Fraud Analytics: A Q&A with Kirstie Tiernan, Forensic Technology Services Director at BDO Consulting
Download PDF Version
Tell us about your background. How did you find yourself in this line of work?
I graduated with a degree in Computer Information Systems, but I wasn’t inspired by programming as a career. In doing some research, I discovered that employers were hiring computer science majors for forensic investigation teams, and I was immediately interested. It was very rewarding to use data analytics as a background to help clients prevent and detect fraud. To further my substantive expertise, I then obtained my Masters in Fraud Management and Economic Crime. I have many interesting stories about my work in the fraud space, and I enjoy sharing those experiences, especially those where the SEC and FBI are involved!
How does fraud analytics help with investigations? What role do they play in due diligence?
Fraud analytics help with investigations in several ways. First, if the scope of an investigation has not already been determined, based on certain variables we strategically select analytics from our “red flag” library to sweep across the data to identify any anomalies or unexpected patterns. If the scope has been determined, fraud analytics help focus the investigation by allowing us to intelligently hone in on the transactions for review, which proves to be a much better approach than random sampling. As an example, for a recent investigation, our client had thousands of vendors in scope. Once we performed some preliminary data analytics on the population, we were able to focus on 11 vendors immediately. One of the vendors was identified as a ghost vendor that had been in place for five years.
Analytics also helps us ensure we have a full population of data. We can quickly visualize the data received and identify any missing data by time periods or other attributes. During our due diligence reviews, we often run background checks and reports to identify connections among entities and people. Data analytics allows us to use tools like link analysis software to extract the data points from those reports and connect the dots across organizations. We can visualize on a chart who talks to whom, who owns what, who’s related to whom―all to identify conflicts of interest or related parties. Fraud analytics allow us to be more comprehensive, more focused and more effective.
Is your approach to fraud analytics more proactive or reactive? What triggers an organization to come to you for help?
Our proactive approach includes using what we call "smoke analytics"―a different subset of analytics from the library mentioned earlier. Smoke analytics can be used to identify anomalies by searching a broad set of data. These analytics are really important when you think you may have a problem but don’t know where it may be, or if you’re looking to assess risk in various areas of the company. It’s a way to get your arms around where the issues might be, using that smoke to find the fire.
Our reactive approach uses analytics similarly but in a more focused way. For example, if we were concerned about FCPA issues, we may focus our analytics on vendor activity. To identify possible bribes, we could run a link analysis to review vendors for government connections or run a keyword analysis on journal entries.
Organizations come to us for help when they want to understand what’s actually happening within the four walls of their organizations, not just to understand what employees say should be happening based on policies, procedures, system controls or during interviews.
After you initially look through a company’s invoices and vendors to give a fraud-focused report on the system, what are some next steps to mitigating fraud risk?
Some sample analytics on invoices and vendors may include a duplicates review or an analysis of who has access to create and pay vendors. Once these reports have identified key vendors of interest, the next step is to review the controls that are set up and identify gaps that existed to allow these issues to occur. We then help our clients put in place the proper controls to mitigate these risks going forward and assist them with setting up periodic monitoring analytics as well as remediation, if necessary. In many cases, we leverage this analysis to inform a broader anti-fraud and corruption compliance program, which may also involve policy and protocol redesign, internal controls testing or conducting fraud and ethics training based on industry best practices.
Apart from evaluating a company’s fraud risk, what other insights can this type of assessment uncover?
Through our analytics, we can also identify many ways companies can save money and increase operational efficiencies. These savings opportunities may include revising payment terms, reducing duplicate payments, aggregating payments to the same vendor, reviewing discounts, or confirming accurate and complete data in the vendor/employee/customer master files.
What makes your work with BDO unique from your previous work?
At BDO, our team is very much focused on providing the client the right solution for the problem. Often our clients do not need huge systems to monitor transactions in real time. They may need something as simple as a few reports or visualizations on their payment data or something as complex as a scoring model to identify high-risk vendors. Whatever the case, we try to utilize as much of the client's existing infrastructure as possible to provide the most appropriate, cost-effective solution.
We also have an environment where we can receive client data and deploy the reports to a website where the client can interact and download them. Having a web-based review platform relieves the client of any additional software purchases or infrastructure changes. This client-centric, efficient problem-solving approach is a differentiator from firms at which I’ve previously worked.
Kirstie Tiernan is a Director in BDO Consulting’s Chicago office with over 13 years of experience providing data analysis, IT consulting, digital forensics and e-discovery services. A Certified Fraud Examiner and an Oracle Certified Associate, Kirstie regularly conducts fraud investigations and Foreign Corrupt Practices Act compliance reviews, in addition to providing fraud prevention services across various industries.
Kirstie is experienced in managing fraud detection and prevention analysis projects requiring the collection of entire general ledger systems data from multiple sources such as Peoplesoft, SAP and Oracle. She approaches projects with a focus on process efficiency, regularly implementing technological advancements within systems and databases in order to improve and accelerate time-consuming client processes. She can be reached at firstname.lastname@example.org.