Leading compliance monitoring activities to assess fraud and corruption risks ACI China Anti-Corruption Summit June 18, 2014
Oct 19, 2014
Leading compliance monitoring activities to assess fraud and corruption risks ACI China Anti-Corruption Summit
June 18, 2014
1 1
1 Discussion: Top Compliance Issues 2 EY’s First Annual Global Forensic Data Analytics Survey 3 Leveraging Forensic Data Analytics (“FDA”) to Detect Fraud 4 Dashboarding & Visualization
5 Leveraging Statistical Analysis and Text Mining to Identify “Corrupt Intent”
Agenda
2
Discussion: Top Compliance Issues
3 3
► Bribery and corruption remain top risks
► Regulatory pressure
► Third-party integrity
► M&A due diligence
► Risk areas include: ► Integrity of vendors, suppliers and distributors, government officials ► Improper payments in the forms of bribes or kickbacks ► Travel and entertainment abuse ► Conflicts of interests (e.g., employee and supplier matches)
Top issues— what we are seeing
4 4
Start with the Fraud Tree
Fraud tree
Cash larceny
Theft of other assets – inventory/
AR/ fixed assets
Revenue recognition
Non financial
Conflicts of
interest
Bribery and corruption/
FCPA
Illegal gratuities
Bid-rigging/ procurement
Corruption Fraudulent statements
Asset misappropriation
Fake vendor
Payroll fraud
T&E fraud
Theft of data
GAAP Reserves
General focus of auditors
General focus of
internal auditors
General focus of attorneys (opportunity for Internal Auditors and
Investigators)
5 5
Frequent compliance examples
Social Media Monitoring Advanced Email Monitoring Mobil Devices
Meals & Entertainment Marketing & Events CRM and Sales Data
Information Security Employee Payroll Distributor & Margin Analysis
Capital Projects Education, Grants, Sponsorships
Emerging monitoring activities may include…
Vendor Payments / AP
Trading / AML Vendor Due Diligence & Watchlist Monitoring
Charity & Donations
6 6
► Internal Audit ► Compliance & Legal ► Investigations ► Business / Operations
What we hear: 1. Make my program more effective and measurable 2. Make my program more efficient (reduced sample sizes, risk based, cost savings)
Now, more than ever, increased transparency is top-of-mind among our clients in…
7 7
How global companies are responding
► Compliance and legal are often teaming with internal audit to look beyond anti-corruption policies and training and into tests of books and records
► Integrating new analytics specifically targeting corruption – these aren’t your typical rules-based, process control SOX tests
► Integrating “Big Data” concepts including: ► Text mining (unstructured data) ► Statistical analyses and anomaly detection ► Visual analytics and interactive dashboards ► 100% data sampling, not just random sampling
► Analytics used to assess high fraud/corruption risk areas
8 8
Compliance monitoring challenges
► The rapid pace of regulatory requirements requires a good compliance monitoring program to have the flexibility to accommodate a continuously changing regulatory environment.
► ERP systems and enterprise data warehouses are often not integrated with other key systems related to compliance (e.g., speaker programs, event management systems, sample management, promotion materials, etc.).
► Many departments work in their own organizational silo which creates redundant efforts to meet monitoring and reporting requirements.
► The volume of business activities that should be monitored can overwhelm the resources of most organizations.
► Get the right FDA tools and the right people to operate FDA ► The data available for analysis are incomplete or inaccurate
9
EY’s First Annual Global Forensic Data Analytics Survey
10 10
EY’s first annual global forensic data analytics survey
► This survey was conducted between October 2013 and December 2013 on behalf of EY’s Fraud Investigation and Dispute Services practice (“FIDS”)
► Survey approach ► 446 companies surveyed, across 11 countries ► Respondents are executive and senior management responsible for anti-fraud and anti-corruption programs ► 45% of the companies generate $100 million to $1 billion in revenue, 55% - over $1 billion ► Over a dozen industries represented, with the largest shares held by financial services, Pharmaceutical, oil & gas,
utilities, and mining
11 11
► 75% of the companies surveyed use forensic data analytics (“FDA”)
► FDA includes a broad base of users, including corporate executive management (81%) and the board of directors (65%)
► Triggers for using FDA are, as we would expect, businesses’ greatest concerns: bribery and corruption, financial statement fraud and asset misappropriation
► FDA is seen as cost-effective and offering many benefits, primarily as a means of enhancing companies’ ability to detect fraud and misconduct
► FDA typically represents 2/5 of overall anti-fraud and anti-bribery program spend currently and this is typically felt to be sufficient. However, over half predict an increase in spend on FDA in the next 3 years
Key findings
12 12
Key findings (cont.)
► 67% of respondents say their current anti-fraud and anti-bribery program is effective in preventing and detecting fraud and corruption; however, 64% say they need to do more to improve their current procedures, including the use of FDA
► 62% of respondents say they need to improve management’s awareness of the benefits of FDA and proactive transaction monitoring
► Survey respondents reported the single largest challenge was getting the right FDA tools and a lack of human resources or manpower to operate FDA
► Spreadsheets and database tools still dominate the technology landscape. There is a need to go beyond traditional rules-based analytics by leveraging more sophisticated FDA technologies such as statistical modeling, predictive analysis, visualization, and interactive dashboards
13
4%
62%
63%
79%
82%
82%
82%
89%
90%
Other
Able to analyze non-structured data formats, alongside structured data formats to identify…
Cost effective
We can review a large amount of data in a shorter period of time
Earlier detection of misconduct
Assists in planning our audits or investigative field work
Offers better comparison of data for improved fraud risk decision-making
Able to detect potential misconduct that we couldn’t detect before
Enhances our risk assessment process
Total
4%
54%
57%
70%
80%
73%
79%
84%
86%
C-Suite
Main benefits of FDA
14
61%
68%
70%
77%
81%
84%
Internal investigations or business integrity
Board of directors
Business unit managers
Legal/compliance
Corporate executive management
Internal audit
FDA benefits extend high into the organization
15
Leveraging Forensic Data Analytics (“FDA”) to Detect Fraud
16 16
Source: ACFE 2010 Report to the Nations On Occupational Fraud
50% by tip or accident demonstrates the need for improved analytics
2012 ACFE Report to the Nation on Occupational Fraud
How is fraud detected?
