Leading Trends in ConductingLeading Trends in ConductingRisk-based Data Analytics for Internal Audit and Compliance

Top issues for Life Sciences companies — what we are seeing in Asia

► Bribery and corruption remain top risks

► Regulatory compliance and fraud & abuse Speaker programs, grants, marketing, research► Speaker programs, grants, marketing, research

► Third-party integrity

► Risk areas include: ► Integrity of vendors, suppliers and distributors, HCP or non-HCP► Improper payments in the forms of bribes or kickbacks► Travel and entertainment abuse

Conflicts of interests (e.g., employee and supplier matches)

1

► Conflicts of interests (e.g., employee and supplier matches)

Frequent compliance monitoring focus areas

Meals & Entertainment Speaker Programs/ Fee For Service

Incentive Compensation

Education Grants, Sponsorships

Emerging monitoring activities may include…

Vendor Payments Samples Monitoring

2

Social Media Monitoring Advanced Email Monitoring Publications Monitoring

Medical Science Liaisons Monitoring

Forensic data analytics maturity modelBeyond traditional “rules-based queries” – consider all four quadrants

Stru

ctur

ed

Detection RateLow High

Matching, Grouping, Ordering, Anomaly Detection, Clustering

Stru

ctur

edD

ata

Uns

truc

ture

dD

ata

“Traditional” rules-Based Queries & Analytics

Matching, Grouping, Ordering, Joining, Filtering

Statistical-Based Analysis

Anomaly Detection, ClusteringRisk Ranking

Keyword Search Data visualization, Drill-down into data, Text Mining

3

False Positive RateHigh Low

Uns

truc

ture

dD

ata

Traditional Keyword Searching Data Visualization & Text Mining

data, Text Mining

Forensic data analytics steps

Create your risk profile• Policies• Procedures• Risk assessment• Audit findings

Identify and collect data• Integrity• Accuracy

4

Design the tests• Select from

library• Customize for

Client

Execute the data analytics• Visualization and

dashboards • Risk ranking

Payments (ERP

Structured and unstructured data…. is organized and “riskscored” for analysis.

Big Data and anti-fraud — centralized platform

(ERP System)

Call NotesT&E Systems

Compliance AnalysisPlatform

5

Sales Discounts

Program/ Event

databases

How EY is helping other Life Sciences clients address these issues

► Teaming with client to design targeted, risk-based analytics

► Integrating data visualization, statistics and text mining techniquestechniques

► Risk scoring (objective review) and dashboard analysis (subjective review)

6

Subjective analysis Objective analysis

Current challenges when conducting analytics

Compliance requirements and complexities continue to increase, yet Life Sciences companies are faced with…

► Incomplete or inaccurate data for analysis► Incomplete or inaccurate data for analysis

► Extensive manual inputs required for analysis

► Systems are often not integrated with other key systems related to compliance (e.g., speaker programs, medical visitation systems, expenses, field sales force, etc.)

7

etc.)

► Limited resources

Speaker programs (promotional and medical-run events)

Risk Basic Intermediate Advanced

Meeting andSpend and Interactions

► Total Meeting Spend► Meeting Spend Per

Expense Category

► Medical Managed ForumsSpend: allowable per attendee per policy

► Fuzzy cluster attendee analytics to identify trends and potential supper clubsInteractions Expense Category

► Meeting Spend Per Requestor, per HCP

attendee per policy► % of named attendees► Trend of compliant spend

YTD

and potential supper clubs► Monitoring unmet

minimums by requestor, region, product

Use of speakers

► Cancellation reasons for paid speakers

► Speakers trained vs. utilized

► Cancellation trending

Eventcompliance

► Adverse Experiences reported outside of policy

► Venue analysis► Trending analytics on

speaker program field

8

speaker program field monitoring results based on rep, speaker, geography

Out of the Box Thinking► Event volume and attendance in correlation with product life-cycle

DRAFT

Speaker program monitoring (back-end analysis)

In this example of speaker program analytics, we used statistical modeling and data visualization, to identify clusters of repeat attendances by groups ofspeakers and attendees. The two events circled indicate that multiple people are attending the same event – in the highest case, 22 times in a given period.

