Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing the business risk of fraud using sampling and data mining EZ-R Stats, LLC Managing the Business Risk of Fraud using Sampling and Data Mining Fall.

Similar presentations


Presentation on theme: "Managing the business risk of fraud using sampling and data mining EZ-R Stats, LLC Managing the Business Risk of Fraud using Sampling and Data Mining Fall."— Presentation transcript:

1 Managing the business risk of fraud using sampling and data mining EZ-R Stats, LLC Managing the Business Risk of Fraud using Sampling and Data Mining Fall 2009 Mike Blakley Presented to:

2 Managing the business risk of fraudEZ-R Stats, LLC PWC Global Survey – Nov, 2009 “Economic crime in a downturn” Sharp rise in accounting fraud over the past 12 months Accounting fraud had grown to 38 percent of the economic crimes in 2009 Employees face increased pressures to : – meet performance targets – keep their jobs – keep access to funding

3 Managing the business risk of fraudEZ-R Stats, LLC Survey findings Greater risk of fraud due to increased incentives or pressures More opportunities to commit fraud, partially due to reductions in internal finance staff While companies are expecting more fraud, they have not done much People who look for fraud are more likely to find it

4 Managing the business risk of fraudEZ-R Stats, LLC Session objectives Understand the framework for managing the business risk of fraud Plan, perform and explain statistical sampling in audits Reduce audit costs using data mining, sequential sampling and other sampling techniques Apply SAS 56, the new SAS suite and the revised (2007) Yellow Book. Run, hands-on, the most productive analytic technique (regression analysis). Use data mining to introduce greater efficiency into the audit process, without losing effectiveness.

5 Managing the business risk of fraudEZ-R Stats, LLC Session agenda - 1 Introduction and the Process for Managing the Business Risk of Fraud Introductions All Around Course Objectives Framework of risk management for fraud Fundamentals of data mining Data mining: The Engine That Drives analysis – Analytics and Regression Sources of Analytics Data Basic and Intermediate ARTs SAS 56 IIA Practice Advisory 2320 The Yellow Book (2007 revision) The Guide – “Managing the Business Risk of Fraud”

6 Managing the business risk of fraudEZ-R Stats, LLC Session Agenda (cont’d) – Sampling refresher Sampling The sampling process Sampling methods RAT-STATS – Random Numbers – Determining Sample Size – Case Study – Attribute sampling – Variable Sampling – Case study – Stratified Sampling – Obtaining and Interpreting the results Other Sampling Approaches DCAA Audit Package Sequential Sampling Overview of the process Attribute Sampling Variable Sampling

7 Managing the business risk of fraudEZ-R Stats, LLC Session Agenda (cont’d) – Linear regression as an audit tool Regression Analysis Overview Terms Statistical basis Charting Regression … Seeing Is Believing Plotting Data – Inserting a “Trend line” Statistical Intervals – Confidence Intervals – Prediction Intervals – Calculation of Statistical “Confidence Bounds” Case Study - Wake County Schools Bus Maintenance

8 Managing the business risk of fraudEZ-R Stats, LLC Session Agenda (cont’d) – Data mining, or How to test 100% Overview Statistical Basis Data Conversion and Extraction Data mining objectives – Classification – Trends – Identification of extremes – Major types of data analysis Numeric Date Text

9 Managing the business risk of fraudEZ-R Stats, LLC Session Agenda (cont’d) – Excel as an Analytics tool Macros Tools – Data Analysis The Macro facility – Adding a little “class” to your audit – VBA – “friend” or “foe”

10 Managing the business risk of fraudEZ-R Stats, LLC Handout (CD) CD with articles and software PowerPoint presentation More info at www.ezrstats.com

11 Managing the business risk of fraudEZ-R Stats, LLC “Cockroach” theory of auditing If you spot one roach….

12 Managing the business risk of fraudEZ-R Stats, LLC “Cockroach” theory of auditing There are probably 30 more that you don’t see…

13 Managing the business risk of fraudEZ-R Stats, LLC Statistics based “roach” hunting Many frauds coulda/woulda/shoulda been detected with analytics

14 Managing the business risk of fraudEZ-R Stats, LLC Overview Fraud patterns detectable with digital analysis Basis for digital analysis approach Usage examples Continuous monitoring Business analytics

15 Managing the business risk of fraudEZ-R Stats, LLC The Why and How Three brief examples ACFE/IIA/AICPA Guidance Paper Practice Advisory 2320-1 Auditors “Top 10” Process Overview Who, What, Why, When & Where Objective 1

16 Managing the business risk of fraudEZ-R Stats, LLC Example 1 Wake County Transportation Fraud Supplier Kickback – School Bus parts $5 million Jail sentences Period of years Objective 1a

17 Managing the business risk of fraudEZ-R Stats, LLC Too little too late Understaffed internal audit Software not used Data on multiple platforms Transaction volumes large Objective 1a

18 Managing the business risk of fraudEZ-R Stats, LLC Preventable Need structured, objective approach Let the data “talk to you” Need efficient and effective approach Objective 1a

19 Managing the business risk of fraudEZ-R Stats, LLC Regression Analysis Stepwise to find relationships – Forwards – Backwards Intervals – Confidence – Prediction Objective 1

20 Managing the business risk of fraudEZ-R Stats, LLC Data outliers Objective 1 Sometimes an “out and out Liar” But how do you detect it?

21 Managing the business risk of fraudEZ-R Stats, LLC Data Outliers Plot transportation costs vs. number of buses “Drill down” on costs – Preventive maintenance – Fuel – Inspection Objective 1

22 Managing the business risk of fraudEZ-R Stats, LLC Scatter plot with prediction and confidence intervals

23 Managing the business risk of fraudEZ-R Stats, LLC Cost of six types of AIDS drugs Example 2 Objective 1a

24 Managing the business risk of fraudEZ-R Stats, LLC Medicare HIV Infusion Costs Objective 1 CMS Report for 2005 South Florida - $2.2 Billion Rest of the country combined - $.1 Billion

25 Managing the business risk of fraudEZ-R Stats, LLC Pareto Chart Objective 1

26 Managing the business risk of fraudEZ-R Stats, LLC Typical Prescription Patterns Example 2 Objective 1a

27 Managing the business risk of fraudEZ-R Stats, LLC Prescriptions by Dr. X Example 2 Objective 1a

28 Managing the business risk of fraudEZ-R Stats, LLC Off-label use Serostim – Treat wasting syndrome, side effect of AIDS, OR – Used by body builders for recreational purposes – One physician prescribed $11.5 million worth (12% of the entire state) Example 2 Objective 1a

