The audit trails that technology use leaves behind are powerful allies for businesses to attain the desired results.
Can you imagine running a business without use of technology? It seems very difficult, perhaps almost impossible to most of us. It is not just new age businesses that are technology dependent; even traditional businesses such as trading, manufacturing, mining, and construction, among others, rely on technology to operate. Whether it relates to production, distribution, accounting, or communication, technology is all-pervasive, and because of the all-pervading nature of technology, it becomes critical to compliance and reporting as well.
If we were to look at the evolution of technology in the financial services sector, while the journey started with creating efficiencies through implementation of core banking systems, it soon became an enabler for compliance. Along with the development of newer service delivery platforms such as ATMs, internet banking, and now app based banking, the evolution of the underlying technology focused increasingly on compliance tracking and monitoring.
In the current context, almost every form of a compliance review or investigation in almost any industry uses some kind of a technology enabler. From data analytics to digital forensics and discovery, the reliance of companies, governments and investigators on Electronically Stored Information (ESI) cannot be undermined. The reason for this is simple and easy to understand—technology almost always leaves a footprint, and permits for faster information analysis. Whether it is a scenario of compliance monitoring or of an investigation, such footprints (or audit trails) and speed of analysis become powerful allies in attaining desired results.
Data analytics and robotics
Data analytics has been long heralded as a power tool for internal audit and forensic investigations. Often, companies believe that forensic data analytics will provide results that will identify or prove fraud. However, data analytics remains a means to identify patterns, and hence, outliers. Considering the volume of data generated by companies every day, the identification of outliers is itself an important task. Companies are considering continuous monitoring, automated visual dashboards, and robotics to assist with reduction of human effort in detection of anomalies. Even though technological challenges continue to exist in the optimal architecture for continuous monitoring or robotics, we have observed that an increasing number of companies are seeking to implement visual dashboard solutions as these are easy to understand for a user and, in most cases, allow for a drill-down to specific transactions.
Forensic technology can play a very important role in fraud risk management, as it can help detect anomalies and raise red flags, recover lost deleted data...
A number of Enterprise Resource Planning (ERP) solutions also have some anomaly identification capabilities as add-on modules. However, due to the ever evolving nature of fraud schemes, the business rules for identifying anomalies need to be updated regularly. We believe that in order to improve their efficacy, core systems should be allowed to function as transactions recording systems and a fraud detection application should sit over and above as a monitoring mechanism—these can be dashboards, or advanced intelligence based platforms. This allows changes and adjustments to be made to the monitoring systems more quickly, and hence makes the entire fraud management exercise more robust and agile. The actual validation of whether anomalies are due to fraud or for other reasons continues to be reliant on human intervention.
Digital forensics is an area of forensic technology which is getting a lot of attention nowadays. Whether it relates to internal fraud investigations, data theft and data leakage, or to external attacks and cybercrime, digital forensics covers the entire gamut. What started as computer forensics many years ago is at the center of most investigative activities today.
Extracting emails and other documents, and recovering deleted items are just part of what digital forensics encompasses. Analysis of a computer’s registry can reveal information related to USB devices that may have been attached. Similarly, analysis of the internet history and event logs can reveal other aspects. These are just a few of the analyses that can be performed.
Digital forensics also becomes relevant when analysis of servers, cloud storage, external storage devices, cameras, mobile phones and tablets, and network printers is involved. Depending on the needs of an investigation, the strategy can include items that need to be analysed based on the kind of information that they can yield. Digital forensics thus plays a critical part in cyber-crime investigations and in breaches of technology systems.
The other area where technology plays a very powerful role in forensics is in the area of electronic discovery. Electronic discovery, or ‘eDiscovery’, is traditionally used in civil litigation, commercial disputes, arbitration,
and reviews related to regulatory matters. However, principles and procedures of eDiscovery prove to be very valuable allies in large investigations of all types.
We believe that in order to improve their efficacy, core systems should be allowed to function as transactions recording systems and a fraud detection application...
Tools, technologies, and procedures allow for vast volumes of emails and user created digital documents, such as word documents, presentations, spreadsheets, PDFs, etc., to be searched and reviewed for evidence of potential fraud or noncompliance. While financial statement reviews and analytics would point to outliers and indicators of fraud, discovery procedures allow identification of specific conversations and documents that provide evidence for such misconduct. An added benefit is that conversations and communications can be seen in their entirety, allowing for both contextualisation and relevance to the matter under review.
The potential of discovery tools has grown significantly over the years to improve effectiveness of the entire process, whether through working out permutations and combinations of search terms,or selecting a set of documents for review, or through the ability to de-duplicate emails, and so on.
Good discovery platforms also allow for review of digitised versions of hard copy documents, data extracted from mobile devices, and in some cases, use of advanced machine intelligence to make sense of the data for review.
How companies can leverage technology for fraud risk management
Companies can integrate forensic technology with their core business processes to help manage the risk of fraud more efficiently.
• Automation and robotics are increasingly finding their way into core business processes in many industries in order to reduce human effort and improve efficiencies. Much like the financial services sector, adding data analytics to the mix of technology in use can help many industries track their processes and transactions more efficiently, with recognition of established and emerging patterns, and enhanced capabilities to detect deviations from these patterns.
• Utilising digital forensics tools can not only help businesses maintain data integrity, but can also help recover lost data, track historical data exchanges, and search for strategic information that can reveal clues or evidence of misconduct. External experts can step in to support efforts if required, especially in the event of a data breach.
• In case of a suspected incidence of fraud, eDiscovery tools and technology can be very helpful to identify evidence and support enquiry proceedings and investigation of the matter. While many companies tend not to use these systems in the normal course, they can be a reliable means to gather evidence and help close enquiries quickly, especially in businesses where transaction frequencies are high and quick resolution is a business imperative.
Forensic technology can play a very important role in fraud risk management, as it can help detect anomalies and raise red flags, recover lost or intentionally deleted data, and review and analyse information to find evidence of fraud, misconduct or noncompliance. We believe every company should analyse their requirements according to the nature of their business and attempt to utilise forensic technology, whether in-house or with the help of experts, to deter fraudsters and support their business objectives.
About the author
Jayant Saran is Partner – Forensic, Financial Advisory at Deloitte Touche Tohmatsu India LLP
Thursday, August 31, 2017