1. Using Data Analytics to Detect & Prevent Corporate and P-Card Fraud November 20, 2013 Special Guest Presenter: Rich LanzaCopyright 2013 FraudResourceNet LLCAbout Peter Goldmann, MSc., CFEPresident and Founder of White Collar Crime 101Publisher of White-Collar Crime Fighter Developer of FraudAware Anti-Fraud Training Monthly Columnist, The Fraud Examiner, ACFE Newsletter Member of Editorial Advisory Board, ACFE Author of Fraud in the Markets Explains how fraud fueled the financial crisis.Copyright 2013 FraudResourceNet LLC

2. About Jim Kaplan, MSc, CIA, CFE President and Founder of AuditNet, the global resource for auditors (now available on Apple and Android devices) Auditor, Web Site Guru, Internet for Auditors Pioneer Recipient of the IIAs 2007 Bradford Cadmus Memorial Award. Author of The Auditors Guide to Internet Resources 2nd EditionCopyright 2013 FraudResourceNet LLCRichard B. Lanza, CPA, CFE, CGMA Over two decades of ACL and Excel software usage Wrote the first practical ACL publication on how to use the product in 101 ways (101 ACL Applications) Has written and spoken on the use of audit data analytics for over 15 years. Received the Outstanding Achievement in Business Award by the Association of Certified Fraud Examiners for developing the publication Proactively Detecting Fraud Using Computer Audit Reports as a research project for the IIA Recently was a contributing author of: Global Technology Audit Guide (GTAG #13) Fraud in an Automated World - IIA Data Analytics A Practical Approach - research whitepaper for the Information System Accountability Control Association. Cost Recovery Turning Your Accounts Payable Department into a Profit Center Wiley & Sons. Please see full bio at www.richlanza.com Copyright 2013 FraudResourceNet LLC 3. Webinar Housekeeping This webinar and its material are the property of FraudResourceNet. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden. We are recording the webinar and you will be provided access to that recording within 5 business days after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited.Please complete the evaluation questionnaire to help us continuously improve our Webinars.You must answer the polling questions to qualify for CPE per NASBA.Submit questions via the chat box on your screen and we will answer them either during or at the conclusion.If GTW stops working you may need to close and restart. You can always dial in and listen and follow along with the handout. Copyright 2013 FraudResourceNet LLCDisclaimers The views expressed by the presenters do not necessarily represent the views, positions, or opinions of FraudResourceNet LLC (FRN) or the presenters respective organizations. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While FRN makes every effort to ensure information is accurate and complete, FRN makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. FRN specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the FRN website Any mention of commercial products is for information only; it does not imply recommendation or endorsement by FraudResourceNet LLC Copyright 2013 FraudResourceNet LLC5 4. Todays Agenda Management override: What it is and how its most often done Recap of major corporate and P-card fraud schemes How to gather the data you need to audit for card fraud using data analytics Best practices in data analytic for corporate and P-card fraud detection Proven P-card fraud deterrence and prevention practices P-card-related travel & entertainment fraud detection using data analyticsCopyright 2013 FraudResourceNet LLCKey Considerations Before Entering Pcard and T&E Reviews Is 3% to 5% savings in T&E worth the controls? It probably wont be enough of an issue for SarbOx It DOES make for an embarrassing paper headline 98% of people are honestDo you want to hound them for the 2%? Is T&E a company benefit? Will you be able to take on the executives? Copyright 2013 FraudResourceNet LLC 5. Asset Misappropriation Tops The ChartsCopyright 2013 FraudResourceNet LLCRisk Assessment Departmental FocusCopyright 2013 FraudResourceNet LLC9 6. Top Fraud Schemes By DepartmentCopyright 2013 FraudResourceNet LLCMaking $20K Extra This Year (assume 20 trips a year) Meals ($30 a day * 4 days * 20 trips) = $2,400 Gas/Mileage ($20 per trip * 20 trips) = $400 Airline ($100 per