ICPAK FORENSIC AUDIT SEMINAR - Technology as a driver for fraud detection and investigation

Page created by Jeremy French
 
CONTINUE READING
ICPAK FORENSIC AUDIT SEMINAR - Technology as a driver for fraud detection and investigation
www.pwc.com

                   Technology as a driver for
                   fraud detection and
                   investigation

                   ICPAK FORENSIC AUDIT
October 2017
                   SEMINAR
Strictl rivate
and Confidential
9October 2017
ICPAK FORENSIC AUDIT SEMINAR - Technology as a driver for fraud detection and investigation
The ICT and fraud convergence

Technology as a driver for fraud detection and
investigation
                                                 Confidential Information for the sole benefit and use of PwC’s Client.   9October 2017
PwC                                              October 2017                                                                         2
ICPAK FORENSIC AUDIT SEMINAR - Technology as a driver for fraud detection and investigation
1 Insert Banner

Definitions and context

1.      Fraud is deception intended to result in financial or personal gain
2.      Computers & the internet are the two key distinct components of ICT
3. Cybercrime is economic crime using a computer and the internet as the primary
 tool to commit fraud.
4.      Traditional frauds schemes have been enhanced by computers & the

Technology as a driver for fraud detection and
investigation
                                                 Confidential Information for the sole benefit and use of PwC’s Client.   9October 2017
PwC                                              October 2017                                                                         3
ICPAK FORENSIC AUDIT SEMINAR - Technology as a driver for fraud detection and investigation
1 Insert Banner

Key
Statistics
and Trends

Technology as a driver for fraud detection and
investigation
                                                 Confidential Information for the sole benefit and use of PwC’s Client.   9October 2017
PwC                                              October 2017                                                                         4
ICPAK FORENSIC AUDIT SEMINAR - Technology as a driver for fraud detection and investigation
2 Insert Banner

Key statistics and trends

Technology as a driver for fraud detection and
investigation
                                                 Confidential Information for the sole benefit and use of PwC’s Client.   9October 2017
PwC                                              October 2017                                                                         5
ICPAK FORENSIC AUDIT SEMINAR - Technology as a driver for fraud detection and investigation
3 Insert Banner

60 seconds online

                                                                                • Minicomputer & Mainframe Files
                                                                                • Web Servers
                                                                                • Application Service Providers
                                                                                • E-mail Systems
                                                                                • Smart phones
                                                                                • Laptop Computers
                                                                                • Personal (Home) Computers
                                                                                • Flash disks
                                                                                • Optical Media & Tape Backups
                                                                                • Cloud Storage

Technology as a driver for fraud detection and
investigation
                                                 Confidential Information for the sole benefit and use of PwC’s Client.   9October 2017
PwC                                              October 2017                                                                         6
ICPAK FORENSIC AUDIT SEMINAR - Technology as a driver for fraud detection and investigation
Key Stats Kenya

Population              Population under 24
50.03 M                 27.6M (60.22%)

Internet Penetration     Annual Growth
40.5 M (91.77%)          New users(60.6%)
(2016 - 39.6M)
Mobile Phone Penetration Landline Phones
44.13 M (88.2%)          0.2%

                                       Sources: cck.go.ke
                                       UN statistics
                                       dalberg .com
                                       cia.gov
PwC
ICPAK FORENSIC AUDIT SEMINAR - Technology as a driver for fraud detection and investigation
3 Insert Banner

Digital Financial Inclusion
More Kenyans have had better access to financial services since the
introduction of mobile money

Technology as a driver for fraud detection and                                                                     Source: World Bank estimates in 2010
investigation
                                                 Confidential Information for the sole benefit and use of PwC’s Client.              9October 2017
PwC                                              October 2017                                                                                    8
ICPAK FORENSIC AUDIT SEMINAR - Technology as a driver for fraud detection and investigation
Section 3 – Insert Banner

E-Commerce in Kenya                                                                         Obstacles to buying products online

                                                                                               Lack of                                  Cost
   o      77% of internet enabled mobile phone                                                 Security
          users in Kenya buy products online
                                                                                                                                   10.2%
   o      Favourite eCommerce sites include: OLX,
          Rupu, Cellulant, Amazon, eBay, Google,                                                     34.0%
          Waptrick and your DMAs.

   o      Automated trading systems since 2009                                                                                                 30.9%
          with online feeds and interfaces.

   o      Makiba – proposed mobile platform to sell
                                                                                                             6.4%
          government bonds.
                                                                                                                                                    Delivery
                                                                                                Lack of                     18.6%                   Time
   o      The greatest obstacle for buying goods                                                Options
          online is lack of security
                                                                                                                         Internet
                                                                                                                         Connection

Technology as a driver for fraud detection and investigation
• ICPAK FORENSIC AUDIT SEMINAR                                 Confidential Information for the sole benefit and use of PwC’s Client.          9October 2017
PwC                                                            October 2017                                                                                9
ICPAK FORENSIC AUDIT SEMINAR - Technology as a driver for fraud detection and investigation
3 Insert Banner

Statistics on cyber crime and its impact

    •     Kenya lost Sh 15 Bn through cyber crime according to 2015 Cyber security report

    •     Public sector lost more that Sh 5 Bn followed by the financial services at Sh 4 Bn ;

    •     Top attacks came from overseas – US, China etc.

