes tallied and categorized into “bins” Counts or sums of amounts Objective 2d
162
Managing the business risk of fraudEZ-R Stats, LLC Two histograms obtained Population and group Objective 2d
163
Managing the business risk of fraudEZ-R Stats, LLC Compute Cumulative Amount for each Objective 2d
164
Managing the business risk of fraudEZ-R Stats, LLC Are the histograms different? Two statistical measures of difference Chi Squared (counts) K-S (distribution) Both yield a difference metric Objective 2d
165
Managing the business risk of fraudEZ-R Stats, LLC Chi Squared Classic test on data in a table Answers the question – are the rows/columns different Some limitations on when it can be applied Objective 2d
166
Managing the business risk of fraudEZ-R Stats, LLC Chi Squared Table of Counts Degrees of Freedom Chi Squared Value P-statistic Computationally intensive Objective 2d
167
Managing the business risk of fraudEZ-R Stats, LLC Kolmogorov-Smirnov Two Russian mathematicians Comparison of distributions Metric is the “d-statistic” Objective 2d
168
Managing the business risk of fraudEZ-R Stats, LLC How is K-S test done? Four step process 1. For each cluster element determine percentage 2. Then calculate cumulative percentage 3. Compare the differences in cumulative percentages 4. Identify the largest difference Objective 2d
169
Managing the business risk of fraudEZ-R Stats, LLC Kolmogorov-Smirnov Objective 2d - KS
170
Managing the business risk of fraudEZ-R Stats, LLC Classification by metrics Stratification Day of week Happens on holiday Round numbers Variability Benford’s Law Trend lines Relationships (market basket) Gaps Duplicates Objective 2e
171
Managing the business risk of fraudEZ-R Stats, LLC Auditor’s “Top 10” Metrics 1. Outliers / Variability 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates Objective e
172
Managing the business risk of fraudEZ-R Stats, LLC Understanding the Basis Quantified Approach Population vs. Groups Measuring the Difference Stat 101 – Counts, Totals, Chi Square and K-S The metrics used Objective 2
173
Managing the business risk of fraudEZ-R Stats, LLC Objective 2 - Summarized 1. Understand why and how 2. Understand statistical basis for quantifying differences 3. Identify ten general tools and techniques 4. Understand examples done using Excel 5. How pattern detection fits in Next are the metrics …
174
Managing the business risk of fraudEZ-R Stats, LLC It’s that time! Session Break!
175
Managing the business risk of fraudEZ-R Stats, LLC The “Top 10” Metrics Overview Explain Each Metric Examples of what it can detect How to assess results Objective 3
176
Managing the business risk of fraudEZ-R Stats, LLC Trapping anomalies Objective 3
177
Managing the business risk of fraudEZ-R Stats, LLC Fraud Pattern Detection Target Group Round Numbers Benford’s Law GapsUnivariateDuplicatesDay of WeekHolidayTrend LineStratification Market Basket Objective 3
178
Managing the business risk of fraudEZ-R Stats, LLC Outliers / Variability Outliers are amounts which are significantly different from the rest of the population 1 - Outliers
179
Managing the business risk of fraudEZ-R Stats, LLC Outliers / Variability Charting (visual) Software to analyze “z-scores” Top and Bottom 10, 20 etc. High and low variability (coefficient of variation) 1 - Outliers
180
Managing the business risk of fraudEZ-R Stats, LLC Drill down to the group level Basic statistics – Minimum, maximum and average – Variability Sort by statistic of interest – Variability (coefficient of variation) – Maximum, etc. 1 - Outliers
181
Managing the business risk of fraudEZ-R Stats, LLC Example Results ProviderNCoeff Var 34784213,243342.23 23567214,53687.23 35467893,42123.25 54631222,31118.54 Two providers (3478421 and 2356721) had significantly more variability in the amounts of their claims than all the rest. 1 - Outliers
182
Managing the business risk of fraudEZ-R Stats, LLC Next Metric 1. Outliers 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates
183