trip * 20 trips) = $2,000 Hotel ($10 per day * 4 days * 20 trips) = $800 Entertainment ($50 per trip * 20 trips) = $1,000 Other ($50 per trip * 20 trips) = $1,000 Airline/Other miles for free tickets = $7,000Total of $14,600 after tax or $20,000 before taxCopyright 2013 FraudResourceNet LLC 7. Playing The T&E Game Can Be Addictive The extra cash always helps Its tax-free! The getting back at the company feeling Managers never check anyway What are they going to dofire me over $20? The slippery slope to go for moreCopyright 2013 FraudResourceNet LLCPolling Question 1What is not one of the top occurring frauds per the ACFE study? A. B. C. D.Billing Corruption Overstated Revenue Expense ReimbursementsCopyright 2013 FraudResourceNet LLC 8. What to Look for and Best Practices in P-Card and T&E Fraud DetectionP-Card Process Steps Create/Issue Cards Maintain Cards Cancel Cards Approve Merchants / Merchant Codes Block Merchants / Merchant Codes Set Approval Limits / Policies of Use Initiate Transactions Validate Transactions Approve Transactions Copyright 2013 FraudResourceNet LLC 9. The Controls Summary Whistleblower Hotline Code of Conduct Employee Training Review the Data Book It For Them Automated Workflow Deal With the FraudstersCopyright 2013 FraudResourceNet LLCSet the Baseline Establish set of core values Communicate them Train people in them Give people examples So they understand in practical terms when they break the codeCopyright 2013 FraudResourceNet LLC 10. Other Fraud Policy Categories Definitions of misconduct and dishonesty Organizational policy and responsibilities regarding reporting suspected misconduct. Deterrence and detection responsibilities of individuals with supervisory or review responsibility. Policy specifying the responsibility and authority related to the investigation of incidents of misconduct and dishonesty. General procedures for the follow up and investigation of reported incidents. Note that questions or other clarifications of the fraud policy should be addressed to the corporations Chief Counsel. Copyright 2013 FraudResourceNet LLCP-Card Policy Considerations Who can have the card / Who cannot have the card (former employees, non-employees, agents/students/vendors) Reconciliation procedures What can and cannot be purchased with the card Restricting use to organizational business needs How to get the card How to handle exceptions and irregularities How a card can and should be deactivated How to get help Cardholder agreements Rights and responsibilities of the cardholder, department manager responsible for managing card usage, department manager, organization and card-issuer Copyright 2013 FraudResourceNet LLC 11. Train the Frontline Troops Explain the basics of fraud How it starts How it grows fast Red flag signs Explain what to do if they sense it Make it fun Case studies using past or fictional examplesCopyright 2013 FraudResourceNet LLCThe Basic Tests Review the business purpose of each expense for reasonableness. Validate expenses with proper receipts (when applicable). Recalculate the total reimbursable amount to test accuracy. Review each report for proper approval Trace and agree the total reimbursable amount on the T&E report to the disbursement(s).Copyright 2013 FraudResourceNet LLC 12. Types of T&E Fraud (in order of occurrence per ACFE Study Report to the Nations - 2006) Mischaracterized personal expenses that are submitted as business. Overstated inappropriate overstatement of submitted expenses. Fictitious Receipt phony receipt used as support. Over-purchase purchase more than needed and keep the rest. Collusion manager and employee scheme against the company Copyright 2013 FraudResourceNet LLCPolling Question 2What is not one of the top occurring frauds per the ACFE study? A. B. C. D.Billing Corruption Overstated Revenue Expense ReimbursementsCopyright 2013 FraudResourceNet LLC 13. Little More Advanced Tests Submit altered claims for legitimate expenses that are larger than actuals, pocket difference in cash Create fictitious vendor to vouch for purchases Use a Square to become a vendor yourself Change the vendors name between the P-Card and T&E system Avoid approval limits by splitting purchases Organize legitimate expenses to secure a cash discount or other benefit from vendor that should go to the employer