Sunteți pe pagina 1din 37

Fraud detection using analytics

Topics
Objectives Overview Analytic procedures Exercises Continuous auditing Summarization and wrap-up

Fraud detection using analytics - objectives


Topics
Course Objectives Case study overview Course materials Exercises Recommended sequence Home

Detection and investigation of Fraud This is a case study regarding a fictitious mail order company where an allegation of fraud has been received. A SAS 99 brainstorming session was held, and 11 critical expectations were developed during that brain storming session. The case study can generally be completed in about four hours. Upon completion of this case study, participants will:

Understand the application of summarization and why it is often useful to highlight areas of possible concern Learn how to readily identify audit outlier amounts Understand how to implement "matching" to identify critical exceptions See how to quickly check for gaps in numeric sequences

Understand and apply Benford's Law to items such as revenue, for the purpose of determining reasonableness Know how to quickly identify all types of duplicates Extract just transactions with errors, according to auditor provided specifications Isolate transactions with round numbers for further review Be able to check logs for transactions initiated during non-business hours Know how to summarize time line data using ageing in order to spot unusual trends Check that separation of duties controls are effective

How this is done Recommended steps are as follows:


Read the narrative in order to gain an understanding of the environment being audited (or watch to short video overview) Optionally, download the case study data (Excel 2003 workbook) - however all the data needed is available online Select any or all of the short videos which demonstrate possible audit solutions Test your knowledge by re-performing the audit procedures (or using alternative methods)

Hikers 'R Us Case Study Recommended sequence Recommended steps are as follows:

Follow the steps, item by item, in the course outline Read the narrative in order to gain an understanding of the environment being audited (or watch to short video overview) Optionally, download the case study data (Excel 2003 workbook) for review (however, this step is not required because all the data is available online) Select any or all of the short videos which demonstrate possible audit solutions Test your knowledge by re-performing the audit procedures (or using alternative methods)

Course materials All of the course materials are available on-line. These are included as links in the course material. The final module at the end of the course also includes a number of links to other references of possible interest.

The online course material consists of simulated vendor and employee data suitable for audit testing. The data is contained on a cloud server in a database. In order to access this data, a proper user id and password must be provided. The user id for the Fraud Detection course is "hru1" with a password of "hru1". The name of the database to be specified is "hru". All of this information is provided without the quotes and is case sensitive. The login form is shown below.

Once a login has been successfully completed, a table should be selected from the drop down list. This form appears as follows.

The course uses seven database tables as follows: AR (customer receivables) Call_Center (Call Center transactions) Customer_Service (Customer Service authorizations) Employee (Employee master file) Refunds (Refunds issued) Revenue (Sales transactions) Treasury (Authorizations by the Treasury department

Case study exercises "I hear and I forget. I see and I remember. I do and I understand." - Confucius Overview Performing exercises reinforces the concepts taught and better ensures that the auditor will be able to apply the concepts learned in future audits. Structure Concepts are presented and discussed. Then an example of how to apply the concept is presented. Following this an example exercise with instructions is presented in order to test the participant's understanding of the concepts. Finally, the answer to the exercise is also presented in order to compare the results obtained by the participant with the suggested procedure. Watching the exercise When tutorials are presented, they may be accompanied by a video. These videos have a control bar at the bottom of the video to navigate and control how the video is presented. Click on the link below to view the process to control the videos using the control bar. Narration (2:03)
Fraud_Detection_Exercises_video.mp4