    •     Kenya has a strong business environment and education system but weaker physical
          infrastructure;

    •     Introduction of cyber security in the Information and Communications Bill 2013; and

    •     More than 80% of SME’s expect that the internet will help them grow their business
          and 70% of those expect to hire new employees as a result.

Technology as a driver for fraud detection and
investigation
                                                 Confidential Information for the sole benefit and use of PwC’s Client.   9October 2017
PwC                                              October 2017                                                                        10
3 Insert Banner

Global economic impact of cybercrime in context

 Drug
 Trafficking                 USD$ 600B

 Cybercrime
                             USD$ 300B – 1T

 Piracy                      USD$ 1B- 16B

Technology as a driver for fraud detection and
investigation
                                                 Confidential Information for the sole benefit and use of PwC’s Client.   9October 2017
PwC                                              October 2017                                                                        11
3 Insert Banner

Cybercrime facts for Kenyan organizations; GECs 2016

                                                               33%                                            61%
                                                               reported having                                reported rapid
                                                               been affected                                  increase in perception
                                                               cybercrime.                                    of cybercrime.

                                                                                 46%.
                                                                                 Said threat coming from
                                                                                 both internal and external
                                                                                 sources

                                                            *69%                                              *18%
                                                            Saw IT Department                                 Saw HR Department
                                                            as high risk                                      as low risk

 * Relatesas
Technology    toa2011
                 driver survey
                        for fraud detection and
investigation
                                                  Confidential Information for the sole benefit and use of PwC’s Client.   9October 2017
PwC                                               October 2017                                                                        12
4 Fraud risks posed by ICT

Fraud risks
posed by ICT

Technology as a driver for fraud detection and
investigation
                                                 Confidential Information for the sole benefit and use of PwC’s Client.   9October 2017
PwC                                              October 2017                                                                        13
4 Fraud risks posed by ICT

Offers tremendous appeal to fraudsters

                                                 Same reward but fewer risks

 Not physically present – less likely to be caught or “hurt” during the crime. Also less likely to
 commit “ancillary” crimes like injuring other people or destroying property

 Less chance that law enforcement can identify the perpetrator or establish where they were when
 the crime was committed – 79% of Kenya respondents lack confidence in law enforcement

 Perpetrators often in different jurisdiction – more difficult to identify, arrest and prosecute using
 traditional means

                                                      FRAUD
 Current laws are not mature enough to prosecute cybercriminals with sufficient impact.
 Technological advancements are high-paced and therefore developments in cybercrimes too.
 Organisations and governments will constantly need to keep updating their responses.

 Preventative controls are much harder to implement for cybercrime than for instance asset
 misappropriation
Technology as a driver for fraud detection and
investigation
                                                 Confidential Information for the sole benefit and use of PwC’s Client.   9October 2017
PwC                                              October 2017                                                                        14
4 Fraud risks posed by ICT

Key risks posed by ICT include…

Function of the computer &
internet in crime:
• As an object – target of crime                                  Data                       Unauthorised                 Internet
where contents are destroyed                                      destruction                access                       consumer
                                                                  & sabotage                                              fraud
• As a subject – provide
environment to commit crime
• As a tool – means of                                                                                                    Securities
                                                                  Identity                   Disclosure of
committing crime                                                  theft                      confidential
                                                                                                                          fraud
                                                                                             information
• As a symbol – offers
credibility that is often used to
deceive victims
                                                                  Loss of                      Insider                    Enhances
                                                                  customer                     threat                     conventional
                                                                  confidence                                              fraud
Technology as a driver for fraud detection and
investigation
                                                 Confidential Information for the sole benefit and use of PwC’s Client.        9October 2017
PwC                                              October 2017                                                                             15
4 Fraud risks posed by ICT

Cybercrime has hit and remained in the headlines

Technology as a driver for fraud detection and
investigation
                                                 Confidential Information for the sole benefit and use of PwC’s Client.   9October 2017
PwC                                              October 2017                                                                        16
5 Role of technology in preventing and detecting fraud

Role of
technology in
preventing and
detecting fraud

Technology as a driver for fraud detection and
investigation
                                                         Confidential Information for the sole benefit and use of PwC’s Client.   9October 2017
PwC                                                      October 2017                                                                        17
Although difficult to examine, reducing computer fraud into
its basic elements often leads to successful determination

                1. Lacks traditional paper trail              Identify culprits
                                                              Methods of
                2. Require understanding of technology
 Difficulties

                                                              manipulation
                   used to commit fraud
                                                              Means of diversion
                3. Require understanding of technology on     or conversion of
                   the victim computer                        funds
                4. Often requires use of one or more
                   specialist to assist the fraud examiner

                           +                 +                =
elements
Basic

                  Inputs        Manipulation        Outputs
Preventing Fraud:                                                 Governance

