Jeremy Clopton, CFE, CPA, ACDA, CIDA
Director, Upstream Academy
One aspect of fraud examinations that is constantly changing is the use of technology for fraud prevention and detection, with an emphasis on detection. From rules-based systems, fraud analytics and artificial intelligence-based programs, examiners look to increase the effectiveness and efficiency of their work through the use of technology. However, it is critical to the management of fraud risk that examiners focus more of their efforts on the use of data and technology on the mitigation of fraud risk. This requires changing the mentality from using data reactively, e.g. responding to a hotline call, to using it proactively, e.g. looking for the areas where fraud is most likely to occur. Though there are many additional ways this can be accomplished, here are three ways you can use technology proactively:
Fraud risk assessment
One of the hallmarks of a successful anti-fraud program is the fraud risk assessment process. This includes identifying inherent risks, evaluating the likelihood and significance of these risks, evaluating controls and addressing the resultant risks. The evaluation of controls is an often overlooked, yet valuable, area in which to leverage data and technology. The controls provide you a set of rules to evaluate the data against. This will help you determine if the controls are, in fact, working as designed.
Continuous monitoring and continuous auditing programs
Though these two programs are owned by different groups in the organization (management and internal audit, most commonly), both are areas in which technology can improve effectiveness. This builds on the idea of using technology to improve the fraud risk assessment process. Once the highest risk areas are identified, implementing systems that leverage analytics and emerging technology to continuously analyze your data serves as a proactive assessment of the control structure.
The third area where proactive application of technology can benefit you is in the evaluation of the corporate culture. The tone of an organization plays a significant role in its overall fraud risk. This can be found through the analysis of unstructured data in the organization – email communications, instant messages, personnel appraisals and others. The culture of the organization becomes apparent in the evaluation of how individuals interact, communicate and conduct business within it. Many companies have policies that allow for this, though they only use the data in a reactive manner.
These three areas are some of the most effective ways you can use technology, data and analytics in a proactive manner. The overall objective in the proactive use is to identify fraud risks before they become fraud schemes, and even to identify fraud schemes earlier. It’s worth noting the use of technology, data and analytics proactively requires a high level of planning. Your challenge is now how will you plan to use the technology you have before fraud occurs.