29 Managing the business risk of fraudEZ-R Stats, LLC Revenue trends Example 3 Objective 1a

30 Managing the business risk of fraudEZ-R Stats, LLC Dental Billings Example 3 Objective 1a

31 Managing the business risk of fraudEZ-R Stats, LLC Guidance Paper A proposed implementation approach “Managing the Business Risk of Fraud: A Practical Guide” http://tinyurl.com/3ldfza http://tinyurl.com/3ldfza Five Principles Fraud Detection Coordinated Investigation Approach Objective 1b

32 Managing the business risk of fraudEZ-R Stats, LLC Managing the Business Risk of Fraud: A Practical Guide ACFE, IIA and AICPA Exposure draft issued 11/2007, final 5/2008 Section 4 – Fraud Detection Objective 1b

33 Managing the business risk of fraudEZ-R Stats, LLC Guidance Paper Five Sections – Fraud Risk Governance – Fraud Risk Assessment – Fraud Prevention – Fraud Detection – Fraud Investigation and corrective action

34 Managing the business risk of fraudEZ-R Stats, LLC Risk Governance Fraud risk management program Written policy – management’s expectations regarding managing fraud risk

35 Managing the business risk of fraudEZ-R Stats, LLC Risk Assessment Periodic review and assessment of potential schemes and events Need to mitigate risk

36 Managing the business risk of fraudEZ-R Stats, LLC Fraud Prevention Establish prevention techniques Mitigate possible impact on the organization

37 Managing the business risk of fraudEZ-R Stats, LLC Fraud Detection Establish detection techniques for fraud “Back stop” where preventive measures fail, or Unmitigated risks are realized

38 Managing the business risk of fraudEZ-R Stats, LLC Fraud Investigation and Corrective Action Reporting process to solicit input on fraud Coordinated approach to investigation Use of corrective action

39 Managing the business risk of fraudEZ-R Stats, LLC “60 Minutes” – “World of Trouble” 2/15/09 – Scott Pelley – Fraud Risk Governance – “one grand wink-wink, nod-nod “ – Fraud Risk Assessment - categorically false – Fraud Prevention – “my husband passed away” – Fraud Detection - We didn't know? Never saw one. – Fraud Investigation and corrective action - Pick-A- Payment losses $36 billion

40 Managing the business risk of fraudEZ-R Stats, LLC Section 4 – Fraud Detection Detective Controls Process Controls Anonymous Reporting Internal Auditing Proactive Fraud Detection Objective 1b

41 Managing the business risk of fraudEZ-R Stats, LLC Proactive Fraud Detection Data Analysis to identify: – Anomalies – Trends – Risk indicators Objective 1b

42 Managing the business risk of fraudEZ-R Stats, LLC Fraud Detective Controls Operate in the background Not evident in everyday business environment These techniques usually – – Occur in ordinary course of business – Corroboration using external information – Automatically communicate deficiencies – Use results to enhance other controls

43 Managing the business risk of fraudEZ-R Stats, LLC Examples of detective controls Whistleblower hot-lines (DHHS and OSA have them) Process controls (Medicaid audits and edits) Proactive fraud detection procedures – Data analysis – Continuous monitoring – Benford’s Law

44 Managing the business risk of fraudEZ-R Stats, LLC Specific Examples Cited Journal entries – suspicious transactions Identification of relationships Benford’s Law Continuous monitoring Objective 1b

45 Managing the business risk of fraudEZ-R Stats, LLC Data Analysis enhances ability to detect fraud Identify hidden relationships Identify suspicious transactions Assess effectiveness of internal controls Monitor fraud threats Analyze millions of transactions Objective 1b

46 Managing the business risk of fraudEZ-R Stats, LLC Continuous Monitoring of Fraud Detection Organization should develop ongoing monitoring and measurements Establish measurement criteria (and communicate to Board) Measurable criteria include:

47 Managing the business risk of fraudEZ-R Stats, LLC Measurable Criteria – number of fraud allegations fraud investigations resolved Employees attending annual ethics course Whistle blower allegations Messages supporting ethical behavior delivered by executives Vendors signing ethical behavior standards

48 Managing the business risk of fraudEZ-R Stats, LLC Management ownership of each technique implemented Each process owner should: – Evaluate effectiveness of technique regularly – Adjust technique as required – Document adjustments – Report modifications needed for techniques which become less effective

49 Managing the business risk of fraudEZ-R Stats, LLC Practice Advisory 2320-1 Analysis and Evaluation International standards for the professional practice of Internal Auditing Analytical audit procedures – Efficient and effective – Useful in detecting Differences that are not expected Potential errors Potential irregularities

50 Managing the business risk of fraudEZ-R Stats, LLC Analytical Audit Procedures May include – Study of relationships – Comparison of amounts with similar information in the organization – Comparison of amounts with similar information in the industry

51 Managing the business risk of fraudEZ-R Stats, LLC Analytical audit procedures Performed using monetary amounts, physical quantities, ratios or percentages Ratio, trend and regression analysis Period to period comparisons Auditors should use analytical audit procedures in planning the engagement

52 Managing the business risk of fraudEZ-R Stats, LLC Factors to consider Significance of the area being audited Assessment of risk Adequacy of system of internal control Availability and reliability of information Extent to which procedures provide support for engagement results

53 Managing the business risk of fraudEZ-R Stats, LLC Peeling the Onion Fraud Items Possible Error Conditions Population as Whole Objective 1c

54 Managing the business risk of fraudEZ-R Stats, LLC Fraud Pattern Detection Target Group Round Numbers Benford’s Law GapsUnivariateDuplicatesDay of WeekHolidayTrend LineStratification Market Basket Objective 1d

55 Managing the business risk of fraudEZ-R Stats, LLC Digital Analysis (5W) Who What Why Where When Objective 1e A little about the basics of digital analysis….

56 Managing the business risk of fraudEZ-R Stats, LLC Who Uses Digital Analysis Traditionally, IT specialists With appropriate tools, audit generalists (CAATs) Growing trend of business analytics Essential component of continuous monitoring Objective 1e

57 Managing the business risk of fraudEZ-R Stats, LLC What - Digital Analysis Using software to: – Classify – Quantify – Compare Both numeric and non-numeric data Objective 1e

58 Managing the business risk of fraudEZ-R Stats, LLC How - Assessing fraud risk Basis is quantification Software can do the “leg work” Statistical measures of difference –C–Chi square –K–Kolmogorov-Smirnov –D–D-statistic Specific approaches Objective 1e

59 Managing the business risk of fraudEZ-R Stats, LLC Why - Advantages Automated process Handle large data populations Objective, quantifiable metrics Can be part of continuous monitoring Can produce useful business analytics 100% testing is possible Quantify risk Repeatable process Objective 1e

60 Managing the business risk of fraudEZ-R Stats, LLC Why - Disadvantages Costly (time and software costs) Learning curve Requires specialized knowledge Objective 1e