Case study overview


Hikers 'R Us Narrative Overview Founded in 1978, Hikers R Us is the premier mail order firm supplying a wide range of quality hiking and camping supplies and equipment. Almost all of the items are sold through mail order to customers in the United States and Canada. The goods are imported from China. Hikers R Us has been profitable for some time. They have transitioned from doing business on paper through several computer based systems. Refund Policy Hikers R Us has a very liberal return policy so they will accept returns for almost any reason. Returns have historically been low at around 1% of sales. A recent routine audit of sales returns did not disclose any weaknesses or errors. Although revenues have been flat, returns have been steadily increasing. System Operations The company uses the enterprise software from the Mexican software company Sapo. (Sapo means toad in Spanish). Controls over cash refunds are very tight. First, the software system itself performs extensive checking and cross-checking at every step in the refund process. The computer system is housed in a highly secured area and physical access is severely limited. The refund process begins when a customer contacts the call center in Leland, North Carolina. Call center hours are 8:00 a.m. to 5:00 p.m. on business days typically Monday through Friday and excluding holidays. Calls come through an automated voice recording system where the customer enters their account number. When a call center representative takes the call, the customers account is brought up immediately in the Sapo system and the representative can verify that the purchase was made. The call center representative then completes a form 2134 Customer Refund Quest. The original is a white page, which is filed in the Call Center in numerical order. The yellow copy is forwarded to the Customer Service center where it is filed in the customers account file. The third copy, pink, is sent to the Treasury Department. Sapo includes a state of the art work flow system. The system logs all of the activity. The work flow system assigns the call center information randomly to one of twenty customer service center representatives. (Customer service center representatives are separate from the call center staff). Each customer service center representative logs onto the Sapo system and examines their work queue which consists of customer refund requests. The customer service center representative then pulls the yellow copy of the refund request from the customers file, verifies that the customer information is correct and then checks that the order refund request is appropriate considering the purchase date and amount. The Sapo system maintains a history of account activity for each customer.

Once the customer service center representative has completed the review, the yellow copy is signed, dated and initialed and then returned to the customer file. The work queue is marked complete and the Sapo system then assigns the request to a random employee in the Treasury department for review and final approval. The Treasury department is located in Ocracoke, North Carolina. They receive the pink copy of the customer refund request, which is faxed from Leland. When each employee in Ocracoke logs on the Sapo system, they review their work queue to see the customer refund requests that have been assigned to them by the system. Each request in the system is then matched against the faxed pink copy and the amounts are verified against the Sapo customer history file. They then initial and date the fax form and file it in sequential order. When complete, they approve the refund request in the work queue system. The next business day after the refund request has been approved, checks are printed, burst, stuffed and mailed from the data center in Charlotte, North Carolina. Hot Line The company has a hot line and recently received a number of calls (all but one were anonymous) that an inside ring was stealing fairly significant amounts of money using the refund process. Hikers R Us recently implemented their Window to the World policy that all fraud allegations would be detailed and publicized so that their shareholders, employees and vendors would be able to see all allegations. This would serve as a deterrent to any fraudsters. You contacted the one identified person making the allegation and found that he is now completely uncooperative. All he would say is that as an employee, he is unhappy because despite working hard, he has not gotten a raise in years. He also said he has spotted two Porsches and three Hummers in the company parking lot that were not there before and wonders how employees can afford these. Refund Supervisor The supervisor of refunds informs you that there is no problem. With the economy in bad shape, people are cutting back on camping, but now seem less reluctant to ask for a refund. He said some customers are definitely taking advantage of the liberal refund policy. He is also annoyed that you are even asking about this, stating that he was just audited by Poe, Pollock and Cartwright, a small regional auditing firm. The audit proved there were no problems. Due to forced cutbacks his staff is now working overtime. With all that is going on he asks that any further questions be cancelled or deferred. Management Request Management also doesnt think there is a problem, but they would like for you to take a look. Youve decided to set up a brain storming session using the guidelines of SAS 99 and suggested brainstorming approaches such as those recently published (selected articles on CD).

The brain storming sessions have been fruitful and identified a number of potential fraud risk areas:

Collusion in refund approvals Refunds made to employees Duplicate refunds Refunds in excess of the purchase amount

As a result of those brain storming sessions, the following expectations have been set out: 1. Because call center contacts are assigned randomly, each call center employee should have roughly the same number of customer authorizations 2. The refund process typically takes 4 6 days from start to finish. There should be few instances where the timeline is different 3. There should be few refunds made to employees 4. The Sapo system log of check numbers issued should contain no gaps 5. Because the refund amounts are based on actual sales, they should follow the pattern expected using Benfords law 6. There should be no duplicate refunds 7. There should be no refunds which exceed the purchase costs 8. Because refunds are based on actual sales, there should be few round number amounts 9. Since the call center is only open during regular business hours there should be no approvals outside those hours 10. There should be a close correlation between sales and refunds 11. The separation of duties system is working as intended IT Department The computer division has a special group of analysts - Online Sales Consultants (OSC) who routinely monitor the Sapo transactions in order to identify marketing trends, business opportunities, etc. They have provided you with all the data for the last quarter. This data consists of about 10,000 transactions which have been loaded into an Excel workbook and broken out into five work sheets as follows: 1. Cusromer Refund 2. Call Center 3. Treasury 4. Accounts Receivable 5. Employee Mission

