Leading Compliance Monitoring Activities to Assess Fraud and Corruption Risks

Leading compliance monitoring activities to assess fraud and corruption risks ACI China Anti-Corruption Summit

June 18, 2014

1 1

1 Discussion: Top Compliance Issues 2 EY’s First Annual Global Forensic Data Analytics Survey 3 Leveraging Forensic Data Analytics (“FDA”) to Detect Fraud 4 Dashboarding & Visualization

5 Leveraging Statistical Analysis and Text Mining to Identify “Corrupt Intent”

Agenda

2

Discussion: Top Compliance Issues

3 3

► Bribery and corruption remain top risks

► Regulatory pressure

► Third-party integrity

► M&A due diligence

► Risk areas include: ► Integrity of vendors, suppliers and distributors, government officials ► Improper payments in the forms of bribes or kickbacks ► Travel and entertainment abuse ► Conflicts of interests (e.g., employee and supplier matches)

Top issues— what we are seeing

4 4

Start with the Fraud Tree

Fraud tree

Cash larceny

Theft of other assets – inventory/

AR/ fixed assets

Revenue recognition

Non financial

Conflicts of

interest

Bribery and corruption/

FCPA

Illegal gratuities

Bid-rigging/ procurement

Corruption Fraudulent statements

Asset misappropriation

Fake vendor

Payroll fraud

T&E fraud

Theft of data

GAAP Reserves

General focus of auditors

General focus of

internal auditors

General focus of attorneys (opportunity for Internal Auditors and

Investigators)

5 5

Frequent compliance examples

Social Media Monitoring Advanced Email Monitoring Mobil Devices

Meals & Entertainment Marketing & Events CRM and Sales Data

Information Security Employee Payroll Distributor & Margin Analysis

Capital Projects Education, Grants, Sponsorships

Emerging monitoring activities may include…

Vendor Payments / AP

Trading / AML Vendor Due Diligence & Watchlist Monitoring

Charity & Donations

6 6

► Internal Audit ► Compliance & Legal ► Investigations ► Business / Operations

What we hear: 1. Make my program more effective and measurable 2. Make my program more efficient (reduced sample sizes, risk based, cost savings)

Now, more than ever, increased transparency is top-of-mind among our clients in…

7 7

How global companies are responding

► Compliance and legal are often teaming with internal audit to look beyond anti-corruption policies and training and into tests of books and records

► Integrating new analytics specifically targeting corruption – these aren’t your typical rules-based, process control SOX tests

► Integrating “Big Data” concepts including: ► Text mining (unstructured data) ► Statistical analyses and anomaly detection ► Visual analytics and interactive dashboards ► 100% data sampling, not just random sampling

► Analytics used to assess high fraud/corruption risk areas

8 8

Compliance monitoring challenges

► The rapid pace of regulatory requirements requires a good compliance monitoring program to have the flexibility to accommodate a continuously changing regulatory environment.

► ERP systems and enterprise data warehouses are often not integrated with other key systems related to compliance (e.g., speaker programs, event management systems, sample management, promotion materials, etc.).

► Many departments work in their own organizational silo which creates redundant efforts to meet monitoring and reporting requirements.

► The volume of business activities that should be monitored can overwhelm the resources of most organizations.

► Get the right FDA tools and the right people to operate FDA ► The data available for analysis are incomplete or inaccurate

9

EY’s First Annual Global Forensic Data Analytics Survey

10 10

EY’s first annual global forensic data analytics survey

► This survey was conducted between October 2013 and December 2013 on behalf of EY’s Fraud Investigation and Dispute Services practice (“FIDS”)

► Survey approach ► 446 companies surveyed, across 11 countries ► Respondents are executive and senior management responsible for anti-fraud and anti-corruption programs ► 45% of the companies generate $100 million to $1 billion in revenue, 55% - over $1 billion ► Over a dozen industries represented, with the largest shares held by financial services, Pharmaceutical, oil & gas,

utilities, and mining

11 11

► 75% of the companies surveyed use forensic data analytics (“FDA”)

► FDA includes a broad base of users, including corporate executive management (81%) and the board of directors (65%)

► Triggers for using FDA are, as we would expect, businesses’ greatest concerns: bribery and corruption, financial statement fraud and asset misappropriation

► FDA is seen as cost-effective and offering many benefits, primarily as a means of enhancing companies’ ability to detect fraud and misconduct

► FDA typically represents 2/5 of overall anti-fraud and anti-bribery program spend currently and this is typically felt to be sufficient. However, over half predict an increase in spend on FDA in the next 3 years

Key findings

12 12

Key findings (cont.)

► 67% of respondents say their current anti-fraud and anti-bribery program is effective in preventing and detecting fraud and corruption; however, 64% say they need to do more to improve their current procedures, including the use of FDA

► 62% of respondents say they need to improve management’s awareness of the benefits of FDA and proactive transaction monitoring

► Survey respondents reported the single largest challenge was getting the right FDA tools and a lack of human resources or manpower to operate FDA

► Spreadsheets and database tools still dominate the technology landscape. There is a need to go beyond traditional rules-based analytics by leveraging more sophisticated FDA technologies such as statistical modeling, predictive analysis, visualization, and interactive dashboards

13

4%

62%

63%

79%

82%

82%

82%

89%

90%

Other

Able to analyze non-structured data formats, alongside structured data formats to identify…

Cost effective

We can review a large amount of data in a shorter period of time

Earlier detection of misconduct

Assists in planning our audits or investigative field work

Offers better comparison of data for improved fraud risk decision-making

Able to detect potential misconduct that we couldn’t detect before

Enhances our risk assessment process

Total

4%

54%

57%

70%

80%

73%

79%

84%

86%

C-Suite

Main benefits of FDA

14

61%

68%

70%

77%

81%

84%

Internal investigations or business integrity

Board of directors

Business unit managers

Legal/compliance

Corporate executive management

Internal audit

FDA benefits extend high into the organization

15

Leveraging Forensic Data Analytics (“FDA”) to Detect Fraud

16 16

Source: ACFE 2010 Report to the Nations On Occupational Fraud

50% by tip or accident demonstrates the need for improved analytics

2012 ACFE Report to the Nation on Occupational Fraud

How is fraud detected?

