Fighting Fraud With New Techniques Such as Big Data and Predictive Analytics

Norman Marks, CRMA, CPA, is a vice president for SAP and has been a chief audit executive and chief risk officer at major global corporations for more than 20 years.

 

The Aberdeen Group has a new research report out on Fighting Fraud with Big Data Visibility and Intelligence.

The report includes a useful review of the risk and cost of fraud. (Note that it errs when it refers to ‘tips’ as being external: these are typically calls to the internal compliance hotline or whistleblower line.) What is new in the report is the discussion of the ability to mine the mass of Big Data, perhaps with predictive analytics, to understand and assess fraud risk, and also to monitor for red flags that indicate an investigation is warranted.

As the report says:

“Rapid changes in information technology infrastructure are increasing the difficulty of maintaining high levels of preparedness simultaneously against all threats. In response, organizations are adopting enhanced strategies for fighting fraud: from 100% success at prevention, to greater visibility, faster detection and incident response; from 'figure out what already happened' using post-incident forensics, to proactively 'figuring out what’s happening' using Big Data and predictive analytics.”

Unfortunately, Aberdeen’s research showed that only about 16% are using predictive analytics for the detection and prevention of fraud.

Why is this? I suggest it’s from one or more of these factors:

  1. Those responsible for fraud prevention/detection are not aware of the capabilities of the new technology.

  2. Those responsible for fraud prevention/detection are (justifiably or not) content with the ‘older’ technology.

  3. Priority and/or resources are not given to fraud prevention/detection.

I welcome your views.

Posted on Jan 7, 2013 by Norman Marks

Share This Article:    

  Comments (5) un-categorized
  1. Comment by: Steve Biskie   (1/8/13 07:00 PM)   http://www.highwateradvisors.com

    I agree with your 3 thoughts, Norman. 

    Related to your first point, I think there is a combination of issues at play here.  Not only are many of these technologies fairly new, but the "marketing push" around them (particularly when dealing with terms like "big data" and "predictive analytics") tend to be centered around the top-line priorities that the Aberdeen report mentions--how this technology can be used to drive better marketing and enhanced revenue growth.  There has been very little discussion (outside of a few though leaders like yourself) about how these same technologies can be applied to other areas such as fraud detection and prevention. 

    One of the more exciting innovations from my perspective as a practitioner is something you've been blogging about recently; specifically, how the near-real-time speed of in-memory analytics can take complex analysis routines and provide results in seconds (over hours or days in some cases).  Specifically as it relates to fraud, this single innovation will allow us to move from after-the-fact detective processes to preventive procedures.  The opportunities are huge, and I truly think the combination of predictive analytics with in-memory analytics technology is a game-changer that will dramatically transform fraud and audit-related detection processes in this decade.  I do question Aberdeen's "100% success at prevention" (as I'm not sure that is possible except in the context of isolated fraud schemes), but nonetheless, I think we are on the verge of something massive.

    It’s an exciting time to be in the profession!
     

     

     

     

  1. Comment by: Heriot Prentice   (1/9/13 11:24 AM)   http://vaco.com

    I believe that in most cases companies never believe it shall happen to them. Fraud is rarely considerd a real issue when you talk about risk, as in many cases, it is not tangible yet can destroy a company or brand reputation.  Budgets rarely allocated to proactively assessing and protecting against fraud and usually a fire fighting after the event approach is taken all which are very sad.  It is always cheaper to be proactive and address fraud and risk than clean up after a breach or event. But when does anyone really focus. After a disaster. There is a huge education gap.

  1. Comment by: Moda   (1/11/13 06:52 AM)   http://modamelodi.com

    I think the main reason is the first one. There are techniques such as scenario testing or using audit software which would help detecting fraud. Even though fraud cannot be detected directly, output of these tools could be used as indicators to find employees who have relatively higher propensity to commit fraud.

  1. Comment by: Felix ORtega   (1/12/13 07:42 AM)   

    I believe that 3) Priority and/or resources are not given to fraud prevention/detection., could be the main factor and in combination with  2)-Those responsible for fraud prevention/detection are (justifiably or not) content with the ‘older’ technology become a very higher exposure and fraud can have more possibility to occurs.   Now a day, there are many ways to do business and things changes in a very fast manner, nevertheless, experience and common sense can never be ignored.  Preventive, Detective and Corrective (after de fact), controls performed remembering “old school style”, can mitigate risks… could take more time and maybe in the case they are not performed correctly, fraud occurs and this is the price of keeping stocked and not moving forward as the market do.    As there are many new ways of doing and managing business and technology become a neuralgic part of it,  we need to change our way to detect fraud in our organizations

  1. Comment by: Krish De   (1/13/13 11:29 PM)   

    Hi Norman,

    One other important root cause to consider could be the relative immaturity of information management and data governance within organisations, particularly from where I'm sitting in corporate Australia.

    Predictive analytics is difficult to institutionalise in its own right, but becomes that much harder to do so when you don't know what, where and how your organisation captures data and information.

    In other words, it is far easier to predict the occurrance of an event if you have a good idea of what you're looking for, where and how you're looking for it and the typical circumstances that lead up to the event.

    I stumbled across your two blogs today - great work, keep it up!

    cheers,Krish

Leave a Reply