Big data

An EY survey indicates that companies need to look at a broader set of risks, incorporate more data sources, use better tools and move to real-time or near real-time analysis of increased data volumes. The results? More effective and efficient compliance programs that are highly focused on key fraud risk areas.

A leading global pharmaceutical company, we'll call it Pharminc, sought to use forensic data analytics (FDA) to monitor compliance with policies and procedures designed to govern interactions between their sales representatives (REPs) and the health care professionals (HCPs) they interact with in certain high-risk countries. Many anti-fraud practitioners in the past — using traditional FDA methodologies — would consider only one primary data source for analysis, such as travel and entertainment accounts. Pharminc took a different approach and incorporated "big data" thinking. The company not only used traditional spreadsheet and database applications, it integrated multiple structured and unstructured data sources with more sophisticated visual analytics and text mining applications.

These data sources included speaking events data, travel and entertainment accounts, product samples, sales and customer relationship management data, physician interaction data and even social media data.

Pharminc developed new analytics approaches using these sources to "risk rank" both REPs and HCPs across targeted regulatory and corporate integrity risks, including fraud, corruption and off-label marketing.

To enhance early detection of problems, Pharminc generated interactive monitoring "dashboards," which visualized data in charts and graphs (rather than data dumps to spreadsheets) to assist in-country compliance officers and/or managers with spotting trends and anomalies. Pharminc deployed this FDA program to dozens of countries in approximately 18 months, which helped the company detect rogue employee activities, increase transparency and save significant dollars from improving recoveries and realizing audit-monitoring efficiencies.

Big data can mean big opportunities

Big data techniques and technologies present significant opportunities for business executives in multiple functions working across many industries and geographies. They can capitalize on information contained in disparate data sources that are otherwise difficult to correlate and interpret. For those charged with deterring, detecting and investigating misconduct, mining such data can be a particularly powerful tool in their overall compliance and anti-fraud efforts.

Companies are increasingly seeking market share and revenue growth in emerging markets, which are characterized by higher perceived levels of fraud, bribery and corruption risk. At the same time, regulators and law enforcement bodies are intensifying their cross-border collaborations to ferret out improper business practices and punish violators. The costs associated with noncompliance are growing. Out-of-date risk assessments, undetected frauds and poorly executed investigations — followed by failure to properly remediate internal controls — only exacerbate the risks facing companies. The staggering increase in volume, variety and velocity of business information requires inherent changes in how companies manage their compliance challenges and investigate aberrational behavior.

EY's Fraud Investigation & Dispute Services (FIDS) practice, in an effort to understand how companies in 11 major markets are deploying FDA tools, undertook its first-ever Global Forensic Data Analytics Survey. From November 2013 through January 2014, we interviewed more than 450 executives responsible for their companies' anti-fraud programs. (View a full copy of the survey.)

Through the survey, we endeavored to discover how companies are leveraging FDA to mine big data. The term big data is often used in the media, but what precisely does it mean, and how can we use it to fight fraud? For the purpose of this survey, we adopted Gartner Research's definition: "Big data is high-volume, high-velocity and high-variety information assets that demand cost-effective, innovative forms of information processing for enhanced insight and decision making." (See Gartner IT Glossary as of publication.)

And we used FDA in the survey to refer to the ability to collect and use data both structured (e.g., general ledger or transaction data) and unstructured (e.g., email communications or free-text fields in databases) to identify potentially improper payments, patterns of behavior and trends. FDA can also include integrating continuous monitoring tools, analyzing data in real- or near-real time and enabling rapid response to prevent suspicious or fraudulent transactions.

The survey found that those companies deploying advanced FDA tools across larger data sets provided better insights, which lead to more focused investigations, better root cause analysis and contributed to more effective fraud risk management.

Of course, companies can deploy such tools against a wider variety of risks, including competitive practices, insider trading or tax controversies. However, for our study, we focused on fraud, bribery and corruption as the risks that management and boards discuss.

Our findings suggest that while companies may be doing some forms of FDA, many are missing important opportunities to leverage more sophisticated anti-fraud tools.

Advanced technologies that incorporate data visualization, statistical analysis and text-mining concepts, as compared to spreadsheets or relational database tools, can be applied to massive data sets from disparate sources.

These technologies enable companies to ask new compliance questions of their data that they might not have been able to ask previously. Fraud examiners can establish important trends in business conduct or identify suspect transactions among millions of records rather than having to rely on smaller samplings that could miss important transactions.

