Utilizing data analytics to combat fraud, waste & abuse

Why you need data analytics to combat fraud, waste and abuse

How many transactions does your organization engage in during a year? Each one is a prime opportunity for fraud, waste and abuse.

From January 2016 to mid-2017, the Association of Certified Fraud Examiners (ACFE) found 2,690 reported cases of occupational fraud totaling over $7 billion in total losses.

Interestingly, half of the fraud was due to internal control weaknesses and only 15% was detected by an internal audit. Your organization does not have to become one of these statistics. Here’s how applying data analytics can help you manage the risk you face from fraud, waste and abuse within your organization.

Even with today's technology, fraud is still a relevant risk

Fraud, waste and abuse can occur in today’s digital economy in an abundance of ways. Critical business operations like payroll and accounts payable are conducted through sophisticated ERP and accounting systems. Those systems should have the appropriate safeguards in place to mitigate these risks, but the complexity of these systems makes fraud harder to detect.

Fraudsters are great at covering their tracks. Whether it’s hiding a transaction in the mountain of transactions in the system, or something as simple as the wrong permissions given to a user, the system is only as good as the humans using it. The ACFE found that three of the top five concealment methods used by fraudsters involved creating or altering transactions in the accounting system or electronic documents/files. Interestingly, fraudsters concealed more electronic than physical evidence.

For smaller organizations (less than 100 employees), the risk is even more prominent. The ACFE found that small organizations had almost double the median loss compared to larger businesses ($200,000 vs. $104,000). This is likely due to the fact that fraud schemes could occur over a longer period of time due to the size of the organization. With limited staff and resources compared to larger entities, small organizations cannot adequately segregate duties or invest in the internal controls necessary to effectively mitigate their financial risks.

By implementing a proactive monitoring process, organizations of all sizes can verify whether internal controls are working properly, weak or altogether missing.

Proactive monitoring through data analytics

The risk posed by fraud, waste and abuse can be effectively managed by employing an automated data analytics system that detects anomalies and patterns in a set of transactions. While the typical audit may look at a subset of transactions, and potentially miss one fraudulent entry, automated data analytics systems inspect each individual transaction and entry to ensure no anomaly goes undetected.

According to the ACFE data, only 15% of fraud cases were initially detected by an internal audit. This “passive detection method” makes it easy for fraudsters to perpetuate their fraud for a significant duration and cause substantial loss. This data showed that it is better to have an “active detection method” in place to limit the duration and corresponding loss. It was also discovered that proactive monitoring and analysis of data was the number one control in fraud duration reduction. This proactive monitoring reduced the median fraud duration from 24 months to 10 months (58%). As a result, the median loss was reduced from $165,000 to $80,000 (52%).

So, what does this mean? By implementing proactive monitoring through a system that detects transaction anomalies and patterns, an organization can more effectively manage its risk of fraud, waste and abuse.

How can you detect fraud, waste and abuse using data analytics?

It is imperative to implement a system that can review every transaction as soon as possible. Some datasets will require a real-time or daily analysis, while other datasets may only require a weekly, monthly or quarterly review. Your organization needs to identify the various transactions critical to your operations, and determine the appropriate time period in which to analyze those transactions.

Once the time period is determined, your organization should review its operating guidelines, policies and procedures to develop a library of rules to apply to the datasets (transactions). These rules will help identify anomalies, patterns and trends that will need further investigation. Ideally, most of the red flags will be false alarms. But in some instances, these red flags will highlight errors in your critical processes.

Ultimately, the system raises red flags for unusual transactions. By analyzing the transactions within a reasonable time period, you can mitigate the damage of potentially fraudulent or wasteful transaction and minimize the financial impact those transactions could have on your organization’s financial performance.

Why you should get started

By implementing a data analytics system to detect fraud, waste and abuse, financial risk is managed though an automated review of each transaction and would be fraudsters within your organization are deterred.

Start by simply identifying the datasets/transactions involved in your critical business processes, then begin labeling financial risks associated with those transactions and the corresponding internal controls, policies and procedures to manage those risks. Once completed, you can begin thinking about how to automate the proactive review process.


For help setting up or automating your proactive review process, contact a member of the AGH data analytics team.

Brian Johnson

Senior Vice President
Technology Services

Brian joined AGH in 1992. He leads the firm’s technology services practice where he helps clients achieve measurable performance improvements through the delivery of specialized, competency-based information systems management, assurance, and advisory services. He has extensive experience in information security, network engineering, and solution development, with recognized specializations in governance, risk, control, and related consulting services.

Brian is a member of ISACA (previously known as the Information Systems Audit and Control Association), the Kansas Society of Certified Public Accountants (KSCPA), the American Institute of Certified Public Accountants (AICPA), the AICPA’s Information Management and Technology Assurance (IMTA) Section, and the Association for Supply Chain Management (ASCM). He is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), Certified in Risk and Information Systems Control (CRISC), Certified Data Privacy Solutions Engineer (CDPSE), and Certified in Production and Inventory Management (CPIM).

Brian is also a Certified Public Accountant (CPA) and a graduate of Wichita State University, where he earned Master of Accountancy and Bachelor of Business Administration degrees.

Not sure how to utilize data analytics to detect potential fraud, waste or abuse?
Contact AGH's data analytics team for help.