Submit same expense to multiple authorities or multiple general ledger accounts Copyright 2013 FraudResourceNet LLCAirline Schemes and Tests Book a personal trip as a business one: Match dates of travel to airline dates Book an expensive refundable ticket and a cheaper ticket, cancel the refundable ticket, and then submit it for payment Obtain payment receipt (i.e., Visa bill for the month) and airline support See How To Pad Your Expense Report..and Get Away With It by Employee X Copyright 2013 FraudResourceNet LLC 14. Airline Schemes and Tests Edit the E-mail on an E-Ticket Obtain payment receipt (i.e., Visa bill for the month) and airline support Use one airline to get mileage points (even if not the best) Get a general sense of flight costs and airlines for key company locations See How To Pad Your Expense Report..and Get Away With It by Employee X Copyright 2013 FraudResourceNet LLCHotel Schemes and Tests Scan invoice and increase amounts Get extra invoice paper from hotel and type phony bill Complain to reverse charges and submit the original invoice Ask for a discount (i.e., AAA) after the bill is printed Obtain payment receipt (i.e., Visa bill for the month) and hotel support See How To Pad Your Expense Report..and Get Away With It by Employee X Copyright 2013 FraudResourceNet LLC 15. Meal Schemes and Tests Buy tear off receipts at office supply store and submit phony receipts Eat cheap meals or have someone else pay for them and then submit thrown away receipts Check dates are within travel period Obtain payment receipt (i.e., Visa bill for the month) and hotel support See How To Pad Your Expense Report..and Get Away With It by Employee X Copyright 2013 FraudResourceNet LLCTaxi / Mileage Put through phony taxi receipt and have someone drive you to the airport Obtain payment receipt (i.e., Visa bill for the month) Add more mileage to the mileage allowance Get a general sense of mileage between company locations or use Mapquest See How To Pad Your Expense Report..and Get Away With It by Employee X Copyright 2013 FraudResourceNet LLC 16. Polling Question 3Which of the following are key to the P-Card fraud control framework? A. B. C. D. E.Employee Training Review the Data Book It For Them Automated Workflow All of the aboveCopyright 2013 FraudResourceNet LLCBook It For Them Travel agency to process hotel, car, and air Use a car service Ensure that payment is made by company to the vendor directlyCopyright 2013 FraudResourceNet LLC 17. Benefits of Automation: Enforce company financial policy Established system of approvals Increased visibility Sound internal controls Heightened accountability Reduced audit fees Peace of mind Copyright 2013 FraudResourceNet LLCHave a Response Team Have an incident response program Set the investigation plan Set accountabilities Do appropriate marketing Put everyone on notice that a team exists and is ready to investigate as needed Communicate wrongdoing through company newsletters even if it is done at a departmental levelCopyright 2013 FraudResourceNet LLC 18. Ways To Deal With Fraudsters Terminate Make an example of those who get caught Put fraud on their W-2 Remember it is better to prevent and deter than try to reclaim laterCopyright 2013 FraudResourceNet LLCIntegrating Data Analytics Into the P-Card Review Process 19. Step #1 in Automation Plan: Aggregate the Data You can improve what you measure Summary data (at the invoice level) is not enough for auditing Detail data Doesnt have to be an automated system (although one helps)Can be done in Excel/Access to get startedCopyright 2013 FraudResourceNet LLCData Tables and Fields P-Card Cardholder: Card Number Cardholder Address City Post Code LimitMCC Description: MCC MCC DescriptionTransactions: Name Card Number Merchant Merchant City Merchant State Merchant Cntry Merchant PostCode MCC Amount Curr ency Post Date Trans DateCopyright 2013 FraudResourceNet LLC 20. Data Tables and Fields T&E Considerations Business Purpose Who Entertained Flight Information (from Travel Company) Days before the flight booking made Type of airline and ticketCopyright 2013 FraudResourceNet LLCThe Data Aggregators Online T&E system Travel company / Car Service company Vendor System (i.e., Office Supplies) Procurement card Access database / Excel spreadsheetCopyright 2013 FraudResourceNet