Using Data Analytics to - Session Three-Aldar International For Governance ...

Page created by Tiffany Tran
 
CONTINUE READING
Using Data Analytics to - Session Three-Aldar International For Governance ...
Session Three –
Using Data Analytics to
Using Data Analytics to - Session Three-Aldar International For Governance ...
Contents

                                               1                   Background on Fraud
                                                                                             5   Procurement Fraud

                                               2                   Detecting Fraud
                                                                                             6   Data Analytics &
                                                                                                 Reporting

                                               3                    IT Login Fraud
                                                                                             7   Unlocking the Potential of
                                                                                                 Data Analytics

                                               4                    HR & Payroll Fraud

  © 2021 Aldar International for Governance Consultancy. All rights reserved.            2
Using Data Analytics to - Session Three-Aldar International For Governance ...
1   Background on Fraud
Using Data Analytics to - Session Three-Aldar International For Governance ...
Fraud and the Economy

     ACFE 2020 Report to the Nations showed the following statistics:

     ▪      Company’s lose 5% of their Revenue to Fraud each year;
     ▪      In the Middle East, the average loss from Fraud cases in 2020 was USD 1,302,000;
     ▪      Median Duration of a Fraud Scheme was 12 months;
     ▪      The most common occupational fraud in the Middle East was Corruption

  © 2021 Aldar International for Governance Consultancy. All rights reserved.   4
Using Data Analytics to - Session Three-Aldar International For Governance ...
What is Fraud?

         FRAUD                                                              is defined by:

         COSO Framework

         As “any intentional act or omission designed to deceive others, resulting in the victim suffering a loss and/or the perpetrator
         achieving a gain.”

         Black’s Law Dictionary

         As “A knowing misrepresentation of the truth or concealment of a material fact to induce
         another to act to his or her detriment”.

         Consequently, Fraud includes any intentional or deliberate act to deprive another of
         property or money by guile, deception, or other unfair means.

  © 2021 Aldar International for Governance Consultancy. All rights reserved.                5
Using Data Analytics to - Session Three-Aldar International For Governance ...
Types of Fraud (The Fraud Tree)

                                                            Corruption                                           Asset Misappropriation            Financial Statement Fraud

        Conflicts of                                                                                 Economic                             Net worth/ Net income       Net worth/ net income
                                                   Bribery                      Illegal Gratuities                                            overstatement              understatement
         interest                                                                                    Extortion

           Purchasing Schemes                        Invoice Kick-backs                                                                        Timing Differences          Timing Differences

               Sales Schemes                              Bid Rigging                                                                          Fictitious Revenue        Understated Revenue

                                                                                                                      Please refer to         Concealed liabilities       Overstated liabilities
                                                                                                                         next slide             and expenses                 and expenses

                                                                                                                                                 Improper asset             Improper asset
                                                                                                                                                   valuations                 valuations

                                                                                                                                              Improper disclosures        Improper disclosures

  © 2021 Aldar International for Governance Consultancy. All rights reserved.                                     6
Using Data Analytics to - Session Three-Aldar International For Governance ...
Types of Fraud (The Fraud Tree) (Cont.)
                                                                                                                              Asset Misappropriation

                                                                                        Cash                                                                                           Inventory and all other assets

                          Theft of cash on                Theft of cash                                                                 Fraudulent
                                                                                                                                                                                       Misuse                Larceny
                               hand                         receipts                                                                  disbursements

                                                                                                                                         Expenses
                                                                                                                                                                                       Register
                                             Skimming                    Cash Larceny   Billing Scheme          Payroll schemes       Reimbursement           Check tampering
                                                                                                                                                                                    Disbursements
                                                                                                                                          scheme

                                                                          Refunds and                                                    Mischaracterized                                                    Asset Requisitions
                  Sales                     Receivables                                        Shell company       Ghost employees                                 Forged maker          False voids           and transfers
                                                                             others                                                         expenses

                                                                                               Non-compliance                              Overstated                 Forged                                   False sales and
                    Unrecorded                Write-off schemes                                                     Falsified wages                                                     False refunds             shipping
                                                                                                   vendor                                   expenses               endorsement

                                                                                                  Personal             Commissions                                                                            Purchasing and
                    Understated                Lapping schemes                                                                          Fictitious expenses        Altered payee                                 receiving
                                                                                                 purchases               schemes

                                                                                                                                             Multiple                                                           Unconcealed
                                                 Unconcealed                                                                                                     Authorized maker                                 larceny
                                                                                                                                         reimbursements

  © 2021 Aldar International for Governance Consultancy. All rights reserved.                                      7
Using Data Analytics to - Session Three-Aldar International For Governance ...
What is Fraud – Fraud Triangle
 The Fraud triangle is used to explain the motivation behind a Fraud.

