Internal audit departments are not often thought of as consumers of high impact analytics. But our recent experience suggests otherwise. Many are working on improving their procurement integrity and in these scenarios they want to detect — and stop — fraud, loss, abuse or waste in procurement. They also want to understand the sources of these problems, and why they are happening, as well as identify any gaps. They know that analytics can help, and are looking at solving their problems in interesting ways.
Although these companies are in a wide range of sectors, it is surprising how often the same questions crop up about both procurement integrity, and how analytics can help. I thought they could help others in the same role, or trying to tackle similar problems.
1. What are the main ways in which procurement integrity is disrupted or breaks down?
There are a number of problems that can lead to breakdowns in procurement integrity. They include both errors and deliberate fraud. Errors can be user-related, in system set-up, and in data integration. Fraud may be the result of supplier or employee action. Other issues that can also cause problems include poor quality data, latencies in processes, and configurations that are not well-adapted to change. An example might be where an employee leaves a company, but their ID and single-sign-on password remain valid for a period. That employee might not use the ID and password, but someone else may get hold of them, and be able to use them for personal gain.
2. Why can’t I just use a spreadsheet to manage procurement integrity?
Many procurement and internal audit departments have been using spreadsheets for years, partly because the technology is relatively simple and easy to use. The problem now is that there is just so much data: millions, if not billions, of individual invoices, payments, suppliers, vendors and contracts. You simply cannot deal with this much information in a spreadsheet.
Companies have got round this so far by using ‘sample data’, and finding out about fraud via tip-offs, internal audits, or reporting of suspicions. But just as the level of complexity of data has increased, so has the level of complexity of fraud. Investigators need higher-quality tools to support their investigations. Instead of simply having ‘sample data’, it is much better to have access to all data, and tools that can examine it rapidly and in detail.
3. What sort of tools are available, and how do they differ from ‘business rules’?
Internal audit departments often have their own “business rules” that they apply to data to identify the suspicious cases. These are extremely useful, but there are also analytical techniques that go further. These can capture issues that no human could see, because of the vast amount of data or having to bring together data from several sources. They include anomaly detection, analytical modelling, machine learning algorithms, and social network analysis technique—advanced analytics, in other words.
4. Can these analytical techniques be used on any data?
In principle, this type of analytical techniques can be used on most types of data, but the data do need to be reasonable quality. Generally, it is best to use them on ‘managed’ data, that is, data which has been checked for completeness, accuracy and consistency. For example, it is helpful if all duplication of data about suppliers, vendors and employees has been removed, and also that you can be confident that everything has been correctly categorized. Otherwise, you may start to see some very strange patterns, and will waste investigation time on classification errors.
5. How do these techniques work? Can you give an example?
Social Network Analysis is a good example. It detects organized abuse by going beyond transaction and account views to analyse all related activities and relationships at the network dimension. This means that it can help internal auditors to identify linkages among apparently unrelated procurement purchase orders or payment requests.
6. What would we need to run this type of analytics-based procurement integrity system?
A procurement integrity system needs a platform where data is managed properly and analytical techniques can be applied to investigate patterns in complex procurement networks, and find fraud, loss, abuse or waste. It also needs capacity to provide visualisations of the results. This type of platform means you can create risk scores by applying multiple rules and models, which will give a high detection rate but also reduce false positives and avoid wasting investigation time. Finally, it needs to be integrated with the operational system, to detect and stop rogue transactions in or near real-time without putting a huge burden on the system.