I've just got back from lecturing at a CIPFA weekend school for auditors in Blackpool. Mastering the human factor was a primary theme. It covered everything from how to spot fraud to how to change organizational behaviour. It even included a session on the controversial topic of Neuro Linguistic Programming (NLP).
Teaching fraud detection principles is more of an art than a science. You have to learn the tips of the trade from an experienced practitioner, largely through lots of anecdotes and case studies. It's not a black and white technique. There's lots of uncertainty and trial and error. Sometimes frauds come to light by accident. But often it's by instinct. And what sets off such suspicion? Generally it's a small thing that seems out of place: a total that's too high, a figure that's too round, or a behaviour that's out of the ordinary. The interesting thing for me is to try to work out how to capture and automate this valuable inituition.
There are some easy techniques for automated detection of fraud, based on simple rules. For example, highlighting totals that exceed or are just below an authorization limit. Or spotting sudden changes in the velocity or location of transactions. But experienced fraudsters do not always leave such obvious traces. So we need to create models reflecting the more subtle characteristics of fraud.
Several years ago I obtained a DTI research grant to build an experimental system for fraud detection based on a model of the human immune system. It might sound ambitious but we did get it to work, though the results were not interesting enough to persuade us to deploy the system for day-to-day business use. So-called computational immunology is a concept that offers great long-term potential but still needs a lot more research and development. Ascertaining how human immune systems actually work might help somewhat.
Artificial neural network techniques offer a simpler solution. We need good sets of data and some time and resource to train the system to recognize abnormal behaviour. It's not that difficult, though it can take a lot of effort to eliminate sources of false positives. But the important thing is to commence the journey. Because the future of Internal Audit lies not in manual checks, but in intelligent automation.
Comments (2)
Any links to the computational immunology project or it's findings?
Sounds interesting even if it wasn't wholly successful.
Posted by Aspman | March 13, 2007 2:24 PM
Posted on March 13, 2007 14:24
The project was conducted jointly by Royal Mail Group, Kings College London and Anite Public Sector. The final report can be viewed at http://www.cs.ucl.ac.uk/staff/j.kim/pub/CIFD_final_report.doc
David Lacey
Posted by David Lacey | March 13, 2007 2:38 PM
Posted on March 13, 2007 14:38