Leading Practices to Leverage Forensic

Data Analytics in Compliance

Monitoring and Investigation

Page 2

Table of contents

Proactive Compliance Monitoring1

2

44

Big Data and Forensic Data Analytics

5

EY’s Forensic Data Analytics Solution

Beyond Compliance and Investigation

EY’s First Annual Global Forensic Data Analytics Survey

3

6 Case Examples

7

Page 3

Proactive Compliance Monitoring

Page 4

Top Compliance Issues— What We are Seeing

► Bribery and corruption remain top risks► Regulatory compliance and fraud & abuse► Third-party integrity► M&A due diligence► Risk areas include:

► Integrity of vendors, suppliers and distributors► Improper payments in the forms of bribes or kickbacks► Travel and entertainment abuse► Conflicts of interests (e.g., employee and supplier matches)

Page 5

Now, more than ever, increased transparency istop-of-mind among our clients in…

► Internal Audit► Compliance & Legal► Investigations► Business / Operations

What we hear:1. Make my program more effective and measurable2. Make my program more efficient (reduced sample sizes, risk based,

cost savings)

Page 6

50% by tip or accident demonstrates the needfor improved analytics

2012 ACFE Report to the Nation on Occupational Fraud

How is Fraud Detected?

Page 7

Compliance Monitoring Challenges

► A good compliance monitoring program needs to be flexible and adaptive► Investigators, attorneys and regulators need information now► Convergence of structured and unstructured data► Organizational silo leads to redundant efforts to meet monitoring and

reporting requirements► The volume of business activities that should be monitored can

overwhelm the resources of most organizations.► Get the right FDA tools and the right people to operate FDA► The data available for analysis are incomplete or inaccurate► Need for innovative analytics to increase detection and reduce false

positives► Timely follow up and remediation

Page 8

How Global Companies are Responding

► Compliance and legal are often teaming with internal audit to lookbeyond anti-corruption policies and training and into tests of books andrecords

► Integrating new analytics specifically targeting corruption – these aren’tyour typical rules-based, process control SOX tests

► Integrating “Big Data” concepts including:► Text mining (unstructured data)► Statistical analyses and anomaly detection► Visual analytics and interactive dashboards► 100% data sampling, not just random sampling

► Analytics used to assess high fraud/corruption risk areas

Page 9

Ernst & Young’s First Annual Global ForensicData Analytics Survey

Page 10

Ernst & Young’s First Annual Global ForensicData Analytics Survey

Target audience/ recruitment criteria:• Senior individuals in global companies: Finance

(excluding audit), Internal audit & risk, Procurement,Legal, Compliance, Investigations,Business/management

• Companies with over US $100 million annual revenue,over 50% greater than US $1 billion

• Criteria: Must have decision-making responsibilityaround the company’s anti-fraud and anti-briberyefforts, compliance monitoring and investigations

• Respondents are users of forensic data analytics only

• Research period: November 2013 and January 2014

This work has been conducted in accordance with ISO 20252, the international standard for market and social research

Markets CountAmericas 105US 65

Brazil 40EMEIA 200France 40

Germany 41

India 40

Italy 40

UK 40

Asia Pacific 160

Australia 40

China / HK 40

Japan 40

Singapore 40

TOTAL 466

Telephone interviews conducted globally with leading companies

Page 11

Ernst & Young’s First Annual Global ForensicData Analytics Survey – Key Findings

FDA efforts are well aligned with perceived fraud risks► Bribery and corruption is top fraud risk at 65%► Further, 74% are using FDA to combat bribery and corruption

Big data has big potential► 72% of respondents believe emerging big data technologies can play

a key role in prevention and detection

Key benefits► Enhance our risk assessment process (90%)

► Detect potential misconduct that we could not detect before (89%)

Page 12

Ernst & Young’s First Annual Global ForensicData Analytics Survey – Key Findings (Cont.)

