Anti-Fraud Trends and Analytics
Integrating anti-bribery & corruption analytics into
your compliance monitoring program
Meeting with Verizon
October 19, 2012
Components of an effective anti-fraud &
corruption compliance program
Setting the Proper Tone
Elements of
a successful
corporate
anti-fraud,
bribery and
corruption
program
Code of
Ethics
Fraud and
Corruption
Prevention
Policies
Communication
and Training
Proactive
Risk
Assessment
Controls
Monitoring
and Analytics
Reactive
Incident
Response
Plan
Management Ownership and Involvement
Anti-fraud, bribery
and corruption
key activities may
include
Page 2
►Review of fraud policies
and controls
►Industry benchmark of
anti-fraud programs
►Gap analysis
►Future state design
session
►Who owns fraud?
►Assess roles and
responsibilities
►Fraud and risk
committee formulation
►Customized training
►Corporate governance
►Corporate anti-fraud
road map
►FCPA / anti-bribery
assessments
►Fraud risk assessment
►Targeted anti-fraud analytics
►Anti-bribery and corruption
analytics
►M&A Due Diligence
►3rd Party Due Diligence
►3rd Party Risk profiling
►Conduct background checks
►Investigations
►Fraud response
planning
►Forensic data
analytics
►Discovery and
document review
How FCPA compliance & analytic overlaps
with key business processes
DOJ’s criteria for an FCPA violation:
1. Who
2. Corrupt Intent
3. Payment (or intent to pay)
4. Recipient
5. Business Purpose
EY maintains a library
of over 400 anti-fraud tests
around each fraud risk area.
Source: ACFE 2010 Report to the Nations On Occupational Fraud
Page 3
Start with the Fraud Tree
Different tools and methodologies are required to combat corruption
Fraud tree
Corruption
Conflicts
of
interest
Bribery and
corruption/
FCPA
Illegal
gratuities
Fraudulent statements
Bid-rigging/
procurement
Revenue
recognition
GAAP
Reserves
T&E
fraud
Theft of
data
Asset misappropriation
Cash
larceny
Page 4
Theft of
other assets
– inventory/
AR/
fixed assets
Fake
vendor
Payroll
fraud
Non
financial
Corruption is a key risk area
ACFE 2012 Report to the Nation
Median loss was $135,000 per incident.
EY Global Fraud Survey
•
39% of respondents say that bribery
& corruption practices occur
frequently in their countries
•
15% of CFOs surveyed said they
would be willing to make cash
payments to win business
•
20% of CFOs surveyed said that they
are willing to make
personal gifts to win
business
Source: ACFE 2010 Report to the Nations On Occupational Fraud
Page 5
Top corruption risk areas
Telcom company example
1. Vendor / employee conflicts of interest
2. FCPA
3. Travel & entertainment abuses
4. Overpaying local suppliers in other countries (kickback)
5. Kickback from a customer for free service
(high frequency, low impact)
Source: ACFE 2010 Report to the Nations On Occupational Fraud
Page 6
2011 Corruption Perceptions Index
Page 7
How is fraud detected?
Source: ACFE 2010 Report to the Nations On Occupational Fraud
2012 ACFE Report to the Nation on Occupational Fraud
Page 8
50% by tip
or accident
Forensic analytics maturity model
Beyond traditional “rules-based queries” – consider all four quadrants
Unstructured
Data
Structured
Data
Low
High
Matching, Grouping, Ordering,
Joining, Filtering
Anomaly Detection, Clustering
Risk Ranking
“Traditional” Rules-Based Queries & Analytics
Statistical-Based Analysis
Data visualization, Drill-down
into data, Text Mining
Keyword Search
Traditional Keyword Searching
High
Page 9
Detection Rate
Data Visualization & Text Mining
False Positive Rate
Low
Beyond “rules-based” tests
Beyond traditional matching, filtering and sorting algorithms,
EY integrates statistical, visual and text mining
techniques to identify patterns of high risk or
rogue employee activities.
Page 10
Common anti-fraud tests
1.
Payment stream analysis
►
2.
Vendor or subcontractor abuses
►
3.
Over limits, unusual expenses, miscellaneous/sundry expenses
Payroll
►
5.
Fictitious vendors, employee / vendor conflicts of interests,
Employee expenses and P-card expenditures
►
4.