LLC 21. The Overall Fraud Analytic Process Get the Most Useful Data for Analysis Develop Fraud Query Viewpoints The 5 Dimensions Brainstorm report ideas Analytically Trend Benfords Law Statistical averages and simple trending by day, month, day of week Post dated changes Use Visualization Techniques Copyright 2013 FraudResourceNet LLCPolling Question 4What is not one of the key tables for P-Card analysis? A. B. C. D.Cardholder Travel Information MCC Code Description TransactionsCopyright 2013 FraudResourceNet LLC 22. Our Viewpoints or Data DimensionsCopyright 2013 FraudResourceNet LLCTop Reports Unmatched query of cardholders to an active employee masterfile Cards used in multiple states in the same day Cards processing in multiple currencies in the same day Identify cards that have not had activity in the last six months Cardholders that have more than one card (Duplicates on card holder) Extract any cash back credits processed through the card Extract declined card transactions and determine if they are frequent for certain cards Summary of card usage by merchant to find newly added merchants and most activeCopyright 2013 FraudResourceNet LLC 23. Top Reports (continued) Duplicates on card number, amount, and transaction date Duplicates on merchant, amount, and transaction date (regardless of card) Duplicates on merchant and amount Duplicates on cardholder and amount A multitude of transactions under the card purchase limit or MCC amount limit to identify split purchases on the card to purchase higher amount items using multiple charges. Postings to unusual MCC codes Align the Pcard to T&E system to ensure merchant and amounts line up for each transactionsCopyright 2013 FraudResourceNet LLCIts The Trends.Right? Trend categories (meals, hotel, airfare, other) Trend mileage Trend departments Trend in the type of receipts Trend under limits (company policy) Trend by person By location By vendorCopyright 2013 FraudResourceNet LLC 24. Stratify Data - ResultsCopyright 2013 FraudResourceNet LLCScatter DataCopyright 2013 FraudResourceNet LLC 25. Scatter GraphCopyright 2013 FraudResourceNet LLCMap of the Vendor PopulationCopyright 2013 FraudResourceNet LLC49 26. Benfords Law Continuous View Quarterly law0.3500 0.3000 0.2500 4th 3rd 2nd0.15001st0.1000 0.050095908580757065605550454035302520150.000010FrequencyBenford0.2000DigitsCopyright 2013 FraudResourceNet LLCDeeper into BenfordsCopyright 2013 FraudResourceNet LLC 27. Invoices Near The Approval LimitCopyright 2013 FraudResourceNet LLCPolling Question 5What is probably the best Excel feature for reviewing Pcard and T&E data? A. B. C. D.Scatter Graphs Pivot Tables Vlookup Data Analysis ToolkitCopyright 2013 FraudResourceNet LLC 28. T&E Scoring Analysis (Using Macros) 1. 2. 3.4.Employees with low transaction, high dollar activity - 20 Employees with a high proportion of round dollar payments. - 25 Payments to any employees that exceed the twelve month average payments to that employee by a specified percentage (i.e., 200%) or 3x the standard deviation for that vendor. - 20 Employees with a high proportion of charges near approval limits - 35Copyright 2013 FraudResourceNet LLCTransactional Score Benefits Instead of selecting samples from reports, transactions that meet multiple report attributes are selected (kill more birds with one stone). Therefore a 50 unit sample can efficiently audit: 38 duplicate payments 22 round invoices 18 in sequence invoices.and they are the best given they are mathematically the most severe. Sampling can be based on quadrants which takes into account different severity, volume, and value dimensionsCopyright 2013 FraudResourceNet LLC55 29. Questions? Any Questions? Dont be Shy!Copyright 2013 FraudResourceNet LLCComing Up Next Month How to Use Data Analysis to Detect Revenue and Receivables Fraud, Dec.12th Integrating Data Analytics for Fraud Into Your Audit Dec. 17th Internal Anti-Fraud Controls: Attaining Long-Term Effectiveness Dec 18thCopyright 2013 FraudResourceNet LLC 30. Thank You! Website: http://www.fraudresourcenet.com Jim Kaplan FraudResourceNet 800-385-1625 jkaplan@fraudresourcenet.com Peter Goldmann FraudResourceNet 800-440-2261 pgoldmann@fraudresourcenet.com Rich Lanza Cash Recovery Partners, LLC Phone: 973-729-3944 rich@richlanza.com Copyright 2013 FraudResourceNet LLC