Need to do more► 63% of respondents agree that they need to do more to improve their

anti-fraud/anti-bribery procedures, including the use of FDA

Biggest challenge► Getting the right tools or expertise for FDA (26%)

Data volumes analyzed are relative to company size► 71% of companies over US$1 billion in revenues report working with

data sizes less than or equal to 1 million records► 42% of companies with revenues between US$100 million and US$1

billion report working with data sets under 10,000 records

Page 13

Big Data and Forensic Data Analytics

Page 14

Gartner:

Big Data is high volume, velocity and varietyinformation assets that demand cost-effective,innovative forms of information processing forenhanced insight and decision making.

What is Big Data?

Page 15

34%38%40%41%41%42%42%43%

57%59%

73%88%

0% 20% 40% 60% 80% 100%

Still images/videoAudio

GeospatialRFID scans or POS data

Free-form textSensors

External FeedsSocial Media

EmailsEvents

Log DataTransactions

Source: IBM Technology Outlook 2012

IBM Survey – Big Data Sources

Page 16

25%26%

35%43%

52%56%

65%67%

71%77%

91%

0% 20% 40% 60% 80% 100%

Voice analyticsVideo analytics

Streaming analyticsGeospatial analytics

Natural language textSimulation

OptimizationPredictive modeling

Data visualizationData mining

Query and reporting

Source: IBM Technology Outlook 2012

IBM Survey – Big Data Analytics Activities

Page 17

What is Forensic Data Analytics?

Page 18

False Positive RateHigh Low

Stru

ctur

edD

ata

Detection RateLow High

Uns

truc

ture

dD

ata

“Traditional” rules-Based Queries & Analytics

Matching, Grouping, Ordering,Joining, Filtering

Statistical-Based Analysis

Anomaly Detection, ClusteringRisk Ranking

Traditional Keyword Searching

Keyword Search

Data Visualization & Text Mining

Data visualization, Drill-down into data, TextMining

Forensic data analytics maturity modelBeyond traditional “rules-based queries” – consider all four quadrants

Page 19

Who What When Why

Social Networking Concept Clusteringand Keywords

Communication Over Time Sentiment Analysis

“Who is talking towhom?

about what? over which time period? how do they feel?”

► People-to-people analysis► Entity-to-entity analysis► Map communication lines

to organization chart

► Top words mentioned► Key concepts / topics► Top or unusual dollar amounts► Sensitive words / phrases► Potentially privilege flagging► Potentially non-responsive► Predictive coding (more-like-this)

► When communications occur► Communication spikes

around key business events► Linked to T&E or other journal

payment related transactions

► Positive vs. Negative Sentiment► Top 10 angry or negative emails► Ethical tone: flag for secretive,

harassing, confused, orderogatory communications

► Fraud Triangle analytics: linkcommunications to anemployee’s pressure, opportunityor rationalization risk score

Unstructured data sources

Page 20

DescriptiveAnalytics

What ishappening?

DiagnosticAnalytics

Why did it happen?

PredictiveAnalytics

What is likely tohappen?

PrescriptiveAnalytics

What should I doabout it?

70% 30% 16% 3%

100% 9%Source: Gartner Research

Structured Hybrid Unstructured/Content

Emerging Trends: Information and Analytics

Page 21

EY’s Forensic Data Analytics Solution

Page 22

Earlycase assessment

Dynamic reportingand visualization

Forensic software

Info

rmat

ion

Gov

erna

nce

EvidenceTrackingSystem

Unstructured data

Structured data

Email and IM processing tools

Analytics and statistics tools

Clientpresentation andreporting layer

Forensics andanalytics core

Big Data Big data platform

Processing layer

Our Technology EcosystemIndustry-recognized Technology Stack

Page 23

To drive better decisions, we must first ask the right business questions and then seekanswers in the data. Thus, our work moves left to right, but our thinking must move fromright to left.

Rules/Algorithms

Focus of many companies EY’s strategic focus

► Many analytics companies in themarketplace today are dominated bydata warehousing, enterprisedashboard and reporting solutions.