Altered invoices, goods not received, duplicate invoices, inflated prices, excess quantities
purchased, requestor/approver conflicts
Ghost employees, unusual payments, no deductions/evaluations, direct deposit account
analysis
Bribery and corruption
►
Page 11
Bid rigging, conflicts of interest, contract compliance, kickbacks, payments to outside
consultants
Fraud detection analytics
Page 12
Focus on the payment text descriptions
What if you saw these terms used as justification for payments to third parties?
Nobody calls it “bribe expense”
“<blank>”
Government fee
Pay on behalf of
Special commission
Friend fee
Donation
Goodwill payment
One time payment
Consulting fee
Special payment
Commission to the customer
Team building expense
Volume contract incentive
Incentive payment
Processing fee
Page 13
Text Mining:“Disbursements Analysis”
Page 14
Travel & entertainment – an FCPA risk example
“Who entertained whom, where, what for and for how much?”
Page 15
Anti-Bribery & Corruption Analytics
Who said what, where and how much?
Page 16
Transaction Risk Scoring
Review breaches on
targeted analytics
Page 17
Filter by selected
analytics
Finding hidden money…
Duplicative payments to fictitious vendors
Different
Vendor ID
Similar names
Page 18
Same
Date
Exact
Same
Amount
Different
Invoice #
Some with same
address
Same Reference /
Job Code
Finding hidden money…
Salary & Payroll Abuse
Overtime abuse.
Test for billing more than a 40 hour work week
Page 19
Vendor / employee conflicts of interest
Vendor Master and Employee Master should not overlap.
Analysis of phone numbers and fuzzy address matches.
Page 20
New Research: Fraud Triangle & Behavioural
Analytics
Page 21
The Fraud Triangle¹
Applying theory to electronic communications
1. Donald R. Cressey's “Fraud Triangle” ; Incentive/Pressure, Opportunity and Rationalization are present when fraud exists. 1. Donald R. Cressey's
“Fraud Triangle” ; Incentive/Pressure, Opportunity and Rationalization are present when fraud exists.
Page 22
EY / ACFE library of ‘keywords’
(Over 3,000 terms in a over a dozen languages so far…)
Rationalization
Incentive/ Pressure
Opportunity
…I deserve it
…make the number
…special fees
…nobody will find out
…don’t let the auditor find out
…client side storage
…gray area
…don’t leave a trail
…off the books
…they owe it to me
…not comfortable
…cash advance
…everybody does it
…why are we doing this
…side commission
…fix it later
…pull out all the stops
…backdate
…the company can afford it
…do not volunteer information
…no inspection
…not hurting anyone
…want no part of this
…no receipt
…won’t miss it
…only a timing difference
…smooth earnings
…don’t get paid enough
…not ethical
…pull earnings forward
Page 23
Fraud Triangle analytics—calculation
Joint EY and ACFE Research Project
Page 24
Fraud Triangle Analytics – Research
Bribery Case
Keyword hits as a percentage of total emails
Incentive/Pressure Terms
Opportunity Terms
Rationalization Terms
Investigation timeframe, September 2006 to March 2007
Page 25
Interactive dashboard
Fraud Triangle Analytics – Interactive Dashboard
Page 26
Emotional Tone Analysis
Indentify “Derogatory”, “Surprised”, “Secretive”, “Worried” communications
Page 27
Emotional Tone Analysis
Ken Lay’s emails were “derogatory”, “confused” and “angry”
Page 28
Rogue employee analytics
Risk Scoring Model – peer stratification dashboard review
Peer Stratification
Dots represent clusters of high risk communications
that can be reviewed by clicking.
Detail-Level View
Page 29
Closing thoughts
►
Consider a pilot program, taking a risk-based approach
►
Consider developing an “anti-fraud” task force
►
Maintain and build a library of robust anti-fraud tests
►
Don’t overlook bribery and corruption—corruption is a hot
topic for global companies, especially in
telecommunications and global capital projects
►
This is not SOX testing and the same tools don’t apply!
Current global fraud landscape requires more proactive, targeted analytics,
beyond traditional “rules-based” tests
Page 30
Contacts
Vincent Walden
Ernst & Young LLP
Partner, Assurance Services
Fraud Investigation & Dispute Services
New York, NY
(212) 773-3643
vincent.walden@ey.com
Page 31
Bill Henderson
Ernst & Young LLP
Partner, Assurance Services
Fraud Investigation & Dispute Services
New York, NY
(212) 773-4389
william.henderson@ey.com