                                                                                                  ▪   Pressure to perform
                                                                                                  ▪   Too much work
                                ▪ Weak Internal Control                                           ▪   Debt burden
                                ▪ Poor tone at the top                                            ▪   Life style needs

                                                                                Rationalization          ▪ I don’t get paid what I am worth
                                                                                                         ▪ Every one else is doing it
                                                                                                         ▪ No body will miss the money

  © 2021 Aldar International for Governance Consultancy. All rights reserved.         8
“
                    Poll Question

An employee noted that there is no Segregation of Duties
between recording and verifying cheque payments. Which
    element of the Fraud Triangle does this relate to?
  Opportunity
  Rationalization
  Incentive
2   Detecting Fraud
“
                           Poll Question

What do you believe are the most common three
         methods of detecting Fraud?
  By Accident                              Internal Audit
  External Audit                           Management Review
  Account Reconciliation                   Surveillance
  Tips/ Whistle blows                      Law Enforcement
  IT Controls                              Other
How is Fraud Discovered?

     As per the ACFE 2020 Report to the Nations, Fraud is detected through the following:

   Tips                                                                              43%
   Internal Audit                                                                    15%
   Management Review                                                                 12%
   Other                                                                             6%    With 43% of Fraud being detected by
                                                                                           Whistleblowing or accident we should therefore be
   By Accident                                                                       5%    aiming to increase the % of fraud detected by
                                                                                           Internal Audit/Management Review.
   Account Reconciliation                                                            4%
   External Audit                                                                    4%    It is clearly not enough to rely upon somebody
                                                                                           stumbling across evidence of fraud by accident
   Document Examination                                                              3%    and then whistleblowing.

   Surveillance/Monitoring                                                           3%
  Notified by Law Enforcement                                                        2%
   IT Controls                                                                       2%
   Confession                                                                        1%
  © 2021 Aldar International for Governance Consultancy. All rights reserved.   12
Identifying potential Fraud Risks

                                             Determination by scheme                                                                      Determination by Area

                                            Identify area of operations at risk                                                       Identify area of operations at risk

                                                                                                                                 Identify areas of Company operations
                                            Identify potential fraud schemes                                                     where schemes are most likely to occur

                                                                                Identify red flags and indications associated with schemes and areas

                                                                                             Build audit steps to search for indicators

                                                                                    Conduct further enquiry if red flag is detected or suspected

                                                                                                Fraud event identified or suspected

                                                                                                               Yes

                                                                                                 Fraud investigation process
  © 2021 Aldar International for Governance Consultancy. All rights reserved.                                13
3   IT Login Fraud
IT Login Fraud

        IT Login Fraud can take place in various ways, when an unauthorized person access organization internal IT
        system seeking illegal access to information. Analysis of login data from an IT entry system or firewall logs can
        uncover unauthorized accesses (or attempts) to internal system

        “Red Flags” for IT Login Fraud Include
        ▪ Ex-employees still accessing the system

        ▪ Entry to the system at times not defined as “normal working patterns”

        ▪ Weekend entry from non weekend workers

        ▪ Login on a non registered company asset

  © 2021 Aldar International for Governance Consultancy. All rights reserved.   20
“
                              Poll Question

You have been tasked to identify unauthorized access to
the company internal system by employees on vacation.
    What kind of Information do you need to verify it
    Employees timesheet
    System access log
    List of vacation by employee
    Employees Masterfile
Practical Example

   Case Background

   You work as an auditor in a company that supplies contract cleaning services. You noted that one purchase order
   in the month of February was approved by a departing employee during your audit on Procurement function.
   This transaction raised your suspicion that unauthorized access to company internal system is occurring, and
   accordingly you started an investigation to see whether any anomalies or suspicious behavior is taking place.

    Required Data

    For the purpose of this review, you were provided with the following documents:

    •      Employees Masterfile
    •      Current Asset List - Employee PC’s
    •      List of Departing Employees
    •      February Logins Report - Employee PC's

  © 2021 Aldar International for Governance Consultancy. All rights reserved.   22
Practical Example

    The main areas of focus for your investigation is to examine and analyze the data, to see if any of the
    following are taking place:

    • A login ID is being used after an employee has left the company’s employment (Ex-Employee Logins)
    • A login ID is being used outside of normal business hours (i.e. before 07:00:00 and after 19:00:00)
    • A login ID is being used by employees at weekends, but only for employees who are not registered to work
      at weekends.
    • A login ID is used on a pc, where the login is not the registered user for that listed asset.

                                                                                                            `

  © 2021 Aldar International for Governance Consultancy. All rights reserved.   23
4   HR & Payroll Fraud
HR & Payroll Fraud

            Payroll is one of the largest outlays of every organization and
            although internal controls, such as segregation of duties, may
            help to mitigate the risk of payroll fraud, they don’t prevent it
            occurring.

