Bangkok post> Jobs > Career guide

When the thief holds the key to the cashbox: detecting internal fraud

Much attention is given these days to corruption. Political leaders rant and rave against it, and politicians in general demand its eradication. But in most countries they are the biggest miscreants, stealing from the people whom they claim to represent.

However much of the most outrageous fraud, and the most skilful, persistent fraudsters, actually operate from privileged positions within their own organisations. Internal fraud is reputed to cause the most serious losses, as evidenced by massive defalcations sustained by leading financial institutions and major corporations. Yet very little of the massive frauds that regularly, often systematically, take place, are ever detected. This is because internal frauds are skilfully performed by trusted insiders, able to cover their tracks and conceal their crimes.

In a recent presentation on corruption and fraud analytics held at the Thailand Regional Forum, Richard Batten, Technical Adviser, Forensic Services, at Deloitte Touche Tohmatsu Thailand, discussed the dimensions of internal fraud within the corporate sector, and the role of data analytics as a detection device accessible to every organisation that has access to corporate databases. All major companies have access to what is nowadays called "big data". Even small companies have substantial data sources. These sources can be used for a variety of purposes, one of which is the detection of internal fraud.

According to the Association of Certified Fraud Examiners (ACFE), based in the USA but with worldwide affiliations and membership, a typical organisation loses 5% of revenue in a given year as a result of fraud, with an average loss per case of US$2.7 million. However much of the losses arising from internal fraud never gets detected or reported. It just goes on, building up year by year, eating away profitability, even driving companies into losses, unidentified by internal and external auditors.

Characteristics of serious fraud offenders

The popular conception of the serious, serial criminal offender is of a rough, uncultured and down-at-heel character. Such may be the case with the perpetrators of violent crime, which makes them easier to detect. However the serious fraud offender tends to be of a very different type. He, or sometimes she, will tend to be in their mid-40's, mostly nationals of the country where the fraud takes place, with no prior criminal record, frequently an accounting professional or divisional director, with at least secondary education and some professional qualification, with relatively stable employment within the victim organisation. The fraudster tends to be motivated by greed, sometimes resulting from gambling. Usually the perpetrator acts alone in the commission of the offence. This profile of the archetype fraudster was developed by a study of serious fraud offenders in Australia and New Zealand by the Australian Institute of Criminology, but was also borne out by a similar study conducted by Chulalongkorn University in Thailand. Such fraudsters are often, regarded by colleagues as "nice guys", appearing honest, ethical, friendly, trusted by the organisation and considered to have integrity. They are often senior enough to be able to circumvent controls or bend rules to their own advantage.

These misleading characteristics result in perpetrators of internal fraud not being detected over long periods of time, or even at all. But all organisations have high risk of fraud, corruption and misconduct. The great strength of data analytics is that it cuts through subjective evaluations of individuals and can identify the clues that hide within the data providing indicators of malpractice.

The power of analytics

Data analytics covers a wide spectrum of the use of analytics to discover and gain insights from an organisation's data, potentially enhanced by externally sourced data. Corruption and fraud analytics specifically targets the discovery and communication of meaningful patterns in data that identify or indicate that corruption or fraudulent activity may have, or is currently occurring in any particular organisation. It enables use of the power of data already stored in company databases to find suspicious patterns. It does not prove that fraud or corruption has occurred, but is a rapid and efficient way to identify what further enquiry and investigation may be warranted.

Typical cases of fraud detection by analytics

- Gold mine suffered from fraudulent extraction:

A major gold mine undertook a review of procurement spend at a new site, at a stage of development when the project had suffered overspend of A$500 million on budget, delays and share price collapse. A fraud analytics review of procurement spend identified A$80 million of transactions that appeared fraudulent or suspicious, resulting in investigation of suppliers and transactions, resulting in identification that over 95% of such transactions were either fraudulent or supplier overcharging. Vendors and suppliers were, as a result, re-assessed with some contracts revoked. Unsurprisingly, the company instituted a regular analytics review of procurement spending and introduced a "whistle-blower" program.

- University hosted malevolent masterminds:

A university suspected that its property management department was experiencing fraud to the extent of A$2 million. Use of data analytics over purchase orders, tenders, contracts and accounts payable, indicated losses firstly of A$9 million and finally of A$40 million in defalcations, being a massive 20-fold increase in fraud compared to what was first believed by the university authorities. The university had been driven close to bankruptcy but avoided dissolution and instituted new systems and regular monitoring through data analytics to assure financial probity and vigilance.

- Advertising high flyer grounded:

Fraudulent claims for travel and entertainment are extremely common but often hard to analyse and detect. A particular case involved various forms of suspicious entertainment of overseas clients but the details were hard to detect from credit card records. However by using external data relating to typical pricing and service charges, it was possible to establish a pattern of fraudulent claims which provided evidence of malpractice by the executive in question.

- Detecting the fatalities in health insurance:

The Indonesian operations of an international insurance company identified fraudulent losses and discrepancies through internal audit but could not establish the full extent of the loss. Using advanced analytics to analyse data over a decade, a significantly large number of policy holders were detected with anomalous claims. As a result of data analytics, the problems were identified and solved, along with systems to monitor accounting and claims processing thereafter.

The great advantage of data analytics as a fraud detection tool is that it is objective and non-personalised. The techniques are systematic, cover huge volumes of data, and highlight discrepancies that are often fraud related. Whether or not an organisation chooses to act upon findings is up to the top management of that organisation but the evidence is hard to dispute.


Christopher F. Bruton, 45 years in Thailand, is Executive Director of Dataconsult Ltd, a local consultancy. He can be reached at chris@dataconsult.co.th. Dataconsult's Thailand Regional Forum provides meetings, seminars and extensive documentation to update business on present and future trends in Thailand and in the Mekong Region.