61 Managing the business risk of fraudEZ-R Stats, LLC When to Use Digital Analysis Traditional – intermittent (one off) Trend is to use it as often as possible Continuous monitoring Scheduled processing Objective 1e

62 Managing the business risk of fraudEZ-R Stats, LLC Where Is It Applicable? Any organization with data in digital format, and especially if: – Volumes are large – Data structures are complex – Potential for fraud exists Objective 1e

63 Managing the business risk of fraudEZ-R Stats, LLC Disadvantages of digital analysis Cost – Software – Training – Skills not widely available Time consuming – Development costs – Testing resources

64 Managing the business risk of fraudEZ-R Stats, LLC Objective 1 Summarized Three brief examples CFE Guidance Paper “Top 10” Metrics Process Overview Who, What, Why, When & Where Objective 1

65 Managing the business risk of fraudEZ-R Stats, LLC Objective 1 - Summarized Understand the framework for managing the business risk of fraud Plan, perform and explain statistical sampling in audits Reduce audit costs using data mining, sequential sampling and other sampling techniques Apply SAS 56, the new SAS suite and the revised (2007) Yellow Book. Run, hands-on, the most productive analytic technique (regression analysis). Use data mining to introduce greater efficiency into the audit process, without losing effectiveness. Next is plan, perform …

66 Managing the business risk of fraudEZ-R Stats, LLC Statistical Sampling Brief History / Timeline Overview Attribute Sampling – Compliance Variable Sampling – Numeric Estimates

67 Managing the business risk of fraudEZ-R Stats, LLC History of Sampling Basis is two laws/theorems of probability Law of Large Numbers Central Limit Theorem

68 Managing the business risk of fraudEZ-R Stats, LLC Law of large numbers

69 Managing the business risk of fraudEZ-R Stats, LLC Time Line - LLN Indian mathematician Bramagupta 600 AD Italian mathematician Cardon 1500’s Statement without proof that empirical statistics improve with more trials

70 Managing the business risk of fraudEZ-R Stats, LLC Time line LLN (continued) Jacob Bernoulli first to prove in 1713 Foundation for central limit theorem

71 Managing the business risk of fraudEZ-R Stats, LLC Central limit theorem Classic measure Mean of a sufficiently large number of random samples will be approximately normally distributed.

72 Managing the business risk of fraudEZ-R Stats, LLC The traditional explanation

73 Managing the business risk of fraudEZ-R Stats, LLC Central Limit Theorem See it in action today Any population Large number of samples Average is “normally” distributed

74 Managing the business risk of fraudEZ-R Stats, LLC History of Central Limit Theorem French mathematician Abraham de Moivre 1733 – approximate distribution from tossing coin (heads/tails) Ho hum reaction French Mathematician LaPlace – expanded it Ho hum reaction

75 Managing the business risk of fraudEZ-R Stats, LLC History of CLT (cont’d) Russian mathematician Lyapunov Proof in 1901 Same reaction

76 Managing the business risk of fraudEZ-R Stats, LLC Industrial revolution Manufacturing Engineering Excitement!

77 Managing the business risk of fraudEZ-R Stats, LLC Student’s T William Gosset - 1908 Guinness Brewery

78 Managing the business risk of fraudEZ-R Stats, LLC SAS 39 Effective June, 1983 Exposure draft for revision in 2009

79 Managing the business risk of fraudEZ-R Stats, LLC Attribute sampling Buonaccorsi (1987) Refined calculations Few software packages use it

80 Managing the business risk of fraudEZ-R Stats, LLC Overview Sample size calculations Attribute sampling Variable sampling Random number generators

81 Managing the business risk of fraudEZ-R Stats, LLC Sample size calculation It’s a guess… Every package – different answer Need to know the population But that’s why you’re taking a sample!

82 Managing the business risk of fraud using sampling and data mining EZ-R Stats, LLC Attribute Sampling Using RAT-STATS Unrestricted populations

83 Managing the business risk of fraudEZ-R Stats, LLC Session Objectives 1. Understand what is attribute sampling and when to use it 2. Understand unrestricted populations 3. Overview of the process using RAT-STATS 4. Understand the formula behind the computations

84 Managing the business risk of fraudEZ-R Stats, LLC Attribute sampling “Attribute” Compliance testing Signatures on approval documents, attachment of supporting documentation, etc.

85 Managing the business risk of fraudEZ-R Stats, LLC Statistical approach Recommended Economical Efficient Requires determination of a sample size

86 Managing the business risk of fraudEZ-R Stats, LLC Overview of process Determine the sampling objective – Confidence – Precision Determine required sample size Identify samples to be selected based upon random numbers Pull the sample and test Compute the sampling results (i.e. estimate of range)

87 Managing the business risk of fraudEZ-R Stats, LLC How this is done in RAT-STATS The sampling parameters are first developed by the auditor RAT-STATS is used to compute sample size RAT-STATS used to generate random numbers Pull the sample and test Enter results in RAT-STATS to compute estimates

88 Managing the business risk of fraudEZ-R Stats, LLC Step 1 – Develop sampling parameters 1. Size of population 2. Expected error rate 3. Required confidence 4. Required precision

89 Managing the business risk of fraudEZ-R Stats, LLC Step 2 – Obtain the random numbers Done by entering info into RAT-STATS Output can be a variety of sources: – Text File – Excel – Microsoft Access – Print File

90 Managing the business risk of fraudEZ-R Stats, LLC Step 3 – Pull the sample Each random number selected corresponds with an item Put the selected item on a separate schedule

91 Managing the business risk of fraudEZ-R Stats, LLC Step 4 - Test each selected item Generally requires reviewing documents

92 Managing the business risk of fraudEZ-R Stats, LLC Step 5 – Compute the results Enter summary information into RAT-STATS Output can be in a variety of formats: – Excel – Microsoft Access – Text File – Print File – Printer

93 Managing the business risk of fraudEZ-R Stats, LLC That’s It! Now we’ll see an actual demo using the RAT-STATS software Excel population of 5,000 invoices Results of test of attributes stored in the worksheet

94 Managing the business risk of fraud using sampling and data mining EZ-R Stats, LLC Variable Sampling Using RAT-STATS Unrestricted populations

95 Managing the business risk of fraudEZ-R Stats, LLC Session Objectives 1. Understand what variable sampling is and when to use it 2. Understand unrestricted populations 3. Overview of the process using RAT- STATS 4. Understand the formula behind the computations

96 Managing the business risk of fraudEZ-R Stats, LLC Variable sampling “Variable” Estimating account balances Estimating transaction totals

97 Managing the business risk of fraudEZ-R Stats, LLC Statistical approach Recommended Economical Efficient Requires determination of a sample size

