1. Forensic Accounting – then and now - Chapters Site - Home · Overview of Data Analytics 3. Fraud Analytics Basics 4. ... Fighting Fire with Fire 99% of both our problems and

6© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.

Format of Session

1. Forensic Accounting – then and now2. Overview of Data Analytics3. Fraud Analytics Basics4. Advanced Fraud Analytics5. Data Visualization6. Wrap-up

Question are welcome and encouraged!


How Things Used to Be

• Paper• More on-site data

collection• Volume• Types of information• Data compilation• Fraud focus being

more reactive


How Things are Evolving

• Move to digital• Data in the Cloud• More varied sources

and types of information

• Need for different skill sets to deal with the volume and nature of information

• Proactive exploratory analysis


Fighting Fire with Fire

99% of both our problems and solutions come from technology.

- Kevin Kelly, Senior Maverick, Wired Magazine


What is Data Analytics?

The science of examining large volumes of data, with the purpose of drawing conclusions about the information.


Challenges for Internal Audit

Some of the challenging expectation faced by internal audit include:• Harnessing and managing the power of data and

technology to be more efficient• Broadening focus to include Risk Management• Delivering more robust and actionable insights• Driving change within the business


What Data Analytics can Do for You

Many companies use data analytics in order to:• make better business decisions;• gather business intelligence;• understand industry trends.

Data analytics uses sophisticated software tools in order to identify or uncover patterns/relationships and anomalous transactions.


Rules-Based Analytics in Internal Audit

Help focus audit effort on the key issuesExamples:• Identify unauthorized payments• Identify suspicious journals• Identify unauthorized creation, modification,

access of an account• Identify invalid information• Identify duplicate/near-duplicate information• Identify extreme deviations from the norm


Start Your Journey with Rules-Based Analytics

Based on your audit objectives, risk assessment, or hypotheses:• Identify the data that you have• Create rules that are testable against your

objectives or hypotheses• Run the rules on the data to identify exceptions to

investigate


Simple Rules-Based Analytics Example 1

Risk• False vendors• Conflicts of interest

Rule• Identify all vendors with the same address or

phone number as an employee.


Simple Rules-Based Analytics Example 2

Risk• Theft of proprietary information• Accessing information beyond job requirements

Rule• Identify all system administrator logins between

9PM and 6AM.


Intermediate Rules-Based Analytics Example 1

Risk• Double-billing by vendors• Over-payment to vendors

Rule• Identify “fuzzy duplicates” on invoice numbers.• Assess whether same vendor


Intermediate Rules-Based Analytics Example 2

Risk• Inappropriate use of purchase cards

Rule• Identify purchase card transactions that are

outside of what would be considered business use.


Applied Data Visualization Example


Basic Does Not Equal Simple

Rules-Based Analysis can be used to get sophisticated results• Combine more data sets (internal and external)• Unstructured data sets• Larger data sets


Skills You Need to do Basic Analytics

• Data Extraction• Data Wrangling

• Getting the raw data you extracted into a format that you can perform your analysis on

• 80% of the work• Technical Skills

• Databases• Understanding of the Business• Communication Skills


Tools You Need to do Analytics

Start with what you have!• Excel

• Data Wrangling• Text-to-x conversion (e.g., DATE)• Text string manipulation (e.g., CONCATENATE,

LEFT, MID, RIGHT, LEN, SEARCH, etc.)• Analysis

• VLOOKUP/HLOOKUP/MATCH/etc.• Pivot Tables


Limitations of Excel

• Data is easily mutable• Can introduce errors in the analysis

• Data size limitations• Summarizing and combining/joining data is

cumbersome• Hard to control and document your analysis

• e.g., rolling back analysis if a mistake or data issue is discovered


Excel Alternatives

• Microsoft Access• Possibly also included on your computer

• SQL Server or other database software• Your IT department may have a license and

instance that could be used• Open-source analysis software or programming

languages• R, Python, etc.

• Proprietary analysis software or programming languages• SAS, SPSS, IDEA, ACL


What does “Advanced” Mean?

For the purpose of this presentation:• Using external or “non-traditional” data sources

with internal data sources• Using statistical methods• Using data mining methods


External or “Non-Traditional” Data Sources

• GPS Data• Fleet Tracking Data• Social Media Feeds• “Wearables”• Network log data


Use of Geospatial information Example 1

MandateClient asked us to review exceptions to policies related to hotel stays and transportation expenses

Interesting result: Identified employees that were staying in hotels less than 40km from their own residence.


