Danielle Supkis Cheek, CPA, CFE, CVA, Director at PKF Texas, covers how a data analytics program can help organizations protect their data and mitigate risks. While data analytics is often thought of as a way to improve strategic business decision making, Danielle explains how it can also uncover financial and/or operational fraud. She is also part-time faculty at Rice University’s Jones School of Business teaching accounting for entrepreneurs to undergrads and data analytics to the Masters of Accountancy (MAcc) students, and is the Chair of the PCPS Technical Issues Committee with the American Institute for CPAs. She is a 5-time (2014-2018) 40 under 40 by the CPA Practice Advisor ,and was the Houston CPA’s Society’s Distinguished Member to the Profession for 2019. She was also the first women to receive the AICPA’s Outstanding Young CPA of the Year Award in Honor of Maximo in 2016 and is a 4-time (2016-2019) Most Powerful Women in Accounting by CPA Practice Advisor and AICPA. In this episode, Danielle talks about building a data analytics program for fraud prevention. Many recent episodes have covered the potential value of advanced data analytics in accounting, but Danielle gives us a different perspective by explaining how we can use data analytics to compare the before and after of operations and other aspects of a program to identify risks and uncover fraud!
FULL EPISODE TRANSCRIPT
Hey everyone. Welcome back to Count Me In. Thanks for coming back and listening to some new accounting and finance perspectives. If you're enjoying these learnings and don't want to miss out on future episodes, please be sure to subscribe, download, rate, and review. Now this week our episode puts a slight twist on some of the recent conversations we've had as we begin to talk about using data analytics for fraud prevention. Mitch, not many people better to talk to about fraud and forensics and accounting than Danielle Supkis Cheek. What kind of insight did she have to offer?
Well, as you said, many of our recent episodes have talked about the data transformation happening in accounting, but today's conversation is going to cover how to build a data analytics program for fraud prevention. Danielle is a director at PKF Texas and served as a part time faculty member at Rice University in the Jones graduate school of business. She is a certified public accountant, certified fraud examiner and a certified valuation analyst as she also serves as the chair for the PCPS technical issues committee with AICPA. Five times she was named to the 40 under 40 by the CPA practice advisor and she was recognized four times as one of the most powerful women in accounting by CPA practice advisor and AICPA. Danielle is a true accounting expert and covers a number of topics relating to analytics and fraud for us. So let's start the conversation.
Mitch: (01:39) Data analytics has been a hot topic in accounting, but are companies jumping into data analytics too quickly? In your opinion, what should they be aware of and make sure they do first?
I actually think it's the opposite. I don't think they're jumping in fast enough. You know, you can actually do a data analytics program fairly cheaply and honest. So if you overly invest on the front end before you really understand what you have, it's going to be a very costly process and you have a risk of a lot of sub costs. So I actually think people should take a, you know, a page out of the agile project management methodology and kinda jump first, figure out what they have and then start fine tuning as well as there's actually a fair amount of learning about your data. As you start getting into a program and since the software has become so cheap, it's usually a fairly easy initial investment to figure out what you have.
So then how do you begin even thinking about what needs to go into this program? How do you build an efficient data analytics program?
I would say you kind of started a couple of different places. One, of course you have to inventory your data and figure out what you have. Sometimes you know, it's just a matter of, let's see if I can get an export out of my system just so I can start seeing what the data is. Clearly, if you have access to a data dictionary, which is kind of a summary of all the different fields of data behind the system and what it actually means, that's really, I mean best practice and really helpful. It saves a lot of heartache and grief, but a lot of times it's inventory. What you have, you know, sometimes it's as simple as let's start in Excel, let's move on to some of the bigger packages. You know, these days Tableau is so relatively cheap. Power BI is coming with your 365 implementation. So you can start doing a visual exploration of your data and seeing what you have and starting to focus on what are the areas that you think you have risks and really fine tuning it to your risk of your business.
Well, let's talk about that risk a little bit more now. I know you've referenced in previous conversations with me something about a fraud tree and some of the common risks that you can help identify around your business. So what are some of the examples of fraud that you've seen that maybe, you know, could have been prevented or avoided if there was an effective data analytics program in place?
Yeah, so the risks of your business really do come with whatever is your industry as well as how you operate. And a lot of companies have a hard time identifying particularly fraud risks of you know, it could never happen to me. And the cost of fraud is so high. So what you end up doing is you can use the association of certified fraud examiners, fraud classification tree. And what they do is they take three major classes of fraud, which is the fraudulent financial statements, so just fudging the numbers in effect, a misappropriation of assets. That's kind of all your thefts of cash. That's inventory expense report type frauds, payroll frauds and classify all those as well as they have a corruption tree. And so it's really useful to actually take this, it actually looks like a little flow chart tree diagram and in three different branches and go through each little box and say, how could this happen to my company? How would the data show this? Because one of the things that your, your financial statement data is always going to be what's getting manipulated when you're trying to cover up a fraud. But what you can find is some operational data, hopefully that, you know, you can hide the numbers potentially if you cover it up. But how do you hide that behavior that's happening operationally to cover it up and that's much more difficult. So starting to use the fraud tree classification tree, that was mainly an academic exercise that ACFE put together and use that as your starting place of what are my risks in my organization for fraud.
What are some of the other I guess, you know, fraud prevention practices that you could recommend in addition to just kind of looking at the risks, the financial data, the operational data. What else do you see organizations doing to try and prevent this you know, illegal activity?
Yeah, so I would say the absolute number one best way and ACFE agrees with me is having a whistleblower hotline or a reporting hotline of some sort of the hotlines are so cost effective these days. You get one of these third party systems. By the way, if anyone's listening happens to be a nonprofit, they usually give nonprofits discounts and you can a fair amount of information on those even if they charge by the minute for somebody leaving a tip for you. Cause most fraud is discovered by tip. Even if it's not actually fraud and it's just some kind of waste or abuse that is really valuable information. And even if it's like a dollar a minute, that's still far less than anyone else's hour of investigative work from somebody like me or more my colleagues. So putting that in place gives you a lead and it gives you, especially if you're nonprofit, you get a easier nine 90 checklist item. But for everybody else, it also gives you the ability to get that information, have that corporate culture of reporting and that we're trying to do everything very openly and transparently. And when there is a problem, there's a resource for people to go to and that's really helpful because you can get that data faster and have someplace to go first. And then right after that is that data analytics of proactive data monitoring program is actually the number two way with surprise audits actually.
So can you walk us through a little bit of your, you know, normal investigative work. If you were to come across a case, what are some of your practices?
We actually usually start with some kind of analytical review of whatever we have access to. So usually somebody has a hunch of something or could specific concern. And we usually do start with some kind of data analytics because we need to start fine tuning and seeing what looks anomalous. It's hard to just decide we're going to open up a file drawer and this is where we're going to start and start, you know, wasting a lot of our clients resources on doing a bunch of tests that don't necessarily matter. So we really want to use data analytics to start fine tuning where we spend time, you know, if it's an unknown, we can start using something like a Hawthorne effect approach where you create the perception of additional monitoring or actual additional monitoring. And you compare that before and after because people change their behavior when they think they're being monitored. If you don't know what you're looking at and you can't find anything at first, you can start looking at changes over time and you can start looking at some really high level ratio analysis if not your traditional ratios, but comparing your nonfinancial metrics to your financial metrics, looking at trends or some, you know, modified relative analysis where you're looking at the vendors that are progressively increasing month over month over month, because people usually test the waters with one kind of fraud and then start accelerating if they're starting to see that it's working in getting through the system. So it's usually a fair amount of this data analytics at first. And so if companies start putting this in place on the front end and be proactive about it, they're going to start detecting fraud faster or even just inefficiencies and have some operational gains from it because that's our first step. And then once we go from there, then start getting into that more you know, pulling records, doing detailed vouching and all and you're kind of more traditional audit or investigative steps.
To avoid these, you know, added costs by bringing in some kind of investigation like you just discussed. What are some of the costs of doing a program internally for an organization? What can an organization do, you know, to put some things aside and make sure that this added cost doesn't actually ever appear.