► Many clients, however, still struggle toembed analytics into operationaldecisions in a systematic andrepeatable way, often resulting inclients not realizing the full value ofanalytics.

► Our focus is on becoming the leader in “value-driven analytics” by going to market throughsectors and core competencies, supported by acentralized group providing market-leading,analytical and big data skills and technology.

► We also realize the importance of using changemanagement skills to help our clients moreeffectively use analytics to create value.

The EY difference in analyticsOur strategic focus is to help clients achieve the transformationalvalue that is possible through analytics

Page 24

Our Approach to Detective and PredictiveData Analytics

Basicü Vendor/Customer listü Contracts/agreementsü Purchase/Sales ordersü Receipts/invoicesü Vendor/Customer

payment

Advancedü All of data from basicü Emailsü Chat logsü E-filesü Call logs

Predictiveü All data from Basic

and Advancedü Statistical modelingü External sources –

blogs/posting,Twitter, Facebook

Linking the identifiedirregular activities with

purchasing/sales reps andvendor/customer contact– “who’s talking to who”

Identifying the“unknown” – using data

sets to identify rulesand to continuously

redefine “basic”

Rem

edia

lact

ion

iden

tifie

d

Sust

aina

ble

and

impr

oved

oper

atin

gpr

acti

ces

Monitoring to identifyirregular activities from

numerical data setsusing specified rules

Det

ecti

on

Cont

inuo

usly

re-d

esig

n

Pre

dict

ive

Page 25

EY Forensic Data Analytics Workflow

Gather Process Analysis Delivery/Follow up

ERP SCM

Warehouse

management

Cash

Contracts

Other

• Obtain data from all centralsystems and externalsources.

• Load, validate andtransform data into definecommon model –independent of ERP.

• Link sources to facilitateanalysis.

• Provide global dashboardsto facilitate identificationof risk issues.

• Deliver dashboards to bereviewed as part of thetesting process

Below is an illustration of how a broad data collection exercise operates in practice. The objective isto gather data from a range of sources – and undertake initial processing to provide a central teamwith the ability to identify the higher risk activities. Following that review, targeted analytics wouldbe deployed to identify the issues, transactions and relationships that need to be reviewed.

Page 26

Risk Indicator Framework Design

Tailored design with data analytic risk indicators

High Risk Transactions

Duplicate Payments

Meal Splitting

Travel Agents

Overbilling

A%

B%

C%

D%

In-Scope Transactions

► Not every item bears the same risk level► Define risk based on understanding of business process and potential control weaknesses

Page 27

The dashboard tells you “who got paid what,where and what for”.

Data Visualization: Accounts Payable Monitoring

Page 28

The 4W1H tell you “Who entertained who,where, what for, and for how much?”

Data Visualization: Travel & EntertainmentMonitoring

Page 29

Filter by selectedanalytics

Review breaches ontargeted analytics

Payment Risk ScoringKey Component to Educing False Positives and Focusing Risk Assessment

Page 30

Analytics include:► Stratify revenues by top and bottom distributors► Analysis of credits and returns

► Analysis of free goods and samples

► Analysis of write-offs► Analysis of payment cycles

► Commissions analysis► Analysis of price variances,

by distributor and by product

► Zero dollar shipments► Analysis of “debits” to revenue

► Compare order quantities withproduct and receipt quantities

► Profit margin analysis

► Anomalous or zero shipmentweights

► Vendor due diligence andaddress verifications, sanctionlist check, etc.

FDA – In-depth Overview of Big DataDistributor or 3rd Party Analytics

Page 31

Analytics include:► Employee stratification

► Stratify by expense type

► Sensitive keywords► Term frequency analysis

(concept analysis)► Round payments

► One-time payments

► Potential “gross ups”► Potentially duplicative

► Out-of-policy spend► Weekend or personal use

► High risk venues(e.g., adult entertainment,check cashing, etc.)

► Meal splitting► HCP spend

► Spending over time/ trending

FDA – In-depth Overview of Big DataEmployee Expense Analytics

Page 32

The dashboard tells you relationships identified through the analysis of structured andunstructured data sources.

