Fraud Fighting with Detection Systems: Top three best practices when automating proactive fraud detection systems

Year after year, fraud examiners will lament, "we need to implement technology this year to proactively detect fraud," but then never do take action. You're neither lazy nor ineffective. Rather, you're being knocked off-track by the silent killers of technology: trying to do everything at once, not building effective business cases, and not making it part of the fabric of your working lives.

To stay on track, you might heed some of the best practices borne out of extensive research for the "2005 Buyer's Guide to Audit, Anti-Fraud, and Assurance Software." Below are the top three best practices excerpted from this book, which focus mainly on implementing data analysis software to detect fraud.

Best practice No. 1 - Focus long term yet start simple and build iteratively
Software development lifecycles have matured over time to arrive at a common best practice: "Know what you want long term and build iteratively each day to get there." This is just common sense whether you're building a career, a financial plan, or in this case, the integration of technology into a business process.

Here are some key pointers for taking these lessons and relating them back to your next data analysis implementation:

• Think prototype - Don't feel you need to make it perfect in the first go-around. Remember that if you can build a prototype and show the effectiveness of the tool in detecting fraud to the company, you've laid the foundation to prove additional future returns when the system is fully functional. Further, fraud need not be detected immediately to show the prototype's worth, yet the project should instill enough imaginative energy toward what is possible using the software tool.
• Select a comfort zone - There's no need to embark into a new area that has never been previously reviewed when common stomping grounds are so ripe for harvesting. You can focus on analyzing everyday targets for fraudsters such as accounts payable, procurement, or payroll.
• Start with inexpensive software - You may want to start with software that the company already has licenses to, such as Microsoft Access or Excel, or a product for which you can get a free demo copy for 30 days. By spending no or little money up front, the only risked cost is the time spent running the analysis. Once management recognizes the value, the company is in a much better position to decide whether to invest in more industry-grade technology.

Best practice No. 2 - Make a return in cash terms
"Cash is king" and there's no exception when implementing technology. The benefits of technology may lead people to "feel good" or "be more effective" but these are merely euphemisms for "the implementers don't know the cash value of their technology." Many companies implement technology simply to appear to be up to par with the industry because no one wants to be viewed as a techno-idiot.

Pride aside, cash recovery needs to be identified to build the appropriate business case for implementation. Given the negative context of investigations, management may not see fraud detection and deterrence as the best ways to recover cash (though we know differently). Therefore, in addition to the potential fraud detection, other cash recoveries should be planned for the data analysis effort. So when scoping areas for increased technology, ask yourself, "Where do you believe you could find the most cash recovery and process improvements?" Then ask, "Which departments want to change or have new management desiring change?" The intersection of the answers to such questions becomes the sweet spot for low-hanging fruit in the company and, as explained in best practice No. 1 above, it's better to have some early success to capitalize on for future development efforts.

So even if the focus of the data analysis is fraud detection, there's no reason other reports can't be executed to find cash savings for the company. Data can be easily recycled from a proactive fraud investigation to also find cash in:

• duplicate accounts payable payments;
• accounts payable overpayments;
• payroll overpayments;
• employees who have been terminated and are mistakenly being paid for in the company's health care plan; and
• process improvements identified based on sagging process performance metrics.

Best practice No. 3 - Make it routine
One final best practice, saved purposely for last: technology will endure and be effective if companies make it routine. Most of us routinely check our e-mail messages hourly. So it's quite possible to train yourself to check the results of automated fraud detection tasks much as you discipline yourself to wake up early and drive to the gym for your daily workout. Even financial advisors suggest making your financial plan "automatic" by setting auto-payment plans to 401K and other investment vehicles.

Similarly, world-class fraud examiners will assume they'll use data analysis technology in all fraud examinations and should prove to management why they don't need to use such tools. By building in this assumption of technology, it will more likely be daily exercised. "If you don't use it, you'll lose it." So be sure to build an implementation plan that assumes routine usage of the technology.

This article was excerpted from the "2005 Buyer's Guide to Audit, Anti-Fraud, and Assurance Software," by Dean Brooks, Mort Goldman, and Rich Lanza.

Richard B. Lanza, CFE, CPA, PMP, president of Cash Recovery Partners, L.L.C., in Lake Hopatcong, N.J., provides audit technology and project management assistance to companies. Lanza is the founder of the non-profit Web site, www.auditsoftware.net. His Web site is: www.cashrecoverypartners.com.