Detectlets are small programs that encode algorithms to help detect fraud. They are stored in a central repository and can be chained together and automated. Example detectlets demonstrated included detecting bid rigging and analyzing data for Benford's Law anomalies. The detectlets integrate with the Picalo platform, which provides an open-source toolkit and wizard interface to allow auditors to quickly execute detectlets with limited technical skills. This aims to help address limitations such as limited time, high costs, and lack of fraud expertise that have historically made fraud difficult for auditors to detect.
1. Detectlets for Better Fraud Detection
Conan C. Albrecht, PhD
Marriott School of Management
Brigham Young University
2. Today’s Presentation
• Give a few fraud stories
• Outline the Detectlet vision and Picalo
Architecture
• Show example code and working products
• Describe future research directions and
solicit help
3. Two Types of Fraud
• Fraud on behalf of an organization
– Financial statement manipulation to make the
company look better to stockholders
– Also called management fraud
• Fraud against an organization
– Stealing assets, information, etc.
– Also called employee or consumer fraud
4. ACFE Report to the Nation Occupational
Fraud and Abuse
• 2 1/2 year study of 2608 Frauds totaling
$15 million
– Fraud costs U.S. organizations more than
$400 billion annually.
– Fraud and abuse costs employers an average
of $9 a day per employee
– The average organization loses about 6
percent of its total annual revenue to fraud
and abuse admitted to by its own employees
5. Ernst & Young Fraud Study 2002 (Europe)
• One in five workers are aware of fraud in their
workplace
• 80% would be willing to turn in a colleague but
only 43% have
• Employers lost 20 cents on every dollar to
workplace fraud
• Types of fraud
– Theft of office items—37%
– Claiming extra hours worked—16%
– Inflating expenses accounts—7%
– Taking kickbacks from suppliers—6%
6. Revenues $100 100%
Expenses 90 90%
Net Income $ 10 10%
Fraud 1
Remaining $ 9
To restore income to $10, need
$10 more dollars of revenue to
generate $1 more dollar of
income.
Cost of Fraud
• Fraud Losses Reduce Net
Income $ for $
• If Profit Margin is 10%,
Revenues Must Increase by
10 times Losses to Recover
Affect on Net Income
– Losses……. $1 Million
– Revenue….$1 Billion
7. Fraud Cost….Two Examples
• Large Bank
– $100 Million Fraud
– Profit Margin = 10 %
– $1 Billion in Revenues
Needed
– At $100 per year per
Checking Account,
10 Million New
Accounts
• Automobile
Manufacturer
– $436 Million Fraud
– Profit Margin = 10%
– $4.36 Billion in
Revenues Needed
– At $20,000 per Car,
218,000 Cars
8. A Recent Fraud
3,000,000,000
2,500,000,000
2,000,000,000
1,500,000,000
1,000,000,000
500,000,000
0
Year 1 Year 3 Year 5 Year 7 Year 9
• Large Fraud of $2.6 Billion
over 9 years
– Year 1 $600K
– Year 3 $4 million
– Year 5 $80 million
– Year 7 $600 million
– Year 9 $2.6 billion
• In years 8 and 9, four of the
world’s largest banks were
involved and lost over $500
million
Some of the organizations involved: Merrill Lynch, Chase, J.P. Morgan,
Union Bank of Switzerland, Credit Lynnaise, Sumitomo, and others.
9. Every Person Has A Price
• Abraham Lincoln once threw a man out of
his office, angrily turning down a
substantial bribe. “Every man has his
price”, explained Lincoln, “and he was
getting close to mine.”
11. Superhuman Workers
• Summed all hours
(normal, OT, DT) per
two week period,
regardless of invoice
or timecard)
• Workers were
logging hours on two
timecards for
simultaneous jobs
15. The Family Business
• Tip stated that kickbacks were occurring
with a certain company
• We researched the company and
determined which purchaser authorized
the work
• A contractor crew and company purchaser
were family
22. Accounting History
• 1940 SEC Statement: “Accountants can be expected to
detect gross overstatements of assets and profits
whether resulting from collusive fraud or otherwise”
(Accounting Series Release 1940)
• 1961: “If the ten (auditing) standards now accepted were
satisfactory for their purpose we would not have the
pleas for guidance on the extent of (auditors’)
responsibility for the detection of irregularities we now
find in our professional literature.” (Mautz & Sharaf 1961)
• 1997 - SAS 82
• 2002 - SAS 99
Expectation Gap
23. Historical Fraud Research
• Excellent literature review by Nieschwietz,
Shultz, & Zimbelman (2000)