Senior executives and board members, many of whom are already benefiting from less sophisticated FDA efforts, should be interested in the survey results and case studies. We hope that this survey contributes to meaningful conversations within your organization, particularly within the finance, internal audit, compliance and legal functions. Thanks to all the respondents and business leaders for their contributions, observations and insights.

Key highlights from the research

Current regulatory landscape creates a further impetus for new approaches in FDA

It's clear that the bar has been raised on regulators' expectations of the components of an effective compliance program. Adopting FDA procedures into the monitoring and testing of compliance can create a cycle of improved adherence to company policies and improved fraud prevention and detection, while providing additional comfort to key stakeholders. Our survey finds that 87 percent of respondents agree that regulatory compliance requirements, including anti-corruption laws and recent enforcement trends, are a factor in the design and use of FDA. Indeed, nearly 50 percent indicate these regulatory compliance requirements are among the top five factors.

FDA efforts are aligned well with perceived company risk areas

The risk of bribery and corruption is identified as having the highest priority in an FDA program, with 65 percent of the respondents indicating that it's a concern. Notably, more respondents name it a "major concern" than any other risk category. Fortunately, these risks are also well-aligned with the use of analytics as 74 percent of respondents indicate that they're using FDA to combat bribery and corruption. Our survey results also indicate FDA alignment with other fraud risk areas, including:

• Asset misappropriation, in which 75 percent of respondents use FDA.
• Financial statement fraud, in which 62 percent of respondents use FDA.
• Capital project spend, in which 53 percent of respondents use FDA.

Big data has big potential

Over the past several years, the term, big data, has been a major theme of the information technology media and has increasingly made its way into compliance, internal audit and fraud risk management-related publications. Indeed, in our survey research, 72 percent of respondents believe that emerging big data technologies can play a key role in fraud prevention and detection. Yet only 7 percent of respondents are aware of any specific big data technologies such as Hadoop or other advanced processing capabilities, and only 2 percent of respondents are actually using them. For those survey respondents integrating more advanced FDA technologies — including big data processing capabilities, data visualization, statistical analysis or text mining — we see notable differences in the utility of FDA findings and enhanced recoveries, among other observations.

Why use FDA? Key benefits and adoption

FDA enhances the risk assessment process and improves fraud detection

We asked survey participants about the main benefits of FDA. The top benefits according to our respondents are the ability to "enhance our risk assessment process" (90 percent) and the ability to "detect potential misconduct that we couldn't detect before" (89 percent). The vast majority of respondents also note the following benefits:

• Better comparison of data for improved fraud risk decision-making (82 percent).
• Enhanced audit planning or investigative fieldwork (82 percent).
• Earlier detection of misconduct (82 percent).

Where is FDA deployed?

FDA benefits a wide range of stakeholders within organizations. Interestingly, the vast majority of respondents indicate that the primary users or beneficiaries of FDA include executive management (81 percent) and boards (68 percent), which further demonstrate the importance of effective FDA techniques in combating fraud and corruption.

Internal audit is the top user or beneficiary at 84 percent. Our research finds that no one functional department clearly owns the FDA program. Overall responsibility for the program lies either with corporate executive management with 32 percent of respondents or legal and compliance with 31 percent of respondents. Internal audit functions (22 percent) comes in third place. After these top three, there's a notable drop with finance (6 percent), investigations (5 percent) and other (4 percent) comprising the remaining responses. According to our research, companies are generally optimistic that FDA budgets will increase, particularly for those working in countries where regulatory enforcement is high.

Missed opportunities: turning data into information 

Technology: the right tools for the right job

While spreadsheet and database applications are components of the overall FDA toolset, companies dealing with increasing data volumes, velocities and varieties of data require more sophisticated technologies. However, our survey research suggests that the vast majority of companies aren't utilizing advanced FDA technologies. Only:

• 26 percent of respondents utilize forensic analytics software.
• 12 percent utilize visualization and reporting applications.
• 11 percent utilize statistical analysis software.
• 2 percent utilize big data technologies such as Hadoop.

Lack of awareness and expertise

While 69 percent of respondents suggest that their current anti-fraud and anti-bribery programs are effective, they notably believe that businesses need increased anti-fraud/anti-bribery procedures, which include FDA, plus increased management awareness of the benefits of FDA. Our research shows that:

• 63 percent of respondents agree that they need to do more to improve their anti-fraud/anti-bribery procedures, including the use of FDA.
• 62 percent of respondents indicate that they need to improve management's awareness of the benefits of FDA in general and of proactive transaction monitoring in particular.