Data Visualization: Social Network Analysis

Page 33

Rather than simply comparing watch-list names to a vendor table in a spreadsheet, thisexample links accounts payable data to third-party watch-list data to identify potentiallyimproper payments to sanctioned or high-risk entities and displays the results in aninteractive dashboard.

Demonstrate Management Oversight & IntentLinking Payment Data to Sanctions and Watch List Databases

Page 34

These three variableswere this highest drivers ofsuspicious transactions

These variables were less important whenpredicting suspicious transactions. Client should focus resources onmonitoring efforts for the three leading drivers, which accounts for 80%of the predictive value.

Perform VariableAnalysis

Predictive ModellingFocus on the Variables that Matter Most

Page 35

SalesRep

Expense support(receipts)

FIDS investigated allegedimproper payments throughemployee travel andentertainment expenses.

Using forensic data analytics andenhancements to our reviewplatform, investigators used datavisualization to select certainexpenses for further review inRelativity.

Merging Electronic Discovery ManagementServices and Forensic Data Analytics

Page 36

Merging Electronic Discovery ManagementServices and Forensic Data AnalyticsEY investigated alleged improper healthcareprovider (HCP) payments through employeetravel and entertainment expenses.

Fieldforce

Expense support(receipts)

Using forensic data analytics and enhancementsto our review platform, investigators used datavisualization to select certain expenses forfurther review in Relativity.

Page 37

We identified several thousand wiretransfers that were the subject of allegeduse of customer funds in the company’sown investments.We developed an algorithm thatassociated related email messages to thewire transfers based upon minimallyavailable wire transfer information.The wire transfers and correspondingemail chatter were presented in our filereview platform for further analysis.

Wire transferinformation

Associated emailcommunications

Merging Electronic Discovery ManagementServices and Forensic Data Analytics

Page 38

Approach to Continuous Transaction Monitoring

Why Continuous Monitoring?► Executive visibility and

transparency► Drive process improvements► More advanced anti-fraud

control► Improved audit effectiveness

Enables:► Proactively identify and

remediate transaction-relatedissues and challenges

► Generate advancedanalytics/insights

► Timely, accurate, completereporting

Page 39

Beyond Compliance and Investigation

Page 40

Operations/Business Process

Data reflectingthe Businessstrategies andoperations?

Leverage Data Analytics to Optimize Operationsand Grow Business

Page 41

Case Examples

Page 42

Case Example: Predictive Modeling

Challenge: Analyze 400,000 transactions for suspected bribery payments perDOJ subpoena

► Team reviewed 2,000 transactions from ledger data (text comments,amounts, dates, etc.)► Identified 400 suspicious and 1,600 non-suspicious entries

► Created statistical model: “Is Suspicious” / “Is Not Suspicious”

► Applied model to remaining 398,000 additional transactions

► Identified 14,000 new suspicious transactions► With confidence over 95% similar to “Is Suspicious”

► Identified over $8 million in highly suspicious payments

► Methodology accepted by the DOJ for this case

Page 43

AnalyticsEngine

Case Example: Business Growth

0%

40%

63%75%

83%100%

0%

20%

40%

60%

80%

100%

120%

0 1 2 3 4 5 6 7 8 9 10 11

%of

cust

omer

sac

quire

d

Decile

ValidationSample

75% results canbe achieved by

targeting 30% ofcustomers

Approached and boughtApproached but did not bought Model Data

Validation Data

Runmodeling

OutputEquation

11

. . ∗ .

. . ∗

Stats Equation

Comparewith Actuals

Potential model for identifying newcustomers most likely to buy

Model Results

Goal:► Identify new customers most likely to buy Product AProposed Approach:► Look at profile of physicians currently buying Product A and use predictive model to identify

causal factors differentiating high potential customers from low potential customers► Use causal success factors to score entire list of physicians to identify and target high potential

customers

Raw Data

Classifycustom

ers

Page 44

Thanks You