Your mission, should you decide to accept it, is to look at these transactions and provide an independent assessment to management regarding fraud risk. Hint there are too many transactions to perform a manual review. Tasks using the data provided, go through the risk areas identified. Determine if there are any fraud indicators which might merit a further investigation. Data in the Excel Work Book The work book consists of six work sheets: Employee information about each employee, including name and address Call Center has a log of activity:

CallDate Call Time Call Employee Customer Amount

AR accounts receivable history information


Customer Refund amount Call Employee Customer Balance

Treasury information from the refund disbursements log, combined with customer refund information

Customer Refund amount Authorization Check Date Check Number Customer last name Customer first name Customer street address Customer City Customer State

Customer Service logs from the customer service center

Customer

Refund amount Authorizer Authorization date Authorization time Customer last name Customer first name Customer street address Customer City Customer State

Refunds All of the information above (except employee information) has also been combined onto a single worksheet, should you wish to work with one worksheet instead of many. Getting Started For each of the eleven expectations, design a test to determine if the expectation has been met or not. For example, the first expectation is that because the calls are assigned randomly in the call center, there will be about the same number of calls handled by each employee. Whether this is, in fact, the case, could be determined by preparing a summary of refunds by employee. Each of the other expectations can be checked using one or more of the tools discussed during the session. Possible approaches for checking expectations. Expectation 1 1. Because the call center uses an automated system, each employee should be handling roughly the same number of customer calls over the period of review. Summarize call center log records by employee. Examine counts. Expectation 2 2. The refund process typically takes 4 6 days from start to finish. There should be few instances where the timeline is different One approach is to prepare a data stratification based upon the number of elapsed days contained in each transaction. This can be done either as a single step or as a two step process. The two step process would involved having the system make a calculation as to the number of days elapsed. The second step would be to do a data stratification using this calculated amount. The single step process involves doing a data stratification on the calculated amount.

Expectation 3 3. There should be few refunds made to employees This test can be performed by doing a match on last name and first name between the employee master and the treasury log of checks issued. This will require the use of a macro and SQL code to perform the match. The SQL code should match up the work sheets Employee and Treasury in order to identify any instances where two rows exist which meet the following conditions: Same customer number Employee last name is same as customer last name Employee first name is same as customer first name Expectation 4 4. The Sapo system log of check numbers issued should contain no gaps A simple check is to run a gap test on the checks issued by the Treasury department. The check would be made using the check number. Expectation 5 5. Because the refund amounts are based on actual sales, they should follow the pattern expected using Benfords law This test can be performed using Benfords law on the refund amounts. It may also be instructive to run a pattern analysis using Benfords law, be employee to determine if any employees have refunds whose Benford pattern differs significantly from that which is expected. Expectation 6 6. There should be no duplicate refunds Potential duplicates can be identified by specifying the names of the columns to be tested. For example, customer, refund amount. Another example might be customer, check date. Expectation 7 7. There should be no refunds which exceed the purchase costs The refund amount (column E on the Combined work sheet) should always be less than the customer balance (column F).

Expectation 8 8. Because refunds are based on actual sales, there should be few round number amounts This can be tested using the round number analysis. Also, a pattern test can be used for differences in round number amounts between customer service representatives. This test will identify if any employee has a pattern of round number refunds which differs significantly from those of all other employees. Expectation 9 9. Since the call center is only open during regular business hours there should be no approvals outside those hours One check that can be performed is to look for transaction approvals outside normal business hours. Several tests are available, such as population statistics and data extraction. Expectation 10 10. There should be a close correlation between sales and refund Possibly the first step is to simply plot the aggregate sales and refunds by day or week to determine the overall trend, and correlation, if any. This step can be refined by looking at individual employees, possibly focusing on those with the largest dollar amount of refunds. Expectation 11 11. The separation of duties system is working as intended One test that could check for separation of duties is to check for any of the following conditions: Check for call center employee = customer service employee Check for call center employee = treasury employee Check for treasury employee = customer service employee All three department employees are the same It is also possible to determine instances of potential collusion by determining if any particular combination of approvers is much more common than the rest. This can be done by summarizing refunds by all three employees. The results of the summary, expressed as counts, can then be sorted in descending order. From this list, it can be determined if any one combination (or group of combinations) is much more prevalent than would be expected.

