Over the last six months, I have traveled the world talking about fraud data analytics. I want to thank everyone who has participated in the sessions. I also want to thank the hundreds of individuals who have signed up to receive our monthly blog newsletter.
As I write this, I am sitting in my office reflecting on our discussions. I have been thinking about the questions and comments that have come from you. This month’s blog is a byproduct of you, you the reader and everyone who has listened to my presentations.
This month, I want to take our discussions to a deeper level. We have discussed shell companies, vendor over billing, and ghost employees. So, for my avid readers, here is the million-dollar fraud data analytic question:
What is the difference between a ghost employee and a shell company fraud scheme?
I hope you are thinking about the question, because it is an important question from a fraud data analytics perspective. Before I answer it, however, let’s consider what the two schemes have in common:
- Both a shell company and a ghost employee have fields for name, street address, city, state, country, telephone number, government registration number, email, etc.
- Both a ghost employee and a shell company also have a bank account number. Why? Because with both schemes there is a disbursement of company funds. Whether you call it a payroll check or a vendor payment, money is being sent by the company to someone.
From a fraud scheme perspective, someone has created ghosts or created shell companies, assumed ghost employees or assumed shell companies, hidden ghost employees or hidden shell companies. They may be long-term, or they could be temporary. The fraud data analytics is the same – it’s about detecting the matching, missing, duplication of or change of data.
Yes, the transaction data is different in terms of terminology. In payroll, the transaction data is a payroll register, whereas, the vendor has a purchase order file, invoice file and a payment file. The internal controls sound different -- a new vendor procedure form rather than a payroll action form. (It goes by many different names). But, upon closer examination, both controls have the same fundamental purpose: Ensure that only an authorized vendor or an authorized person is added to the vendor master or the Human Resources data base.
While the terminology may be different, the methodology for building the fraud data analytics plan is exactly the same. The end goal is also exactly the same – identify the fraud data profile. What is the fraud data profile of a shell company? What is the fraud data profile of a ghost employee? Whether we’re looking for shell companies or ghost employees, we will perform the following tests: a missing data test; an anomaly test on a specific data field, a matching test on specific data fields, or a duplicate test in the same database.
So, what is difference between a shell company and a ghost employee? The correct answer: not much.
I want you to realize that data is data. Fraud data analysis is fraud data analysis. Once you realize this, you will learn that you can build a fraud data analytics plan for every fraud scheme facing your audit universe. So, the moral of the story is to start each fraud data analytics project with what each scheme has in common and then determine the uniqueness of the project or the scheme.