            Common HR & Payroll Fraud Schemes Include

            ▪ Ghost Employees
            A person not employed by the company is on the payroll

            ▪ Overpayment (Timesheet Fraud)
            A company pays an employee based on falsified hours or rates

            ▪ Commission
            The amount of sales made, or the rate of commission is
            fraudulently inflated

  © 2021 Aldar International for Governance Consultancy. All rights reserved.   25
The Use of Data Analytics in Combatting HR & Payroll Fraud

  Whilst Payroll Fraud may be hard to prevent, we can deploy various data analytics tests to help identify “Red Flags” for
  further examination.
  Examples of Suspicious activities that can be identified using data analytics
   ▪      Unrelated employees with the same address or home phone
   ▪      Two or more employees with the same mobile phone number
   ▪      Multiple employees using the same bank account number
   ▪      An employee who is on the payroll but not on the company’s employee list
   ▪      Missing information in employee files
   ▪      An employee who shares an address, telephone number or bank account number with an accounts payable vendor
   ▪      Payments to employees for holidays, weekends or off-days
   ▪      Gaps in check number sequence
   ▪      A terminated employee who is still on the payroll list
   ▪      Unusually high overtime pay
   ▪      An employee who has been paid for working more than a reasonable number of hours in one day
   ▪      Duplicate pay checks.
   ▪      Unusual number of cheques / payroll payments issued for an employee in a year
   ▪      Employees on the payroll register before their start date or after their termination date
   ▪      Deceased employees who are still on the payroll list
   ▪      Manual payroll cheques
   ▪      Multiple pay cheques issued to an employee within a single pay period
   ▪      Unusual ratio of gross to net pay
   ▪      Employees who have had no paid time off, holiday or sick leave

  © 2021 Aldar International for Governance Consultancy. All rights reserved.   26
Practical Example

    Case Background

    Your client, the CEO of a Company that supplies contract cleaning services to several locations, is concerned that the salaries
    expenses witnessed a significant increase in the month of February. He has asked you to conduct an analytical review over the
    payroll to identify any suspicious payroll transactions The objective of these reviews is to check if:

    1.       Former employees were included in the timesheet after their departure date.
    2.       Overlapping in working hours for staff working in multiple locations
    3.       Non-authorized Staff were paid for weekend working
    4.       Overtime pay was claimed correctly and there was no overpayment to certain employees.

    Required Data

    For the purpose of this review, the CEO has supplied you with the following documents:
                                                                                                                             `
    •       Employees Masterfile
    •       February Payroll File
    •       List of Departing Employees
    •       Current Pay rate
    •       Employees timesheets

  © 2021 Aldar International for Governance Consultancy. All rights reserved.   27
Practical Example

    Tests Required

    1.       Identifying former staff working after their Departure Date
    2.       Overlapping in working hours for staff working in multiple locations
    3.       Non-authorized staff that were paid for weekend working
    4.       Verifying the correctness of overtime pay and that there was no overpayment to certain employees.

                                                                                                                 `

  © 2021 Aldar International for Governance Consultancy. All rights reserved.   28
“
                              Poll Question
 You have been tasked to identify payments processed to
departing employees during the month of February. Which
  file (or combination of files) will enable you to identify
                    those transactions
     February Payroll File
     February Timesheet
     Employees Masterfile
     List of Departing Employees
5   Procurement Fraud
“
                            Poll Question
Which of the following is a Procurement Fraud Scheme?

  Ex-employees still accessing the system
  Overcharging for Cost
  Ghost Employees
Procurement Fraud

          Procurement fraud is a deliberate deception intended to influence
          any stage of the procure-to-pay cycle in order to make a financial
          gain or cause a loss. It can be perpetrated by contractors or sub-
          contractors external to the organization, as well as staff within the
          organization.

          Common Procurement Fraud Schemes Include:

          ▪ False claims
          Fraud Scheme that involves the invoicing for work not carried out by
          the vendor

          ▪ Mischarging/ Overcharging for Cost or Labor
          Fraud scheme that involves addition to the cost of particular goods
          and/or services above the amount a client is expecting or contracted
          to pay

          ▪ Cover pricing and bid rigging
          Fraud scheme that involves collision between suppliers to secure the
          win of a tender

  © 2021 Aldar International for Governance Consultancy. All rights reserved.   32
The Use of Data Analytics in Combatting Procurement Fraud

  Procurement fraud is difficult to detect; cases are rarely reported and subsequently it is difficult to measure the extent
  of the problem. Where fraud is detected, resource is generally channeled into investigation and prosecution which is
  expensive and rarely ends in a conviction or the recovery of losses. Data Analytics can help in proactively identifying
  early indicators “Red Flags” of Suspicious Procurement activities.

  Examples of data analytics tests that can help in uncovering fraudulent procurement activities

   ▪ Comparing bank details and addresses of suppliers against those of staff to identify
     conflict of interest this includes joining supplier and employee files on bank details and
     employee addresses to identify matches
   ▪ Duplicate testing to identify duplicate invoices from same supplier
   ▪ Fuzzy Duplicate testing to detect manipulated duplicate invoices from the same supplier
   ▪ Extracting payments coded as extras/adjustments
   ▪ Comparing contracted rate for goods and services against billed amount
   ▪ Comparing historic vendor master file to current file to identify major differences
   ▪ Comparing the values of successful bids to highlight trends and anomalies.
   ▪ Calculating the Standard deviation of a tender to determine how far the lowest bidder is
     from the norm.

  © 2021 Aldar International for Governance Consultancy. All rights reserved.   33
Practical Example

    Case Background

    You work in an Internal audit department of a Company and you received an allegation from a whistle-blower hotline,
    indicating that an employee, identified by “AD” initials has colluded with suppliers to extract cash from the company.

    You have been tasked to examine if there is sufficient evidence to support the allegation and to check for possible fraudulent
    activity.

    Required Data

    For the purpose of this review, you were provided with the following documents:

                                                                                                                            `
       • Employees Master File                                                  • Purchase Invoices
       • Suppliers Master File                                                  • List of Purchase Orders
       • Product Master File                                                    • List of Payments

  © 2021 Aldar International for Governance Consultancy. All rights reserved.                     34
Practical Example

    Tests Required

    1.       Initial Search for employees who have “AD” initials.
    2.       Identify Employee to Supplier Links.
    3.       Identify payments to fictious/ ghost suppliers. This includes identifying employees who authorized the payments.
    4.       Gather invoices submitted by ghost suppliers. This includes identifying employees who entered the invoices on the system.
    5.       Identify if Purchase Orders were submitted to the ghost suppliers.
    6.       Identify Non-Preferred suppliers and payments processed to Non-Preferred suppliers.

                                                                                                                                `

  © 2021 Aldar International for Governance Consultancy. All rights reserved.   35
6   Data Analytics & Reporting
Data Analytics Benefits in Reporting Lifecycle

          1               Preliminary Communication

                          ✓ Data Analytics allows for developing a better understanding of the engagement
                                 client business activities and transactions. Thus, it results in better discussions.

          2               Interim Communication

                          ✓ Data Analytics allows to quickly identify significant issues and report them instantly.

          3               Final Communication

                         ✓ Assure senior management and the board that 100% of the data was analyzed
                         ✓ Data Analytics s allows using graphical illustrations which allows us to explain
                                 complex data and critical issues

  © 2021 Aldar International for Governance Consultancy. All rights reserved.       37
“
                            Poll Question
Which of the following should be included in your final
                  engagement report?

  Data Obtained but not used in the analysis
  Steps followed to reach the conclusion
  Table containing all the records examined regardless of size
Data Analytics and Enhancing Working Papers Quality

    ▪ 2330 – Working Papers
    Internal Auditor must document sufficient, reliable, relevant and useful information to support the engagement results and
    conclusions
    The following are aspects that you may include in your working papers:

     ▪ Titles that identify the engagement                                      ▪ Analytical methods used
     ▪ Purpose of the working paper                                             ▪ Result of tests and analyses
     ▪ Indexing                                                                 ▪ Conclusions cross-referenced to
     ▪ Time of the engagement                                                     observations
                                                                                ▪ Names of the internal auditor(s)
     ▪ Sources of information
                                                                                ▪    Review notation and name of the
     ▪ The population, sample size, and
                                                                                    reviewer(s)
       means of selecting the sample

    ➢ Working Papers should also summarize information and focus on the
      most important information.
    ➢ Internal Audit team leaders should review working papers, evidence
      indicating that reviews were conducted should be available.

  © 2021 Aldar International for Governance Consultancy. All rights reserved.                       39
7   Unlocking the Potential of Data
    Analytics
Approach to a Successful Implementation

                                                                                            Demonstrate Visionary Leadership

                                                                                            Manage Stakeholders’ Expectations

                                                                                     RISK
                                                 Unlocking the                              Integrate Risk
                                                Potential of Data
                                                   Analytics
                                                                                            Optimize Internal Processes

                                                                                            Align People & Technology

  © 2021 Aldar International for Governance Consultancy. All rights reserved.   41
Data Analytics Process

                                                   Raw Data                     VS.   Disciplined , Focused and Analyzed Data

  © 2021 Aldar International for Governance Consultancy. All rights reserved.   42
You can also read