Upload
hadieu
View
213
Download
1
Embed Size (px)
Citation preview
6© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Format of Session
1. Forensic Accounting – then and now2. Overview of Data Analytics3. Fraud Analytics Basics4. Advanced Fraud Analytics5. Data Visualization6. Wrap-up
Question are welcome and encouraged!
8© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
How Things Used to Be
• Paper• More on-site data
collection• Volume• Types of information• Data compilation• Fraud focus being
more reactive
9© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
How Things are Evolving
• Move to digital• Data in the Cloud• More varied sources
and types of information
• Need for different skill sets to deal with the volume and nature of information
• Proactive exploratory analysis
12© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Fighting Fire with Fire
99% of both our problems and solutions come from technology.
- Kevin Kelly, Senior Maverick, Wired Magazine
13© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
What is Data Analytics?
The science of examining large volumes of data, with the purpose of drawing conclusions about the information.
15© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Challenges for Internal Audit
Some of the challenging expectation faced by internal audit include:• Harnessing and managing the power of data and
technology to be more efficient• Broadening focus to include Risk Management• Delivering more robust and actionable insights• Driving change within the business
16© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
What Data Analytics can Do for You
Many companies use data analytics in order to:• make better business decisions;• gather business intelligence;• understand industry trends.
Data analytics uses sophisticated software tools in order to identify or uncover patterns/relationships and anomalous transactions.
19© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Rules-Based Analytics in Internal Audit
Help focus audit effort on the key issuesExamples:• Identify unauthorized payments• Identify suspicious journals• Identify unauthorized creation, modification,
access of an account• Identify invalid information• Identify duplicate/near-duplicate information• Identify extreme deviations from the norm
20© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Start Your Journey with Rules-Based Analytics
Based on your audit objectives, risk assessment, or hypotheses:• Identify the data that you have• Create rules that are testable against your
objectives or hypotheses• Run the rules on the data to identify exceptions to
investigate
21© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Simple Rules-Based Analytics Example 1
Risk• False vendors• Conflicts of interest
Rule• Identify all vendors with the same address or
phone number as an employee.
22© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Simple Rules-Based Analytics Example 2
Risk• Theft of proprietary information• Accessing information beyond job requirements
Rule• Identify all system administrator logins between
9PM and 6AM.
23© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Intermediate Rules-Based Analytics Example 1
Risk• Double-billing by vendors• Over-payment to vendors
Rule• Identify “fuzzy duplicates” on invoice numbers.• Assess whether same vendor
25© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Intermediate Rules-Based Analytics Example 2
Risk• Inappropriate use of purchase cards
Rule• Identify purchase card transactions that are
outside of what would be considered business use.
26© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Applied Data Visualization Example
27© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Basic Does Not Equal Simple
Rules-Based Analysis can be used to get sophisticated results• Combine more data sets (internal and external)• Unstructured data sets• Larger data sets
28© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Skills You Need to do Basic Analytics
• Data Extraction• Data Wrangling
• Getting the raw data you extracted into a format that you can perform your analysis on
• 80% of the work• Technical Skills
• Databases• Understanding of the Business• Communication Skills
29© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Tools You Need to do Analytics
Start with what you have!• Excel
• Data Wrangling• Text-to-x conversion (e.g., DATE)• Text string manipulation (e.g., CONCATENATE,
LEFT, MID, RIGHT, LEN, SEARCH, etc.)• Analysis
• VLOOKUP/HLOOKUP/MATCH/etc.• Pivot Tables
30© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Limitations of Excel
• Data is easily mutable• Can introduce errors in the analysis
• Data size limitations• Summarizing and combining/joining data is
cumbersome• Hard to control and document your analysis
• e.g., rolling back analysis if a mistake or data issue is discovered
31© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Excel Alternatives
• Microsoft Access• Possibly also included on your computer
• SQL Server or other database software• Your IT department may have a license and
instance that could be used• Open-source analysis software or programming
languages• R, Python, etc.
• Proprietary analysis software or programming languages• SAS, SPSS, IDEA, ACL
33© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
What does “Advanced” Mean?
For the purpose of this presentation:• Using external or “non-traditional” data sources
with internal data sources• Using statistical methods• Using data mining methods
34© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
External or “Non-Traditional” Data Sources
• GPS Data• Fleet Tracking Data• Social Media Feeds• “Wearables”• Network log data
35© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Use of Geospatial information Example 1
MandateClient asked us to review exceptions to policies related to hotel stays and transportation expenses
Interesting result: Identified employees that were staying in hotels less than 40km from their own residence.
36© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Use of Geospatial information Example 2
37© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Use of Geospatial Information Example 3
Source:http://www.cbc.ca/news/canada/calgary/multimedia/calgary-vehicle-thefts-by-community-see-where-the-crime-surge-happened-1.3497780
38© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Use of “Non-Traditional” Data Source Example
MandateClient asked us to help them analyze whether there was evidence of employees booking time when they were not working
Data Sources used:• Payroll data• Fleet tracking data (GPS + engine data)• Car log data (paper)
39© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Using Statistical Methods – Benford’s Law
• Benford’s Law is about the frequency distribution of first/leading digits in a natural population of numbers.
• Natural populations are not bound by minimums or maximums.
• According to Benford’s Law, in a natural population, the first digit is more often 1 than 2, more often 2 than 3, and so on, up to 9.
40© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Benford’s Law
41© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Using Benford’s Law to Detect Bid-Collusion
Application to Public Bid Contracts• Bid amounts are generally limited by the nature of the
work (presence of a maximum value), i.e., Benford’s Law does not apply.
• BUT, the differences between the amounts submitted by the winner of the tender and the 2nd, 3rd, etc. bidder represents a natural population of numbers where Benford’s Law is applicable.
• We compare these differences with Benford's predictions and then refine the analysis by segments (products, years, users, types of services, etc.)
42© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Bid-Collusion Example
43© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
What is Data Mining?
Using computing power to help you find patterns which you might not be able to detect by just
looking at the data manually.
44© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Data Mining Testing Example
• Examined a database using data mining software• Identified “if-then” rules that applied to the
database at least 95% of the time • Extracted the exceptions or deviations from these
rules such that they could be further reviewed.
Results• 14 rules were identified.• E.g. If NAME is XXXX then COMM_PCT is 0.00
46© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
What is Data Visualization?
…the presentation of data in a visual format (e.g. pictorial, graphical), enabling users to grasp difficult analytical concepts, identify new trends or patterns, and gain a better understanding of the underlying
data.
47© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Visualization has been scientifically shown to make it easier to solve problems and make better
decisions
Why is Data Visualization Important?
70% 30%
48© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
The Risks of Poor Data Visualization
Keep it Simple, Stupid!
“It seems that perfection is reached not when there is nothing to add, but when there is nothing left to
take away.”-Antoine de Saint Exupéry
49© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
The Risks of Poor Data Visualization
50© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Poor Data Visualization – Truncated Axes
Truncating axes on a chart can exaggerate differences in trends, resulting in a misleading representation of the data.
51© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Poor Data Visualization – Dual Axes
By adjusting the scaling of each individual axis, data can be shown to correlate when in reality no such correlation exists.
Source: Spurious Correlations http://tylervigen.com/view_correlation?id=359
52© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Poor Data Visualization – Narrowed Scopes 1
Omitting DataBy narrowing the scope of the data presented, visualizations can mislead by failing to provide context and points of reference for interpretation. A common example of this is limited time scope.
53© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Poor Data Visualization – Narrowed Scopes
54© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Poor Data Visualization – Inaccurate Scaling
Single-Dimension Scaling on Multiple DimensionsBy limiting the scaling of graphical representations to a single dimension, data can be shown with much greater variance than is factually present. This is a frequent error made when using size to denote a specific measure.
Source: https://www.good.is/infographics/transparency-how-much-does-the-united-states-subsidize-energy#open
55© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Poor Data Visualization – Extraneous Complexity
Irrelevant DecorationAdding additional elements to data visualizations (e.g. images, icons, textures) often serve to detract from the impact of the visualization rather than add to it.3D EffectsAdding an additional dimension to charts rarely adds value to viewers of the visualization, and can make the original chart more difficult to interpret.Poor OrganizationAlthough standalone visualizations may be well designed, the impact may be impeded by poor presentation or organization.
56© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Illustrative Examples: Pie Charts
57© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Illustrative Examples: Effective Use of Colour 1
58© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Illustrative Examples: Effective Use of Colour 2
SequentialColours are ordered from “Low” to “High” typically to illustrate concentration or strength of a selected measure.
59© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Illustrative Examples: Effective Use of Colour 3
DivergingTwo sequential schemes are arranged to extend from a neutral mid-point, frequently used to illustrate deviations specific ranges (e.g. budget, forecasts).
60© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Illustrative Examples: Effective Use of Colour 4
CategoricalContrasted colours used to denote different categories of data. Should usually be limited to a maximum of six.
61© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Illustrative Examples: Effective Use of Colour 5
62© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Illustrative Examples: Effective Use of Colour 6
63© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Additional Guiding Principles
72© 2017 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.
Internal Audit & Data Analytics
• Access to all parts of the organization• Big picture view of the organization
• Can see the connections between all the data in the organization
• Inherently analytic mind-set• Business Knowledge• Access to senior management and governance