Investigation objectives Audit Objectives


The SAS 99 brain storming session identified eleven expectations. Each of these expectations should be tested. The eleven objectives are summarized below, each with a link to a brief tutorial explaining how the audit objective can be met. Expectation - 1 Because the call center uses an automated system, each employee should be handling roughly the same number of customer calls over the period of review. Expectation - 2 As the refund process is largely automated, the length of time from when the call comes in until the refund is issued will be 4 - 6 business days. Expectation - 3 Most employees can purchase hiking goods at a substantial discount through a payroll deduction plan. Because these terms are very attractive, refunds are not made to employees. It is expected that very few, if any, employees will receive refunds. Expectation - 4 Because the disbursement system is almost 100% automated, the check register should be complete with no gaps in check numbers of refunds issued. Expectation - 5 Because the refund amounts are the result of computations, their distribution should generally follow that expected using Benford's Law. Expectation - 6 Because of all the validation controls in the system, there should be no duplicate refunds issued to customers. Expectation - 7

As the system is automated, there should be no instances where a customer is refunded an amount greater than the amount the customer actually paid for the goods. Expectation - 8 because of the pricing amounts and sales tax, it should be quite unusual for there to be round numbers in refund amounts. Expectation - 9 As the business is open only during standard business hours, there should be few, if any, approvals outside of normal business hours. Expectation - 10 As refunds tend to lag sales, there should be a general correlation between sales and refunds, particularly as to trends. Expectation - 11 The key control of separation of duties is enforced by the system and should be operating as intended.

Performing Analytical Procedure

The decision as to which type of analytical procedure is appropriate for a particular type of analysis can be facilitated by the decision tree shown below. Starting the first row, answer each question with either a Yes or a no and then proceed to the next step. Steps consist of numbers and procedures are identified by letters. Following this process, a potential analytical procedure applicable to a particular investigative objective may be helpful. Note that the procedures covered in this coure are highlighted in green at the bottom.
Step 1 2 3 4 6 7 8 9 10 11 12 13 14 15 16 21 22 17 18 19 20 23 24 Question Analysis is primarily based upon amounts? Analysis is primarily based on dates? Analysis based on characteristics of numbers? Is the primary objective related to planning? 6 8 11 14 Yes 2 10 4 14 7 3 18 I 18 12 13 24 15 16 17 22 N V 20 D 23 V 25 No

Analysis based upon classification of amounts? 21

Is the primary objective related to identification A of specific error conditions Are there specific dates or days of the week of interest? Are transactions on holidays needed? Will tests for duplicates meet objectives? Will round numbers play a significant role? Test for "made up" numbers? Will extreme values be helpful - largest or least? Data summarization needed? Control totals needed? Overall classification of the population? Classification with "by" variable Stratification by numeric ranges? Selection of a random sample Can ageing analysis support the objective? Overall population ageing helpful? Test for missing dates? Looking for transaction within specific date ranges Check for missing numeric sequence values 9 H B Q J M S R 21 K L P 19 C E F,G O

25 26 A B C D E F G H I J K L M N O P Q R S T U V

Will tests for linear relations help? Can testing for same, same, different be applied? Analytic Procedures Data extract Duplicates Ageing Ageing by Value Date Gaps Date Near Date Range Holiday Dates Date Selection Benford's Law Cross Tabulation Data stratification Extreme Values Histogram Numeric Sequence Gaps Random Sample Round Numbers Statistics Summarization Linear regression Same, Same, different Single SQL Statement

