Forensic data analytics is a head-on proactive approach to deal with frauds. Innovative and cost-effective, it enables auditors and fraud examiners to analyse an organisation's business data to assess the robustness of its internal controls — and also provides early warning signals and red-flags potential breaches; this is in contrast to the traditional reactive methods of approaching frauds.

Fraud data analytics offers a bouquet of solutions, depending on the size and nature of the organisation. They can be in the form of ad-hoc analysis as well as automated procedural analysis (continuous monitoring).

In The India CFO Survey 2012 conducted by Deloitte, almost all the CFOs indicated that organisational fraud (internal fraud) is on the rise and significantly causes margin erosion. Poor business practices — excessive risk-taking, loose underwriting standards and asset overvaluation — add to the problem. Fraudulent activities and irregularities are being driven by internal organisational pressures coupled with the economic slowdown. Also, the practice of separating font-office and back-office — and in many cases, outsourcing the back-office — quite often seems to aid anomalous behaviour.

Global surveys indicate that companies on average lose 5 per cent of their annual revenues to fraud; but it is typically a reactive discovery. While this may help stem the loss, quite often it is not possible to achieve full recovery and/or prosecution. This is because the fraud trail is typically embedded in a complex maze of electronic transactions and emails.

What can organisations do about all this?

Data analysis can help identify a wide array of anomalous activities before they can become a bigger problem — and it is powered by best-in-class data mining, data matching, pattern recognition, predictive analytics and forensic accounting. Data analysis can combine data from many disparate sources and compare it with fraud profiles and external reference databases.

It incorporates hundreds of robust testing processes that can red-flag discrepancies (if any) for further investigation — and highlight “weak spots” where an organisation needs to introduce risk-management processes.

Data visualisation techniques can further strengthen the exercise by helping combine data from multiple sources (company reports, bank statements, spreadsheets, email and other electronic sources) into a single source — and help showcase patterns, common elements and connections hidden within the data.

Forensic technology can help investigators navigate IT systems for evidence of malfeasance, such as information deletion, policy violations or unauthorised access. It can help recover a wealth of information from computer hard drives and backup tapes, including active, deleted, hidden, lost or encrypted files, or file fragments. Even files that were created but never saved may be recovered.

Paper documents still play a significant role in litigations. Forensic technology may be used to compare paper documents with their electronic counterparts to detect whether the document has been altered.

Despite the most rigorous efforts to build a corporate culture based on values and ethics, fraud and crime cannot be entirely prevented. Companies can mitigate the risk with an effective programme of fraud deterrence, detection, investigation and insurance.

The best-practice approach is to set up a fraud control unit that uses forensic data analytics for continuous monitoring. It can typically start off as an effort supported by experts from a reputed professional services firm; later, when there is critical mass it may be cost-effective for organisations to move the efforts in-house with strategic support from the professional services firm.

Suprabhat N.M. is Director, DeloitteTouche Tohmatsu India Pvt Ltd.

comment COMMENT NOW