Preventing Employee Fraud with Data Analytics

This article was republished with permission from Tom Fox’s FCPA Compliance and Ethics Blog.

I continue my exploration of the use of data analytics in a best practices compliance program. Today we look at how data analytics can be used to help detect or prevent bribery and corruption where the primary sales force used by a company are its own employees. Several significant corruption actions in China, involving both the Foreign Corrupt Practices Act (FCPA) and Chinese domestic law, involved China-based employees defrauding their company by using false expense reports to create a slush fund to pay bribes. Here you can think back to the Eli Lilly FCPA enforcement action from 2012 up to the 2014 GlaxoSmithKline Plc problems as examples of employees using their expense accounts not for personal use, but for greater corporate malfeasance.

I asked Joe Oringel, Co-Founder and Co-Principal of Visual Risk IQ, how data analysis might help a Chief Compliance Officer (CCO) or compliance practitioner detect and move toward preventing such conduct in the future. Oringel related case studies from his organization in which they used data analysis to review employee expense reports and how that experience can be used to formulate the same type of data analysis for a CCO or compliance practitioner.

As discussed earlier in this series, Visual Risk IQ recommends by beginning with brainstorming. This step includes understanding an organization’s procurement and travel and expense policies and then asking questions about how those policies can be circumvented. One common technique that takes place is to split larger purchases across multiple smaller transactions, so their organization has designed their data analytics queries to detect such split transactions.

In the example we discussed, Visual Risk IQ’s client uses procurement cards (P-cards) for certain low-dollar-value expenses. The company has a procurement card limit for most employees in their organization: $3,000 for a single transaction and $10,000 in aggregate spend for a single month. The company wanted to identify any use of P-cards for larger-dollar transactions that may have required capitalization as fixed assets, in addition to identifying inappropriate or personal purchases. Through the use of data analytics, Oringel shared how his team identified the purchase of a $9,500 computer system the employee had split into multiple invoices across multiple days using one invoice per day from the same computer vendor. The transactions looked like these listed below:

In total, the five transactions easily circumvented the organization’s $3,000 single transaction limit and their capital expense limit as well. The single computer system purchase was with the same merchant, but split across multiple days and invoices. Clearly this series of transactions was a problem.

Oringel contrasted the above example with a similar issue they identified related to split transactions. The organization had an employee who was responsible for maintaining and scheduling a fleet of over 100 vehicles. One of the responsibilities was paying various bills related to the vehicles, including fees from the State Department of Motor Vehicles and taxes billed individually per car. Visual Risk IQ wrote queries similar to those that identified the inappropriate computer system purchases to identify this employee as one who routinely exceeded the P-card’s single transaction limit with the same vendor when multiple transactions in a month were evaluated together.

Their split limit query identified that this employee often completed multiple transactions with the same vendor, the State Department of Motor Vehicles, on the same day. However the “aha!” moment was quite different than the employee splitting transactions to purchase items above her limit in violation of the company policy. Here, Visual Risk IQ’s data analysis demonstrated that those transactions were not fraudulent, improper or inappropriate; rather, the employee’s spending limit needed to be raised because the card was being used as intended, and this employee had more spending responsibilities than most others in the organization. There were benefits to paying the tax bill via P-card, but the organization had set her spending limit before vehicles were managed centrally, so with the larger fleet and central management of vehicles, the organization needed to raise her spending limit specifically for that vendor. For other transactions, she would have the same transaction limits as other employees, but because her responsibilities involved registering so many vehicles, Visual Risk IQ recommended that the root cause be remediated by changing some of the controls in place.

Another area that Oringel and Visual Risk IQ have focused on is travel and entertainment (T&E). Oringel advocates using analytics to identify out-of-policy expense reports and out-of-compliance expenses. This is achieved by using similar logic, as noted above, for accounts payable and when used on employee expense accounts. Oringel said this is often called “double dipping,” meaning an expense is recorded once on a T&E report and then a second time on another expense report or a P-card charge or other type of expense. These are examples that can be uncovered with data analytics.  From there, you can move to determine if they might be an intentional, as opposed to an unintentional, mistake.

In the case of double dipping, Oringel said a key is to look for the same airfare or hotel or meals, perhaps being reported on multiple employees’ T&E expense reports. He gave the following example, “An employee takes another employee out for a business meal; they pay for the meal on one expense report while, at the same time, the co-worker records the meal, same day, same city, and claims that employee as one of their attendees. We find these sorts of situations with our analytics, and these are clear examples of suspicious transactions that ought to be discussed with both employees.”

Other examples of double dipping include duplicate transactions between meals and per diem allowances or mileage and company vehicles or rental cars. Oringel noted those are all things that can be identified with data analytics that are very difficult for an individual approver to see on a single expense report. He cautioned that it is not that the approver is not doing a good or prudent job, “but typically, when you’re tasked with approving an employee’s expense report, what we have is just their single report in front of us. It’s difficult to recall who would have submitted a report one or two months ago, and it’s very possible that somebody submitted an airplane ticket when the ticket was purchased, and then six weeks later when they took the trip, that air expense could be reported a second time.”

Oringel said the same issue could arise with P-card purchases if you have an approver considering a single $2,500 purchase who approves that purchase on Monday and then again on Friday. Had those two transactions been on the same day, in excess of the employee’s spending limit, the approver might not have approved both of them, but because they were submitted on different dates, it may well appear to the approver that they were two separate transactions. With data analytics, Oringel and Visual Risk IQ is able to aggregate those multiple trip or P-card reports into a single screen or report to help a reviewer or an approver determine whether the transactions meet employees’ policies, both individually and in the aggregate.

Joe Oringel is a Managing Director at Visual Risk IQ, a risk advisory firm established in 2006 to help audit and compliance professionals see and understand their data. The firm has completed more than 100 successful data analytics and transaction monitoring engagements for clients across many industries, including energy, higher education, health care and financial services, most often with a focus on compliance.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business advice, legal advice or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author gives his permission to link, post, distribute or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.