98 Managing the business risk of fraudEZ-R Stats, LLC Overview of process Determine the sampling objective – Confidence – Precision Determine required sample size Identify samples to be selected based upon random numbers Pull the sample and test Compute the sampling results (i.e. estimate of range)

99 Managing the business risk of fraudEZ-R Stats, LLC How this is done in RAT-STATS The sampling parameters are first developed by the auditor RAT-STATS is used to compute sample size RAT-STATS used to generate random numbers Pull the sample and test Enter results in RAT-STATS to compute estimates

100 Managing the business risk of fraudEZ-R Stats, LLC Step 1 – Develop sampling parameters 1. Probe sample 2. Statistical measure 3. Excel formula

101 Managing the business risk of fraudEZ-R Stats, LLC Step 1 – Develop sampling parameters 1. Size of population 2. Average value 3. Standard deviation

102 Managing the business risk of fraudEZ-R Stats, LLC Step 2 – Obtain the random numbers Done by entering info into RAT-STATS Output can be a variety of sources: – Text File – Excel – Microsoft Access – Print File

103 Managing the business risk of fraudEZ-R Stats, LLC Step 3 – Pull the sample Each random number selected corresponds with an item Put the selected item on a separate schedule

104 Managing the business risk of fraudEZ-R Stats, LLC Step 4 - Test each selected item Generally requires reviewing documents Example data contains both “examined” and “audited” value.

105 Managing the business risk of fraudEZ-R Stats, LLC Step 5 – Compute the results Enter summary information into RAT-STATS Output can be in a variety of formats: – Excel – Microsoft Access – Text File – Print File – Printer

106 Managing the business risk of fraudEZ-R Stats, LLC That’s It! Now we’ll see an actual demo using the RAT-STATS software Excel population of 5,000 invoices Audited values stored in the worksheet

107 Managing the business risk of fraud using sampling and data mining EZ-R Stats, LLC Attribute Sampling Using RAT-STATS Stratified populations

108 Managing the business risk of fraudEZ-R Stats, LLC Session Objectives 1. Understand what is stratification and when to use it 2. Overview of the process using RAT-STATS

109 Managing the business risk of fraudEZ-R Stats, LLC Stratified sampling “Strata” Homogenous More efficient in some instances

110 Managing the business risk of fraudEZ-R Stats, LLC Overview of process Separation into strata Determine the sampling objective – Confidence – Precision Determine required sample size Identify samples to be selected based upon random numbers Pull the sample and test Compute the sampling results (i.e. estimate of range)

111 Managing the business risk of fraudEZ-R Stats, LLC How this is done in RAT-STATS The sampling parameters are first developed by the auditor RAT-STATS is used to compute sample size RAT-STATS used to generate random numbers Pull the sample and test Enter results in RAT-STATS to compute estimates

112 Managing the business risk of fraudEZ-R Stats, LLC Step 1 – Develop sampling parameters 1. Size of population 2. Expected error rate 3. Required confidence 4. Required precision

113 Managing the business risk of fraudEZ-R Stats, LLC Step 2 – Obtain the random numbers Done by entering info into RAT-STATS Output can be a variety of sources: – Text File – Excel – Microsoft Access – Print File

114 Managing the business risk of fraudEZ-R Stats, LLC Step 3 – Pull the sample Each random number selected corresponds with an item Put the selected item on a separate schedule

115 Managing the business risk of fraudEZ-R Stats, LLC Step 4 - Test each selected item Generally requires reviewing documents

116 Managing the business risk of fraudEZ-R Stats, LLC Step 5 – Compute the results Enter summary information into RAT-STATS Output can be in a variety of formats: – Excel – Microsoft Access – Text File – Print File – Printer

117 Managing the business risk of fraudEZ-R Stats, LLC That’s It! Now we’ll see an actual demo using the RAT-STATS software Excel population of 5,000 invoices Results of test of attributes stored in the worksheet

118 Managing the business risk of fraud using sampling and data mining EZ-R Stats, LLC Variable Sampling Using RAT-STATS Stratified populations

119 Managing the business risk of fraudEZ-R Stats, LLC Session Objectives 1. Understand what stratified sampling is and when to use it 2. Populations benefiting from stratified sampling 3. Overview of the process using RAT- STATS 4. Understand the formula behind the computations

120 Managing the business risk of fraudEZ-R Stats, LLC Stratified variable sampling “Stratified” “Variable” Estimating amounts Narrower standard deviation

121 Managing the business risk of fraudEZ-R Stats, LLC Overview of process Determine the sampling objective – Confidence – Precision Determine required sample size Identify samples to be selected based upon random numbers Pull the sample and test Compute the sampling results (i.e. estimate of range)

122 Managing the business risk of fraudEZ-R Stats, LLC How this is done in RAT-STATS The sampling parameters are first developed by the auditor RAT-STATS is used to compute sample size RAT-STATS used to generate random numbers Pull the sample and test Enter results in RAT-STATS to compute estimates

123 Managing the business risk of fraudEZ-R Stats, LLC Step 1 – Develop sampling parameters 1. Probe sample 2. Statistical measure 3. Excel formula

124 Managing the business risk of fraudEZ-R Stats, LLC Step 1 – Develop sampling parameters 1. Number of strata 2. Size of population 3. Average value 4. Standard deviation

125 Managing the business risk of fraudEZ-R Stats, LLC Step 2 – Obtain the random numbers Done by entering info into RAT-STATS Multi-stage random numbers Output can be a variety of sources: – Text File – Excel – Microsoft Access – Print File

126 Managing the business risk of fraudEZ-R Stats, LLC Step 3 – Pull the sample Each random number selected corresponds with an item in a strata Put the selected item on a separate schedule

127 Managing the business risk of fraudEZ-R Stats, LLC Step 4 - Test each selected item Generally requires reviewing documents Example data contains both “examined” and “audited” value.

128 Managing the business risk of fraudEZ-R Stats, LLC Step 5 – Compute the results Enter summary information into RAT-STATS Output can be in a variety of formats: – Excel – Microsoft Access – Text File – Print File – Printer

129 Managing the business risk of fraudEZ-R Stats, LLC That’s It! Now we’ll see an actual demo using the RAT-STATS software Excel population of 5,000 invoices Divided into three strata Audited values stored in the worksheet

130 Managing the business risk of fraudEZ-R Stats, LLC Objective 2 - Summarized Understand the framework for managing the business risk of fraud Plan, perform and explain statistical sampling in audits Reduce audit costs using data mining, sequential sampling and other sampling techniques Apply SAS 56, the new SAS suite and the revised (2007) Yellow Book. Run, hands-on, the most productive analytic technique (regression analysis). Use data mining to introduce greater efficiency into the audit process, without losing effectiveness. Next is cost reduction …

131 Managing the business risk of fraudEZ-R Stats, LLC Techniques for cost reduction Optimize sample size (most “bang” for the buck) Skip sampling – review 100% of transactions using computer assisted audit techniques (CAATs)

