How to Detect Fraud with the Five-Step Approach and Data Mining Techniques
The Five-Step Approach to fraud detection, taught in every seminar offered by Courtenay Thompson & Associates, involves the following:
- Knowing the exposures
- Understanding the symptoms—knowing what the exposures look like in the books & records
- Building audit programs to seek the symptoms of fraud
- Being alert for symptoms, including those you didn’t consider or anticipate
- Following up on all symptoms observed
I build all of my testing programs according to this philosophy. I begin with well-developed, researched What Can Go Wrong lists of exposures and symptoms and match them with proven effective tests. For instance, when I am reviewing a company’s disbursement process and I am looking for payments to false vendors, my testing program will include who the perpetrator could be, the fraud act, symptoms of the exposure, and my program steps to detect. Here is a simple, boiled down example using false vendor testing:
|
PERPETRATOR |
FRAUD ACT |
SYMPTOMS |
PROGRAM STEPS TO DETECT |
|
Procurement or payables personnel with update access to the vendor system |
Inputs a false vendor into the system and cuts checks or approves payments to the false vendor |
1. A vendor in the system has the same address, contact number, bank account, or name as an employee. 2. A vendor with an unusual name has its address as a post office box. 3. Checks are cut to the vendor on a weekend. 4. Checks are cut to the vendor in round sum amounts 5. There is an unusual number or amount of checks cut to a particular vendor. 6. Payables to a particular vendor or assigned to a particular internal account code grow exponentially, month-after-month. |
1. Use data mining techniques to join a vendor database and a personnel database. Look for matches in the address, name, phone number, or bank account fields between the two databases. 2. Extract vendors with PO Box as the primary address. Expect to see utilities or large companies such as FedEx, but seek any unusual vendors, particularly with zip codes local to the payables function. 3. Extract payments cut on weekends and for round sum amounts and test the validity of these payments by agreeing to proper supporting documentation. 4. Summarize payments by vendor and sort in descending order by number and amount to see who the top 25 vendors are by number and amount of payments received. Investigate any unusual vendors in the top 25. Also perform a Benford’s Law analysis on checks amounts and investigate the spikes. 5. Join monthly check registers summarized by payments to vendors. Extract payments to vendors which have increased over the previous month, and continue backwards to develop a database of payments which have consistently increased month after month. Test all such payments to vendors which are demonstrating a snowball effect: exponential and consistent increased month-after-month. |
I apply this technique to all operational and financial processes: Order to Cash; Cash Management and Investing; Forecast to Stock; Requisition to Check; Design to Retire; Human Resources & Payroll; Accounting to Reporting; Non-routine Processes; and all related sub-processes.
The slide show demonstrates our application of data analysis techniques to Accounts Payable, Procurement, and Expense Reports. Our data analysis techniques also include the following methods:
- Account analysis to detect fraudulent financial reporting
- Payroll data analysis to detect ghost employees, inappropriate payments, and false social security numbers
- Revenue analysis to detect missed revenue opportunities
- Analysis of most financial statement and operational areas to detect fraud and error
Click any slide to enlarge and view presentation.
| Tests to find duplicate invoices: |
 |
 |
 |
| Join a vendor database with an employee database to find records in which a vendor address matches an employee address: |
 |
| Examples of expense report frauds: |
 |
 |