© Grant Thornton. All rights reserved. Data analytics in the audit March 18, 2011 Keith Barger,...

© Grant Thornton. All rights reserved.

Data analytics in the audit

March 18, 2011

Keith Barger, Principal, Advisory Services & Forensic Technology Services Practice [email protected]


Overview

• Speaker background• Introduction• What is fraud?• Data analytics: Defined• Data analytics: Practical use• Case studies• Wrap up / Q & A


Keith Barger

• ATF – 18+ years of special agent– Technical operation

• Big 4 – Director– Forensic Technology and e-Discovery

• Grant Thornton – Principal, Practice Leader– Forensic & Litigation Services– Forensic Technology Services


Introduction

• Fraud examiners and internal/external auditors utilize data analytics to aid in revealing potential concerns, enabling the detection of fraudulent circumstances as early as possible


What is fraud?

• A general concept that refers generally to any intentional act committed to secure an unfair or unlawful gain. Financial fraud typically falls into the following categories:

– Fraudulent financial transactions and reporting– Misappropriation of assets– Revenue of assets gained by fraudulent or illegal acts– Expenditures or liabilities avoided for inappropriate purpose– Improperly obtained assets and costs / expenses avoided– Other misconduct (e.g., conflicts of interest, insider trading, theft of

trade secrets, etc.)


What is fraud? (continued)

• Public reports related to fraud occurrences– Association of Certified Fraud Examiners 2008 Report to the Nation– Occupational fraud schemes tend to be extremely costly– The median loss caused by occupational frauds $175,000– More than 25% of the fraud involved losses of more than $1M

• Critical Perspectives on Accounting, 2010– 90% of the frauds occur at the senior executive level

• PCAOB proposed Auditing Standard indicates– Controls related to the preventions, identification, and detection of

fraud often have a pervasive effect on the risk of fraud


What is fraud? (continued)

• Goals of fraud risk management

– Understand fraud and misconduct risks that can undermine their business objectives

– Reduce exposure to corporate liability, sanctions, and litigation

– Achieve the highest levels of business integrity through sound corporate governance and intelligence, and internal policies and controls


Data analytics: Defined

• Data analytics is the science of examining raw data with the purpose of drawing conclusions about that information


Data analytics: Defined (continued)

• A data analytic aided program– Information technology and use of computer based audit techniques

such as data analytics can significantly improve the effectiveness of a corporate fraud risk management program and corporation investigations

• The data analytics program can be generally outlined as:– Consideration of potential fraud schemes and scenarios– Assessment at various levels: globally (corporate-wide), significant

business units, substantial account levels– Testing of the effectiveness of the internal policies and controls– On-going monitoring and evaluations on a periodic and random

frequency to access performance and effectiveness



• Key benefits of data analytics– Rapidly evaluate large amounts of data which

could mitigate fraud risks and/or detect fraud– Capable of analyzing large data set and

oftentimes, 100% of the relevant data– Abilities to apply similar analysis routines to

various data sets without excess development time



• How good is your data?– Data quality is essential to interoperability and should

be evaluated based on:• How do you verify the completeness or data?• Accuracy• Consistency on data formats, naming conventions

and precision• Do data sources triangulate?

– Exportability and portability• How easy can the data be exported?

– Audit trail• How much effort is required to uncover the

change in data values and accountability of the changes?



• Data integrity– Data normalization and standardization is often required before computerize

tools start analyzing corporate financial and transactional data


Data analytics: Practical use

• Examples of potential fraud risks in financial management system– Fraudulent financial reporting

– General ledger

– Misappropriation of assets

– Asset management and asset retirement calculation

– Unauthorized or improper receipt and expenditures

– GL, Account payable, time and expense management, purchase care program

– Management override of transactions

– Transaction audit trails

– Theft and improper use of material and resource

– Asset management, inventory management and human resource


Data analytics: Practical use (continued)

• Journal entries (JE) / General ledger (GL)• Account payable (AP) / Purchasing • Account receivable (AR) / Sales• Payroll / Human resource (HR)• Time and expense / HR• FCPA / Anti-bribery and corruption • Sales and use tax• Purchase card program• Regulation and compliance


Data analytics: Practical use (continued)Industry agnostic

• Software license review• Financial risk management• Dispute resolution• Healthcare regulatory compliance• Pharmaceutical regulatory compliance (Medicaid pricing)• Contract compliance• Royalty audits• Construction cost recovery• Financial restatements• Fraud risk management (Sub-prime lending)• Financial investigations



• Effective use of Benford's law– Benford's law has been providing investigators with a simple, yet

effective, tool for detecting fraudulent transactions– Choose appropriate data sets that conform to the distribution– Consider large concentration of assigned numbers or firm-specific

numbers– Verify upper and lower number boundaries



• User activity and accountability– Most established financial management systems have a built in

function to record chronological sequence of activities. The logged records show who has accessed the system and what operations he or she had performed during a given period of time

– Audit trail helps to identify fraudulent transactions based on• User name or ID (e.g., unauthorized or blocked users)• Entry timestamps (e.g., created or updated during questionable

period of time)• Volume of transactions (e.g.: unnecessary access)

– Audit trail also assists on identifying management override of transactions and process flow



• Through continuous monitoring of the operations, controls and procedures, weak or poorly designed or implemented controls can be corrected or replaced

• A technology-aided anti-fraud program can be periodically executed and as frequent as needed

• Random execution and manual test review helps to enhance the quality of the program

• A real time "red flags" response system can alert management for immediately actions


Case study – Government agency anti-fraud program

• Directed and oversaw an anti-fraud program with regard to government grant disbursements related to disaster recovery

• The program involved development of a data repository and analytics to identify fraud, waste and abuse across several areas ranging from false claims, duplicate benefits, grant calculation verification, and construction-related fraud

• Large number of data sources and terabytes of data were accessed, on an on-going basis, to retrieve program related data from a variety of government and private agencies


Case study – Government agency anti-fraud program (continued)

• Data marshalling procedures were conducted on database servers and accounted for the normalization

• Approximately 3,500 data analytic routines and queries were executed against the data to identify anomalous and outlier data

• Weekly reports were compiled which outlined the current analytic results and the overall status of the program


Case study – Insurance company internal investigation

• Applied data analytics to claims data• Performed analysis of 130,000+ transactions

– 5 years worth of data analyzed• Work performed in ½ time 100% manual review• Internal control weaknesses identified


Case study – Forensic in the audit program

• Grant Thornton is implementing a data analytics program helping external auditors to conduct a comprehensive analysis and identify potential "red flags" related to clients' accounting practices

• The program utilizes customizable analytical routines and queries to evaluate data records from clients' ledger systems


Wrap up / Q & A

• Sampling vs. complete review

• Rapid turn around with streamline reporting

• Cost matches client's need

• Flexible and fully customizable to specific industries

© Grant Thornton. All rights reserved. Data analytics in the audit March 18, 2011 Keith Barger,...

Documents

Transcript of © Grant Thornton. All rights reserved. Data analytics in the audit March 18, 2011 Keith Barger,...