March 8, 2022

Internal Audit: Corporate Anti-Fraud Tactics Need Updating?

Over on “Radical Compliance”, Matt Kelly blogged about a recent Association of Fraud Examiners benchmarking report on the technologies companies use to fight fraud. The blog says that corporate approaches to detecting and preventing fraud could use some updating:

The most telling line in the report comes right at the start: “Our study indicates that the most commonly used analytics are the tried-and-true techniques that organizations have found success with for decades,” such as exception reporting and anomaly detection, as well as automated monitoring of red flags and business rules. More than half of respondents said they use such techniques.

Along similar lines, the two risk areas most commonly monitored with analytics were fraudulent disbursements and outgoing payments (cited by 43 percent of respondents) and procurement and purchasing fraud (41 percent of respondents). That’s great, but outgoing payments and procurement are financial functions that every business in the universe has, and two primary vectors for fraud. So it’s only natural that they’re also the functions most likely to get the anti-fraud analytics treatment.

On the other hand, if we want an example of companies not yet embracing the full potential of anti-fraud analytics, the ACFE also had an interesting stat about what sources of data companies use for their analytics efforts. Eighty percent of respondents said they use structured data, such as invoice amounts listed in databases or dates included on purchase numbers. Only 33 percent, however, used unstructured data — random information that might exist in emails, PowerPoint presentations, or other sources, and that doesn’t neatly export into an Excel table.

Unstructured information is where the good stuff is, especially for frauds that involve multiple employees who might be talking with each other about their scams. That said, unstructured information is also more difficult to process. “This highlights that most organizations still rely heavily on traditional analytics approaches and data sources to drive their anti-fraud programs,” the ACFE says. Indeed.

The blog explores other areas covered by the report, including the surprising number of companies that don’t use case management software and the increasing importance of technology in fraud assessments in the Covid-19 era.

John Jenkins