Yeah, I would say, you know, the software cost is actually not the primary cost. Usually it's going to be the opportunity cost of somebody's time or if you have to bring in somebody because you don't have the expertise in house. But if you have somebody that's kind of that gung ho analyst type mindset and they're the excel wiz, a lot of times just giving them some resources, the software as well as some training. The training actually usually ends up being more than the software, but a lot of the softwares are becoming very self-service, very easy. Lots of YouTube videos or training resources from the software vendors. and the software has not become the driver of the cost. It's the opportunity cost of the time in place. And if you have to, you know, provide specific resources and if your it team needs to get involved or you need to bring in somebody from it, once you start doing some of these dynamic connectors where you're pulling real live data into dashboard style analytics versus kind of more historical looking, I get an export of my system and then start looking at high level analysis, but you start comparing this, you know, even one FTE salary to the cost of fraud. So the, the ACFE estimates every other year what the costs of fraud is for big businesses, the median loss is $100,000. For small businesses it actually doubles to about $200,000. And then if you actually are the victim of fraud, many times you're the perpetrator of fraud additionally, because you were defrauded and you can get fined, you can actually have some violations like related to foreign corrupt practices act that come with criminal repercussions. So when you're talking about, you know, your $1,000 or less for a software license, Tableau is like eight $840 I think right now per user power BI is coming for free with most of 365 subscriptions, a lot of companies are doing their office 365 migrations. You know it's the time that takes to actually start digging into it. But a lot of companies already have people that enjoy this kind of work and if they allow them to proceed with this, they can usually find some good nuggets.
Now, I usually wrap up our conversations by, you know, asking something about the future and I've seen in a recent interview or a question that you answered where you're very cautious in identifying what the future holds when it comes to data analytics because of technology. But I'm gonna ask you anyway, when it comes to fraud prevention, you know, what do you see? Maybe it's the near future. How do you see data analytics helping fraud prevention even more?
I mean, it's a tough question because as you said, I tend not to answer something like that because I can't, I don't have the magic eight ball. I don't have the crystal ball of what's going to happen in the future and things are changing so fast that I can't even begin to comprehend where we're going to be in five, 10 years. But near future, you know, I can take a guess at that. I think what's gonna happening is the change in GL systems like operating accounting systems. You know, QuickBooks was actually one of the first to do this where the GL is no longer a summary of batches that are being held in other modules So sub ledgers are not being batched in putting into the GL. The GL is getting every single transaction and the modules are in effect reporting off the general ledger with additional fields from the table. And, and that's not exactly right on the database architecture, but if you think about batches like daily batches versus each transactions hitting the GL. And you know, as the companies have gone to more ERP style softwares that have larger computing power, you know, some of those legacy softwares that still do things in batches, I'm going to see even more so go away. And I think you're going to be able to gain more information and data just from your GL system. I think it's going to be the big one. And working with large populations of data and looking at full populations. and then I think also the, the model where companies go to ERP's from the smaller market softwares I think is going to be delayed. I think you're gonna start seeing more, you know, you have a smaller system that is a more generic system, your QuickBooks zeroes type of systems as your core GL system. But you have more add-in plugins and the add-ins and plugins are going to start getting so robust and the same capabilities going to improve that you're going to start seeing people stay on longer because they can start doing somewhat best in class for industry niche specialties of their different mainly revenue side of things and then that's going to be summarized into a QuickBooks GL. So you're going to start having this push towards, some information's going to get more centralized and the bigger accounting packages, but in some of the smaller sides you're actually going to have it more distributed. And depending on how the sinking works, you're going to have to start really being very strong, either joining data or somehow comparing data between two different systems or you're getting it back to easier on some of the bigger packages. So I think it's kind of a, a back to the old and, and, and, and the new coming into the old and the old coming into the new and it kind of a mixed match of where different systems used to be in different marketplaces of like in the size of the clients. So I think that's gonna be the future. The short term future trend is a kind of a shift on where the underlying data resides and how that makes for complex analytics. Because you're starting to have to pull in from many different sources potentially, or you get a one big source that's really hard to manage because there's so much data in one system.
This has been Count Me In,
IMA's podcast providing you with the latest perspectives of thought leaders from the accounting and finance profession. If you like what you heard and you'd like to be counted in for more relevant accounting and finance education, visit IMA's website at www.imanet.org