line graph


Seven steps for effective fraud monitoring

Generate greater value from continuous monitoring

​Learn how monitoring capabilities yield more compliant organization, less vulnerable to being blindsided by fraud threats.

June 07, 2018

A blog post by Ed Rial, principal, Deloitte Risk and Financial Advisory.

A whistleblower's hotline call prompts a bid-rigging investigation. Payroll analysis finds ghost employees lurking in the ranks. A vendor audit points to a possible kickback ring. Whether internal or external, successful or thwarted, a fraudulent or corrupt act compels an organization to address critical questions. Some of these questions include: Who is involved? What has the scheme cost us? How long has it been going on, and why wasn't it discovered earlier?

The longer fraud perpetrators remain undetected, the greater financial harm they may cause. And, recovery generally becomes more difficult with time. According to the Association of Fraud Examiners "2016 ACFE Report to the Nations on Occupational Fraud and Abuse," more than half of frauds continue at least 18 months before detection and nearly one-third go undiscovered for two years or more.

Employing continuous monitoring could help identify potential threats before they become a reality.

One might reasonably think of continuous monitoring as an automated process that flags potentially suspicious transactions the moment they occur.

Continuous, however, is a relative term in this context. Real-time, 24/7 monitoring may not be necessary or useful, especially in detecting complex fraud schemes. A single transaction may mean little, but monitoring transaction trends on a monthly, weekly, or other periodic bases could speak volumes.

Proactive monitoring that leverages advanced analytics can help organizations identify such trends, as well as fresh schemes that aren't based on known instances of fraud. Rather than relying on rules that simply provide threshold-based binary results, analytics can produce new insights driven by what the data are showing.

Attention to seven considerations can help an organization generate greater value from its monitoring activities:

  • Embrace the deterrent effect. People have a way of falling in line when they're being watched, whether by humans or machines. The mere existence of monitoring, properly communicated, can help nurture compliance.
  • Keep it in-house. Conducting monitoring within the organization or as a third-party managed service offers several advantages, including data security and privacy. Data can be analyzed more easily on a continuous basis, and internal personnel can learn how the solution works and how to maintain it. Plus, if the solution needs to be expanded in the future, the work can be done within the organizational infrastructure and not require additional data exporting.
  • Customize monitoring to specific risks. Understanding trends and tailoring fraud solutions to specific organizational characteristics and situations, with business unit involvement, can help capture greater value from monitoring activities.
  • Capitalize on available resources. Some of the tools needed to conduct monitoring may already exist within the organization, and opportunities may exist to leverage these investments.
  • Use a range of approaches. Different risks may require different analytical tools that—individually or in tandem—can analyze large datasets and detect potentially fraudulent behaviors in ways human observation cannot. Unsupervised modeling creates statistical profiles of transactions or entities and identifies outliers. Supervised modeling uses documented fraud cases and output from unsupervised modeling to learn fraud characteristics and classify new observations as potentially fraudulent. Network analysis may also reveal collusive conduct, and natural language processing of unstructured text can provide context to transactional and yield valuable insights.
  • Involve stakeholders. Risk management is no longer just the responsibility of internal audit and compliance. Business units and other functions have roles to play in identifying, understanding, and addressing fraud risks.
  • Focus the effort. Monitoring solutions are complex, touching disparate parts of the business. Rather than casting a wide net, consider conducting a focused, specific proof-of-concept to understand how a solution works and the value it could potentially provide.

Establishing effective fraud monitoring can seem a monumental task. Considerations can include:

  • Start by abandoning the idea that an ideal situation and perfect data are required. Deploying analytics is just one element of a longer and broader enterprise risk management and compliance journey—a vital part, but just one nonetheless.
  • Conduct a current state assessment to determine where relevant data resides, as well as the infrastructure and tools available to house and carry out continuous monitoring.
  • Define objectives, establish focus areas, and prioritize needs and actions.

With such an approach, monitoring capabilities can improve over time, yielding deeper insights, fewer false positives, and a resilient, more compliant organization less vulnerable to being blindsided by fraud threats.

Stay tuned for our next post on forensic analytics.

This article contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.

Deloitte shall not be responsible for any loss sustained by any person who relies on this article.

Insert Custom CSS fragment. Do not delete! This box/component contains code needed on this page. This message will not be visible when page is activated.

Site-within-site Navigation. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?