132 Managing the business risk of fraudEZ-R Stats, LLC Sample optimization Sequential sampling

133 Managing the business risk of fraudEZ-R Stats, LLC University of Hawaii Banana aphids

134 Managing the business risk of fraudEZ-R Stats, LLC Sequential sampling Banana aphids

135 Managing the business risk of fraudEZ-R Stats, LLC 100% test using CAATs Provides complete coverage Best practice Basis for continuous monitoring Repeatable process

136 Managing the business risk of fraudEZ-R Stats, LLC Objective 3 - Summarized Understand the framework for managing the business risk of fraud Plan, perform and explain statistical sampling in audits Reduce audit costs using data mining, sequential sampling and other sampling techniques Apply SAS 56, the new SAS suite and the revised (2007) Yellow Book. Run, hands-on, the most productive analytic technique (regression analysis). Use data mining to introduce greater efficiency into the audit process, without losing effectiveness. Next is Yellow Book and SAS 56 …

137 Managing the business risk of fraudEZ-R Stats, LLC Yellow book standards Standards regarding statistical sampling and IT

138 Managing the business risk of fraudEZ-R Stats, LLC General standards 3.43 Technical Knowledge and competence “The staff assigned to conduct an audit or attestation engagement under GAGAS must collectively possess the technical knowledge, skills, and experience necessary to be competent for the type of work being performed before beginning work on that assignment. The staff assigned to a GAGAS audit or attestation engagement should collectively possess: “

139 Managing the business risk of fraudEZ-R Stats, LLC Stat sampling and IT Skills appropriate for the work being performed. For example, staff or specialist skills in (1) statistical sampling if the work involves use of statistical sampling; (2) information technology

140 Managing the business risk of fraudEZ-R Stats, LLC SAS 56 – Analytical procedures Requires use of analytic review procedures for: Audit planning Overall review stages

141 Managing the business risk of fraudEZ-R Stats, LLC SAS 56 – Analytical Review Encourages use of analytical review Provides guidance “A wide variety of analytical procedures may be useful for this purpose.”

142 Managing the business risk of fraudEZ-R Stats, LLC Objective 4 - Summarized Understand the framework for managing the business risk of fraud Plan, perform and explain statistical sampling in audits Reduce audit costs using data mining, sequential sampling and other sampling techniques Apply SAS 56, the new SAS suite and the revised (2007) Yellow Book. Run, hands-on, the most productive analytic technique (regression analysis). Use data mining to introduce greater efficiency into the audit process, without losing effectiveness. Next is linear regression …

143 Managing the business risk of fraudEZ-R Stats, LLC Next Metric 1. Outliers 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates

144 Managing the business risk of fraudEZ-R Stats, LLC Trend Busters Does the pattern make sense? 7 - Trends

145 Managing the business risk of fraudEZ-R Stats, LLC Trend Busters Linear regression Sales are up, but cost of goods sold is down “Spikes” 7 – Trends

146 Managing the business risk of fraudEZ-R Stats, LLC Purpose / Type of Errors Identify trend lines, slopes, etc. Correlate trends Identify anomalies Key punch errors where amount is order of magnitude 7 – Trends

147 Managing the business risk of fraudEZ-R Stats, LLC Linear Regression Test relationships (e.g. invoice amount and sales tax) Perform multi-variable analysis 7 – Trends

148 Managing the business risk of fraudEZ-R Stats, LLC How is it done? Estimate linear trends using “best fit” Measure variability (standard errors) Measure slope Sort descending by slope, variability, etc. 7 – Trends

149 Managing the business risk of fraudEZ-R Stats, LLC Trend Lines by Account - Example Results Generally the trend is gently sloping up, but two accounts (43870 and 54630) are different. AccountNSlopeStd Err 32451181.2300.87 43517171.0704.3 32451271.0230.85 43517321.0100.36 43870230.3402.36 5463056-0.5601.89 7 – Trends

150 Managing the business risk of fraudEZ-R Stats, LLC Scatter plot with prediction and confidence intervals

151 Managing the business risk of fraudEZ-R Stats, LLC Objective 5 - Summarized Understand the framework for managing the business risk of fraud Plan, perform and explain statistical sampling in audits Reduce audit costs using data mining, sequential sampling and other sampling techniques Apply SAS 56, the new SAS suite and the revised (2007) Yellow Book. Run, hands-on, the most productive analytic technique (regression analysis). Use data mining to introduce greater efficiency into the audit process, without losing effectiveness. Next is data mining …

152 Managing the business risk of fraudEZ-R Stats, LLC Basis for Pattern Detection Analytical review Isolate the “significant few” Detection of errors Quantified approach Objective 6

153 Managing the business risk of fraudEZ-R Stats, LLC Understanding the Basis Quantified Approach Population vs. Groups Measuring the Difference Stat 101 – Counts, Totals, Chi Square and K-S The metrics used Objective 2

154 Managing the business risk of fraudEZ-R Stats, LLC Quantified Approach Based on measureable differences Population vs. Group “Shotgun” technique Objective 2a

155 Managing the business risk of fraudEZ-R Stats, LLC Detection of Fraud Characteristics Something is different than expected Objective 2a

156 Managing the business risk of fraudEZ-R Stats, LLC Fraud patterns Common theme – “something is different” Groups Group pattern is different than overall population Objective 2b

157 Managing the business risk of fraudEZ-R Stats, LLC Measurement Basis Transaction counts Transaction amounts Objective 2c

158 Managing the business risk of fraudEZ-R Stats, LLC A few words about statistics (the “s” word) Detailed knowledge of statistics not necessary Software packages do the “number- crunching” Statistics used only to highlight potential errors/frauds Not used for quantification Objective 2d

159 Managing the business risk of fraudEZ-R Stats, LLC How is digital analysis done? Comparison of group with population as a whole Can be based on either counts or amounts Difference is measured Groups can then be ranked using a selected measure High difference = possible error/fraud Objective 2d

160 Managing the business risk of fraudEZ-R Stats, LLC Demo in Excel of the process Based roughly on the Wake County Transportation fraud Illustrates how the process works, using Excel

161 Managing the business risk of fraudEZ-R Stats, LLC Histograms Attributes tallied and categorized into “bins” Counts or sums of amounts Objective 2d

162 Managing the business risk of fraudEZ-R Stats, LLC Two histograms obtained Population and group Objective 2d

163 Managing the business risk of fraudEZ-R Stats, LLC Compute Cumulative Amount for each Objective 2d

164 Managing the business risk of fraudEZ-R Stats, LLC Are the histograms different? Two statistical measures of difference Chi Squared (counts) K-S (distribution) Both yield a difference metric Objective 2d