T U

26 V

Analytic procedures The types of analytic procedures that could be used will vary based upon the objectives of the investigation. Outlined below are some of the key types of analytics that could be deployed. Expectation - 1 Because the call center uses an automated system, each employee should be handling roughly the same number of customer calls over the period of review. Summarization procedure. Expectation - 2 As the refund process is largely automated, the length of time from when the call comes in until the refund is issued will be 4 - 6 business days. Data extraction. Expectation - 3 Most employees can purchase hiking goods at a substantial discount through a payroll deduction plan. Because these terms are very attractive, refunds are not made to employees. It is expected that very few, if any, employees will receive refunds. Data extraction. Expectation - 4 Because the disbursement system is almost 100% automated, the check register should be complete with no gaps in check numbers of refunds issued. Sequence gaps. Expectation - 5 Because the refund amounts are the result of computations, their distribution should generally follow that expected using Benford's Law. Expectation - 6 Because of all the validation controls in the system, there should be no duplicate refunds issued to customers. Duplicates. Expectation - 7 As the system is automated, there should be no instances where a customer is refunded an amount greater than the amount the customer actually paid for the goods. Data extraction. Expectation - 8 Because of the pricing amounts and sales tax, it should be quite unusual for there to be round numbers in refund amounts. Round numbers. Expectation - 9 As the business is open only during standard business hours, there should be few, if any, approvals outside of normal business hours. Data extraction.

Expectation - 10 As refunds tend to lag sales, there should be a general correlation between sales and refunds, particularly as to trends. Trend lines. Expectation - 11 The key control of separation of duties is enforced by the system and should be operating as intended. Data extraction.

Data structure
Data for Hikers 'R Us is contained in seven tables which are more fully described below. The tables are:
1. 2. 3. 4. 5. 6. 7.

Refunds Accounts Receivable Call Center Employees Treasury (Paid refund checks) Call Center activity Customer Service Revenue Refunds

Field Call_Date Call_Time Call_Center_Employee Customer Amount Customer_Balance Treasury_Auth Check_Date Check_Number Lastname Firstname Address City CSState Cust_Serv_Auth CS_Auth Auth_Time

Type date time varchar(50) varchar(50) decimal(10,2) decimal(10,2) varchar(50) date int(11) varchar(50) varchar(50) varchar(50) varchar(50) varchar(5) varchar(50) date time

Null Key Default Extra Date the call came in Time the call came in Initials of the call center employee Customer number Amount of refund Balance on customer's account Approval id in Treasury Date of refund check Refund check number Customer last name Customer first name Customer street address Customer City Customer State Customer Service Approver Date of authorization Time of authorization

Sales_date Field Customer Refund_Amount Customer_Balance

date

Date of sale

Accounts Receivable Type Null Key Default Extra varchar(20) Customer number decimal(10,2) Refund Amount Customer account decimal(10,2) balance Call Center Employees Type Null varchar(50) Employee last name varchar(50) Employee first name varchar(50) Employee middle initial date Date of birth varchar(50) Address varchar(50) City varchar(50) State varchar(50) Zip Code varchar(50) Telephone number Call Center Activity Type Null Key Default Extra date Date call came in time Time call came in varchar(20) Employee initials varchar(20) Customer number decimal(10,2) Refund amount date Sales dates Customer Service Type Null Key Default Extra varchar(20) Customer number decimal(10,2) Refund amount varchar(20) Approver id date Approval date

Field LASTNAME FIRSTNAME MIDNAME DOB ADDRESS CITY ESTATE ZIP


Phone

Field Call_Date Call_Time Call_Employee Customer Amount Sales_Date Field Customer Refund_Amount Auth Auth Date

Auth Time Field Customer Invoice_Amount Auth Sales_Date Invoice_Number Last_Name First_Name Address City State ZIP Phone Field Customer Refund_Amount Auth Check_Date Check_Number Last_Name First_Name Address City State ZIP Phone

time

Approval time

Revenue Type Null Key Default Extra varchar(20) Customer number decimal(10,2) Invoice amount varchar(20) Approver date Invoice date integer Invoice number varchar(20) Last name varchar(20) First name varchar(20) Address varchar(20) City varchar(20) State varchar(20) Zip Code varchar(20) Phone number Treasury Type Null Key Default Extra varchar(20) Customer number decimal(10,2) Refund amount varchar(20) Approver date Refund check date int(11) Refund check number varchar(20) Customer last name varchar(20) Customer first name varchar(20) Customer address varchar(20) Customer city varchar(20) Customer State varchar(20) Customer zip code varchar(20) Phone number

Summarization as an analytical tool


Data summarization can be an effective analytical tool which is very useful in fraud investigations. There is one investigation objective which can be met using summarization:
Expectation - 1 Because the call center uses an automated system, each employee should be handling roughly the same number of customer calls over the period of review. Click on the video link below to see an overview of the process to summarize data Length 3:00
Fraud_Detection_Summarization_su1.mp4

