Professional services organizations are most at risk to be negatively impacted by expense reimbursement schemes, billing schemes and check and payment tampering schemes, according to the 2018 ACFE Report to the Nations on Occupational Fraud and Abuse. In a previous Our Thoughts On article, Brian Webster talked about how utilizing system-wide and manual controls can help detect billing schemes. This time, we’ll take a look at data analytic procedures that can be used to identify check and payment tampering schemes.
Check and payment tampering occurs when an employee alters a payment intended for a third party to his or her benefit. Common tests to detect tampering schemes include:
- Identifying out-of-range checks
- Following up on checks made out to “cash”
- Reviewing transactions for round dollar payments
- Identifying checks issued to vendors with names that are similar to known vendors
The first three tests can be accomplished in a relatively simple fashion using the basic features of any spreadsheet program. An analyst could also perform the fourth test manually by scanning a disbursement listing or spreadsheet for variations of vendor names, but it’s a task better and more accurately performed through use of a specialized tool.
Here’s how the vendor name test would work. The analyst begins by using software to look for small variations in how a vendor is named. For example, a fraudster could pull off a check tampering scheme by changing the letter “I” in “Initech” to a “1” (one). Identifying these inconsistencies is accomplished by employing a technique known as fuzzy matching, a feature present within software programs like IDEA or the open-source “FuzzyWuzzy” Python Library (originally developed by SeatGeek to compare event-naming conventions across different ticketing sites). In each case, an algorithm is applied to assign a “score” of likeness to a subject text string for a population of text strings. Text strings from the population with scores meeting a desired threshold can then be investigated further.
Remember, as fraudsters get more resourceful, it is imperative to have these types of tools at your disposal to detect malicious activity. If you have any questions regarding potential fraud schemes, internal controls, or the use of data analytics to detect fraud at your professional services organization, please contact the Business Advisory group at Schneider Downs.
Related Posts
No related posts.