Seven Steps to Creating a Data-Analysis Program to Prevent Fraud - Slide 3

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
Next It's in the Data-3 Next

It's in the Data

If you are serious about a fraud prevention and detection program, you are testing 100% of the data, not just random samples. Use ad hoc testing in addition to more formalized or regular tests. Automate testing to enable:

  • Continuous assessment of problem areas
  • Scheduled monitoring of other risk areas
  • Increased efficiencies within audit

A purpose-built data analytics tool will allow you to access and analyze data from any source internal or external, without compromising data security.
Find out where controls are not working or ineffective. Look for controls that cannot be governed by application control settings. Once you've run some tests, standardize them so they can be used by others and to reduce the impact of staff turnover. What you're doing is creating a repository of analytics that can be used over and over again.

If anyone was looking for an example of the benefits that continuous controls can bring to an enterprise, the state of the U.S. economy and the fall of some of the largest, most admired financial institutions in the last couple of years provide more than enough data. And instituting a continuous controls process focusing on risks related to fraud is likely now in the plan for many companies this year.

Check out this seven-step outline, provided by Dustin Lewis, CISA, a senior technical consultant with ACL Services, Ltd. for building an analytics-based program that will allow you to focus on risks that have the greatest chance of reducing shareholder value. For example:

  • Extended supply chain re: safety, quality, reliability of suppliers and processes
  • Is there a process to receive and act on regulatory comments or findings?
  • Are pricing strategies consistent with regulations and free from collusion?
  • Can you detect and avoid discrimination with customers, suppliers and employees?

Plus, by focusing on reducing the risk to shareholders, you make management happy, and this can result in a more robust, long-term fraud program.

Also be sure to read Lora Bentley's interview with Peter Millar, director of technology application at ACL Services Ltd., for insights on how to interpret the emotional reaction that discoveries of fraud can create, as opposed to the casual interest many companies take in the situation.


Related Topics : Botnets, Firewall, Intrusion-Detection Systems, Intrusion-Prevention Systems, Peer-to-Peer

More Slideshows

Misc31-190x128 Are Your Firewalls Ready for Summer?

If you want to spend more time this summer paying attention to the barbeque than your firewalls -- then it's time to get your firewalls in shape. ...  More >>

Five Tips for Defending Against a DDoS Attack

There are many things that can be done with existing network infrastructure to protect against network-layer attacks. ...  More >>

Nine Document Security Tips Nine Tips to Keep Your Electronic Documents Secure

Tips to help ensure that your electronic document repository is 100 percent secure. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.