Finance leaders face a tremendous range of responsibilities and challenges, not the least of which is managing risks and effective controls across multiple financial systems. Risks include the potential of fraud, error and abuse, as well as the many possibilities of regulatory compliance failures in areas such as SOX and FCPA.
The traditional approach to risk and controls in financial systems focuses on establishing controls based on a combination of ERP or application settings and independent approval processes. However, there are several problems with this approach in practice.
When turned on, many control settings are far from 100% effective. In addition, it is common to turn some off, or work around them, often with the intent of avoiding delays and increasing productivity.
Fortunately, there is a way to greatly enhance control effectiveness while also reducing the risks of fraud and error – by using big data and analytics technology.
Innovative finance functions are increasingly using data analytics to automatically test every transaction for compliance with the controls that are meant to be in place, and to look for ranges of indicators of a control failure. Analytics can simultaneously examine entire populations of transactions and identify new risks of fraud, error and abuse for which no effective control exists.
Another advantage of using data analytics to monitor and test all transactions is that problems can be identified and resolved before they have the chance to escalate and cause far more significant damage.
An effective application of data analytics and monitoring technologies can provide finance leaders with increased confidence that their organization’s risks of fraud, error and abuse are well-managed – without getting in the way of achieving performance objectives.
The following are just the first of a few examples of how analytics can transform risk and control management, as well as overall performance levels, in key financial processes.
Dealing with weaknesses in the purchase-to-pay cycle
A company’s procurement and vendor payment processes are particularly susceptible to fraud and error – caused by vendors as well as by employees—resulting in reduced performance. In most industries, funds flowing through procure-to-pay systems are so large that even a very low rate of error or fraud can mean substantial losses, which are easy to miss when relying solely on ERP-enforced controls.
Vendor billing errors remain among the most common problems in purchase-to-pay systems. Many instances are simple process errors made inadvertently by vendor systems or employees. However, there can also be deliberate attempts to defraud the organization by vendors or colluding employees – simply because they know invoice errors can remain undetected. A range of analytics can be used to detect errors and attempts at collusion and fraud. For instance, employee and vendor data, such as address and bank account information can be compared, and any matches can be red-flagged as indicators of potential fraud.
Duplicate payments and poor-quality data are often a very expensive problem, from overpayments to time wasted resolving issues. Data analytics can help avoid the potential impact on performance by using sophisticated algorithms to analyze invoice and payment transactions in search of duplications and errors.
Approval processes are a key part of control systems, but they are also susceptible to weaknesses or circumvention. Data analytics play a key role in determining whether approvals are made by authorized individuals within their approval limits, as well as whether there are attempts to circumvent controls by, say, splitting purchase orders into multiple transactions just under an approver’s limit.
Reducing waste and fraud in payroll and employee expense systems
Payroll is another large expense area for most organizations and again, standard controls are often leaky. The performance drain can be material, but more concerning is the undercurrent of potential fraud by management and employees. Typically, there are instances of abuse and fraud in payroll as well as in procurement cards (P-cards) and T&E expenses.
To stamp out waste in payroll, companies can use data analytics to identify abnormally high overtime and bonus payments, determine payroll amounts paid to individuals who no longer work for the company, or identify “phantom” employees by matching data to indicators of real employee activity (e.g. time entry, swipe card data, system login, etc.)
For P-Cards, companies can identify expenditures on items typically associated with personal use by looking for merchant codes, vendor names or keywords associated with non-business items or services, or identify transactions made on weekends or holidays.
P-Card transactions should also be matched against Travel & Entertainment (T&E) expenses, to ensure there are no duplicate claims.
Other ways to identify T&E fraud are to compare multiple employees’ claims data for duplicate expenses (e.g. meals, mileage, etc.), cross-check vacation schedules with dates of expense claims, identify airfare claims without any corresponding hotel or meal charges, or analyze claims to find expenses relating to airfares and hotels in non-standard locations (e.g. vacation resorts).
Plug order-to-cash leaks in your revenue cycle
The processes within a financial institution are very different from, say, those in a manufacturing and distribution business; however, similar principles apply for analytics that ensure the delivery of goods or services results in appropriate billing, and that error or fraud has not resulted in lost revenues somewhere along the way. Typical revenue cycle tests include matching shipping records with invoice details, matching invoice or other billing details to price lists, checking for appropriate discount approvals, and reviewing commission calculations for sales representatives.
What you can’t see will hurt you
ERP systems and connected application systems are core to companies achieving their objectives, broadly serving them by establishing streamlined processes that promote performance. However, ERPs contain inherent weaknesses in their control mechanisms, and in the inability to identify and eliminate the human workarounds that create fraud, waste and abuse.
Relying solely on ERP controls is just not enough. Fortunately, a huge opportunity exists for savvy finance leaders to take advantage of technology to save millions in reduced error and abuse, stamp out fraud and, just as importantly, detect trends of new and emerging financial control risks.
John Verver, CPA CA, CISA, CMC, is an advisor to ACL.