– Who commits fraud
– Red flags
– Expectation gap
– Auditor expectations
– Game theory between auditors and management
– Auditor-client relationships
– Risk assessment, decision aids
– Management factors affecting fraud
24. FS Fraud using Ratio Analysis
• Hansen, et. al (1996) developed a generalized
qualitative-response model from internal sources
• Green and Choi (1997) used neural networks to classify
fraudulent cases
• Summers and Sweeny (1998) identified FS fraud using
external and internal information
• Benish (1999) developed a probit model using ratios for
fraud identification
• Bell and Carcello (2000) developed a logistic regression
model to identify fraud
• Current work by McKee and by Cecchini and by Albrecht
• None have found the “silver bullet” in using external
information to identify fraud
– Management (FS) fraud is very difficult to find
25. What are the Big 4 Doing?
• Each firm seems to have different groups
working on fraud detection
– No best practices model has emerged
• IT auditors perform control testing on
company systems, not fraud detection
• Meeting with Bill Titera of EY
26. Why Don’t “They” Find Fraud?
• Limited time
– Our most precious resource is our attention
• History
– Heavy use of sampling - lack of detail
– Lack of historical fraud detection instruction
• Lack of fraud symptom expertise
• Lack of fraud-specific tools
• Lack of analysis skills
• Lack of expertise in technology
• Auditors do find 20-30 percent of fraud
» ACFE 2004 Report to the Nation
27. Isn’t there a better way?
Reasonable time requirements
Within reach of most auditors
(highly technical skills not required)
Cost effective
Integrate easily into different
database schemas
Integrate AI and
auto-detection
28. Initial Thoughts
• A small “manual” about frauds
– Cliff notes about different types of fraud
– Describes the scheme
– Describes the indicators of the scheme
• Worldwide repository wth contributions
from many different industries
• Primary focus was training
29. Detectlets
• A detectlet encodes:
– Background information on a scheme
– Detail on a specific indicator of the scheme
– Wizard interface to walk the user through
input selection
– Algorithm coded in standard format
– “How to interpret results” follow-up
• Input is one or more table objects
• Output is one or more table objects
31. Potential Supporting Platforms
• MS Access
• ACL or IDEA
• Build ground up application
– Allows total control over platform
– Stays with open source rather than tying the program
to a particular platform
• For example, consider PowerBuilder
– Supports Windows, Unix, Linux, Mac
– Allows embedded use within a greater platform
– Personal preference was Python
34. How Detectlets Address the Problem
• Limited Time: Detectlets provide a wizard
interface for quick execution; they can be
chained and automated into a larger
system
• High Cost: Detectlets are based in open
source software, putting them within reach
of small and large accounting firms; they
also create a community environment for
fraud detection
35. How Detectlets Address the Problem
• Lack of fraud symptom expertise:
Detectlets provide a large library of
available routines to both train and walk
auditors through the detection process
• Lack of fraud-specific tools: Picalo
provides an open solution that we can
improve over time; it puts a fraud-specific
toolkit in the hands of auditors
36. How Detectlets Address the Problem
• Lack of analysis skills: Detectlets
encode full algorithms and code, allowing
the auditor to stay at the conceptual level
rather than the implementation level
• Lack of expertise in technology:
Detectlets provide a wizard-based solution
that are easy to use; Picalo provides an
Excel-like user interface
38. Data Structures
The Table object is the basic data structure. Nearly all
routines both input and return tables, allowing them to be
chained. Its methods include sorting, column operations, row
operations, import/export from delimited text and Excel
formats.
Column types include Boolean, Integer, Floating Point, Date,
DateTime, String, etc.
40. Benfords Module
calc_benford: Calculates probability for a single digit
get_expected: Calculates probability for a full number
analyze: Analyzes an entire data set and calculates summarized
results
41. Crosstable Module
pivot: Similar to Excel’s pivot table function
pivot_table: Pivots and keeps detail in each cell
pivot_map: Pivots and keeps results in a dictionary rather than a
grid
pivot_map_detail: Pivots and keeps results in a very detailed
fashion using a dictionary
42. Database Module
OdbcConnection: Connects to any ODBC-compliant database
PostgreSQLConnection: Connects to PostgreSQL
MySQLConnection: Connects to MySQL
Also includes various query helper functions, such as query
creation, results analysis, etc.
43. Financial Module
Calculates various financial ratios to help in financial
statement analysis:
Current ratio
Quick ratio
Net working capital
Return on assets
Return on equity
Return on common equity
Profit margin
Earnings per share
Asset turnover
Inventory turnover
Debt to equity
Price earnings
44. Grouping Module
Stratification gives the details behind SQL GROUP BY. It keeps
the detail tables rather than summarizing them.
stratify: Stratifies a table into N number of tables
stratify_by_expression: Stratifies a table using an arbitrary
expression
stratify_by_value: Stratifies on unique values
stratify_by_step: Stratifies based on a set numerical range
stratify_by_date: Stratifies based on a date range
Summarizing is similar to SQL GROUP BY, but it allows any type of
function to be used for summarization (GROUP BY generally only
allows sum, stdev, mean, etc.)
This can by done in the same ways as stratification.
45. Trending Module
Various ways of analyzing trends and patterns over time.
cusum, highlow_slope, average_slope, regression, handshake_slope
46. Python Libraries
Powerful yet easy language with a significant online community
Full object-oriented support (classes, inheritance, etc.)
Text maniuplation and analysis routines
Web site spidering routines
Email analysis routines
Random number generation
Connection to nearly all databases
Web site development and maintenance
Countless libraries available online (almost all are open source)
48. Level 1 Research
• Foundation routines for fraud detection
– Development, testing, empirical use, field studies
• Connections to production software
– Standard SAP, Oracle, Peoplesoft, JD Edwards, etc.
modules
• Application of CS, statistics, other techniques to
fraud detection
– Time series analysis
– Pattern recognition for fraud detection
49. Level 2 Research
• Studies about detectlet presentation, user
interface
• Creation and testing of detectlets for
industries, data schemas, etc.
• Detectlets for financial statement fraud
detection
• Testing of detectlet vs. traditional ACL-type
fraud detection
• Patterns of detectlet development, best
practices
50. Level 3 Research
• Automatic mapping of field schemas to a
common schema
• Application of expert system, learning
models for automatic detection
– Decision trees
– Classification models
• Meta-detectlets to combine various Level
2 detectlets into higher-level logic
51. Other Research
• Group-oriented processes for the central
repository
– Searching, categorization
– Testing, rating systems
• Marketplaces for detectlets
• Development of Picalo itself
52. My Hope
• In 5 years we’ll have a large repository of
detectlets to:
– Support both external and internal auditors
– Teach students in fraud classes
– Conduct theoretical and empirical research
http://www.picalo.org/