9

Focusing on payment text descriptionsWhat if you saw these terms used as justification for payments?

“<blank>” Pay on behalf of

Nobody calls it “bribe expense”

Government fee“<blank>”

Donation

Pay on behalf of

Special payment

One time payment

Special honorariumFriend fee

Commission to the customer

Consulting fee

Processing fee

Goodwill payment

10

Volume contract incentiveIncentive payment

Commission to the customer

Beyond just keyword searching, text mining within payment data plays a key rolein identifying potentially improper payments.

Text Mining: Vendor payment analysisHigh risk terms linked to payment amounts

11

Payment Risk ScoringKey component to reducing false positives and focusing risk assessment

Filter by selected analytics

Review breaches on targeted analytics

12

Risk scoring and data visualizationGeocoded heat maps

Geocoding risk scores to identify hot regions.

13

Meal & Entertainment Expenses with HCPs

Risk Basic Intermediate AdvancedTotal HCPspend and frequency

► Analysis of spend category► Total spend per meal per

attendee

► Medical-Managed Forums and Rep-led program reports break down total

► T&E data analytics dashboards by: expense type, frequency attendee

► Total T&E Spend per business unit

reports break down total spend per attendees at meals

► Monitoring of Business Meetings Over Meals track if spending is within policy guidelines and spending within allowable timeframe.

expense type, location, volume, round amounts, thresholds

► Tracking analytics on Key Opinion Leaders (“KOL”) and high-risk institutions

Kick-backs (gifts & entertainment)

► Total gifts or entertainment vs. policy per recipient and per sales rep

► Round Expenses by amount

► Text mining for kickbacks and off-label key words in T&E data

14

► Round Expenses by amount and frequency

► Misc. expenses by employee

Out of the Box► Sales reps targeted through data analytics prioritization► Triangulating T&E data with other data sources (e.g., email, medical information)

DRAFT

Travel & entertainment — an FCPA risk example “Who entertained who, where, what for, and for how much?”

15

Accounts payable monitoringSample Life Sciences dashboard — who got paid what, where and what for?

16

Educational Grants, Booth Sponsorships and Charitable Contributions

Risk Basic Intermediate AdvancedVolume of funding

► Total spend vs. total approved by Compliance Committee

► Monitored by Grants Ops Team:► # of Grants Paid by type

► Analyze disbursement data for repeat paymentsCommittee

► Spend by institution and by period

► Spend vs. limit

► # of Grants Paid by type and processing area

► Approved payee consistent with template

► Venue ► Contract returned

before start date

payments► # of grants without

reconciliation provided

Payment for inappropriate event or purpose

► None identified ► Correlate event activity and approvals with product lifecycle

17

Out of the Box► Fuzzy entity identification on address for payments to unknowingly repeat institutions

DRAFT

Reviewing employee expense data via dashboard interface

Analytics include:► Employee stratification► Stratify by expense type► Sensitive keywords► Sensitive keywords► Term frequency analysis

(concept analysis)► Round payments► One-time payments► Potential “gross ups”► Potentially duplicative► Out-of-policy spend► Weekend or personal use► High risk venues

18

► High risk venues(e.g., adult entertainment, check cashing, etc.)

► Meal splitting► HCP spend► Spending over time/

trending

Social network analysisWho is talking to who, about what?

► Understanding a complex organization’s true organization chart: Identification of relationships, versus activities, amongst actors

► Triage of custodians and communications: Rapidly identify and point to communications of highest interestcommunications of highest interest

19

Sample analytics criterion:1. Private communications, where 90% of all communications is outbound

2. Private Communications where content is FORWARDED outbound more than 35% of time

3. Private Communications where attachments are sent outbound more that 35% of time

Emotional Tone AnalysisIdentify “Derogatory”, “Surprised”, “Secretive”, “Worried” communications

20

EY | Assurance | Tax | Transactions | Advisory

About EYEY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization and/or one or more of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.

Ernst & Young LLP is a client-serving member firm ofErnst & Young Global Limited operating in the US.

© 2013 Ernst & Young LLP.All Rights Reserved.

ED None

ey.com