Devil in the details: anti-fraud data analytics

By Robert Tie, CFE, CFP
data-mining-analyzing.jpg "No need to visit us this year," the head of a large and well-funded department told the internal auditor over the phone. "We're in good shape."

The auditor, unsurprised, hung up after quietly acknowledging this implied command to stay away. "Business as usual," he thought in longstanding frustration. Regardless, his remaining workload was overwhelming. As the sole internal auditor in a state government agency serving more than 100,000 people in hundreds of locations on a budget greater than $1 billion, the auditor had many other departments within the agency to monitor for fraud, waste and abuse.

He glanced at the data analytics software manuals gathering dust on his credenza. "Still no time for that," he said to himself unhappily and turned to refocus on his findings and recommendations for another department — one that had agreed to be audited. If and when the state agency hired more auditors, he mused, there'd be an opportunity to pore over the manuals and learn how to use the specialized software's powerful fraud detection capabilities. But who knew when such a day would come?

Not long afterward, an anonymous tipster informed the agency that some of its employees were buying themselves expensive appliances and consumer electronic devices — even vehicles — and that a vendor who provided services to the agency was picking up the tab.

The agency promptly contacted state investigators. Their probe exposed an ongoing, three-year conspiracy in which a vendor gave kickbacks to those employees in a well-funded department who authorized payments for supplies the vendor never delivered.

As a result of the investigation, several department and vendor employees were convicted of fraud, ordered to pay restitution and sentenced to prison — in some instances for more than 10 years.

The agency, to its chagrin, learned it had lost $4 million of taxpayers' money to the over-billing scheme, which it should — and could — have detected much sooner. As is often true in frauds such as these, much of the stolen money had been spent and wasn't recoverable.


"Through no fault of its only internal auditor, the agency had a reactive approach to fraud detection and prevention," said Kelly J. Todd, CFE, CPA, ABV, a partner of Forensic Strategic Solutions Inc., a financial investigation firm in Birmingham, Ala.

The agency engaged Todd's firm to perform a fraud vulnerability assessment and determine whether other scams were taking place anywhere in the agency. Todd and her colleagues, who also are CFEs, searched for potential signs of additional schemes and evaluated the susceptibility of agency assets to misappropriation.

"Most frauds can be detected in a timely manner by ‘drilling down' into financial data to examine suspicious transactions," Todd said.

She and her team used specialized data analytics software to discover numerous indications of the known fraud but no signs of any other schemes.

"Because the department in question would have forfeited any budget funds it didn't use, it had an incentive to spend the money no matter what," Todd said. "In addition, the reactive nature of the audit approach created an opportunity to fraudulently divert the department's funds. When the conspirators rationalized their crimes, the fraud triangle was complete."

So, as the end of the budget year approached, crooked employees approved hundreds of phony vendor invoices a day until the department's entire budget was consumed. The conspirators easily circumvented the agency's main control against over-billing schemes — that all purchases costing $2,500 or more had to be accompanied by a purchase order.

Todd's analysis revealed how the fraudsters simply split their fraudulent purchases so that all but .01 percent of them were for amounts slightly less than $2,500. They all were paid without any special scrutiny.

Another red flag Todd and her colleagues noted was that payments to the co-conspirator vendor increased 342 percent in one year — growth far greater than in the department's payments to its other vendors.

And almost all invoices bore consecutive invoice numbers on those occasions when the vendor submitted 50 or more on the same date. (See Figure 1 below.)

Figure 1 (Analysis of Departmental Invoice Data) 


"Of course, every organization depends on the honesty of key staff members and on checks and balances, such as requiring multiple purchase approvals in different departments," Todd said. "But controls provide only a limited amount of protection against fraud."

Therefore, in its fraud vulnerability assessment report to the agency, Todd and her colleagues recommended — among other improvements — a proactive, risk-based audit program centered on automated data analytics processes that could conserve the internal audit staff's valuable time.

They also recommended hiring additional auditors and training them in the full use of data analytics software.

"With the proper staff, skills and tools, the internal audit team can monitor the entire organization without always calling attention to its own actions," Todd said. "It's a great way to detect the first signs of fraud and prevent incipient losses from growing."


Design a data analytics process that clearly identifies and fully explains:
  • What organizational data to collect.
  • When and how to obtain the organizational data.
  • How to integrate the process into the organization's fraud risk assessment program.
  • What tools and techniques to use for evaluating the potential existence of fraud.
  • How to evaluate the process's effectiveness in detecting and preventing fraud.
  • How to report findings and recommendations. 
  • Standards for tracking the timeliness and effectiveness of remedial actions.


Robert Tie, CFE, CFP, is contributing editor of Fraud Magazine and a New York business writer. 

Read more insight and discuss this article in the ACFE's LinkedIn group.

The Association of Certified Fraud Examiners assumes sole copyright of any article published on or ACFE follows a policy of exclusive publication. Permission of the publisher is required before an article can be copied or reproduced. Requests for reprinting an article in any form must be emailed to