Managing the business risk of fraudEZ-R Stats, LLC Unusual stratification patterns Do you know how your data looks? 2 - Stratification
184
Managing the business risk of fraudEZ-R Stats, LLC Stratification - How Charting (visual) Chi Squared Kolmogorov-Smirnov By groups 2 - Stratification
185
Managing the business risk of fraudEZ-R Stats, LLC Purpose / types of errors Transactions out of the ordinary “Up-coding” insurance claims “Skewed” groupings Based on either count or amount 2 – Stratification
186
Managing the business risk of fraudEZ-R Stats, LLC The process? 1. Stratify the entire population into “bins” specified by auditor 2. Same stratification on each group (e.g. vendor) 3. Compare the group tested to the population 4. Obtain measure of difference for each group 5. Sort descending on difference measure 2 – Stratification
187
Managing the business risk of fraudEZ-R Stats, LLC Units of Service Stratified - Example Results Two providers (2735211 and 4562134) are shown to be much different from the overall population (as measured by Chi Square). ProviderNChi SqD-stat 27352116,0117,4530.8453 45621348,9135,2340.7453 43210893,4103420.5231 42378692,5032980.4632 2 – Stratification
188
Managing the business risk of fraudEZ-R Stats, LLC Next Metric 1. Outliers 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates
189
Managing the business risk of fraudEZ-R Stats, LLC Day of Week Activity on weekdays Activity on weekends Peak activity mid to late week 3 – Day of Week
190
Managing the business risk of fraudEZ-R Stats, LLC Purpose / Type of Errors Identify unusually high/low activity on one or more days of week Dentist who only handled Medicaid on Tuesday Office is empty on Friday 3 – Day of Week
191
Managing the business risk of fraudEZ-R Stats, LLC How it is done? Programmatically check entire population Obtain counts and sums by day of week (1-7) Prepare histogram For each group do the same procedure Compare the two histograms Sort descending by metric (chi square/d- stat)
192
Managing the business risk of fraudEZ-R Stats, LLC Day of Week - Example Results Provider 2735211 only provided service for Medicaid on Tuesdays. Provider 4562134 was closed on Thursdays and Fridays. ProviderNChi SqD-stat 27352115,40412,4350.9802 45621345,1827,7460.8472 43210895,162870.321 42378697,905560.2189 3 – Day of Week
193
Managing the business risk of fraudEZ-R Stats, LLC Next Metric 1. Outliers 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates
194
Managing the business risk of fraudEZ-R Stats, LLC Round Numbers It’s about…. Estimates! 4 – Round Numbers
195
Managing the business risk of fraudEZ-R Stats, LLC Purpose / Type of Errors Isolate estimates Highlight account numbers in journal entries with round numbers Split purchases (“under the radar”) Which groups have the most estimates 4 – Round Numbers
196
Managing the business risk of fraudEZ-R Stats, LLC Round numbers Classify population amounts –$–$1,375.23 is not round –$–$5,000 is a round number – type 3 (3 zeros) –$–$10,200 is a round number type 2 (2 zeros) Quantify expected vs. actual (d-statistic) Generally represents an estimate Journal entries 4 – Round Numbers
197
Managing the business risk of fraudEZ-R Stats, LLC Round Numbers in Journal Entries - Example Results Two accounts, 2735211 and 4562134 have significantly more round number postings than any other posting account in the journal entries. AccountNChi SqD-stat 27352114,13654,6370.9802 456213483335,3240.97023 43210898,3187680.321 42378699,5495460.2189 4 – Round Numbers
198
Managing the business risk of fraudEZ-R Stats, LLC Next Metric 1. Outliers 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates
199
Managing the business risk of fraudEZ-R Stats, LLC Made up Numbers Curb stoning Imaginary numbers Benford’s Law 5 – Made up numbers
200
Managing the business risk of fraudEZ-R Stats, LLC What can be detected Made up numbers – e.g. falsified inventory counts, tax return schedules 5 – Made Up Numbers
201
