Overcome data challenges in forensic investigations

May 24, 2018

A blog post by Shuba Balasubramanian, principal, Deloitte Transactions and Business Analytics LLP.

Traditional corporate antifraud measures are quickly losing ground against new and emerging fraud threats. Internal and external perpetrators draw from a menu of ploys, including procurement fraud, employee expense fraud, financial statement fraud, bribery, and asset misappropriation.

Organizations across industries and regulators themselves are starting to use integrated, data-driven analytics approaches to identify potentially fraudulent transactions. But an underlying factor that will weigh heavily on the effectiveness is the data itself—how good it is, and how well it is used.

An array of factors can contribute to gaps and shortcomings in monitoring fraud and conducting an investigation, including:

• Vast amounts of data
• Inadequate data capture and storage
• Limited data accessibility
• Inadequate skillsets to process and analyze big data
• Static reporting designed for business as usual
• Lack of diverse data to correlate findings

Organizations can take several steps to prepare an effective foundation for analytics-driven investigations and fraud monitoring:

• Involve stakeholders in building the transformation roadmap. Specific areas of a company may be primed and ready to undertake analytics-driven fraud risk management; but other groups need to be integrated into these plans, too. Internal audit, legal, compliance, information technology, and the businesses can all have key roles in the analytics efforts. Discussions with relevant stakeholders can identify synergies and ways to leverage data or technologies in use elsewhere in the organization. And, stakeholders can help identify high-risk areas that warrant focus, such as time and expense reporting, vendor management, and third-party payments.
• Centralize as much data as possible to support fraud monitoring. While centralizing all enterprise data would be the Holy Grail for the fight against fraud, it may not be realistic in many organizations today due to disparate data sources, geographic locations, and gaps in systems integration. Still, emphasis should be placed on bringing as much data together as possible to maintain data integrity, consistency, and control and for enhanced fraud monitoring, analysis, and insights.
• Establish secure, structured access to data. A compliance department planning to conduct analytics can benefit by defining early on how data will be handled, where it will be stored, and who will be allowed access to it. Considerations include needed safeguards against breaches and policies and procedures for treatment of personally identifiable information and other sensitive data.
• Incorporate relevant external data. External data can be brought into the centralized repository to cross-correlate with internal data.
• Begin to lay a solid technology foundation. It is important to plan for investment in technology and software applications that can support effective data collection and analysis for fraud monitoring and to leverage the same data for multiple purposes. The technology should be scalable so both structured and unstructured enterprise data can be included in the analysis.

The effectiveness of an analytics-driven program relies on the availability and accessibility of accurate, relevant, and rich data from different geographical locations, service lines, products, and external data sources.

In the absence of centralized data, companies can improve their fraud monitoring and the forensic investigation by considering these questions:

• What is the strategy to manage the ongoing proliferation of data?
• What type of analytic capabilities would fit the organization’s specific needs?
• Can tools or insights serve multiple purposes across the organization?
• What are key technology trends within the industry and how can the organization’s transformation roadmap keep the organization ahead of the industry?

The transformation to an analytics-driven program, including answers to these questions, is likely to require significant time and effort. As typical in the rollout of a new technology, a pilot program using a test/prove/implement/scale/repeat methodology can be a helpful starting point. Focusing on early results while staying attuned to the big picture can help equip organizations to address future fraud risks.

Read more in our report and stay tuned for our next post on ways to overcome technology challenges and four keys to better fraud detection technology.

This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.

Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.