Data volumes analyzed are relatively small

Our survey finds that 42 percent of companies with revenues from US$100 million to US$1 billion are working with data sets fewer than 10,000 records. For companies with more than US$1 billion in sales, 71 percent report working with data sets of one million records or fewer. These data volumes are far from big data, which raises the question that companies may be missing important fraud prevention and detection opportunities by not mining larger data sets to more robustly monitor business activities.

Data sources analyzed aren't aligned with technology

Our respondents report an extensive use of unstructured, free-text data sources in FDA, despite the general lack of text-mining applications reported in the survey. For example, 47 percent of respondents who utilize only spreadsheet or database applications in their FDA efforts report analyzing the free-text payment descriptions in the accounts payable fields to identify potentially improper payments. Without the use of more sophisticated text-mining technologies, it can be daunting and inefficient to analyze free-text comments among thousands — if not tens of thousands or millions — of records in a spreadsheet. For those companies using more sophisticated FDA tools, we see notable increases in the use of unstructured data, including free-text payment descriptions, email, social media and external data sources.

Right risks, wrong tools?

There are notable differences between the FDA technologies that are the most effective and those that are being used. We asked survey participants to name tools that they're aware of in managing fraud and corruption risk. By far the most common answer was "in-house developed tools." The survey also demonstrated a wide distribution of the tools in use; no one FDA tool dominates the market.

The biggest FDA challenges

Our respondents indicated that the single biggest challenge in their organizations is "getting the right tools or expertise for FDA" (26 percent). The wide distribution of responses indicated other notable challenges, including "analysis process quality improvement" (15 percent) and "challenges with combining multiple data sources" (15 percent). Interestingly, cost is a lower factor, with only 10 percent of respondents indicating that FDA is prohibitively expensive.

Technology counts: better tools result in better FDA results

Respondents who are using FDA technologies beyond spreadsheets and databases have generally observed:

• Improved results and recoveries, 11 percent more than others.
• Earlier detection of misconduct, 15 percent more than others.
• More cost-effective results, 14 percent more than others.
• Higher visibility to the board, 12 percent more than others.

Five success factors for FDA integration

To build a successful FDA program, companies should consider the following five success factors:

1. Focus on the "low-hanging fruit": the priority of the initial project matters

• The first project, the low-hanging fruit, normally incurs the largest cost associated with setting up the analytics infrastructure, so it's important that the first project yields tangible recoveries.

2. Go beyond the "rule-based," descriptive analytics

• One of the key goals of FDA is to increase the detection rate of noncompliance while reducing the risk of false positives.
• From a technology perspective, companies need to move beyond rule-based spreadsheets and database applications and embrace both structured and unstructured data sources that consider the use of data visualization, text-mining and statistical analysis tools.
• Big data technologies, such as Hadoop, hold promise to help companies address expanding data volume, velocity and a variety of challenges associated with FDA.

3. Communicate: share information on early successes across departments and business units to gain broad business support

• Once validated, success stories will generate internal demand for your FDA program.
• Involve a multidisciplinary team, including information technology, business users (i.e., end-users of the analytics) and functional specialists (i.e., those involved in the design of the analytics and day-to-day operations of the FDA program).
• Communicate across multiple departments to keep key stakeholders updated on your FDA progress under a defined governance program.
• Don't just seek to report the noncompliance; seek to improve the business.
• Obtain investment incrementally based on success, not the entire enterprise all at once.

4. Leadership support gets it funded, but regular interpretation of the results by experienced or trained professionals makes the program successful

• Keep the analytics simple and intuitive — don't cram too much information into one report.
• Invest in automation, not manual refreshes, to make analytics sustainable.
• Invest in both developing and acquiring professionals with the required skill sets to sustain and leverage your FDA efforts over the long-term.

5. Enterprise-wide deployment takes time; don't expect overnight adoption

• Analytics integration is a journey — not a destination.
• Quick-hit projects might take four to six weeks, but the program and integration can take one to two years or more.
• Refresh programs as risks and business activities change.

Companies need to look at a broader set of risks, incorporate more data sources, move away from lightweight, end-user, desktop tools and head toward real-time or near-real time analysis of increased data volumes. Organizations that embrace these potential areas for improvement can deliver more effective and efficient compliance programs that are highly focused on identifying and containing damage associated with exploiting key fraud-risk areas.

Vincent M. Walden, CFE, CPA, CITP, a partner with EY's Fraud Investigation & Dispute Services practice, is based in New York.

Beth Junell, CFE, CPA, CFF, a partner with EY's Fraud Investigation & Dispute Services practice, is based in Denver, Colorado. 

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or ACFE.com. Permission of the publisher is required before an article can be copied or reproduced.