Managing the business risk of fraudEZ-R Stats, LLC Benford’s Law using Excel Basic formula is “=log(1+(1/N))” Workbook with formulae available at http://tinyurl.com/4vmcfs http://tinyurl.com/4vmcfs Obtain leading digits using “Left” function, e.g. left(Cell,1) 5 – Made Up Numbers
202
Managing the business risk of fraudEZ-R Stats, LLC Made up numbers Benford’s Law Check Chi Square and d-statistic First 1,2,3 digits Last 1,2 digits Second digit Sources for more info 5 – Made Up Numbers
203
Managing the business risk of fraudEZ-R Stats, LLC How is it done? Decide type of test – (first 1-3 digits, last 1-2 digit etc) For each group, count number of observations for each digit pattern Prepare histogram Based on total count, compute expected values For the group, compute Chi Square and d-stat Sort descending by metric (chi square/d- stat) 5 – Made Up Numbers
204
Managing the business risk of fraudEZ-R Stats, LLC Invoice Amounts tested with Benford’s law - Example Results During tests of invoices by store, two stores, 324 and 563 have significantly more differences than any other store as measured by Benford’s Law. StoreHi DigitChi SqD-stat 324795,2340.9802 563894,7350.97023 432234760.321 217743120.2189 5 – Made Up Numbers
205
Managing the business risk of fraudEZ-R Stats, LLC Next Metric 1. Outliers 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates
206
Managing the business risk of fraudEZ-R Stats, LLC Market Basket Medical “Ping ponging” Pattern associations Apriori program References at end of slides Apriori – Latin a (from) priori (former) Deduction from the known 6 – Market Basket
207
Managing the business risk of fraudEZ-R Stats, LLC Purpose / Type of Errors Unexpected patterns and associations Based on “market basket” concept Unusual combinations of diagnosis code on medical insurance claim 6 – Market basket
208
Managing the business risk of fraudEZ-R Stats, LLC Market Basket JE Accounts JE Approvals Credit card fraud in Japan – taxi and ATM 6 – Market basket
209
Managing the business risk of fraudEZ-R Stats, LLC How is it done? First, identify groups, e.g. all medical providers for a patient Next, for each provider, assign a unique integer value Create a text file containing the values Run “apriori” analysis 6 – Market basket
210
Managing the business risk of fraudEZ-R Stats, LLC Apriori outputs For each unique value, probability of other values If you see Dr. Jones, you will also see Dr. Smith (80% probability) If you see a JE to account ABC, there will also an entry to account XYZ (30%) 6 – Market basket
211
Managing the business risk of fraudEZ-R Stats, LLC Next Metric 1. Outliers 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates
212
Managing the business risk of fraudEZ-R Stats, LLC Numeric Sequence Gaps What’s there is interesting, what’s not there is critical … 8 - Gaps
213
Managing the business risk of fraudEZ-R Stats, LLC Purpose / Type of Errors Missing documents (sales, cash, etc.) Inventory losses (missing receiving reports) Items that “walked off” 8 – Gaps
214
Managing the business risk of fraudEZ-R Stats, LLC How is it done? Check any sequence of numbers supposed to be complete, e.g. Cash receipts Sales slips Purchase orders 8 – Gaps
215
Managing the business risk of fraudEZ-R Stats, LLC Gaps Using Excel Excel – sort and check Excel formula Sequential numbers and dates 8 – Gaps
216
Managing the business risk of fraudEZ-R Stats, LLC Gap Testing - Example Results Four check numbers are missing. StartEndMissing 10789107911 12523125262 17546175481 8 – Gaps
217
Managing the business risk of fraudEZ-R Stats, LLC Next Metric 1. Outliers 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates
218
Managing the business risk of fraudEZ-R Stats, LLC Duplicates Why is there more than one? Same, Same, Same, and Same, Same, Different 9 - Duplicates
219
Managing the business risk of fraudEZ-R Stats, LLC Two types of (related) tests Same items – same vendor, same invoice number, same invoice date, same amount Different items – same employee name, same city, different social security number 9 – Duplicates
220
Managing the business risk of fraudEZ-R Stats, LLC Duplicate Payments High payback area “Fuzzy” logic Overriding software controls 9 - Duplicates
