Analytics to the rescue!

December 06, 2019

A blog post by Don Fancher, principal, Deloitte Risk and Financial Advisory

Many organizations are contending with a constant stream of technologies and increasingly large datasets as the Fourth Industrial Revolution unfolds. This not only creates the opportunity for criminal activity, but can also make it difficult for organizations to keep up with the volume of technological threats.

To help protect themselves, organizations need to understand the ability of an integrated, analytics-driven investigation and fraud risk management infrastructure to better identify attacks and potentially head off future strikes.

I covered the elements of this type of new analytics-driven approach on the Vitamin D blog previously, and given recent compliance-related news, thinking about how to incorporate this approach into compliance programs seems even more urgent.

Some considerations include:

• Embrace the deterrent effect: People are incentivized to fall in line when they are being watched, whether by humans or machines. The mere existence of monitoring, properly communicated, can help boost compliance with protocols, policies, and guidelines.
• Consider in-house monitoring: Data security and privacy is more protected and can be analyzed more easily on a continuous basis. Plus, in-house personnel can learn how the solution works, as well as how to maintain it.
• Tailor solutions: Organizations, industries, and locations can present different exposures and threats, while the formats, complexity, and availability of data can vary widely. Understanding trends and working with business units to adapt fraud solutions to specific situations can help capture greater value from monitoring activities.
• Leverage existing resources: Resources in areas such as finance and supply chain may be adaptable to risk management needs. Along with avoiding duplication, such collaboration can enhance communication among different parts of the business, strengthening fraud awareness.
• Explore tool options: Unsupervised modeling creates statistical profiles of normal transactions or entities and then identifies outliers from these profiles. Supervised modeling uses documented fraud cases and output from unsupervised modeling in an effort to learn fraud characteristics, classify new observations as potentially fraudulent, and detect what human observation cannot. Network analysis may be required if an apparent scheme involves collusion. Natural language processing may be a valuable approach if important clues appear to lie in unstructured text.
• Involve stakeholders: Risk management is no longer just the responsibility of internal audit and compliance. Business units and other functions have roles to play in identifying, understanding, and addressing fraud risks.
• Conduct a proof of concept: Monitoring solutions are complex and touch different parts of the business. The investment and time required to implement them can seem overwhelming. Instead of casting a wide net, a highly focused approach to monitoring can pay dividends. A specific proof of concept can aid understanding of how a solution works and the value it could provide.

The capabilities now being developed with new technologies are transformational. Legal, risk, and compliance functions that adopt these capabilities are likely to have a distinct advantage over those that do not—including the ability to sense and adapt more quickly to fresh opportunities and threats and to more deeply analyze risks than ever before.

Relative content:

What it takes to lead in industry 4.0

Lack of vision, organizational silos challenge strategy for industry 4.0

Using analytics to derail fraud before it happens

Back to top