When a retail company suspected fraudulent activity
Deloitte Analytics uncovered it in places they'd never thought to look
The member firm client, a retail company, was experiencing fraudulent activity resulting in some of their 100 branches reporting poor returns. The company had knowledge of one type of fraud, but recognized there may be other types of fraud that they didn’t know about. They wanted to see how analytics could help them see where fraud was potentially occurring, ways it could have been carried out, and which areas they needed to monitor more closely.
The member firm team of Deloitte Analytics and Forensic specialists combined to use the data provided, to identify types of people who were more likely to carry out fraud based on a number of characteristics.
The findings astonished the member firm client - at least four different types of fraud were found, along with an analysis of which types of staff members, and which branches, were most likely to be engaging in fraudulent activity on a regular basis.
The member firm client had an internal audit function but could not cover all branches at once. They assumed that manually finding perpetrators of any fraud would be like ‘finding a needle in a haystack’, and so they turned to analytical tools and techniques to help reveal any anomalies in the data. They wanted to get smart about using analytics to undertake a risk assessment in order to figure out where to place their focus.
They found that their employees were able to manipulate stock-taking processes and procedures in the systems. This, combined with the ability to provide a discount or refund to a customer and earn commissions on sales, meant that employees had the opportunity to commit a myriad of different types of fraud. These potential frauds were not detectable because of control weaknesses in the internal systems.
The challenge was to try and distinguish the different types of potential fraud and figure out how to analyze the data in order to show where any fraud was taking place, how frequently, by whom, and the costs associated. The techniques and results needed to be robust so that innocent people were not labelled as fraudsters.
How analytics helped
The member firm team used a combination of the standard DTect™ facility and statistical techniques to correlate certain types of behaviors displayed by what was understood to be a fraudulent activity. For example, certain types of products which are easily sold, returned, and refunded were correlated. The types of products, as well as stock-take variances and stock-take adjustments taking place in branches were profiled.
These tell-tale signs are some of the signatures of fraud, and were used to develop a lens that helped see the potential fraud clearly. The next step was to look at who did what by integrating this information with audit logs to compare the levels of refunds with the levels of stock write-offs, and the stature of the people processing all these transactions.
The member firm Forensic team provided the genetic code of a fraudster and a description of what types of things to look for. This, coupled with analytics, made it easy to see anomalies in the data and pinpoint the area in which there were issues.
All the information was collated and the member firm team were able to pinpoint a number of branches and staff connected to anomalous transactions. The normal internal audit process was unable to pick up on these variances. The accuracy of the analysis and prediction was high. Previously unnoticed fraudulent activity was discovered – exactly where the analytics had predicted.
The fraudulent activity meant the member firm client was vulnerable in the region of hundreds of thousands of dollars – a substantial amount as they were in the business of selling an inexpensive product.
Since carrying out the exercise, an ongoing agreement has been requested to continue with the analysis. The internal audit team will be able to feed the member firm team with fresh data on a regular basis so that they can then provide them with an updated visual output that will illustrate, based on a range of indicators, a particular branch, or a particular area of the business where they will need to focus.
Analytics must be used to be useful. Abstract theory might be interesting, but it won’t solve your business problems – unless you put theory into practice.
Learn how risk managers have applied analytics to better understand their risk exposure and to more effectively manage risk on an enterprise scale.
Life at Deloitte
People make Deloitte one of the best places to work. What’s great about the people? That’s an easy answer. They are exceptional. Each person is unique and valued for that, among the best and brightest in the business, and takes pride in his or her achievements and the success of others.