221
Managing the business risk of fraudEZ-R Stats, LLC Fuzzy matching with software Levenshtein distance Soundex “Like” clause in SQL Regular expression testing in SQL Vendor/employee situations Russian physicist 9 - Duplicates
222
Managing the business risk of fraudEZ-R Stats, LLC How is it done? First, sort file in sequence for testing Compare items in consecutive rows Extract exceptions for follow-up 9 - Duplicates
223
Managing the business risk of fraudEZ-R Stats, LLC Possible Duplicates - Example Results Five invoices may be duplicates. VendorInvoice Date Invoice AmountCount 102456/15/20073,544.784 102458/31/20072,010.372 175462/12/20071,500.002 9 - Duplicates
224
Managing the business risk of fraudEZ-R Stats, LLC Next Metric 1. Outliers 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates
225
Managing the business risk of fraudEZ-R Stats, LLC Date Checking If we’re closed, why is there … Adjusting journal entry? Receiving report? Payment issued? 10 - Dates
226
Managing the business risk of fraudEZ-R Stats, LLC Holiday Date Testing Red Flag indicator 10 – Dates
227
Managing the business risk of fraudEZ-R Stats, LLC Date Testing challenges Difficult to determine Floating holidays – Friday, Saturday, Sunday, Monday 10 – Dates
228
Managing the business risk of fraudEZ-R Stats, LLC Typical audit areas Journal entries Employee expense reports Business telephone calls Invoices Receiving reports Purchase orders 10 – Dates
229
Managing the business risk of fraudEZ-R Stats, LLC Determination of Dates Transactions when business is closed Federal Office of Budget Management An excellent fraud indicator in some cases 10 – Dates
230
Managing the business risk of fraudEZ-R Stats, LLC Holiday Date Testing Identifying holiday dates: – Error prone – Tedious U.S. only 10 – Dates
231
Managing the business risk of fraudEZ-R Stats, LLC Federal Holidays Established by Law Ten dates Specific date (unless weekend), OR Floating holiday 10 – Dates
232
Managing the business risk of fraudEZ-R Stats, LLC Federal Holiday Schedule Office of Personnel Management Example of specific date – Independence Day, July 4 th (unless weekend) Example of floating date – Martin Luther King’s birthday (3 rd Monday in January) Floating – Thanksgiving – 4 th Thursday in November 10 – Dates
233
Managing the business risk of fraudEZ-R Stats, LLC How it is done? Programmatically count holidays for entire population For each group, count holidays Compare the two histograms (group and population) Sort descending by metric (chi square/d-stat) 10 – Dates
234
Managing the business risk of fraudEZ-R Stats, LLC Holiday Counts - Example Results Two employees (10245 and 32325) were “off the chart” in terms of expense amounts incurred on a Federal Holiday. Employee NumberNChi SqD-stat 10245375,2340.9802 32325234,7350.97023 17546184760.321 24135343120.2189 10 – Dates
235
Managing the business risk of fraudEZ-R Stats, LLC The “Top 10” Metrics Overview Explain Each Metric Examples of what it can detect How to assess results Objective 3
236
Managing the business risk of fraudEZ-R Stats, LLC Objective 3 - Summarized 1. Understand why and how 2. Understand statistical basis for quantifying differences 3. Identify ten general tools and techniques 4. Understand examples done using Excel 5. How pattern detection fits in Next – using Excel …
237
Managing the business risk of fraudEZ-R Stats, LLC Use of Excel Built-in functions Add-ins Macros Database access Objective 4
238
Managing the business risk of fraudEZ-R Stats, LLC Excel templates Variety of tests –R–Round numbers –B–Benford’s Law –O–Outliers –E–Etc. Objective 4
239
Managing the business risk of fraudEZ-R Stats, LLC Excel – Univariate statistics Work with Ranges =sum, =average, =stdevp =largest(Range,1), =smallest(Range,1) =min, =max, =count Tools | Data Analysis | Descriptive Statistics Objective 4
240
Managing the business risk of fraudEZ-R Stats, LLC Excel Histograms Tools | Data Analysis | Histogram Bin Range Data Range Objective 4
241