17 17

And it is not just a data warehouse. Analytics are business driven and technology enabled.

Forensic Data Analytics is The ability to collect and use electronically stored information, both structured and unstructured data sources, to identify potentially improper payments, patterns of behaviour and trends. Forensic data analytics encompasses integrating continuous monitoring tools, analysing data in real time and allowing for immediate action to prevent suspicious or fraudulent payments.

Forensic data analytics defined

18 18

Forensic data analytics maturity model

► EY developed an FDA maturity model that describes four key quadrants of FDA activity that span both structured data sources, such as transactional data, and unstructured data sources, such as free-text communications ► Upper-left quadrant: “traditional” rule-based queries ► Upper-right quadrant: statistical methods ► Bottom-left quadrant: simple keyword search ► Bottom-right quadrant: data visualization and text mining

A leading FDA practice incorporates elements of all four quadrants to ensure more effective detection and fewer false positives.

19 19

False-positive rate High Low

Struct

ured

data

Detection rate Low High

Unstr

ucture

d da

ta

“Traditional” rule-based, descriptive queries

and analytics

Matching, grouping, ordering, joining, filtering

Statistical Analysis

Anomaly detection, clustering, risk ranking,

predictive modeling

Traditional keyword searching

Keyword search

Data visualization and text mining

Data visualization, drill down into data, text mining

Forensic data analytics maturity model Beyond traditional “rules-based queries” – consider all four quadrants

20 20

Gather Process Analysis Delivery/Follow up

ERP CRM

Contracts Warehouse manageme

nt

T&E

Other

• Obtain data from all central systems and external sources.

• Load, validate and transform data into define common model – independent of ERP.

• Link sources to facilitate analysis.

• Provide global dashboards to facilitate identification of risk issues.

• Deliver dashboards to be reviewed as part of the testing process.

Below is an illustration of how a broad data collection exercise operates in practice. The objective is to gather data from a range of sources – and undertake initial processing to provide a central team with the ability to identify the higher risk activities. Following that review, targeted analytics would be deployed to identify the issues, transactions and relationships that need to be reviewed.

EY forensic data analytics workflow

21 21

Tailored design with data analytic risk indicators

High Risk Transactions

Duplicate Payments

Meal Splitting

Travel Agents

Overbilling

A%

B%

C%

D%

In-Scope Transactions

► Not every item bears the same risk level ► Define risk based on understanding of business process and potential control weaknesses

Risk indicator framework design

22 22

Why Continuous Monitoring? ► Executive visibility and transparency ► Drive process improvements ► More advanced anti fraud control ► Improved audit effectiveness Enables Our Clients: ► Proactively identify and remediate transaction-related issues

and challenges ► Generate advanced analytics/insights ► Timely, accurate, complete reporting

EY’s approach to continuous transaction monitoring

23

Dashboarding & Visualization

24 24

The dashboard tells you “who got paid what, where and what for”.

Data visualization: accounts payable monitoring

25 25

The 4W1H tell you “Who entertained who, where, what for, and for how much?”

Data visualization: travel & entertainment monitoring

26 26

Filter by selected analytics Review breaches on targeted analytics

Payment risk scoring Key component to reducing false positives and focusing risk assessment

27 27

The dashboard tells you relationships identified through the analysis of structured and unstructured data sources.

Data visualization: social network analysis

28 28

Rather than simply comparing watch-list names to a vendor table in a spreadsheet, this example links accounts payable data to third-party watch-list data to identify potentially improper payments to sanctioned or high-risk entities and displays the results in an interactive dashboard.

Demonstrate management oversight & intent Linking payment data to sanctions and watch list databases

29 29

Geocoding AP risk scores to identify hot regions.

Risk scoring and data visualization Geocoded heat maps

30

► Leveraging Statistical Analysis and Text Mining to Identify “Corrupt Intent”

31 31

“<blank>”

Donation

Pay on behalf of

Special payment

Volume contract incentive

One time payment

Honorarium

Incentive payment

Friend fee

Nobody calls it “bribe expense”

Commission to the customer

Consulting fee

Government fee

Processing fee

Goodwill payment

Beyond just keyword searching, text mining within payment data plays a key role in identifying potentially improper payments.

Focusing on payment text descriptions What if you saw these terms used as justification for payments?

32 32

Text mining: vendor payment analysis High risk terms linked to payment amounts

33 33

These three variables

were this highest drivers of

suspicious transactions

These variables were less important when

predicting suspicious transactions. Client should focus resources on

monitoring efforts for the three leading drivers, which accounts for 80%

of the predictive value.

Perform Variable

Analysis

Predictive modelling Focus on the variables that matter most

EY | Assurance | Tax | Transactions | Advisory

About EY

EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization and may refer to one or more of the member firms of EYGlobal Limited, each of which is a separate legal entity. EYGlobal Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.

© 2013 Ernst & Young, China All Rights Reserved. This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.

www.ey.com/china