The three lines of defence

    What to do
    then?                                                        Behavioral          Deep
                                                                  analytics        learning

    3 lines of defence   Awareness                   Data
                                                                                               Forensic
                         initiatives              visualisati-                                               Compliance
    – Governance,                                     ons
                                                                                                tools
                                                                                                              solutions
                                                                              Detection
    Oversight &
    Operations                                Automated
                                               controls                                           Investigation
                                                                                                      cells
    They only be                                                    Prevention

    strengthened by             Cyber crime                                                    Flexible
                                 response         Real time
    technology and                strategy        screening
                                                                                              audit plans

    not replaced by
                                                                  Bench            Internal
    it.                                                          marking           controls

                                                                                                            Understand
                                                                          Regular                            the threat
                                                                          security
                                                                        assessment
Preventing Fraud:
Do organisations conduct risk assessments?

 30%                                   26%
 of Kenya respondents                  of Kenya respondents
 have an incident                      say Board members
 response plan                         quarterly review
                                       organisations ability
                                       to deal with cyber
These results are of concern given     incidents
the rate at which cybercrime is
increasing, organisations do not     Disappointing results in terms of
realise that they are a target of    how often Board members within
cybercrime until long after the      organisations in Kenya and Africa
damage is done.                      request information regarding the
                                     organisations’ state of readiness to
                                     deal with cyber incidents.
Preventing Fraud:
Key questions to ponder over
1.Do you really show the right tone at the top in dealing
with cyber crime?

2. Does your organisation have an anti fraud policy /
strategy including regular training?

3. How do you deal with fraud allegations? How do you
deal with fraudsters when you uncover wrongdoing?
4.Is your organisation head truly “cyber savvy” and is
your organisation able to detect and investigate
cybercrime?

5.Does your organisation undertake regular cyber
security assessment?
Detecting fraud using technology

                          Strategy

                          Identify

                    Capture & Process

                  Profile & Cull & Process

                      Search & Review
Detecting Fraud:
Digital Evidence Recovery

The key priorities
 Acquire
 • Search and seize; and
 • Secure the evidence
 Process and preserve
 • Recover deleted items;
 • Avoid any tampering; and
 • Admissible legally
 Present
 • Simplify the evidence; and
 • Beware of inherent weaknesses in the bank’s internal controls.
Digital Evidence Recovery: Four important points to
remember
Digital Evidence Recovery: Four important points to
remember
Detecting Fraud: Data Analytics

WHY DATA ANALYTICS ?

The primary reason to use data analytics to tackle fraud is because a lot of internal control
systems have serious control weaknesses. In order to effectively test and monitor internal
controls, organizations need to look at every transaction that takes place and test them against
established parameters, across applications, across systems, from dissimilar applications and data
sources.

Most internal control systems simply cannot handle this. On top of that, as we implement internal
systems, some controls are never even turned on.

ounce of prevention = pound of cure
Detecting Fraud: Data Analytics

In the past you’d have to hit the lottery to find something big.

With the volume of transactions flowing through organizations today, the velocity of business has
increased tremendously because scrutiny of individual transactions is incredibly difficult to
provide. This lack of scrutiny over individual transactions opens up the gate for people to abuse
systems, perpetrate fraud, and materially impact financial results

      “investigate transactions and
      see if there’s anything to indicate
      fraud or opportunities for fraud
      to be perpetrated”
Detecting Fraud: Proactive Data Analytics

  An example is you’re looking at productions logs and you notice a spike in
  Hour 4. What questions do you ask?

                                              Investigate?

Ignore?
Detecting Fraud: Sample results of relationship
mapping

                                              Subject employee

                                              Employees from
                                              Shoddy Plumbing
                                              Outsiders

    Investigate?
Detecting Fraud

Do I need to investigate further ???
Detecting Fraud: Analytical Techniques

Remember, you’re looking for things that don’t appear to be normal.

■ Calculate statistical parameters and look for outliers or values that exceed averages or are
outside of standard deviations.
■ Look at high and low values and find anomalies there. Quite often it’s these sorts of anomalies
that are indicators of fraud.
■ Examine classification of data - group your data, all the transactions, into specific groups
based on something like location. Maybe a number of transactions are occurring outside
of statistical parameters. Where are they all from? Are they distributed evenly across the
whole population or are they all limited to a given geographical area? If they are then that’s
material and maybe you should delve deeper.

                                      “Data analysis technology can quantify the
                                      impact of fraud so you can actually see
                                      how much it’s costing the organization and
                                      provide a cost-effective program with
                                      immediate returns.”
Detecting Fraud : Application areas for Fraud Detection

“Fraudsters can and will exploit weaknesses
wherever they can find them”

 Take a look at your General Ledger, especially
 postings done after a closing period. Check into
 frequently reversed accounts, or weekend
 postings. Look at GL postings on a quarterly
 basis and ask:
 • Are these being done according to our
    internal controls or are people trying to post
    to the GL after our closing period?
 • Are there certain GL accounts that are
    frequently reversed?
 • Are there dormant accounts that are used
    suddenly?
You can also read