165 Managing the business risk of fraudEZ-R Stats, LLC Chi Squared Classic test on data in a table Answers the question – are the rows/columns different Some limitations on when it can be applied Objective 2d

166 Managing the business risk of fraudEZ-R Stats, LLC Chi Squared Table of Counts Degrees of Freedom Chi Squared Value P-statistic Computationally intensive Objective 2d

167 Managing the business risk of fraudEZ-R Stats, LLC Kolmogorov-Smirnov Two Russian mathematicians Comparison of distributions Metric is the “d-statistic” Objective 2d

168 Managing the business risk of fraudEZ-R Stats, LLC How is K-S test done? Four step process 1. For each cluster element determine percentage 2. Then calculate cumulative percentage 3. Compare the differences in cumulative percentages 4. Identify the largest difference Objective 2d

169 Managing the business risk of fraudEZ-R Stats, LLC Kolmogorov-Smirnov Objective 2d - KS

170 Managing the business risk of fraudEZ-R Stats, LLC Classification by metrics Stratification Day of week Happens on holiday Round numbers Variability Benford’s Law Trend lines Relationships (market basket) Gaps Duplicates Objective 2e

171 Managing the business risk of fraudEZ-R Stats, LLC Auditor’s “Top 10” Metrics 1. Outliers / Variability 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates Objective e

172 Managing the business risk of fraudEZ-R Stats, LLC Understanding the Basis Quantified Approach Population vs. Groups Measuring the Difference Stat 101 – Counts, Totals, Chi Square and K-S The metrics used Objective 2

173 Managing the business risk of fraudEZ-R Stats, LLC Objective 2 - Summarized 1. Understand why and how 2. Understand statistical basis for quantifying differences 3. Identify ten general tools and techniques 4. Understand examples done using Excel 5. How pattern detection fits in Next are the metrics …

174 Managing the business risk of fraudEZ-R Stats, LLC It’s that time! Session Break!

175 Managing the business risk of fraudEZ-R Stats, LLC The “Top 10” Metrics Overview Explain Each Metric Examples of what it can detect How to assess results Objective 3

176 Managing the business risk of fraudEZ-R Stats, LLC Trapping anomalies Objective 3

177 Managing the business risk of fraudEZ-R Stats, LLC Fraud Pattern Detection Target Group Round Numbers Benford’s Law GapsUnivariateDuplicatesDay of WeekHolidayTrend LineStratification Market Basket Objective 3

178 Managing the business risk of fraudEZ-R Stats, LLC Outliers / Variability Outliers are amounts which are significantly different from the rest of the population 1 - Outliers

179 Managing the business risk of fraudEZ-R Stats, LLC Outliers / Variability Charting (visual) Software to analyze “z-scores” Top and Bottom 10, 20 etc. High and low variability (coefficient of variation) 1 - Outliers

180 Managing the business risk of fraudEZ-R Stats, LLC Drill down to the group level Basic statistics – Minimum, maximum and average – Variability Sort by statistic of interest – Variability (coefficient of variation) – Maximum, etc. 1 - Outliers

181 Managing the business risk of fraudEZ-R Stats, LLC Example Results ProviderNCoeff Var 34784213,243342.23 23567214,53687.23 35467893,42123.25 54631222,31118.54 Two providers (3478421 and 2356721) had significantly more variability in the amounts of their claims than all the rest. 1 - Outliers

182 Managing the business risk of fraudEZ-R Stats, LLC Next Metric 1. Outliers 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates

183 Managing the business risk of fraudEZ-R Stats, LLC Unusual stratification patterns Do you know how your data looks? 2 - Stratification

184 Managing the business risk of fraudEZ-R Stats, LLC Stratification - How Charting (visual) Chi Squared Kolmogorov-Smirnov By groups 2 - Stratification

185 Managing the business risk of fraudEZ-R Stats, LLC Purpose / types of errors Transactions out of the ordinary “Up-coding” insurance claims “Skewed” groupings Based on either count or amount 2 – Stratification

186 Managing the business risk of fraudEZ-R Stats, LLC The process? 1. Stratify the entire population into “bins” specified by auditor 2. Same stratification on each group (e.g. vendor) 3. Compare the group tested to the population 4. Obtain measure of difference for each group 5. Sort descending on difference measure 2 – Stratification

187 Managing the business risk of fraudEZ-R Stats, LLC Units of Service Stratified - Example Results Two providers (2735211 and 4562134) are shown to be much different from the overall population (as measured by Chi Square). ProviderNChi SqD-stat 27352116,0117,4530.8453 45621348,9135,2340.7453 43210893,4103420.5231 42378692,5032980.4632 2 – Stratification

188 Managing the business risk of fraudEZ-R Stats, LLC Next Metric 1. Outliers 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates

189 Managing the business risk of fraudEZ-R Stats, LLC Day of Week Activity on weekdays Activity on weekends Peak activity mid to late week 3 – Day of Week

190 Managing the business risk of fraudEZ-R Stats, LLC Purpose / Type of Errors Identify unusually high/low activity on one or more days of week Dentist who only handled Medicaid on Tuesday Office is empty on Friday 3 – Day of Week

191 Managing the business risk of fraudEZ-R Stats, LLC How it is done? Programmatically check entire population Obtain counts and sums by day of week (1-7) Prepare histogram For each group do the same procedure Compare the two histograms Sort descending by metric (chi square/d- stat)

192 Managing the business risk of fraudEZ-R Stats, LLC Day of Week - Example Results Provider 2735211 only provided service for Medicaid on Tuesdays. Provider 4562134 was closed on Thursdays and Fridays. ProviderNChi SqD-stat 27352115,40412,4350.9802 45621345,1827,7460.8472 43210895,162870.321 42378697,905560.2189 3 – Day of Week

193 Managing the business risk of fraudEZ-R Stats, LLC Next Metric 1. Outliers 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates

194 Managing the business risk of fraudEZ-R Stats, LLC Round Numbers It’s about…. Estimates! 4 – Round Numbers

195 Managing the business risk of fraudEZ-R Stats, LLC Purpose / Type of Errors Isolate estimates Highlight account numbers in journal entries with round numbers Split purchases (“under the radar”) Which groups have the most estimates 4 – Round Numbers

196 Managing the business risk of fraudEZ-R Stats, LLC Round numbers Classify population amounts –$–$1,375.23 is not round –$–$5,000 is a round number – type 3 (3 zeros) –$–$10,200 is a round number type 2 (2 zeros) Quantify expected vs. actual (d-statistic) Generally represents an estimate Journal entries 4 – Round Numbers

197 Managing the business risk of fraudEZ-R Stats, LLC Round Numbers in Journal Entries - Example Results Two accounts, 2735211 and 4562134 have significantly more round number postings than any other posting account in the journal entries. AccountNChi SqD-stat 27352114,13654,6370.9802 456213483335,3240.97023 43210898,3187680.321 42378699,5495460.2189 4 – Round Numbers