Use of Geospatial information Example 2


Use of Geospatial Information Example 3

Source:http://www.cbc.ca/news/canada/calgary/multimedia/calgary-vehicle-thefts-by-community-see-where-the-crime-surge-happened-1.3497780


Use of “Non-Traditional” Data Source Example

MandateClient asked us to help them analyze whether there was evidence of employees booking time when they were not working

Data Sources used:• Payroll data• Fleet tracking data (GPS + engine data)• Car log data (paper)


Using Statistical Methods – Benford’s Law

• Benford’s Law is about the frequency distribution of first/leading digits in a natural population of numbers.

• Natural populations are not bound by minimums or maximums.

• According to Benford’s Law, in a natural population, the first digit is more often 1 than 2, more often 2 than 3, and so on, up to 9.


Benford’s Law


Using Benford’s Law to Detect Bid-Collusion

Application to Public Bid Contracts• Bid amounts are generally limited by the nature of the

work (presence of a maximum value), i.e., Benford’s Law does not apply.

• BUT, the differences between the amounts submitted by the winner of the tender and the 2nd, 3rd, etc. bidder represents a natural population of numbers where Benford’s Law is applicable.

• We compare these differences with Benford's predictions and then refine the analysis by segments (products, years, users, types of services, etc.)


Bid-Collusion Example


What is Data Mining?

Using computing power to help you find patterns which you might not be able to detect by just

looking at the data manually.


Data Mining Testing Example

• Examined a database using data mining software• Identified “if-then” rules that applied to the

database at least 95% of the time • Extracted the exceptions or deviations from these

rules such that they could be further reviewed.

Results• 14 rules were identified.• E.g. If NAME is XXXX then COMM_PCT is 0.00


What is Data Visualization?

…the presentation of data in a visual format (e.g. pictorial, graphical), enabling users to grasp difficult analytical concepts, identify new trends or patterns, and gain a better understanding of the underlying

data.


Visualization has been scientifically shown to make it easier to solve problems and make better

decisions

Why is Data Visualization Important?

70% 30%


The Risks of Poor Data Visualization

Keep it Simple, Stupid!

“It seems that perfection is reached not when there is nothing to add, but when there is nothing left to

take away.”-Antoine de Saint Exupéry


The Risks of Poor Data Visualization


Poor Data Visualization – Truncated Axes

Truncating axes on a chart can exaggerate differences in trends, resulting in a misleading representation of the data.


Poor Data Visualization – Dual Axes

By adjusting the scaling of each individual axis, data can be shown to correlate when in reality no such correlation exists.

Source: Spurious Correlations http://tylervigen.com/view_correlation?id=359


Poor Data Visualization – Narrowed Scopes 1

Omitting DataBy narrowing the scope of the data presented, visualizations can mislead by failing to provide context and points of reference for interpretation. A common example of this is limited time scope.


Poor Data Visualization – Narrowed Scopes


Poor Data Visualization – Inaccurate Scaling

Single-Dimension Scaling on Multiple DimensionsBy limiting the scaling of graphical representations to a single dimension, data can be shown with much greater variance than is factually present. This is a frequent error made when using size to denote a specific measure.

Source: https://www.good.is/infographics/transparency-how-much-does-the-united-states-subsidize-energy#open


Poor Data Visualization – Extraneous Complexity

Irrelevant DecorationAdding additional elements to data visualizations (e.g. images, icons, textures) often serve to detract from the impact of the visualization rather than add to it.3D EffectsAdding an additional dimension to charts rarely adds value to viewers of the visualization, and can make the original chart more difficult to interpret.Poor OrganizationAlthough standalone visualizations may be well designed, the impact may be impeded by poor presentation or organization.


Illustrative Examples: Pie Charts


Illustrative Examples: Effective Use of Colour 1



SequentialColours are ordered from “Low” to “High” typically to illustrate concentration or strength of a selected measure.



DivergingTwo sequential schemes are arranged to extend from a neutral mid-point, frequently used to illustrate deviations specific ranges (e.g. budget, forecasts).



CategoricalContrasted colours used to denote different categories of data. Should usually be limited to a maximum of six.






Additional Guiding Principles


Internal Audit & Data Analytics

• Access to all parts of the organization• Big picture view of the organization

• Can see the connections between all the data in the organization

• Inherently analytic mind-set• Business Knowledge• Access to senior management and governance

Documents

1. Forensic Accounting – then and now - Chapters Site - Home · Overview of Data Analytics 3. Fraud Analytics Basics 4. ... Fighting Fire with Fire 99% of both our problems and