Click on the video link below to see a demonstration of the process to summarize data Length 4:39 Fraud_Detection_Summarization_su2.mp4

Data extraction as an analytical tool


Data extraction is a powerful analytical tool which is very useful in fraud investigations. It allows for the testing of specified conditions on a 100% basis. There are three expectations which can be tested using data extraction.
Expectation 2 As the refund process is largely automated, the length of time from when the call comes in until the refund is issued will be 4 - 6 business days. Expectation 3 Most employees can purchase hiking goods at a substantial discount through a payroll deduction plan. Because these terms are very attractive, refunds are not made to employees. It is expected that very few, if any, employees will receive refunds. Expectation 7 As the system is automated, there should be no instances where a customer is refunded an amount greater than the amount the customer actually paid for the goods. Click on the video link below to see a demonstration of the data extraction process. Length 3:31

Fraud_Detection_Data_extraction_de.mp4 Data extraction for the purpose of identifying errors. Length 4:16
Fraud_Detection_Data_extraction_de2.mp4

Selection of round numbers


Round numbers are often an indication of estimates, which may or may not be appropriate, depending upon the circumstances. In some cases, round number amounts are a "red flag" There is one investigation objective which can be met by testing for round numbers.
Expectation - 8 Because of the pricing amounts and sales tax, it should be quite unusual for there to be round numbers in refund amounts. Click on the video link below to see audit uses for round number tests. Length 2:19
Fraud_Detection_Selection_of_round_number_transactions_rn.mp4

Click on the video link below to see a demonstration of the process to identify round numbers. Length 3:17 Fraud_Detection_Selection_of_round_number_transactions_rn2.mp4

Trend line analysis - spotting the unusual (2:57)


Trend lines indicate the norm or expectation. Fluctuations, "spikes" etc. can indicate a "red flag" which should be investigated. There is one investigation objective which can be met using trend lines:
Expectation - 10 As refunds tend to lag sales, there should be a general correlation between sales and refunds, particularly as to trends. Trend line analysis can be done by first summarizing data by date using the ageing function and then comparing and plotting that data using Excel. Click on the video link below to see a demonstration of the process to summarize data. Length 2:27

Fraud_Detection_Trend_analysis_spotting_the_unusual_2_57_tr0.mp4

Gaps - what you see is interesting, what you DON'T see is critical
Gaps in numeric sequences (or date sequences) can indicate missing data. There is one investigation objective which can be met using gaps:
Expectation - 4 Because the disbursement system is almost 100% automated, the check register should be complete with no gaps in check numbers of refunds issued. Click on the video link below to see a demonstration of the process to identify missing document numbers through the use of the numeric sequence gaps function. Length 2:29

Fraud_Detection_Gaps_what_you_see_is_interesting_what_you_DON_T_see_is_crit ical_2_29_gp0.mp4

Odd hour transactions


Transactions performed at odd hours should also be investigated, in many cases. There is one investigation objective which can be met using tests based upon transaction times:
Expectation - 9 As the business is open only during standard business hours, there should be few, if any, approvals outside of normal business hours. Click on the video link below to see a demonstration of the process to check for specific transaction times. Length 3:34 Fraud_Detection_Odd_hour_transactions_3_34_time.mp4

Liars and outliers


Often the largest (or smallest) transactions are of interest. Although there is no specific investigation objective involving the identification of largest amounts, this information is often useful.

Identify the five largest and smallest invoices. Secondarily, narrow the test to invoices originating from vendors in California. Click on the video link below to see a demonstration of the process of identifying the largest amounts from a population of transactions or other data. Length 4:00
Fraud_Detection_Liars_and_outliers_4_00_ol.mp4

Benford's Law - looking out for number one


Benford's law is a classic approach to the identification of "made up" amounts. There is one investigation objective which can be met using Benford's Law:
Expectation - 5 Because the refund amounts are the result of computations, their distribution should generally follow that expected using Benford's Law. Click on the video link below to see a an overview of Benford's law. Length 8:29 Fraud_Detection_Benford_s_Law_looking_out_for_number_one_8_29_ben.mp4

Click on the video link below to see a demonstration of the process to test the application of Benford's law. Length 2:51 Fraud_Detection_Benford_s_Law_looking_out_for_number_one_8_29_ben1.mp4

