Framework for a Forensic Audit and Investigative Capability Forensic Techniques And Automated Oversight Unemployment Insurance Integrity Conference April 19, 2010 Brett Baker, PhD, CPA, CISA

Overview Forensic Techniques and Automated Oversight Data Mining Equipment and Software Forensic Approach Brett M. Baker, PhD, CPA, CISA

Forensic Techniques and Automated Oversight Definition of Forensic Audit Audit that specifically looks for financial misconduct, abusive or wasteful activity. Close coordination with investigators More than Computer Assisted Audit Techniques (CAATs) Forensic audit is growing in the Federal government GAO’s Forensic Audit and Special Investigations (FSI) Department of Defense Data Mining Federal outlays are $2 trillion annually OMB estimates improper payments for Federal government at $98B (4%) 100% review using automated business rules versus statistical sampling There is a place for both Automated Oversight Continuous monitoring Quick response Brett M. Baker, PhD, CPA, CISA

FY2008 Improper Payment Estimates Brett M. Baker, PhD, CPA, CISA

What is Data Mining? Refers to the use of machine learning and statistical analysis for the purpose of finding patterns in data sets. If You Know Exactly What You Are Looking for, Use Structured Query Language (SQL). If You Know Only Vaguely What You Are Looking for, Turn to Data Mining. Most often used (up until recently) in marketing and customer analysis Brett M. Baker, PhD, CPA, CISA

Different Levels of Knowledge Data Facts, numbers Information Summary Reports ACL, IDEA, MS Access Knowledge Descriptive Analytics SAS, SPSS, ACL, IDEA Wisdom Predictive Analytics Clementine Intelligent Miner Enterprise Miner Brett M. Baker, PhD, CPA, CISA

Data Analysis Software - Fosters Creativity Can perform the tests wanted, instead of being limited to what technical staff can, or will, provide Not limited to just predetermined data formats and/or relationships Can create relationships, check calculations and perform comparisons Can examine all records, not just a sample Useful for identifying misappropriation of assets and fraudulent financial reporting Allows limitless number of analytical relationships to be assessed within large databases comparing large databases Identifies anomalies Brett M. Baker, PhD, CPA, CISA

Common Data Analysis Tests and Techniques Join Summarization Corrupt data (conversion) Blank fields (noteworthy if field is mandatory) Invalid dates Bounds testing Completeness Uniqueness Invalid codes Unreliable computed fields Illogical field relationships Trend analysis Duplicates Brett M. Baker, PhD, CPA, CISA

Simple Queries Use Tight Selection Criteria You Know Exactly What You’re Looking For e.g. All Payments to a Particular Vendor Use Tight Selection Criteria E.g. Vendor = “Smith Company” Use Looser Selection Criteria E.g. Vendor = “*Smith*” Finds Smith Company, Smith Co., The Smith Manufacturing Company, etc. 9

Complex Queries Use Tight Selection Criteria You Know The Specific Condition You’re Looking For e.g. Duplicate Payments Use Tight Selection Criteria E.g. Payments With Same Contract #, Invoice # and Invoice Amount Few False Positives Use Looser Selection Criteria E.g. Payments With Same Contract # and Invoice # or Same Contract # and Invoice Amount More False Positives More Detected Duplicates 10

You Only Know The General Condition You’re Looking For e.g. Fraud Sophisticated Solutions You Only Know The General Condition You’re Looking For e.g. Fraud Subject Matter Experts Can Describe Indicators Translate Indicators to Detection Logic Apply Indicators Against Population Many False Positives Combine Indicators Reduce False Positives 1 5 7 2 8 4 12 15 3 Combine Indicators 11

Control Charts Brett M. Baker, PhD, CPA, CISA

Frequency Distribution Anomalous Activity Normal Activity Anomalous Activity Brett M. Baker, PhD, CPA, CISA

(Three-Bucket Theory) Comparing Data Files (Three-Bucket Theory) Vendors Paid and In Vendor Table Vendors Paid but not In Vendor Table Vendors Not Paid Yet Vendor Table Disbursing Transactions Brett M. Baker, PhD, CPA, CISA

Hardware and Software Applications SQL servers Mainframe (QMF) Docking stations Terminal server Software Applications Data mining and predictive analytics, e.g., Clementine Data interrogation – e.g., ACL, IDEA, MS Access, Excel Statistical analysis – e.g., SPSS and SAS Link analysis – I2 Lexis-Nexis Data conversion utilities (Monarch) Internet, open-source research Access to system query tools Brett M. Baker, PhD, CPA, CISA

Forensic Approach Start with objectives Structured brainstorming Consider SME conference Identify indicators of potential fraud and ways to find in data Process to identify financial risks Map out the end-to-end process Identify systems and key processes Identify key controls Identify and obtain transaction-level data Record layout Look at 1000 records before examining all records ACL, IDEA, and Monarch can read virtually any data format Flat files, Delimited files, Dbase files, MS Access, Report files, …. No file size limits Build targeted business rules and run against data Examine anomalies Brett M. Baker, PhD, CPA, CISA

End-to-End Payment Universe Forensic Audit Approach Personnel Systems $$ Treasury Check People Pay Entitlement Systems Federal Reserve System Accounting Systems Disbursing Systems Commercial Bank Commercial Pay Entitlement Systems Contracting Systems Central Contractor Registry Data Analysis Brett M. Baker, PhD, CPA, CISA

Unemployment Insurance Unemployment Benefits Over-payments Unemployment Benefits Employment Employment Under-payments

How To Apply In Your Organization Decide What You Are Looking For Assign Personnel With Analytical Skills Gather Data Understand Data and Business Rules Select Detection Method/Tools Produce and Research Anomalies Refine the Detection Process Discover the Irregular/Illegal Transactions Improve the Business Process Automated oversight Continuous monitoring