Managing the business risk of fraudEZ-R Stats, LLC Excel Gaps testing Sort by sequential value =if(thiscell-lastcell <> 1,thiscell-lastcell,0) Copy/paste special Sort Objective 4
242
Managing the business risk of fraudEZ-R Stats, LLC Detecting duplicates with Excel Sort by sort values =if testing =if(=and(thiscell=lastcell, etc.)) Objective 4
243
Managing the business risk of fraudEZ-R Stats, LLC Performing audit tests with macros Repeatable process Audit standardization Learning curve Streamlining of tests More efficient and effective Examples - http://ezrstats.com/Macros/home.html http://ezrstats.com/Macros/home.html Objective 4
244
Managing the business risk of fraudEZ-R Stats, LLC Using database audit software Many “built-in” functions right off the shelf with SQL Control totals Exception identification “Drill down” Quantification June 2008 article in the EDP Audit & Control Journal (EDPACS) “SQL as an audit tool” http://ezrstats.com/doc/SQL_As_An_Audit_Tool.pdf Objective 4
245
Managing the business risk of fraudEZ-R Stats, LLC Use of Excel Built-in functions Add-ins Macros Database access Objective 4
246
Managing the business risk of fraudEZ-R Stats, LLC Objective 4 - Summarized 1. Understand why and how 2. Understand statistical basis for quantifying differences 3. Identify ten general tools and techniques 4. Understand examples done using Excel 5. How Pattern Detection fits in Next – Fit …
247
Managing the business risk of fraudEZ-R Stats, LLC How Pattern Detection Fits In Business Analytics Fraud Pattern Detection Continuous monitoring Objective 5
248
Managing the business risk of fraudEZ-R Stats, LLC Where does Fraud Pattern Detection fit in? Business Analytics Fraud Pattern Detection Continuous fraud pattern detection Continuous Monitoring Right in the middle Objective 5
249
Managing the business risk of fraudEZ-R Stats, LLC Business Analytics Fraud analytics -> business analytics Business analytics -> fraud analytics Objective 5
250
Managing the business risk of fraudEZ-R Stats, LLC Role in Continuous Monitoring (CM) Fraud analytics can feed (CM) Continuous fraud pattern detection Use output from CM to tune fraud pattern detection Objective 5
251
Managing the business risk of fraudEZ-R Stats, LLC Objective 6 - Summarized Understand the framework for managing the business risk of fraud Plan, perform and explain statistical sampling in audits Reduce audit costs using data mining, sequential sampling and other sampling techniques Apply SAS 56, the new SAS suite and the revised (2007) Yellow Book. Run, hands-on, the most productive analytic technique (regression analysis). Use data mining to introduce greater efficiency into the audit process, without losing effectiveness.
252
Managing the business risk of fraudEZ-R Stats, LLC Links for more information Kolmogorov-Smirnov http://tinyurl.com/y49sec Benford’s Law http://tinyurl.com/3qapzuhttp://tinyurl.com/3qapzu Chi Square tests http://tinyurl.com/43nkdhhttp://tinyurl.com/43nkdh Continuous monitoring http://tinyurl.com/3pltdl http://tinyurl.com/3pltdl
253
Managing the business risk of fraudEZ-R Stats, LLC Market Basket Apriori testing for “ping ponging” Temple University http://tinyurl.com/5vax7r http://tinyurl.com/5vax7r Apriori program (“open source”) http://tinyurl.com/5qehd5 http://tinyurl.com/5qehd5 Article – “Medical ping ponging” http://tinyurl.com/5pzbh4 http://tinyurl.com/5pzbh4
254
Managing the business risk of fraudEZ-R Stats, LLC Excel macros used in auditing Excel as an audit software http://tinyurl.com/6h3ye7 http://tinyurl.com/6h3ye7 Selected macros - http://ezrstats.com/Macros/home.html http://ezrstats.com/Macros/home.html Spreadsheets forever - http://tinyurl.com/5ppl7t http://tinyurl.com/5ppl7t
255
Managing the business risk of fraudEZ-R Stats, LLC Questions?
256
Managing the business risk of fraudEZ-R Stats, LLC Contact info Phone: (919)-219-1622 E-mail: Mike.Blakley@ezrstats.com Mike.Blakley@ezrstats.com Blog: http://blog.ezrstats.comhttp://blog.ezrstats.com
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.