© 2015 Fair Isaac Corporation. Confidential. This presentation is provided for the recipient only and cannot be reproduced or shared without Fair Isaac Corporation’s express consent. Falcon ® Assurance Navigator Managing Risk in a World of Heightened Transparency & Scrutiny

© 2015 Fair Isaac Corporation. Confidential.2 Managing Risk in a World of Heightened Transparency & Scrutiny Overview  The Impact of Fraud (ACFE 2016)  Detection Challenges  Leveraging Technology  FICO Overview  Falcon Assurance Navigator

3© 2015 Fair Isaac Corporation. Confidential. The true cost of Fraud is incalculable Fraud, by its very nature, does not lend itself to being scientifically observed or measured in an accurate manner. One of the primary characteristics of fraud is that it is clandestine, or hidden; almost all fraud involves the attempted concealment of the crime ACFE Report to the Nations on Occupational Fraud & Abuse Survey participants estimated that the typical organization loses 5% of its annual revenue to fraud. Applied to the estimated 2014 Gross World Product($74.16 trillion), this figure translates to a potential total fraud loss of more than $3.7 trillion. The total loss caused by the cases in our study exceeded $6.3 billion, with an average loss per case of $2.7 million. The frauds lasted a median of 18 months before being detected.

4© 2015 Fair Isaac Corporation. Confidential. 3 Primary Categories of Occupational Fraud Asset misappropriations are those schemes in which the perpetrator steals or misuses an organization’s resources (83% of cases w/median loss of $125k) Corruption schemes involve the employee’s use of his or her influence in business transactions in a way that violates his or her duty to the employer for the purpose of obtaining a benefit for him- or herself or someone else (35.4% of cases w/median loss of $200k) Financial statement fraud schemes are those involving the intentional misstatement or omission of material information in the organization’s financial reports (10% of cases w/median loss of $975k). Asset Misappropriations include schemes such as skimming cash receipts, falsifying expense reports and forging company checks. Examples of corruption schemes include bribery, extortion and a conflict of interest. Common methods of fraudulent financial statement manipulation include recording fictitious revenues, concealing liabilities or expenses and artificially inflating reported assets.

5© 2015 Fair Isaac Corporation. Confidential. The Cost of Occupational Fraud The median loss for all schemes is approximately $150,000. Over one-fifth of the fraud schemes caused a loss to the victim organization of more than $1,000,000. Distribution of Losses Figure 2 shows the overall distribution of the dollar losses caused by the cases in our study; while approximately 54% caused less than $200,000 in damage, more than 23% resulted in a loss of at least $1 million.

© 2015 Fair Isaac Corporation. Confidential.6 Combating Fraud – “Laundry List” of Challenges Data quality challenges are rampant from just about every perspective Collusion/Corruption fraud is often masked in the data Analytics and thorough investigation required to detect fraud. Technical skills in the “business” and auditors not sufficient to detect anomalies. Reporting in ERP systems legendarily poor. Data is disparate and highly fragmented. Analytics is a different skill set entirely

© 2015 Fair Isaac Corporation. Confidential.7 Fraud, Waste & Abuse – “Technology” Approaches Business Rules – Policy/Expert driven (applying “filters”) Complex Rules – aggregating and matching historical data (e.g. splits, dups) Text analytics (utilizing free-text fields to enrich rules) Analytics (detecting patterns, maintaining profiles) OCR (attachments) Reporting & Visualizations

© 2015 Fair Isaac Corporation. Confidential.8 People, Process and Technology Technology Process People

9© 2015 Fair Isaac Corporation. Confidential. Profile The leader in analytic solutions for customer engagement Founded: 1956 NYSE: FICO Revenues: $789 million (fiscal 2014) Products and Services Scores and related analytic models Analytic applications for customer acquisition, service and security Tools for decision management Clients and Markets 10,000+ clients in 90+ countries Industry focus: Banking, insurance, retail, health care Recent Rankings #1 in services operations analytics (IDC)* #6 in worldwide analytics analytics software (IDC)* #7 in Business Intelligence, CPM and Analytic Applications (Gartner)** #26 in the FinTech 100 (American Banker) Offices 20+ offices worldwide, HQ in San Jose, California 2,900 employees Regional Hubs: San Rafael and San Diego (CA), New York, London, Birmingham (UK), Johannesburg, Milan, Moscow, Munich, Madrid, Istanbul, Sao Paulo, Bangalore, Beijing, Singapore FICO Overview *IDC, Worldwide Business Analytics Software Forecast and Vendor Shares, June **Gartner, Market Share Analysis: Business intelligence, Analytics and Performance Management, 2012,Dan Sommer & Bhavish Sood, May 7, 2013.

