Page 598 - ITGC_Audit Guides
P. 598
GTAG — Fraud Detection Using Data Analysis
3. Fraud Detection consider these various techniques when evaluating the use of
Using Data Analysis technology in fraud detection:
• Calculation of statistical parameters (e.g., averages,
standard deviations, highest and lowest values) – to
The objective of this chapter is to assist internal auditors identify outlying transactions that could be indica-
in taking a proactive role in addressing fraud by using data tive of fraudulent activity.
analysis techniques. The chapter covers in detail why data • Classification — to find patterns and associations
analysis technology is important, specific analytical tech- among groups of data elements.
niques that have proven to be highly effective, typical types • Stratification of numeric values — to identify unusual
of fraud tests, the importance of analyzing full data popula- (i.e., excessively high or low) values.
tions, fraud detection program strategies, and analyzing data • Digital analysis using Benford’s Law — to identify
using external and internal data sources. statistically unlikely occurrences of specific digits in
randomly occurring data sets.
• Joining different data sources — to identify inappro-
3.1 Why Use Data Analysis priately matching values such as names, addresses,
for Fraud Detection? and account numbers in disparate systems.
Data analysis technology enables auditors and other fraud • Duplicate testing — to identify simple and/or complex
examiners to analyze transactional data to obtain insights duplications of business transactions such as payments,
into the operating effectiveness of internal controls and to payroll, claims, or expense report line items.
identify indicators of fraud risk or actual fraudulent activi- • Gap testing — to identify missing numbers in sequen-
ties. Whether used to review payroll records for fictitious tial data.
employees, or accounts payable transactions for duplicate • Summing of numeric values — to check control
invoices, data analysis technology can assist internal auditors totals that may have been falsified.
in addressing fraud risks within an organization. • Validating data entry dates — to identify postings or
To test and monitor internal controls effectively, organiza- data entry times that are inappropriate or suspicious.
tions should analyze all relevant transactions against control
parameters, across all systems and all applications. Examining According to a 2008 white paper by ACL Services Ltd.,
8
transactions at the source level helps assure the integrity and to maximize the effectiveness of data analysis in fraud detec-
accuracy of the information. tion, the technology employed should enable auditors to:
Key factors that determine whether the auditor can rely on • Compare data and transactions from multiple IT
the data, or whether more data integrity testing is required systems (and address control gaps that often exist
include: within and between systems).
• The auditor’s familiarity with the source data. • Work with a comprehensive set of fraud indicators.
• The general and application controls. • Analyze all transactions within the target area.
• The reliance being placed on the data. • Perform the fraud detection tests on a scheduled basis
• The existence of corroborating evidence. and provide timely notification of trends, patterns,
and exceptions.
The first test of the data should be to verify its complete-
ness and integrity. The completeness and integrity of the
data is of paramount importance when dealing with poten- 3.3 Typical Types of Fraud Tests
tial fraud, because absent records or blank fields could falsely The data analysis techniques described above can be applied
indicate fraud or cause potential frauds to go unnoticed. to a vast number of areas within an organization. The prioriti-
Then, additional tests should be performed to contribute zation of where to look needs to be done in conjunction with
to the auditor's understanding of the data and to search for a fraud risk assessment process. Table 3 — Fraud Detection
symptoms of fraud in the data. 7 Tests offers examples of some of the fraud detection tests that
can be performed using data analysis.
3.2 Analytical Techniques
for Fraud Detection
A number of specific analytical techniques have been proven
highly effective in detecting fraud. Audit departments should
8 “Analyze Every Transaction in the Fight Against Fraud: Using
7 Coderre, David G. Fraud Analysis Techniques Using ACL. John Technology for Effective Fraud Detection.” ACL Services Ltd.,
Wiley & Sons, 2009. 2008.
9
