ICPAK FORENSIC AUDIT SEMINAR - Technology as a driver for fraud detection and investigation
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
www.pwc.com
Technology as a driver for
fraud detection and
investigation
ICPAK FORENSIC AUDIT
October 2017
SEMINAR
Strictl rivate
and Confidential
9October 2017
The ICT and fraud convergence
Technology as a driver for fraud detection and
investigation
Confidential Information for the sole benefit and use of PwC’s Client. 9October 2017
PwC October 2017 2
1 Insert Banner
Definitions and context
1. Fraud is deception intended to result in financial or personal gain
2. Computers & the internet are the two key distinct components of ICT
3. Cybercrime is economic crime using a computer and the internet as the primary
tool to commit fraud.
4. Traditional frauds schemes have been enhanced by computers & the
Technology as a driver for fraud detection and
investigation
Confidential Information for the sole benefit and use of PwC’s Client. 9October 2017
PwC October 2017 3
1 Insert Banner
Key
Statistics
and Trends
Technology as a driver for fraud detection and
investigation
Confidential Information for the sole benefit and use of PwC’s Client. 9October 2017
PwC October 2017 4
2 Insert Banner
Key statistics and trends
Technology as a driver for fraud detection and
investigation
Confidential Information for the sole benefit and use of PwC’s Client. 9October 2017
PwC October 2017 5
3 Insert Banner
60 seconds online
• Minicomputer & Mainframe Files
• Web Servers
• Application Service Providers
• E-mail Systems
• Smart phones
• Laptop Computers
• Personal (Home) Computers
• Flash disks
• Optical Media & Tape Backups
• Cloud Storage
Technology as a driver for fraud detection and
investigation
Confidential Information for the sole benefit and use of PwC’s Client. 9October 2017
PwC October 2017 6
Key Stats Kenya
Population Population under 24
50.03 M 27.6M (60.22%)
Internet Penetration Annual Growth
40.5 M (91.77%) New users(60.6%)
(2016 - 39.6M)
Mobile Phone Penetration Landline Phones
44.13 M (88.2%) 0.2%
Sources: cck.go.ke
UN statistics
dalberg .com
cia.gov
PwC
3 Insert Banner
Digital Financial Inclusion
More Kenyans have had better access to financial services since the
introduction of mobile money
Technology as a driver for fraud detection and Source: World Bank estimates in 2010
investigation
Confidential Information for the sole benefit and use of PwC’s Client. 9October 2017
PwC October 2017 8
Section 3 – Insert Banner
E-Commerce in Kenya Obstacles to buying products online
Lack of Cost
o 77% of internet enabled mobile phone Security
users in Kenya buy products online
10.2%
o Favourite eCommerce sites include: OLX,
Rupu, Cellulant, Amazon, eBay, Google, 34.0%
Waptrick and your DMAs.
o Automated trading systems since 2009 30.9%
with online feeds and interfaces.
o Makiba – proposed mobile platform to sell
6.4%
government bonds.
Delivery
Lack of 18.6% Time
o The greatest obstacle for buying goods Options
online is lack of security
Internet
Connection
Technology as a driver for fraud detection and investigation
• ICPAK FORENSIC AUDIT SEMINAR Confidential Information for the sole benefit and use of PwC’s Client. 9October 2017
PwC October 2017 9
3 Insert Banner
Statistics on cyber crime and its impact
• Kenya lost Sh 15 Bn through cyber crime according to 2015 Cyber security report
• Public sector lost more that Sh 5 Bn followed by the financial services at Sh 4 Bn ;
• Top attacks came from overseas – US, China etc.
• Kenya has a strong business environment and education system but weaker physical
infrastructure;
• Introduction of cyber security in the Information and Communications Bill 2013; and
• More than 80% of SME’s expect that the internet will help them grow their business
and 70% of those expect to hire new employees as a result.
