ACL recently released an article highlighting the top fraud risks for 2014. Highlighted in the list were:
Throughout the discussion and guidance related to each a common theme emerged. To address these frauds you must be able to identify unusual trends in activity. In fact, this holds true to when it comes to addressing most any fraud risk in an organization. The challenge I see most organizations struggle with is defining “unusual”.
Merriam-Webster defines unusual as “not normal; different or strange in a way that attracts attention; not commonly seen”. Therefore, the key to determining what is unusual is being able to define normal.
Let’s take purchasing cards, another risk many organizations are focused on, as an example. Many organizations have a policy regarding acceptable use, as well as improper use. For example, normal purchasing card activity may look something like this:
Based on this definition of normal, we can design tests to find the unusual activity within our purchasing card details. Simply put, unusual transactions are those that do not conform to the set of rules defined above.
You can take the same approach to address each of the risks mentioned in the article above, as well as other risks in your organization. If you have a policy regarding a specific business process, that is a great place to start in defining normal. Once you have done this, you are well on your way to identifying the unusual transactions and activity.
(Source: ACL Blog)