17 17
And it is not just a data warehouse. Analytics are business driven and technology enabled.
Forensic Data Analytics is The ability to collect and use electronically stored information, both structured and unstructured data sources, to identify potentially improper payments, patterns of behaviour and trends. Forensic data analytics encompasses integrating continuous monitoring tools, analysing data in real time and allowing for immediate action to prevent suspicious or fraudulent payments.
Forensic data analytics defined
18 18
Forensic data analytics maturity model
► EY developed an FDA maturity model that describes four key quadrants of FDA activity that span both structured data sources, such as transactional data, and unstructured data sources, such as free-text communications ► Upper-left quadrant: “traditional” rule-based queries ► Upper-right quadrant: statistical methods ► Bottom-left quadrant: simple keyword search ► Bottom-right quadrant: data visualization and text mining
A leading FDA practice incorporates elements of all four quadrants to ensure more effective detection and fewer false positives.
19 19
False-positive rate High Low
Struct
ured
data
Detection rate Low High
Unstr
ucture
d da
ta
“Traditional” rule-based, descriptive queries
and analytics
Matching, grouping, ordering, joining, filtering
Statistical Analysis
Anomaly detection, clustering, risk ranking,
predictive modeling
Traditional keyword searching
Keyword search
Data visualization and text mining
Data visualization, drill down into data, text mining
Forensic data analytics maturity model Beyond traditional “rules-based queries” – consider all four quadrants
20 20
Gather Process Analysis Delivery/Follow up
ERP CRM
Contracts Warehouse manageme
nt
T&E
Other
• Obtain data from all central systems and external sources.
• Load, validate and transform data into define common model – independent of ERP.
• Link sources to facilitate analysis.
• Provide global dashboards to facilitate identification of risk issues.
• Deliver dashboards to be reviewed as part of the testing process.
Below is an illustration of how a broad data collection exercise operates in practice. The objective is to gather data from a range of sources – and undertake initial processing to provide a central team with the ability to identify the higher risk activities. Following that review, targeted analytics would be deployed to identify the issues, transactions and relationships that need to be reviewed.
EY forensic data analytics workflow
21 21
Tailored design with data analytic risk indicators
High Risk Transactions
Duplicate Payments
Meal Splitting
Travel Agents
Overbilling
A%
B%
C%
D%
In-Scope Transactions
► Not every item bears the same risk level ► Define risk based on understanding of business process and potential control weaknesses
Risk indicator framework design
22 22
Why Continuous Monitoring? ► Executive visibility and transparency ► Drive process improvements ► More advanced anti fraud control ► Improved audit effectiveness Enables Our Clients: ► Proactively identify and remediate transaction-related issues
and challenges ► Generate advanced analytics/insights ► Timely, accurate, complete reporting
EY’s approach to continuous transaction monitoring
23
Dashboarding & Visualization
24 24
The dashboard tells you “who got paid what, where and what for”.
Data visualization: accounts payable monitoring
25 25
The 4W1H tell you “Who entertained who, where, what for, and for how much?”
Data visualization: travel & entertainment monitoring
26 26
Filter by selected analytics Review breaches on targeted analytics
Payment risk scoring Key component to reducing false positives and focusing risk assessment
27 27
The dashboard tells you relationships identified through the analysis of structured and unstructured data sources.
Data visualization: social network analysis
28 28
Rather than simply comparing watch-list names to a vendor table in a spreadsheet, this example links accounts payable data to third-party watch-list data to identify potentially improper payments to sanctioned or high-risk entities and displays the results in an interactive dashboard.
Demonstrate management oversight & intent Linking payment data to sanctions and watch list databases
29 29
Geocoding AP risk scores to identify hot regions.
Risk scoring and data visualization Geocoded heat maps
30
► Leveraging Statistical Analysis and Text Mining to Identify “Corrupt Intent”
31 31
“<blank>”
Donation
Pay on behalf of
Special payment
Volume contract incentive
One time payment
Honorarium
Incentive payment
Friend fee
Nobody calls it “bribe expense”
Commission to the customer
Consulting fee
Government fee
Processing fee
Goodwill payment
Beyond just keyword searching, text mining within payment data plays a key role in identifying potentially improper payments.
Focusing on payment text descriptions What if you saw these terms used as justification for payments?
32 32
Text mining: vendor payment analysis High risk terms linked to payment amounts
33 33
These three variables
were this highest drivers of
suspicious transactions
These variables were less important when
predicting suspicious transactions. Client should focus resources on
monitoring efforts for the three leading drivers, which accounts for 80%
of the predictive value.
Perform Variable
Analysis
Predictive modelling Focus on the variables that matter most
EY | Assurance | Tax | Transactions | Advisory
About EY
EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.
EY refers to the global organization and may refer to one or more of the member firms of EYGlobal Limited, each of which is a separate legal entity. EYGlobal Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.
© 2013 Ernst & Young, China All Rights Reserved. This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.
www.ey.com/china