Embed Size (px)
Citation preview
Master Vendor Management in an era of “Big Data”
FMI PD Day
19 May 2016
Outline for today
1. The challenge
2. Better leveraging our data
3. Tapping into “Big Data”
The Question: What does “Big Data” mean for my master vendor management?
1
2
3
The challenge…
Preventing and detecting duplicate vendor registrations
Establishing and maintaining correct addresses
Managing account numbers
Uniquely identifying vendors across systems/entities
Authenticating businesses
Ascertaining relationships and hierarchies between entities
Detecting imaginary vendors/fraud
1
2
3
Audit findings…
“The segregation of duties between those individuals who process/pay invoices and those individuals who have the access to create or amend vendor master data was not consistently enforced within the regions. Further, supporting documentation was not consistently maintained to support vendor master data changes or demonstrate that changes had been reviewed and approved prior to processing.
Without a standardized expectation that sufficient and authorized evidence is required prior to amending a vendor master data file, there is an increased risk that new vendors or changes to vendor master data could be created or amended without detection, which could lead to a fraudulent payment being released, or errors occurring undetected.”
Government of Canada departmental internal audit
1
2
3
Audit findings…
“New vendors are not adequately validated prior to inclusion in the Vendor Master File… Various available mechanisms to validate vendors are not utilized… A physical address is not required when a PO Box is provided as the primary address.”
“There are no controls in place to ensure that additions, changes, or deletions of customer and vendor master files are reviewed and approved by management. In addition, there is no regular review of customer and vendor master files to ensure they remain pertinent. The lack of change management controls over customer and vendor master files increases the risk that the master files will become inaccurate or invalid. In addition, there is an increased risk that assets may be misappropriated and fraud concealed.”
Municipality Internal Audit
Government of Canada agency internal audit
1
2
3
Audit findings…
“Improper vendor invoices could be entered and released for posting and authorized for payment... Fictitious vendor accounts could be created and used to generate invalid purchases… Vendor master data owners could set up improper suppliers on the system and create purchase orders that are not for business use goods and services.”
Government of Canada departmental internal audit (risks identified)
1
2
3
The problems…
→ Duplicates
→ Spacing
→ Punctuation
→ Abbreviations
→ Missing content
→ Mis-keyed content
→ Data decay
→ Spelling
→ Naming conventions
→ Conflicting content
1
2
3
The problems…
→ Duplicates
→ Spacing
→ Punctuation
→ Abbreviations
→ Missing content
→ Mis-keyed content
→ Data decay
→ Spelling
→ Naming conventions
→ Conflicting content
Fraud
1
2
3
The problems…
* Source: D&B and Sales & Marketing InstituteBased on 52 weeks, 5 workdays, 8 hour day.
Changes within 30 minutes Business data elements Change within 1 year
120 Business addresses 499,200
75 Telephone numbers 312,000
15 Company names 62,400
30 New businesses Opened 124,800
10 Businesses Closed 41,600
20 CEO Job Changes 83,200
1
2
3
Master vendor management depends on master data management
Limited data quality management, but knowledge of data duplication/problems
Initial attempts to improve master data quality through detection/correction
Standardization and improvement of data quality, mature understanding of master data
Managed data quality with embedded synchronization and monitoring
Synchronization duplication checks and validations are fully embedded
1
2
3
Fraud analytics
Data analysis & analytics
Ad-hoc
Continuous / repetitive
Complex relationship
analysis
Embedded/ integrated
1
2
3
Data analysis & analytics
Ad-hoc
Continuous / repetitive
Complex relationship
analysis
Embedded/ integrated
Ad-hoc analytics allows you to explore, seek out answers to a specific hypotheses
Investigate transactions and see if there’s anything to indicate opportunities for fraud
Example hypothesis: look to see if employee address matches a vendor address (if so, could be an important finding)
If type of anomaly seems to be relatively prevalent or risk exposure is beyond tolerance, consider investigating on a recurring basis
(ACL: Detecting and Preventing Fraud with Data Analytics)
investigate transactions and see if there’s anything toindicate fraud or opportunities for fraud to be perpetrated
1
2
3
Data analysis & analytics
Ad-hoc
Continuous / repetitive
Complex relationship
analysis
Embedded/ integrated
Scripts running against large volumes of data to identify those anomalies as they occur over a period of time
Periodic notification when an anomaly occurs in the data
Timely notification of specific trends and patterns, and exceptions reporting that can be provided to management
(ACL: Detecting and Preventing Fraud with Data Analytics)
periodic notification when an anomaly occurs in the data
1
2
3
Data analysis & analytics
Ad-hoc
Continuous / repetitive
Complex relationship
analysis
Embedded/ integrated
Using graph databases, which are neither linear nor purely hierarchical, detect larger fraud rings too computationally complex for traditional traversal of data relationships
Accommodate highly dynamic and emerging environments in which fraud rings are continuously growing in shape and size
Display and visualize data graphically to resonate and spur new hypotheses
(Neo4j: Fraud detection use cases)
pattern analysis of more complex relationships in a dynamic and emerging environment
1
2
3
Data analysis & analytics
Ad-hoc
Continuous / repetitive
Complex relationship
analysis
Embedded/ integrated
Controls rely on data analytics/analysis
Risk-based workflows for efficiency and effectiveness
Shifted emphasis from prevention to detection
Example: for a new vendor with a name that “sounds similar” to another, a flag triggers an alternate approval workflow (“fuzzy” logic)
controls designed to rely on data analysis/analytics in place, or an adaptive “risk-based” workflow
1
2
3
240M+ Company Records
30,000+ authoritative data sources
5M+ updates per day
Proprietary data quality process
A Dun & Bradstreet example
DUNS Number:
A Unique, Persistent Identifier
• Tracks a business
• Tracks its activities
• Tracks it anywhere globally
• Tracks until closure
1
2
3
A Dun & Bradstreet example
240M+ Company Records
30,000+ authoritative data sources
5M+ updates per day
Proprietary data quality process
D&B Data:
Corporate family trees
• Business relationships
• Size and type of businesses
• Private and public entities
• Domestic and international
1
2
3
A Dun & Bradstreet example
Authenticate (or simply analyze) businesses for government programs, such as EI, and grants and contributions
Understand company relationships to ascertain eligibility for grants / contributions and detect fraud
Maintain data integrity over time for companies that do business with the federal government
Validate the legitimacy of new vendors and identify vendor relationships
Assist in cleansing data effectively, efficiently for SAP transition
1
2
3
What does “Big Data” mean for my master vendor management?With a strong master data management (MDM) foundation,
• Manage data entry effectively from all potential sources
• Maintain strong data governance
• Establish a strong master-data model with the right toolset(s)
we can better leverage our internal data assets, and• Active detection, from ad-hoc, to continuous to advanced pattern analysis
• “Fuzzy logic” approach to workflows
tap into external data sources for a true “Big Data” solution• Strengthen active detection and risk-based resource allocations
• Amplify business intelligence
1
2
3