EXERCISE 1 - SUMMARIZATION
The first expectation was that the number of refunds issued would be roughly the same per customer service representative because the system has an automated system for assignment of calls to representatives and each representative would spend approximately the same time with each customer, on average. This expectation can be tested by summarizing the refund amounts by call center representative and looking at the results obtained. In order to do this, the following steps should be taken: 1. 2. 3. 4. 5. 6. 7. 8. 9. Browse to the URL http://webcaat.org/webcaat/ Sign into the system using the id 'hru1' and the password 'hru1' Specify a database of 'hru' (not test) Click the "sign in" button Select the table 'Refunds' from the drop down list Select the menu item 'Numeric functions | Summarization' Enter the information in to be summarized Click the "Process" button View the results

Were the results as you expected? Which employee had the largest number of transactions and dollar amount of transactions? Were they significantly different from the others? What plausible explanations are there be for this? Answer to exercise Next exercise

Exercise 1 - Data Summarization (answer) Click the video below to see the answer to this exercise. Length 3:12 Fraud_Detection_Answer_Exercise_1_3_12_ex1.mp4

Exercise 2 - Data extraction Data extraction can be used to check several of the expectations. The first of these expetctations are that the number of elapsed business days is 4 - 6 for refund checks to be issued once the refund request has come in. This expectation can be checked by having the system examine the elapsed days between the date the check is issued and the date that initial request was received and approved in a phine call. In order to determine the number of elapsed days between two dates, the built in MySQL function "datediff" can be used. To make this determination use the menu item "Numeric Functions|Statistics" and enter the following information into the "where (criteria) box: datediff(Check_Date,Call_Date) not between 4 and 6. This statement, in English, means summarize all the refund amounts where the difference between the check date and the call date were not between 4 and 6. After you have run this test, provide the following information. How many transactions did not have a check issued within 4 - 6 days after the call date? How many were earlier? Were there any transactions that seem highly unusual? Why?

Answer - Exercise 2 (Length of time for refunds) (4:59)


Length 4:59

Fraud_Detection_Answer_Exercise_2_4_59_ex2.mp4

Exercise 3 - Round numbers There was an expectation that refund amounts should generally not be round numbers because the amount of the refund is based on the actual sales price plus tax and shipping. This can be tested using the following steps: 1. 2. 3. 4. 5. Sign in to the Web CAAT application at http://webcaat.org/webcaat/ Select the table "Refunds" Use the menu item "Numeric tests | round numbers" Test the refund amount Click "Process"

How many round number refund amounts were there? Answer - Exercise 3 Round numbers Click on the link below to see the exercise done.
Length 2:20

Fraud_Detection_Answer_Exercise_3_2_20_ex3.mp4

Exercise 4 - Trend Analysis One of the expectations was that there should be a general correlation between the number and amount of refunds and the amount of sales. This is based upon the reasoning that the percentage of refunds will tend to remain constant. One of the tests for this is to simply see what the trend has been for sales over the recent period and then compare that trend with refunds which have been issued. This can be accomplished using the ageing function and the following steps: To determine the refund trend: 1. 2. 3. 4. 5. 6. 7. Sign on to the system at http://webcaat.org/webcaat/ Select table "Refunds" Age the refund amount by date, e.g. Call date Use the refund amount as the basis for ageing Select an ageing date of '2008-06-30' Select an ageing bucket of 30 Run the report

To determine the sales trend: 1. 2. 3. 4. Select the Revenue table Age revenue transactions based on sales date Use criteria similar to that used for Refunds Run the report

What was the trend for Sales? What was the trend for Refunds? Does any of this seem suspicious? Why?

