Chapter 1
Introduction to Fraud Data Analytics

The world's best auditor using the world's best audit program cannot detect fraud unless their sample includes a fraudulent transaction. This is why fraud data analytics (FDA) is so critical to the auditing profession.

How we use fraud data analytics largely depends on the purpose of the audit project. If the fraud data analytics is used in a whistle blower allegation, then the fraud data analytics plan is designed to refute or corroborate the allegation. If the fraud data analytics plan is used in a control audit, then the fraud data analytics would search for internal control compliance or internal control avoidance. If the fraud data analytics is used for fraud testing, then the fraud data analytics is used to search for a specific fraud scenario that is hidden in your database. This book is written for fraud auditors who want to integrate fraud testing into their audit program. The concepts are the same for fraud investigation and internal control avoidance—what changes is the scope and context of the audit project.

Interestingly, two of the most common questions heard in the profession are, “Which fraud data analytic routines should I use in my audit?” and, “What are the three fraud data analytics tests I should use in payroll or disbursements?” In one sense, there really is no way to answer these questions because they assume the fraud auditor knows what fraud scenario someone might be committing. In reality, we search for patterns commonly associated with a fraud scenario or we search for all the logical fraud scenario permutations associated with the applicable business system. In truth, real fraud data analytics is exhausting work.

I have always referred to fraud data analytics as code breaking. It is the auditor's job to search the database using a comprehensive approach consistent with the audit scope. So, the common question of which fraud data analytics routines should I use can only be answered when you have defined your audit objective and audit scope. A key element of the book is the concept that while the fraud auditor might not know what fraud scenario a perpetrator is committing, the fraud auditor can identify and search for all the fraud scenario permutations. Therefore, the perpetrator will not escape the long arm of the fraud data analytics plan.

Once again, the question arises as to which fraud data analytic routines I should use in my next audit. Using the fraud risk assessment approach, the fraud data analytics plan could focus on those fraud risks with a high residual rating. The auditor could select those fraud risks that are often associated with the particular industry or with fraud scenarios previously uncovered within the organization—or the auditor might simply limit the scope to three fraud scenarios. Within this text, we plan to explain the methodology for building your fraud data analytics plan; readers will need to determine how comprehensive to make their plan.

What Is Fraud Data Analytics?

Fraud data analytics is the process of using data mining to analyze data for red flags that correlate to a specific fraud scenario. The process starts with a fraud data analytics plan and concludes with the audit examination of documents, internal controls, and interviews to determine if the transaction has red flags of a specific fraud scenario or if the transaction simply contains data errors.

Fraud data analytics is not about identifying fraud but rather, identifying red flags in transactions that require an auditor to examine and formulate a decision. The distinction between identifying transactions and examining the transaction is important to understand. Fraud data analytics is about creating a sample; the audit program is about gathering evidence to support a conclusion regarding the transaction. The final questions in the fraud audit process: Is there credible evidence that a fraud scenario is occurring? Should we perform an investigation?

It is critical to understand that fraud data analytics is driven by the fraud scenario versus the mining of data errors. Based on the scenario, it might be one red flag or a combination of red flags. Yes, some red flags are so overpowering that the likelihood of fraud is higher. Yes, some red flags simply correlate to errors. The process still needs the auditor to examine the documents and formulate a conclusion regarding the need for a fraud investigation. It is important to understand the end product of data analytics is a sample of transactions that have a higher probability of containing one fraudulent transaction versus a random sample of transactions used to test control effectiveness. One could argue that fraud data analytics has an element of Las Vegas. Gamblers try to improve their odds of winning. Auditors try to improve their odds of detecting fraud. Figure 1.1 illustrates the concept of improving your odds by reducing the size of the population for sample selection.

Figure 1.1 Improving Your Odds of Selecting One Fraudulent Transaction

Within most literature, a vendor with no street address is a red flag fraud. But a red flag of what? Is a blank street address field indicative of a shell company? How many vendors have no address in the accounts payable file because all payments are EFT? If a vendor receives payment through the EFT process, then is the absence of a street address in your database a red flag? Should a street address be considered a red flag of a shell company? Is the street address linked to a mailbox service company? What are the indicators of a mailbox service company? Do real companies use mailbox service companies? Fraud examiners understand that locating and identifying fraudulent transactions is a matter of sorting out all these questions. A properly developed fraud data‐mining plan is the tool for sorting out the locating question.

To start your journey of building your fraud data analytics plan, we will need to explain a few concepts that will be used through the book.

What Is Fraud Auditing?

Fraud auditing is a methodology to respond to the risk of fraud in core business systems. It is a combination of risk assessment, data mining, and audit procedures designed to locate and identify fraud scenarios. It is based on the theory of fraud that recognizes that fraud is committed with intent to conceal the truth. It incorporates into the audit process the concept of red flags linked to the fraud scenario concealment strategy associated with data, documents, internal controls, and behavior.

It may be integrated into audit of internal controls or the entire audit may focus on detecting fraud. It may also be performed because of an allegation or the desire to detect fraudulent activity in core business systems. For our discussion purposes, this book will focus on the detection of fraud when there is no specific allegation of fraud.

Fraud auditing is the application of audit procedures designed to increase the chances of detecting fraud in core business systems. The four steps of the fraud audit process are:

1. Fraud risk identification. The process starts with identifying the inherent fraud schemes and customizing the inherent fraud scheme into a fraud scenario. Fraud scenarios in this context will be discussed in Chapter 2.
2. Fraud risk assessment. In the traditional audit methodology the fraud risk assessment is the process of linking of internal controls to the fraud scenario to determine the extent of residual risk. In this book, fraud data analytics is used as an assessment tool through the use of data‐mining search routines to determine if transactions exist that are consistent with the fraud scenario data profile.
3. Fraud audit procedure. The audit procedure focuses on gathering audit evidence that is outside the point of the fraud opportunity (person committing the fraud scenario). The general standard is to gather evidence that is externally created and externally stored from the fraud opportunity point.
4. Fraud conclusion. The conclusion is an either/or outcome, either requiring the transaction to be referred to investigation or leading to the determination that no relevant red flags exist. Chapters 6 through 15 contain relevant discussion of fraud data analytics in the core business systems.

What Is a Fraud Scenario?

A fraud scenario is a statement as to how an inherent scheme will occur in a business system. The concept of an inherent fraud scheme and the fraud risk structure is discussed in Chapter 2. A properly written fraud scenario becomes the basis for developing the fraud data analytics plan for each fraud scenario within the audit scope. Each fraud scenario needs to identify the person committing the scenario, type of entity, and the fraudulent action to develop a fraud data analytics plan. The auditing standards also suggest identifying the impact the fraud scenario has on the company.

While all fraud scenarios have the same components, we can group the fraud scenarios into five categories. The groupings are important to help develop our audit scope. The groupings also create context for the fraud scenario. Is the fraud scenario common to all businesses or is the fraud scenario unique to our industry or our company? There are five categories of fraud scenarios:

1. The common fraud scenario. Every business system has the same listing of common fraud scenarios. I do not need to understand your business process, conduct interviews of management, or prepare...