Tackling Public Sector Fraud Notes from a seminar on "Tackling Public Sector Fraud" presented jointly by the UK NAO and H M Treasury in London, England in February 1998. Glenis Bevan audit Manager, Audit of Department of Social Security Fraud and Abuses Glenis is currently on secondment to that department seeing how it all works from the inside Introduction This seminar, chaired jointly by Martin Pfleger of the NAO and Andrew Likierman of H M Treasury, addressed growing concerns about the scale of public sector fraud estimated to cost in the region of 4 billion in social security expenditure alone. The seminar was aimed at public sector finance staff and those developing and managing anti-fraud strategies and was attended by some 150 staff from over 60 Government departments and agencies. The seminar speakers considered the key issues facing the public sector, best practice in developing anti-fraud strategies and counter-measures and gave practical examples of how IT based technologies can be used in the fight against fraud. IT Based Techniques This article gives an overview of those IT based technologies that can be used in the fight against fraud in the public sector. Some are already successfully in use in the public sector. Others can be adopted and adapted from private sector applications. The technologies touched upon in this article are: Case Based Reasoning Tools - which can be used to assess the risks of fraud both for organisations and transactions; Data Matching and Data Mining - effective in the prevention and detection of fraud Support Tools for Evidence Logging and Analysis - designed to assist the investigation of fraud. The article is rounded off with a look at emerging and more futuristic technologies that might be used in the fight against fraud particularly in terms of building defences into systems of control to prevent fraud or deter fraudsters at the gateway.
Case Based Reasoning Tools Case Based Reasoning (CBR) tools can be used to identify and assess existing and emerging risks and vulnerabilities to fraud. The technique essentially involves the diagnostic benchmarking of an organisation or transactions against collated knowledge of other comparable sectors using "near neighbour" matches and "inductive" analysis. Details of organisational characteristics, for example, can be collected by questionnaire and maintained in a database. Strengths, weaknesses and best practice can be identified from past experiences of fraud, control frameworks and financial performance, to rate and compare organisations. This is a powerful counter-fraud technique which can answer questions such as: what made company 'X' vulnerable to fraud? what good practice tools from company 'Y' can be put in place to mitigate the consequences of fraud? are these characteristics evident in company 'Z'? This technique was used to demonstrable effect in the UK NAO when (Deloitle and Touche) undertook a forensic audit examination in the UK Government Highways Agency. Of the 10 nearest matches, against over 120 indicator questions from a pool of several hundred organisations, 8 had suffered from actual or investigated fraud. Although no serious matters had occurred in the Agency the results of the exercise were indicative of opportunities for fraud. An action plan was consequently implemented to minimise the vulnerability of the Agency to fraud. Data Matching Data matching can be described as the crosschecking of data, either concurrently or retrospectively, looking for duplication and/or inconsistencies between data streams. It can be used to detect transactions which match all or part of existing transactions. It is used widely in the private sector to detect, for instance, duplicate insurance claims, multiple share applications and mortgage fraud. The General Matching Service (GMS) within the UK Department of Social Security is one of the largest matching systems in Europe. The technique has also been used to good effect by the Audit Commission, responsible for auditing all Health and Local Authorities in the UK. Taking data from client local authorities and using Housing Benefit payments as its hub, claimant details can be cross-matched with for example pensioners, students, employers and registered traders. Data matching for duplicates occurs by data source (eg local authorities) and by data content (eg National Insurance Number, Name, Address, Date of Birth). The health authority matching service considers such activities as inflated doctors' lists, dentists paid twice, doctors' working as locums and nurses working for agencies while off sick from their regular jobs. Data matching is a particularly powerful tool if it can make use of 3rd party data but there are constraints with regard to the Data Protection Act in the UK.