Answer - Exercise 4 Trend line analysis Length (6:26)


Fraud_Detection_Trend_analysis_spotting_the_unusual_2_57_tr0.mp4

Exercise 5 - Gaps

Because the company uses an automated system to issue refund checks, they have the expectation that the refund checks are issued using sequentially numbered checks. Thus, one of the expectations is that a test of the check numbers for refund checks will not disclose any missing check numbers. This can be tested by using the following procedure: 1. Sign in to the system at http://webcaat.org/webcaat/ (id 'hru1' , password 'hru1' and database 'hru' 2. Select the table named "Refunds" 3. Use the menu item "Numeric functions | Numeric Sequence Gaps" 4. Select the numeric column which has the value to be tested (check number) 5. Click "Process" What did your analysis show? Is the system working properly? Answer - Exercise 5 Gaps (2:04)
Length 2:04 Fraud_Detection_Answer_Exercise_5_2_04_ex4.mp4

Exercise 6 - Identify "odd" hour transactions


Exercise 6 - Identify "odd" hour transactions One of the expectations developed was that there should be no transaction authorizations outside of normal business hours. The business operates five datys a week between 8:00 a.m. and 5:00 p.m. and they do not accept calls outside those hours. Therefore there should be no authorizations for refunds outside of these hours. This can be tested using the following procedure: 1. 2. 3. 4. 5. 6. 7. Log in to the system at http://webcaat.org/webcaat/ Select the table "Refunds" Use the menu function pertaining to date functions and Date Selection Specify the days of the week to test Specify the hours of the day to test Specify the "and" operation Click "Process"

Did your analysis confirm that there are no authorizations outside of regular business hours? If there were authorizations outside of normal business hours, during what time did they occur?
Answer - Exercise 6 (4:27) Length 4:27 Fraud_Detection_Answer_Exercise_6_4_27_ex6.mp4

Exercise 7 - Liars and Outliers For this exercise determine the five largest refunds issued overall as well as the five largest refunds approved by the call center representative "CF". This can be accomplished by performing the following steps: 1. 2. 3. 4. 5. Log in to the system at http://webcaat.org/webcaat Select the table "Refunds" Select the menu item "Numeric functions | extreme values" Select the column "Refund amount" Click "Process"

To find the five largest refunds issued by the call center representative "CF" it will be necessary to provide criteria which limits the test to just those transactions handled by "CF". That criteria would be specified as follows: `Call_Center_Employee` = 'CF' Note that the column name for call center employee contains blanks so therefore it must be enclosed by opening apostrophes - this character is found in the upper left portion of the keyboard just to the left of the number "1" key. The initials of the employee should be enclosed in a single apostrophe. Take care in entering this criteria information, otherwise an error will occur. (You may want to copy and paste this text into the Criteria box on the form). What was the largest refund amount approved and issued by this employee? Answer - Exercise 7 Liars and Outliers (7:32)
Length 7:32
Fraud_Detection_Answer_Exercise_7_7_32_ex7.mp4

Exercise 8 - Looking out for #1 The purpose of this exercise is to test the expectation that refund amounts will generally conform with the amounts predicted by Benford's Law. The reason for the expectation is that refund amounts are based on actual sales amounts which have a fairly high range from low to high and are based upon calculated amounts. Also, there is no single "best seller" that would tend to skew the dollar amounts. The test of this expection can be performed using the following steps: 1. 2. 3. 4. 5. 6. Sign in to the system at http://webcaat.org/webcaat Select the table "Refunds" Use the Menu item "Numeric Procedures | Benford's Law" Select the column to be tested of "Refund_Amount" from the drop down list Use a Benford test type of "F1" which is also selected from the drop down list. Click the "Process" button.

What was the Chi Square value obtained? Does it appear that the refund amounts do in fact follow Benford's Law?

Answer - Exercise 8 Looking out for number one Length 3:51


Fraud_Detection_Answer_Exercise_8_3_51_ex8.mp4

Setting up an electronic audit program In this section, the basics of setting up an electronic audit program to enable the tests performed in this course to be performed on a repetitive automated basis are covered. The steps in setting up an electronic audit program are as follows:
1. Develop a narrative audit program as a text document. This document should 2. 3. 4.

5. 6. 7.

be generally similar in format to that of existing audit programs. Insert special instruction markers within the document in order to format and sequence the steps in the audit program. Import the document as an audit program using the menu item. Develop the scripts for the automated program steps. These will consist of pairs of scripts. The first script will prompt for the information required to perform the step. The second script will take the input information, run the program step and display the results. Save the scripts developed and note the names assigned to the script files. Assign the script file names developed to the audit program steps. Test the electronic audit program to ensure it functions as intended.

The short video narratives in this section walk through the process used to develop and implement an electronic audit program for the specific program steps in this exercise to investigate and detect fraud. Click on the link below to see an overview of the process
Length: 2:04

S-ar putea să vă placă și