yellow crime scene tape across laptop keyboard

Steps to Improve Forensic Analytics

Thanks to advances in forensic analytics, we can spot emerging risks long before they come to fruition. But predictions frequently lead to false positives. Satish Lalchand discusses how to prevent them in this third installment of a series on the future of forensics, following articles on the application of data-driven analytics and how the uses and quality of data drive analytics insights.

Forensic analytics — the combination of advanced analytics, forensic accounting and investigative techniques — is making breakthroughs every day in identifying rare events of fraud, corruption and other schemes. To meet rising regulatory and customer demand for fraud mitigation, forensic analytics can reveal signals of emerging risks months — or sometimes even years — before they happen. Of course, predicting anomalous events can also create false positives.

In an effort to reduce false positives in fraud investigations, careful attention should be spent on steps including:

  1. Create an analytics repository Consolidate and integrate data from disparate sources so analytical models can take an enterprise-wide approach to anomalous activity detection.
  2. Employ network mapping and analysis – Explore fraudsters’ networks, affinities and relationships, as well as others committing similar illicit acts.
  3. Leverage both supervised and unsupervised modeling – Supervised modeling employs algorithms to sift through data, applying historical fraud patterns and digital fingerprints of fraudsters to new data and scoring the level of risk involved in new events based on historical data. Unsupervised modeling uses algorithms to sift through data independent of patterns relating to known historical cases, looking for new events following unprecedented patterns.
  4. Use natural language processing (NLP) – Sift through unstructured data, including emails, messaging, audio and video files to unearth unexpected nuance to communication or connections otherwise unclear in structured, text-only data. For example, the ability of NLP to analyze word choice, tone and possible stress levels expressed in a voicemail can sometimes offer more insight during investigations than text on page alone could offer.
  5. Training and self-learning – Train analytics to learn from a variety of data sources, such as risk issues the organization has confronted in the past. The corresponding models can adapt over time to future risks.
  6. Back testing – Scientifically test forensic analytics performance to evaluate its continued use. Backtesting can help establish confidence that pattern recognition models and algorithms work well and are effective in finding suspicious patterns of interest.
  7. Iterative approach – Iteratively develop, adapt and scale forensic analytics models so they respond to new and evolving fraud patterns. At the same time, develop a broader view of the risks an enterprise may face. This approach enables an organization to build the forensic analytics platform in stages — one step at a time with input and validation from the business stakeholders — while still staying a step ahead of bad actors.
  8. Feedback and continuous improvement – Incorporate feedback from results of each investigation, from the continually growing body of forensic accounting and investigation knowledge and insight and from the input of stakeholders across the enterprise in an effort to continuously improve forensic analytics solution effectiveness.

While building an effective fraud monitoring system with as few false positives as possible may feel daunting, it doesn’t have to be. You also don’t have to have perfect data to get started. Assess where relevant data resides, discern what infrastructure and tools are available to execute continuous monitoring, then define and prioritize your approach and begin. As with most things, forensic analytics — and false positives within — can be honed through iterations over time.  Improving asset safeguarding, increasing competitiveness, reducing costs and strengthening compliance are worth getting forensic analytics right.

Create your Terms and Conditions agreement

Satish Lalchand

Satish Lalchand is a Deloitte Risk and Financial Advisory principal in forensic analytics, Deloitte Transactions and Business Analytics LLP.  A certified fraud examiner (CFE), he specializes in anomaly detection and data analytics, business rules development and predictive modeling. Lalchand has in-depth knowledge of fraud rules and model creation for prevention, detection and investigation with a broad range of experience in managing and leading engagements in these areas. He can be reached at

Related Post