198 Managing the business risk of fraudEZ-R Stats, LLC Next Metric 1. Outliers 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates

199 Managing the business risk of fraudEZ-R Stats, LLC Made up Numbers Curb stoning Imaginary numbers Benford’s Law 5 – Made up numbers

200 Managing the business risk of fraudEZ-R Stats, LLC What can be detected Made up numbers – e.g. falsified inventory counts, tax return schedules 5 – Made Up Numbers

201 Managing the business risk of fraudEZ-R Stats, LLC Benford’s Law using Excel Basic formula is “=log(1+(1/N))” Workbook with formulae available at http://tinyurl.com/4vmcfs http://tinyurl.com/4vmcfs Obtain leading digits using “Left” function, e.g. left(Cell,1) 5 – Made Up Numbers

202 Managing the business risk of fraudEZ-R Stats, LLC Made up numbers Benford’s Law Check Chi Square and d-statistic First 1,2,3 digits Last 1,2 digits Second digit Sources for more info 5 – Made Up Numbers

203 Managing the business risk of fraudEZ-R Stats, LLC How is it done? Decide type of test – (first 1-3 digits, last 1-2 digit etc) For each group, count number of observations for each digit pattern Prepare histogram Based on total count, compute expected values For the group, compute Chi Square and d-stat Sort descending by metric (chi square/d- stat) 5 – Made Up Numbers

204 Managing the business risk of fraudEZ-R Stats, LLC Invoice Amounts tested with Benford’s law - Example Results During tests of invoices by store, two stores, 324 and 563 have significantly more differences than any other store as measured by Benford’s Law. StoreHi DigitChi SqD-stat 324795,2340.9802 563894,7350.97023 432234760.321 217743120.2189 5 – Made Up Numbers

205 Managing the business risk of fraudEZ-R Stats, LLC Next Metric 1. Outliers 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates

206 Managing the business risk of fraudEZ-R Stats, LLC Market Basket Medical “Ping ponging” Pattern associations Apriori program References at end of slides Apriori – Latin a (from) priori (former) Deduction from the known 6 – Market Basket

207 Managing the business risk of fraudEZ-R Stats, LLC Purpose / Type of Errors Unexpected patterns and associations Based on “market basket” concept Unusual combinations of diagnosis code on medical insurance claim 6 – Market basket

208 Managing the business risk of fraudEZ-R Stats, LLC Market Basket JE Accounts JE Approvals Credit card fraud in Japan – taxi and ATM 6 – Market basket

209 Managing the business risk of fraudEZ-R Stats, LLC How is it done? First, identify groups, e.g. all medical providers for a patient Next, for each provider, assign a unique integer value Create a text file containing the values Run “apriori” analysis 6 – Market basket

210 Managing the business risk of fraudEZ-R Stats, LLC Apriori outputs For each unique value, probability of other values If you see Dr. Jones, you will also see Dr. Smith (80% probability) If you see a JE to account ABC, there will also an entry to account XYZ (30%) 6 – Market basket

211 Managing the business risk of fraudEZ-R Stats, LLC Next Metric 1. Outliers 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates

212 Managing the business risk of fraudEZ-R Stats, LLC Numeric Sequence Gaps What’s there is interesting, what’s not there is critical … 8 - Gaps

213 Managing the business risk of fraudEZ-R Stats, LLC Purpose / Type of Errors Missing documents (sales, cash, etc.) Inventory losses (missing receiving reports) Items that “walked off” 8 – Gaps

214 Managing the business risk of fraudEZ-R Stats, LLC How is it done? Check any sequence of numbers supposed to be complete, e.g. Cash receipts Sales slips Purchase orders 8 – Gaps

215 Managing the business risk of fraudEZ-R Stats, LLC Gaps Using Excel Excel – sort and check Excel formula Sequential numbers and dates 8 – Gaps

216 Managing the business risk of fraudEZ-R Stats, LLC Gap Testing - Example Results Four check numbers are missing. StartEndMissing 10789107911 12523125262 17546175481 8 – Gaps

217 Managing the business risk of fraudEZ-R Stats, LLC Next Metric 1. Outliers 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates

218 Managing the business risk of fraudEZ-R Stats, LLC Duplicates Why is there more than one? Same, Same, Same, and Same, Same, Different 9 - Duplicates

219 Managing the business risk of fraudEZ-R Stats, LLC Two types of (related) tests Same items – same vendor, same invoice number, same invoice date, same amount Different items – same employee name, same city, different social security number 9 – Duplicates

220 Managing the business risk of fraudEZ-R Stats, LLC Duplicate Payments High payback area “Fuzzy” logic Overriding software controls 9 - Duplicates

221 Managing the business risk of fraudEZ-R Stats, LLC Fuzzy matching with software Levenshtein distance Soundex “Like” clause in SQL Regular expression testing in SQL Vendor/employee situations Russian physicist 9 - Duplicates

222 Managing the business risk of fraudEZ-R Stats, LLC How is it done? First, sort file in sequence for testing Compare items in consecutive rows Extract exceptions for follow-up 9 - Duplicates

223 Managing the business risk of fraudEZ-R Stats, LLC Possible Duplicates - Example Results Five invoices may be duplicates. VendorInvoice Date Invoice AmountCount 102456/15/20073,544.784 102458/31/20072,010.372 175462/12/20071,500.002 9 - Duplicates

224 Managing the business risk of fraudEZ-R Stats, LLC Next Metric 1. Outliers 2. Stratification 3. Day of Week 4. Round Numbers 5. Made Up Numbers 6. Market basket 7. Trends 8. Gaps 9. Duplicates 10. Dates

225 Managing the business risk of fraudEZ-R Stats, LLC Date Checking If we’re closed, why is there … Adjusting journal entry? Receiving report? Payment issued? 10 - Dates

226 Managing the business risk of fraudEZ-R Stats, LLC Holiday Date Testing Red Flag indicator 10 – Dates

227 Managing the business risk of fraudEZ-R Stats, LLC Date Testing challenges Difficult to determine Floating holidays – Friday, Saturday, Sunday, Monday 10 – Dates

228 Managing the business risk of fraudEZ-R Stats, LLC Typical audit areas Journal entries Employee expense reports Business telephone calls Invoices Receiving reports Purchase orders 10 – Dates

229 Managing the business risk of fraudEZ-R Stats, LLC Determination of Dates Transactions when business is closed Federal Office of Budget Management An excellent fraud indicator in some cases 10 – Dates

230 Managing the business risk of fraudEZ-R Stats, LLC Holiday Date Testing Identifying holiday dates: – Error prone – Tedious U.S. only 10 – Dates