© 2015 Fair Isaac Corporation. Confidential.10 Deep experience Fraud SecurityCompliance Transaction Fraud Account Take-over Originations / Underwriting Retail Returns Healthcare Claims FWA P&C Claims FWA Benefits Fraud Procurement / Expense Mgmt. AML (and related compliance)

© 2015 Fair Isaac Corporation. Confidential.11 Technology Underpinning FICO ® Falcon ® Fraud Manager Percentage of the US payment cards covered by FICO fraud solutions Falcon introduced 90% Fraud Losses Banks participating in FICO’s fraud data consortium – driving insight and analytic innovation 9000 Active financial accounts protected by FICO worldwide – providing a global perspective 2.6B Average response time for fraud decisions rendered by FICO’s low- latency real-time engine 10ms

© 2015 Fair Isaac Corporation. Confidential.12 Stanford University Challenge Wanted analytics- driven system to internally identify misuse of funds in a timely manner. Transaction volume was too great to spot abusive spending. Needed to protect future grants awards with preventative financial controls. Challenge Wanted analytics- driven system to internally identify misuse of funds in a timely manner. Transaction volume was too great to spot abusive spending. Needed to protect future grants awards with preventative financial controls. Results Initial rollout occurring April, Over the next 12 months the solution will be enhanced with increased analytic complexity, reporting, and investigative workflows. Results Initial rollout occurring April, Over the next 12 months the solution will be enhanced with increased analytic complexity, reporting, and investigative workflows. Solution Diagnostic rules and analytics to monitor all transactions for indications of risk. Integrated case management and investigative tools. Applies Text Analyzer, Decision Modeler, DMP, and Strategy Director. Solution Diagnostic rules and analytics to monitor all transactions for indications of risk. Integrated case management and investigative tools. Applies Text Analyzer, Decision Modeler, DMP, and Strategy Director. Stanford University

© 2015 Fair Isaac Corporation. Confidential.13 Procure to pay analytics – a natural fit OMB Circular A-81: “The purpose of the Guidance is to streamline administrative burdens, and to strengthen oversight of federal funds to reduce fraud, waste, and abuse.”

© 2015 Fair Isaac Corporation. Confidential.14 What if you could continually monitor 100% of spend, including discretionary expenses, for indications of non-compliance or abuse?

© 2015 Fair Isaac Corporation. Confidential.15 Continuous monitoring – an evolution Data driven Risk assessment Transaction coverage Scope of analysis Audit responsiveness Comprehensive Continuous Proactive Judgment driven Samples Resource constrained Reactive Moving from…Moving towards…

© 2015 Fair Isaac Corporation. Confidential.16 Proactive audit readiness Employ a two-pronged approach: expert rules and advanced anomaly detection algorithms Review prioritized transactions based on data- driven risk assessments Monitor 100% of transactions across all phases of the procure to pay cycle Apply different risk criteria for federal awards and university funds

© 2015 Fair Isaac Corporation. Confidential.17 Solution Overview & Flow Source Rules Analytics Review Enhance Consume Disparate Data Create Objects Enriching Data, OCR & Text Analytics Create Objects Enriching Data, OCR & Text Analytics Patterns, Anomalies/ Outliers & Scoring Policy, Strategy, References, Risk & Scoring X X X X X X X ! Review & Decision Flagged Cases Escalation Reporting & Dashboard Frameworks Client ERP System i.Expense Reports ii.Purchase Reqs/Orders iii.Invoices iv.Purchase Cards v.Employees vi.Vendors vii.Attachments X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X

© 2015 Fair Isaac Corporation. Confidential.18 Back End Logical View

© 2015 Fair Isaac Corporation. Confidential.19 Assurance Navigator – FICO Technology Leverage

© 2015 Fair Isaac Corporation. Confidential.20 A dual-pronged analytical approach The impact of non-compliance with sponsored dollars far exceeds the impact of non-compliance with University dollars and policies. This distinction greatly affects the assignment of risk. Expert-driven, rules-based analytics that assess risk based on human judgment and internal audit expertise. Outlier detection algorithms that deliver an objective, prioritized assessment of risk based on an activity.

© 2015 Fair Isaac Corporation. Confidential.21 An extensive, modular approach Assesses appropriateness of expense items and maverick spend patterns (e.g., split transactions, excess spend across categories). Includes federal award restrictions such as alcohol and first-class flights. Identifies federal award expenses that circumvent procurement controls. Spots PO splits, missing documentation, recoded orders, and compares requisition dates to grant periods. Review Level 3 transaction details, expense types, merchant categories, justifications and transaction descriptions for compliance with university P-Card policies. Detect duplicate, recoded, and fraudulent invoices. Reviews spend categories requiring a PO and spots non-PO purchases tied to a federal award. T&E Reimbursement Procurement Purchasing Cards Invoices

© 2015 Fair Isaac Corporation. Confidential.22 Power of Scoring and Advance Analytics Scores rank order risk. Higher scores indicate greater severity of potential non-compliance. An evolution from rules to strictly data-driven scores occurs over time, run both in parallel. Algorithms require depth of transaction data as well as the resolution of prior cases (good vs. bad) to refine accuracy. Scores are elevated based on funding source and repeat offenders.

© 2015 Fair Isaac Corporation. Confidential.23 Unique Capabilities Specific strategies to comply with A-81 guidelines Continuous risk monitoring across the Procure to Pay cycle No sampling– evaluate all actions as they occur in the system. Focused analytics target the transactions and lines requiring review Reduce time per case and manual review volume Categorization Model built into the Case Manager Auto-updated scoring models detect repeat offenders Custom workflows link AP, Procurement and campus administrators.

© 2015 Fair Isaac Corporation. Confidential.24 Building a culture of strong fiscal stewardship Safeguard brand and reputation. Protect valuable sources of funding tied to University’s mission. Use data to develop leading-class internal controls framework Migrate from partial detection to comprehensive prevention Prepare for more sophisticated, data-driven audit strategies Reduce back-end thrash and turn staff into risk managers. Visualize outcomes and trends over time. Bake audit mindset into operations.