At at recent event I took the delegates on a journey through the Data Universe (“Dataverse”) which exists in every organisation, large and small, and briefly touched several different fraud profiles.
What was not possible at the time was a full explanation or demonstration of how these concepts all worked together and could be systematically applied. The concepts behind Haymarket’s data analytics and fraud profiling are simple to understand but intricate in execution. All frauds leave a data footprint and other tell-tale indicators. The Dataverse will contain the evidence of fraud; either as an identifiable and positive record, or as the absence of what should be there.
For example; a financial systems audit log should maintain a full list of changes with a before and after image or record of those changes. This will include date, time, and the user id of when and what changes were made. From this you could deduce that at 23:15:07 on Sunday 10th July 2016, the user ID belonging to the Payroll Supervisor, changed the bank details for a dormant supplier to their own bank account. At 23:15:57 10/07/2016 a further transaction was made to initiate a payment to that altered account. Such positive information obtained from the audit logs would then be used as part of the ongoing investigation.
But equally the data footprint could be the absence of information for example: an unexplained gap in the audit logs between 23:00:00 and 23:30:00 on the 10/07/2016. Both of these indicators could then be further confirmed by looking for secondary data sources, such as the access control systems. Did anyone use their card to gain access to the Finance or IT departments between 23:00:00 and 23:30:00? Another secondary source could be the telephony call logging systems to see if any call were made or received around this time.
Effective fraud profiling and data analytics should start with a fraud theory postulating what evidence would be required identify that this particular set of circumstance exists within the corporate Dataverse.
At Haymarket we have developed a number of different applications depending on the focus of the investigation or audit and the Client’s Dataverse. The Client’s Dataverse is then enhanced and compared with external data sources and our own specialist data. At the same time static and dynamic profiles are applied to the Client’s data to identify red flags.
These profiles are specific to the fraud theory we are trying to prove. For example; in detecting potentially bogus suppliers the following tests could be applied:
Validating Vat numbers, both check digits and owners;
Cross referencing bank sort, SWIFT and IBANs codes against tax havens, Panama Paper data etc.;
Matching company directors against employees to identify potential conflicts of interest between employees who may also be the owner of supplier organisations;
Identifying weekend invoicing, individual round value invoices, sequential or low value invoice number sequences;
Identifying companies operating from PO Box or other mailing addresses;
Detecting statistically odd invoice values which could identify a deliberate attempt to circumvent financial authority limits; and
Using a combination of “Fuzzy” logic to identify common spelling variations.
Our software can be used after a fraud has taken place, in order to identify the fraud. However, Haymarket recommends our software to be used by all organizations that are concerned with exposure to fraud (that should be all organizations!) to monitor their systems and stop fraud immediately so that all funds may be recovered. The longer an organization waits after a fraud has been committed, the more likely that the fraudster has taken your money and disseminated it amongst countless offshore bank accounts.
To conclude, the Dataverse has not been used to its full potential by most organizations. Resources such as audit logs, door entry systems, and telephony systems are wasted on auditors who do not fully understand how to use them. Patterns in these systems can be flagged by Haymarket’s system and subsequently investigated by our team and stop fraud in its tracks.
Written for Haymarket by Richard Kusnierz