231 Managing the business risk of fraudEZ-R Stats, LLC Federal Holidays Established by Law Ten dates Specific date (unless weekend), OR Floating holiday 10 – Dates

232 Managing the business risk of fraudEZ-R Stats, LLC Federal Holiday Schedule Office of Personnel Management Example of specific date – Independence Day, July 4 th (unless weekend) Example of floating date – Martin Luther King’s birthday (3 rd Monday in January) Floating – Thanksgiving – 4 th Thursday in November 10 – Dates

233 Managing the business risk of fraudEZ-R Stats, LLC How it is done? Programmatically count holidays for entire population For each group, count holidays Compare the two histograms (group and population) Sort descending by metric (chi square/d-stat) 10 – Dates

234 Managing the business risk of fraudEZ-R Stats, LLC Holiday Counts - Example Results Two employees (10245 and 32325) were “off the chart” in terms of expense amounts incurred on a Federal Holiday. Employee NumberNChi SqD-stat 10245375,2340.9802 32325234,7350.97023 17546184760.321 24135343120.2189 10 – Dates

235 Managing the business risk of fraudEZ-R Stats, LLC The “Top 10” Metrics Overview Explain Each Metric Examples of what it can detect How to assess results Objective 3

236 Managing the business risk of fraudEZ-R Stats, LLC Objective 3 - Summarized 1. Understand why and how 2. Understand statistical basis for quantifying differences 3. Identify ten general tools and techniques 4. Understand examples done using Excel 5. How pattern detection fits in Next – using Excel …

237 Managing the business risk of fraudEZ-R Stats, LLC Use of Excel Built-in functions Add-ins Macros Database access Objective 4

238 Managing the business risk of fraudEZ-R Stats, LLC Excel templates Variety of tests –R–Round numbers –B–Benford’s Law –O–Outliers –E–Etc. Objective 4

239 Managing the business risk of fraudEZ-R Stats, LLC Excel – Univariate statistics Work with Ranges =sum, =average, =stdevp =largest(Range,1), =smallest(Range,1) =min, =max, =count Tools | Data Analysis | Descriptive Statistics Objective 4

240 Managing the business risk of fraudEZ-R Stats, LLC Excel Histograms Tools | Data Analysis | Histogram Bin Range Data Range Objective 4

241 Managing the business risk of fraudEZ-R Stats, LLC Excel Gaps testing Sort by sequential value =if(thiscell-lastcell <> 1,thiscell-lastcell,0) Copy/paste special Sort Objective 4

242 Managing the business risk of fraudEZ-R Stats, LLC Detecting duplicates with Excel Sort by sort values =if testing =if(=and(thiscell=lastcell, etc.)) Objective 4

243 Managing the business risk of fraudEZ-R Stats, LLC Performing audit tests with macros Repeatable process Audit standardization Learning curve Streamlining of tests More efficient and effective Examples - http://ezrstats.com/Macros/home.html http://ezrstats.com/Macros/home.html Objective 4

244 Managing the business risk of fraudEZ-R Stats, LLC Using database audit software Many “built-in” functions right off the shelf with SQL Control totals Exception identification “Drill down” Quantification June 2008 article in the EDP Audit & Control Journal (EDPACS) “SQL as an audit tool” http://ezrstats.com/doc/SQL_As_An_Audit_Tool.pdf Objective 4

245 Managing the business risk of fraudEZ-R Stats, LLC Use of Excel Built-in functions Add-ins Macros Database access Objective 4

246 Managing the business risk of fraudEZ-R Stats, LLC Objective 4 - Summarized 1. Understand why and how 2. Understand statistical basis for quantifying differences 3. Identify ten general tools and techniques 4. Understand examples done using Excel 5. How Pattern Detection fits in Next – Fit …

247 Managing the business risk of fraudEZ-R Stats, LLC How Pattern Detection Fits In Business Analytics Fraud Pattern Detection Continuous monitoring Objective 5

248 Managing the business risk of fraudEZ-R Stats, LLC Where does Fraud Pattern Detection fit in? Business Analytics Fraud Pattern Detection Continuous fraud pattern detection Continuous Monitoring Right in the middle Objective 5

249 Managing the business risk of fraudEZ-R Stats, LLC Business Analytics Fraud analytics -> business analytics Business analytics -> fraud analytics Objective 5

250 Managing the business risk of fraudEZ-R Stats, LLC Role in Continuous Monitoring (CM) Fraud analytics can feed (CM) Continuous fraud pattern detection Use output from CM to tune fraud pattern detection Objective 5

251 Managing the business risk of fraudEZ-R Stats, LLC Objective 6 - Summarized Understand the framework for managing the business risk of fraud Plan, perform and explain statistical sampling in audits Reduce audit costs using data mining, sequential sampling and other sampling techniques Apply SAS 56, the new SAS suite and the revised (2007) Yellow Book. Run, hands-on, the most productive analytic technique (regression analysis). Use data mining to introduce greater efficiency into the audit process, without losing effectiveness.

252 Managing the business risk of fraudEZ-R Stats, LLC Links for more information Kolmogorov-Smirnov http://tinyurl.com/y49sec Benford’s Law http://tinyurl.com/3qapzuhttp://tinyurl.com/3qapzu Chi Square tests http://tinyurl.com/43nkdhhttp://tinyurl.com/43nkdh Continuous monitoring http://tinyurl.com/3pltdl http://tinyurl.com/3pltdl

253 Managing the business risk of fraudEZ-R Stats, LLC Market Basket Apriori testing for “ping ponging” Temple University http://tinyurl.com/5vax7r http://tinyurl.com/5vax7r Apriori program (“open source”) http://tinyurl.com/5qehd5 http://tinyurl.com/5qehd5 Article – “Medical ping ponging” http://tinyurl.com/5pzbh4 http://tinyurl.com/5pzbh4

254 Managing the business risk of fraudEZ-R Stats, LLC Excel macros used in auditing Excel as an audit software http://tinyurl.com/6h3ye7 http://tinyurl.com/6h3ye7 Selected macros - http://ezrstats.com/Macros/home.html http://ezrstats.com/Macros/home.html Spreadsheets forever - http://tinyurl.com/5ppl7t http://tinyurl.com/5ppl7t

255 Managing the business risk of fraudEZ-R Stats, LLC Questions?

256 Managing the business risk of fraudEZ-R Stats, LLC Contact info Phone: (919)-219-1622 E-mail: Mike.Blakley@ezrstats.com Mike.Blakley@ezrstats.com Blog: http://blog.ezrstats.comhttp://blog.ezrstats.com


Download ppt "Managing the business risk of fraud using sampling and data mining EZ-R Stats, LLC Managing the Business Risk of Fraud using Sampling and Data Mining Fall."

Similar presentations


Ads by Google