Thank You!

You are attempting to access subscriber-restricted content.

Are You Ready to Experience Everything Internal Auditor (Ia) Has to Offer?

​Get a View Into Suspicious Transactions

Data visualization tools can help internal auditors dig deep to uncover potential fraud.

Comments Views

​The U.S. Centers for Medicare and Medicaid Services’ June 2014 Report to Congress on Medicare’s Fraud Prevention System (FPS) describes how the state-of-the-art predictive analytics system identified US$210 million in savings during its second year of operation. The FPS’ ability to identify savings illustrates the power of data analytics to detect suspicious transactions.

Internal audit can leverage analytics technologies to audit for similar transactions within their organization. Data visualization is an analytic tool that can allow auditors to rapidly interrogate an entire transaction history or database to identify the most suspicious transactions to investigate.

A Fraud Risk Tool

The internal audit department at one Fortune 500 company applied data visualization tools to a project to assess fraud risk. The first phase of the risk assessment identified several high-risk scenarios such as processing duplicate payments, paying invoices for the same purchases, and submitting payments to false vendors. In the second phase, the review team deployed a data visualization tool to the existing data sets.

The first step involved planning and setting specific project-review objectives. The review team interviewed key process stakeholders to learn the financial process flow and studied the database structure and data dictionary. For this specific database, the team collected 700,000 transactions for a 12-month period.

Once the review team had loaded the transaction data into a data analytics software tool, it began the time-consuming job of cleansing and normalizing the data to support the project objectives. The data came in four different files and required three iterations to eliminate any false positives and meaningless data, as well as to provide data that could be released for an initial analysis.

Creating Scripts

The review team used its initial analysis to review and understand the expense types, attributes, characteristics, relationships, definitions, and unique data properties, giving it comfort with the entire data population and ensuring any results extracted from the total data set reflected the true nature of the data. This analysis enabled the team to organize the data for visualization.

Because the review team lacked experience using the data visualization tool, it contracted with a consulting firm for guidance and assistance in coding the visualization scripts. The team and consultants collaborated to prepare the scripts, define the data attributes, and determine which flags to set as conditions to search and identify transactions.

The consulting firm took the review team’s objectives and developed a set of scripts to capture certain data attributes and characteristics for presentation purposes. For example, the review team determined which transaction types represented risks that were higher than average. Other attributes the review team wanted to analyze included unusual transaction amounts, expenses submitted by terminated employees, and duplicate expenses, especially multiple transactions made on the same day, for the same amount, and to the same vendor. The team also used the tool to identify unusual high-dollar or volume transactions made by job classification. For example, comparing a buyer who travels frequently to a salesperson who stays in one location would reveal drastically different spending patterns.

Visual Analysis

Using the visualization tool scripts, the review team generated different reports and data representations. Easy-to-use dialog boxes enabled staff members to request reports to interrogate the underlying data. One of the most valuable reports they generated showed the highest expense spending by a single individual in a chart form (see “Employee Expense Visualization” at right).

As part of the consulting firm’s deliverable, it provided documentation and trained the review team to take over scripting the data visualization tool. The team became more comfortable with collecting, normalizing, and analyzing the data, as well as with building and running the data visualization and then turning over a read-only version for users to run “what if” scenarios and identify suspect transactions.

Generating Solid Evidence

Data visualization can enable auditors to provide management with reports that illustrate suspicious transactions in real time. Instead of sifting through information manually or based on one characteristic, auditors can use data visualization to identify anomalies visually by looking for outliers from expected results and focusing on transactions that have multiple flagged characteristics. Displaying all the underlying transactions that make up a suspicious transaction gives internal auditors solid evidence to support the finding.

The Fortune 500 company’s CAE notes that implementing data visualization and predictive analysis should be internal audit’s ambition. In today’s world, mining data to establish “what happened” is interesting, but answering the question “why?” and being able to venture “what’s next” is more valuable.
Steve Mar, CFSA, CISA, is the IT audit director for a U.S. specialty retailer.
Michelle Kha, CISA, and Tricia Hardie, audit principals, contributed to this article.

Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.

 

 

Comment on this article

comments powered by Disqus
  • IIA AuditBoard_Nov 2019_Premium 1
  • IIA GAM_Nov 2019_Premium 2
  • IIA OnRisk_Nov_Premium 3