No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights

Preventing Employee Fraud with Data Analytics

by Thomas Fox
February 1, 2016
in Uncategorized
Preventing Employee Fraud with Data Analytics

This article was republished with permission from Tom Fox’s FCPA Compliance and Ethics Blog.

I continue my exploration of the use of data analytics in a best practices compliance program. Today we look at how data analytics can be used to help detect or prevent bribery and corruption where the primary sales force used by a company are its own employees. Several significant corruption actions in China, involving both the Foreign Corrupt Practices Act (FCPA) and Chinese domestic law, involved China-based employees defrauding their company by using false expense reports to create a slush fund to pay bribes. Here you can think back to the Eli Lilly FCPA enforcement action from 2012 up to the 2014 GlaxoSmithKline Plc problems as examples of employees using their expense accounts not for personal use, but for greater corporate malfeasance.

I asked Joe Oringel, Co-Founder and Co-Principal of Visual Risk IQ, how data analysis might help a Chief Compliance Officer (CCO) or compliance practitioner detect and move toward preventing such conduct in the future. Oringel related case studies from his organization in which they used data analysis to review employee expense reports and how that experience can be used to formulate the same type of data analysis for a CCO or compliance practitioner.

As discussed earlier in this series, Visual Risk IQ recommends by beginning with brainstorming. This step includes understanding an organization’s procurement and travel and expense policies and then asking questions about how those policies can be circumvented. One common technique that takes place is to split larger purchases across multiple smaller transactions, so their organization has designed their data analytics queries to detect such split transactions.

In the example we discussed, Visual Risk IQ’s client uses procurement cards (P-cards) for certain low-dollar-value expenses. The company has a procurement card limit for most employees in their organization: $3,000 for a single transaction and $10,000 in aggregate spend for a single month. The company wanted to identify any use of P-cards for larger-dollar transactions that may have required capitalization as fixed assets, in addition to identifying inappropriate or personal purchases. Through the use of data analytics, Oringel shared how his team identified the purchase of a $9,500 computer system the employee had split into multiple invoices across multiple days using one invoice per day from the same computer vendor. The transactions looked like these listed below:

Date Purchase Vendor Amount
Monday Computer XYZ Computers $2,800
Tuesday Monitor XYZ Computers $2,400
Wednesday Printer XYZ Computers $1,800
Thursday Software XYZ Computers $1,500
Friday XYZ Computers $1,000
Total $9,500

In total, the five transactions easily circumvented the organization’s $3,000 single transaction limit and their capital expense limit as well. The single computer system purchase was with the same merchant, but split across multiple days and invoices. Clearly this series of transactions was a problem.

Oringel contrasted the above example with a similar issue they identified related to split transactions. The organization had an employee who was responsible for maintaining and scheduling a fleet of over 100 vehicles. One of the responsibilities was paying various bills related to the vehicles, including fees from the State Department of Motor Vehicles and taxes billed individually per car. Visual Risk IQ wrote queries similar to those that identified the inappropriate computer system purchases to identify this employee as one who routinely exceeded the P-card’s single transaction limit with the same vendor when multiple transactions in a month were evaluated together.

Their split limit query identified that this employee often completed multiple transactions with the same vendor, the State Department of Motor Vehicles, on the same day. However the “aha!” moment was quite different than the employee splitting transactions to purchase items above her limit in violation of the company policy. Here, Visual Risk IQ’s data analysis demonstrated that those transactions were not fraudulent, improper or inappropriate; rather, the employee’s spending limit needed to be raised because the card was being used as intended, and this employee had more spending responsibilities than most others in the organization. There were benefits to paying the tax bill via P-card, but the organization had set her spending limit before vehicles were managed centrally, so with the larger fleet and central management of vehicles, the organization needed to raise her spending limit specifically for that vendor. For other transactions, she would have the same transaction limits as other employees, but because her responsibilities involved registering so many vehicles, Visual Risk IQ recommended that the root cause be remediated by changing some of the controls in place.

Another area that Oringel and Visual Risk IQ have focused on is travel and entertainment (T&E). Oringel advocates using analytics to identify out-of-policy expense reports and out-of-compliance expenses. This is achieved by using similar logic, as noted above, for accounts payable and when used on employee expense accounts. Oringel said this is often called “double dipping,” meaning an expense is recorded once on a T&E report and then a second time on another expense report or a P-card charge or other type of expense. These are examples that can be uncovered with data analytics.  From there, you can move to determine if they might be an intentional, as opposed to an unintentional, mistake.