Technology as a driver for fraud detection and
investigation
Confidential Information for the sole benefit and use of PwC’s Client. 9October 2017
PwC October 2017 103 Insert Banner
Global economic impact of cybercrime in context
Drug
Trafficking USD$ 600B
Cybercrime
USD$ 300B – 1T
Piracy USD$ 1B- 16B
Technology as a driver for fraud detection and
investigation
Confidential Information for the sole benefit and use of PwC’s Client. 9October 2017
PwC October 2017 113 Insert Banner
Cybercrime facts for Kenyan organizations; GECs 2016
33% 61%
reported having reported rapid
been affected increase in perception
cybercrime. of cybercrime.
46%.
Said threat coming from
both internal and external
sources
*69% *18%
Saw IT Department Saw HR Department
as high risk as low risk
* Relatesas
Technology toa2011
driver survey
for fraud detection and
investigation
Confidential Information for the sole benefit and use of PwC’s Client. 9October 2017
PwC October 2017 124 Fraud risks posed by ICT
Fraud risks
posed by ICT
Technology as a driver for fraud detection and
investigation
Confidential Information for the sole benefit and use of PwC’s Client. 9October 2017
PwC October 2017 134 Fraud risks posed by ICT
Offers tremendous appeal to fraudsters
Same reward but fewer risks
Not physically present – less likely to be caught or “hurt” during the crime. Also less likely to
commit “ancillary” crimes like injuring other people or destroying property
Less chance that law enforcement can identify the perpetrator or establish where they were when
the crime was committed – 79% of Kenya respondents lack confidence in law enforcement
Perpetrators often in different jurisdiction – more difficult to identify, arrest and prosecute using
traditional means
FRAUD
Current laws are not mature enough to prosecute cybercriminals with sufficient impact.
Technological advancements are high-paced and therefore developments in cybercrimes too.
Organisations and governments will constantly need to keep updating their responses.
Preventative controls are much harder to implement for cybercrime than for instance asset
misappropriation
Technology as a driver for fraud detection and
investigation
Confidential Information for the sole benefit and use of PwC’s Client. 9October 2017
PwC October 2017 144 Fraud risks posed by ICT
Key risks posed by ICT include…
Function of the computer &
internet in crime:
• As an object – target of crime Data Unauthorised Internet
where contents are destroyed destruction access consumer
& sabotage fraud
• As a subject – provide
environment to commit crime
• As a tool – means of Securities
Identity Disclosure of
committing crime theft confidential
fraud
information
• As a symbol – offers
credibility that is often used to
deceive victims
Loss of Insider Enhances
customer threat conventional
confidence fraud
Technology as a driver for fraud detection and
investigation
Confidential Information for the sole benefit and use of PwC’s Client. 9October 2017
PwC October 2017 154 Fraud risks posed by ICT
Cybercrime has hit and remained in the headlines
Technology as a driver for fraud detection and
investigation
Confidential Information for the sole benefit and use of PwC’s Client. 9October 2017
PwC October 2017 165 Role of technology in preventing and detecting fraud
Role of
technology in
preventing and
detecting fraud
Technology as a driver for fraud detection and
investigation
Confidential Information for the sole benefit and use of PwC’s Client. 9October 2017
PwC October 2017 17Although difficult to examine, reducing computer fraud into
its basic elements often leads to successful determination
1. Lacks traditional paper trail Identify culprits
Methods of
2. Require understanding of technology
Difficulties
manipulation
used to commit fraud
Means of diversion
3. Require understanding of technology on or conversion of
the victim computer funds
4. Often requires use of one or more
specialist to assist the fraud examiner
+ + =
elements
Basic
Inputs Manipulation OutputsPreventing Fraud: Governance
The three lines of defence
What to do
then? Behavioral Deep
analytics learning
3 lines of defence Awareness Data
Forensic
initiatives visualisati- Compliance
– Governance, ons
tools
solutions
Detection
Oversight &
Operations Automated
controls Investigation
cells
They only be Prevention
strengthened by Cyber crime Flexible
response Real time
technology and strategy screening
audit plans
not replaced by
Bench Internal
it. marking controls
Understand
Regular the threat
security
assessmentPreventing Fraud:
Do organisations conduct risk assessments?
30% 26%
of Kenya respondents of Kenya respondents
have an incident say Board members
response plan quarterly review
organisations ability
to deal with cyber
These results are of concern given incidents
the rate at which cybercrime is
increasing, organisations do not Disappointing results in terms of
realise that they are a target of how often Board members within
cybercrime until long after the organisations in Kenya and Africa
damage is done. request information regarding the
organisations’ state of readiness to
deal with cyber incidents.Preventing Fraud: Key questions to ponder over 1.Do you really show the right tone at the top in dealing with cyber crime? 2. Does your organisation have an anti fraud policy / strategy including regular training? 3. How do you deal with fraud allegations? How do you deal with fraudsters when you uncover wrongdoing? 4.Is your organisation head truly “cyber savvy” and is your organisation able to detect and investigate cybercrime? 5.Does your organisation undertake regular cyber security assessment?
Detecting fraud using technology
Strategy
Identify
Capture & Process
Profile & Cull & Process
Search & ReviewDetecting Fraud: Digital Evidence Recovery The key priorities Acquire • Search and seize; and • Secure the evidence Process and preserve • Recover deleted items; • Avoid any tampering; and • Admissible legally Present • Simplify the evidence; and • Beware of inherent weaknesses in the bank’s internal controls.
Digital Evidence Recovery: Four important points to remember
Digital Evidence Recovery: Four important points to remember
Detecting Fraud: Data Analytics WHY DATA ANALYTICS ? The primary reason to use data analytics to tackle fraud is because a lot of internal control systems have serious control weaknesses. In order to effectively test and monitor internal controls, organizations need to look at every transaction that takes place and test them against established parameters, across applications, across systems, from dissimilar applications and data sources. Most internal control systems simply cannot handle this. On top of that, as we implement internal systems, some controls are never even turned on. ounce of prevention = pound of cure
Detecting Fraud: Data Analytics
In the past you’d have to hit the lottery to find something big.
With the volume of transactions flowing through organizations today, the velocity of business has
increased tremendously because scrutiny of individual transactions is incredibly difficult to
provide. This lack of scrutiny over individual transactions opens up the gate for people to abuse
systems, perpetrate fraud, and materially impact financial results
“investigate transactions and
see if there’s anything to indicate
fraud or opportunities for fraud
to be perpetrated”Detecting Fraud: Proactive Data Analytics
An example is you’re looking at productions logs and you notice a spike in
Hour 4. What questions do you ask?
Investigate?
Ignore?Detecting Fraud: Sample results of relationship
mapping
Subject employee
Employees from
Shoddy Plumbing
Outsiders
Investigate?Detecting Fraud Do I need to investigate further ???
Detecting Fraud: Analytical Techniques
Remember, you’re looking for things that don’t appear to be normal.
■ Calculate statistical parameters and look for outliers or values that exceed averages or are
outside of standard deviations.
■ Look at high and low values and find anomalies there. Quite often it’s these sorts of anomalies
that are indicators of fraud.
■ Examine classification of data - group your data, all the transactions, into specific groups
based on something like location. Maybe a number of transactions are occurring outside
of statistical parameters. Where are they all from? Are they distributed evenly across the
whole population or are they all limited to a given geographical area? If they are then that’s
material and maybe you should delve deeper.
“Data analysis technology can quantify the
impact of fraud so you can actually see
how much it’s costing the organization and
provide a cost-effective program with
immediate returns.”Detecting Fraud : Application areas for Fraud Detection
“Fraudsters can and will exploit weaknesses
wherever they can find them”
Take a look at your General Ledger, especially
postings done after a closing period. Check into
frequently reversed accounts, or weekend
postings. Look at GL postings on a quarterly
basis and ask:
• Are these being done according to our
internal controls or are people trying to post
to the GL after our closing period?
• Are there certain GL accounts that are
frequently reversed?
• Are there dormant accounts that are used
suddenly?You can also read
