• Investment World
• eWorld
• Catalyst
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest

Integrated systems and data analysis can set the alarm bells ringing, says David Porter

IN ADDITION to direct financial loss and reputational damage, a well-executed fraud or money-laundering operation can severely harm or even destroy the largest company. There is now a growing realisation that a significant fraud threat comes from inside the organisation, and much of it is committed by senior management.

For some organisations it is estimated that internal fraud can cost 6 per cent of turnover. But this is only the tip of the iceberg, since most internal fraud goes undetected. When it is discovered, it is usually by accident or when somebody blows the whistle. Many businesses still view internal fraud fatalistically — "what we don't know we don't know" — but it can no longer be ignored. There are two practical methods of containing any kind of fraud: prevention and detection. Prevention depends on implementing controls to reduce opportunities for the unauthorised use of corporate resources. Methods include perimeter defence technology, such as firewalls, Web site or e-mail content scanners and biometric-based identity cards, as well as "softer" processes such as recruitment screening, segregation, supervision and training.

Detection depends on controls designed to raise an alert when a fraud is being committed. These include authorisation, internal auditing and whistle-blower hotlines. On the technical side, there are intelligent detection systems that take in large volumes of transaction data and, on the basis of an underlying model of potentially suspicious behaviour, look for telltale patterns and so identify cases for further investigation.

These were pioneered in the mid-1980s to tackle credit card fraud and they have since been adapted for other fraud areas — most recently, money-laundering.

But how well can they identify internal fraud? Can a machine analyse the audit trails generated by many different electronic systems used by employees and find the golden nuggets that indicate potential insider fraud activity?

Detection engines based on advanced data warehousing and intelligent analytics are now a commercial reality. They take in audit trails from sources such as application transaction logs, call centre logs, PABX telephone logs, building entry records, Web server logs and print server logs. This data can be supplemented with records from HR and finance systems. The wider the variety of sources the better. The incoming data is enriched and transformed into a consistent, homogenous format. It is then stored in a data warehouse in a form that retains the patterns of behaviour and how these develop and change over a long period.

Advanced analytical techniques can then detect anomalous patterns that are worthy of further investigation. Warning signs might include excessively long working hours, a refusal to delegate apparently mundane tasks, or individual behaviour patterns that deviate from those of employees in similar roles.

Detecting insider fraud is like looking for a hay-coloured needle in a haystack.

The perpetrators know their way around the system and carefully preserve the secrecy of their activities. It is vital to analyse trends over time in order to detect subtle, systematic, long-term frauds. It is also important that the system gathers data from all sources, not only a single silo. You can then cross-reference across organisational, procedural and transactional boundaries and identify cross-silo fraud and collusion between employees and outsiders.

This kind of system can move an organisation from reactive fire-fighting to the proactive prevention of financial loss. Increasing the efficiency and effectiveness of the detection process will also lead to cost savings, since fraud is taken off the bottomline.

Another benefit is the connection between prevention, detection and investigation. Prevention benefits from improved rules definition fed back from detection.

Detection is enhanced with previously unseen audit log analytics from prevention. Trend and data analysis reveals unusual behaviour that could indicate criminal activity. These clues are then passed to an internal investigation team. Intelligence from the investigation is fed back into the detection system so that it learns and can sound alarms earlier if a sequence is repeated.

The risk of internal fraud means that continued vigilance must be a priority. Current problems in the global economy are likely to reveal further fraud cases that were hidden during periods when cash flows were stronger. The role of chance in discovering fraud means that reported instances are probably a tiny proportion of the total number of cases.

Recent US laws, such as the Patriot Act 2001 and the Sarbanes-Oxley Act 2002, the FSA's focus on reducing economic crime and the impending Basel II Accord mean that businesses are under increasing pressure to manage operational risk. Internal fraud is a key element of this.

In the long term, regulatory bodies will look favourably on firms that show good corporate governance and best-practice operational risk management. Technology, carefully selected and innovatively applied, is key to achieving this, alongside well-trained, motivated people and optimised processes. Managers will then spend less time worrying about regulations and more time adding value to their businesses.

Article E-Mail :: Comment :: Syndication

Stories in this Section
Monsoon optimism

Copyright © 2003, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line