کاهش ریسک کلاهبرداری داخلی: نتایج یک مطالعه مورد داده کاوی

Corporate fraud represents a huge cost to the current economy. Academic literature has demonstrated how data mining techniques can be of value in the fight against fraud. This research has focused on fraud detection, mostly in a context of external fraud. In this paper, we discuss the use of a data mining approach to reduce the risk of internal fraud. Reducing fraud risk involves both detection and prevention. Accordingly, a descriptive data mining strategy is applied as opposed to the widely used prediction data mining techniques in the literature. The results of using a multivariate latent class clustering algorithm to a case company's procurement data suggest that applying this technique in a descriptive data mining approach is useful in assessing the current risk of internal fraud. The same results could not be obtained by applying a univariate analysis.

Saying that fraud is an important (however not loved) part of business, is nothing new. Fraud is a multi-million dollar business concern, as several research studies reveal and as reflected in recent surveys by the Association of Certified Fraud Examiners (ACFE, 2008) and PriceWaterhouse & Coopers (PwC, 2007). The ACFE study conducted in 2007–2008 in the United States reported that company's estimate a loss of 7% of annual revenues to fraud. Applied to US$ 14,196 billion of United States Gross Domestic Product in 2008, this would translate to approximately US$ 994 billion in fraud losses for the United States. The PwC worldwide study revealed that 43% of the companies surveyed had fallen victim to economic crime in the years 2006 and 2007 (PwC, 2007). The average financial damage to these companies was US$ 2.42 million per company over two years. These survey reports demonstrate the magnitude of fraud that companies face today. Numerous academic studies used data mining to investigate fraud detection (Brockett et al., 2002, Cortes et al., 2002, Estévez et al., 2006, Fanning & Cogger, 1998 and Kim & Kwon, 2006) and (; Kirkos et al., 2007). Although prior research has investigated fraud within different domains and using different techniques, the studies all focused on external fraud3 and used predictive data mining. Our study differs in several ways. First, we focus on internal fraud as internal fraud represents the majority of costs as identified by the PwC and ACFE surveys. Second, while prior studies examined only fraud detection, our study investigates internal fraud risk reduction, the combination of fraud detection and fraud prevention. Companies' risk exposure would be substantially greater if they only focused on fraud detection, a reactive working method. Companies use a combination of detection and prevention controls to help minimize their fraud risk. Hence, our study provides a more comprehensive view of the real world. Third, prior research used predictive data mining or more precisely predictive classification techniques. The purpose of these techniques is to classify whether an observation is fraudulent or not. Because we are focusing on risk reduction rather than detection, we believe descriptive data mining is more suited. Descriptive data mining provides us with insights on the complete data set rather than only one aspect of it, i.e., fraudulent or not. This characteristic is valuable for assessing the fraud risk in selected business processes. The aim of this paper is to provide a framework for both researchers and practitioners to reduce internal fraud risk and to present empirical results on this topic by applying this framework. Based on data collected from an international financial service provider, we investigated fraud risk reduction in the procurement process. The results are promising. In both a subset of recent and old purchasing orders a small cluster with a high risk profile is found. The population of old purchasing orders was of such size that full examination of the specified cluster was feasible. Our analysis suggested a closer examination of ten cases. Of these ten purchasing orders nine were circumventing procedures (creating windows of opportunity to commit fraud), and one was the result of an error. In the following sections we explain the methodology used in this study, the data set, the latent class clustering algorithm, and the results of investigating the procurement business process of the case company. We first apply a univariate analysis to explore the data and thereafter a multivariate analysis. We compare the results of both analyzes and conclude with the implications of our findings.

In this paper, a methodology for reducing internal fraud risk, the IFR² Framework (Jans et al. 2009), is applied in a top 20 ranked European financial institution. The results of the case study suggest that the use of a descriptive data mining approach and the multivariate latent class clustering technique, can be of additional value to reduce the risk of internal fraud in a company. Using univariate latent class clustering did not yield the same results. The application of the IFR² Framework at the case company produced a tone of more concern about the topic of internal fraud along with concern about the opportunity of committing this crime. Several limitations should be noted. The usual caveats of empirical research, data analysis and case study research apply. Our case study gives an idea about the applicability of the IFR² Framework in a real world situation, but we cannot generalize the outcome. We may however counter this limitation by the main characteristics of the case company, which are quite common in business practice: the case company uses SAP as ERP system and the business process under investigation is the procurement cycle (configured in SAP). Another limitation holds to the data. We only use data available in SAP. As pointed out by Alles et al. (2004), there is, aside from the limitations in availability, inherently the risk of contaminated data by frauds (for which the authors suggest a tertiary monitoring system by means of a “black box log file”). We hope other researchers will complement our work. There are several related research questions to be investigated. Also exploring other techniques, other business processes, suggesting improvements in methodology or any other contribution that will lead to more insights in the topic of internal fraud risk reduction are encouraged. As is explained in Jans et al. (2009), the IFR² Framework is to be applied as a complement to the COSO internal control framework. The study in this paper is a first way of supplementing internal control with additional data analyzing techniques. Another contribution that could be made to the internal control framework, is to implement different analyzing techniques for monitoring internal control, which is one of the five components of COSO's framework. Building further on Alles et al., 2006 and Kogan et al., 1999 program of research on continuous online auditing, the IFR² Framework can be adapted to the broader needs of continuous (online) assurance. Because the IFR² Framework is a supplement to internal control settings, another challenging research topic would be to develop an approach to assess the effectiveness of this framework, as Mock et al. (2009) did for ICoFR (Internal Controls over Financial Reporting). Aside from researching the effectiveness, other applications of the framework could be looked into. For example, following Grabski and Leech (2007), how would the IFR² Framework be suited as a control on information systems projects like an ERP implementation? Also the work of Dowling and Leech (2007) on the effect of decision support tools on audit support system restrictiveness can be elaborated by including data mining techniques as an extra type of decision support system.