Data Mining Data mining is quickly becoming a generic term encompassing a variety of techniques. It uses advanced software tools to identify links, relationships, patterns and trends in data and can produce graphics to help show what that means. It uses knowledge based or rule based systems for modelling databases to identify transactions with pre-defined characteristics, or transactions that deviate from the norm. Intelligent systems have developed as a spin-off from academic research using computers to simulate the workings of the human brain. They allow computers effectively to "learn" from experience using sample data to build up models with classificational or predictive ability. Neural networks and genetic algorithms are two tools used to detect anomalies in data. In simple terms they work by showing the system a number of transactions with known characteristics, training with this known set allows the system to learn which subsequent transactions contain those characteristics. These systems can learn, adapt, explain and can even discover previously unknown patterns of fraud. A good example is the profile matching system used by credit card companies to detect fraud retrospectively or at point of sale. It uses artificial intelligence to spot unusual changes in cardholders spending patterns. "The significant challenges we face today cannot be resolved by the same level of thinking that created them" Albert Einstein. Support Tools For Evidence Investigation The most obvious support tools for gathering and reviewing evidence to enable fraud investigations are probably familiar to readers of this article. Tools to analyse networks logs, keystroke logs, telephone logs and Audit Trails allow evidence to be retrieved and reviewed both during and after suspision of fraud. They can help to support the investigation of fraud and can be built into the system architecture. Emerging Techniques Technologies are moving apace and research into advanced counter-fraud techniques is mushrooming. The development of data warehouses and networks allowing the storage and sharing of data on a massive scale present their own problems. But perhaps the most exciting developments are occurring in the field of preventing fraud before it occurs.
We all use plastic cards on a daily basis in every aspect of our life but technology is making it possible to do more than ever with cards and a number of trials of new card technology are underway in many parts of the UK. Some recent developments include: Smart Cards - a tiny electronic chip is the brain that puts smart into Smart cards. This allows double - checking of customer and retailer details at the point of sale. They have the capability of storing more than just financial data eg name, address, identity number and medical details but do give obvious concerns for civil liberties groups. Watermark Cards - the magnetic stripe on the back of the plastic card has an additional "wash" of particles which forms a particular unique pattern that can be read at point of sale terminals. When this pattern is matched to the individual card number it will create a unique identity code. In conjunction with current technologies a number of biometric techniques are being developed to identify behaviour traits or personal characteristics uniquely associated with card owners. These techniques include signature verification, finger scanning, retina scanning and of course DNA. These are replacing the less popular PIN numbers and less foolproof picture cards. Implications For Audit Auditors have traditionally used Computer Assisted Audit Techniques (CAATs) to manipulate volumes of data for audit purposes. These mainly identify outliers in data or reperform mathematical computations for reconciliation purposes - and are based on simple analytical techniques, where known parameters, variables and amounts are tested on limited volumes of data. The rapid growth of technology means that companies are increasingly storing massive volumes of data in data warehouses and this has encouraged Information Systems (IS) auditors to rethink their approach for effectively using these volumes of data for audit purposes. Data mining, which practitioners are already using to discover previously hidden patterns and attributes in data, pointing not only to fraudulent transactions but to new markets and products, is the new challenge for IS auditors. CAATs have traditionally been limited to performing data interrogation using simple tools nd techniques. IS auditors now have the opportunity of analysing massive data banks using advanced tools and techniques. Data mining should be considered as part of the battery of techniques available in the CAAT approach to audit of client data stores. Conclusion I hope this article gave you a taste of the IT technologies available to you for use in the fight against fraud. There are obvious cost and confidentiality considerations involved with these developing technologies but investment in sophisticated techniques is necessary to keep one step ahead of the fraudster.
References There are many practitioners and professionals in the fields of forensic audit and counter fraud technology and their work has been drawn upon for this article. As a starting point for further research the following sources may be of use to the reader. Internet: www.computists.com Journal: IS Audit and Control Journal of the IS Audit and Control Association Organisations UK: Audit Conferences Europe Limited Network Security Management Limited