In the case of double dipping, Oringel said a key is to look for the same airfare or hotel or meals, perhaps being reported on multiple employees’ T&E expense reports. He gave the following example, “An employee takes another employee out for a business meal; they pay for the meal on one expense report while, at the same time, the co-worker records the meal, same day, same city, and claims that employee as one of their attendees. We find these sorts of situations with our analytics, and these are clear examples of suspicious transactions that ought to be discussed with both employees.”

Other examples of double dipping include duplicate transactions between meals and per diem allowances or mileage and company vehicles or rental cars. Oringel noted those are all things that can be identified with data analytics that are very difficult for an individual approver to see on a single expense report. He cautioned that it is not that the approver is not doing a good or prudent job, “but typically, when you’re tasked with approving an employee’s expense report, what we have is just their single report in front of us. It’s difficult to recall who would have submitted a report one or two months ago, and it’s very possible that somebody submitted an airplane ticket when the ticket was purchased, and then six weeks later when they took the trip, that air expense could be reported a second time.”

Oringel said the same issue could arise with P-card purchases if you have an approver considering a single $2,500 purchase who approves that purchase on Monday and then again on Friday. Had those two transactions been on the same day, in excess of the employee’s spending limit, the approver might not have approved both of them, but because they were submitted on different dates, it may well appear to the approver that they were two separate transactions. With data analytics, Oringel and Visual Risk IQ is able to aggregate those multiple trip or P-card reports into a single screen or report to help a reviewer or an approver determine whether the transactions meet employees’ policies, both individually and in the aggregate.

Joe Oringel is a Managing Director at Visual Risk IQ, a risk advisory firm established in 2006 to help audit and compliance professionals see and understand their data. The firm has completed more than 100 successful data analytics and transaction monitoring engagements for clients across many industries, including energy, higher education, health care and financial services, most often with a focus on compliance.

Joe has more than 25 years of experience in internal auditing, fraud detection and forensics, including 10 years of Big Four assurance and risk advisory services. His corporate roles included information security, compliance and internal auditing responsibilities in highly regulated industries such as energy, pharmaceuticals and financial services. He has a B.S. in Accounting from Louisiana State University and an MBA from the Wharton School at the University of Pennsylvania.  Joe Oringel can be reached at joe.oringel@visualriskiq.com.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business advice, legal advice or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author gives his permission to link, post, distribute or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.


Previous Post

A Compliance, AML and CFT Snapshot

Next Post

Asymmetry: A Revised Mental Model for Enterprise Risk

Thomas Fox

Thomas Fox

Thomas Fox has practiced law in Houston for 25 years. He is now assisting companies with FCPA compliance, risk management and international transactions. He was most recently the General Counsel at Drilling Controls, Inc., a worldwide oilfield manufacturing and service company. He was previously Division Counsel with Halliburton Energy Services, Inc. where he supported Halliburton’s software division and its downhole division, which included the logging, directional drilling and drill bit business units. Tom attended undergraduate school at the University of Texas, graduate school at Michigan State University and law school at the University of Michigan. Tom writes and speaks nationally and internationally on a wide variety of topics, ranging from FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets. Thomas Fox can be contacted via email at tfox@tfoxlaw.com or through his website www.tfoxlaw.com. Follow this link to see all of his articles.

Related Posts

encompass update

Encompass Launches pKYC Maturity Model

by Corporate Compliance Insights
March 22, 2023

KYC automation platform Encompass has unveiled a new perpetual Know Your Customer (pKYC) maturity model designed to help banks improve...

consilio onna partnership

Consilio, Onna Seek to Streamline eDiscovery for Cloud Apps

by Corporate Compliance Insights
March 22, 2023

Legal technology provider Consilio has launched a new platform, Sightline Collect, powered by data management supplier Onna. The platform is...

corlytics solidatus partnership

Corlytics, Solidatus Join Forces

by Corporate Compliance Insights
March 22, 2023

Data management provider Solidatus and regulatory risk intelligence supplier Corlytics recently announced a partnership that is expected to give both...

castle pixel art

Building a Defense-in-Depth Culture to Combat Phishing

by Perry Carpenter
March 22, 2023

Phishing attempts are only growing more sophisticated by the day, and effective cybersecurity means defending all the vectors of attack,...

Next Post
Asymmetry: A Revised Mental Model for Enterprise Risk

Asymmetry: A Revised Mental Model for Enterprise Risk

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT