Big Data, Technology and the Changing Face of Forensic Accounting
Introduction
For several decades, there has been increasing reliance on forensic accountants to use their expertise to assist in litigation matters. Forensic accounting and corporate intelligence skills have both long been essential elements of any effective financial investigation, whether related to fraud or other malfeasance. In addition to these disciplines, the importance of technology to buttress these disciplines is frequently underestimated. Leaving aside the considerable commercial applications, the role of the modern forensic accountant in litigation upholds these two pillars of the profession in three ways: to unravel and explain new and creative areas of financial fraud, to master and demystify technologies used in fraud schemes and to increase the likelihood of successful enforcement of judgments.
Here, we present a few of the technological challenges forensic accounts face in litigation support, together with the solutions being promoted by the profession.
The modern role of forensic accounting
Until recently, forensic accountants honed their craft by becoming part of the broad field of corporate advisory. This most often intersected with areas peripheral to the current forensic accounting niche: insolvency, restructuring, risk, compliance and management consulting. Forensic accountants can now earn specialist designations that attest to their proficiency in each area where their skills are now frequently called upon: computer forensics, insolvency, valuation, and asset tracing (virtual, financial and tangible), identification and recovery. In addition, many reputable universities now offer education streams in forensic accounting, which trains students to collect and interpret evidence of financial fraud.
What we now identify as a forensic accountant is most often a Certified Public Accountant (CPA), with additional experience and training in one or more specialisations. That's not to suggest that a well-rounded investigation team cannot be made up of a diverse group – just the opposite, in fact. The scope of forensic accounting has expanded over the past 10 to 15 years, requiring its practitioners to operate an expanded skill set that is conversely broader and more specific. Because of this, the modern, effective team is diverse and possesses expertise in several overlapping areas: accounting, insolvency, law, appraisal and communications, as well as more traditional fields of business intelligence and fact-finding. With these specialisations, the modern forensic accountant is now an essential position with the legal support team.
Our preference, typically, is that investigators work directly with the client's legal team or external counsel for greater synergies. It is also where forensic accountants add the most value to the legal support team. Having a forensic accountant as part of the litigation team at the planning and management phases of any investigation allows forensic accountants to design actionable investigation programmes from the beginning. As well as being collaborative, investigative goals can be aligned with the later formulation and support of a claim as the driving influence.
For example, in the context of litigation support, forensic accountants can be involved at an early stage to add value by preparing a list of documents, which might aid the litigation case for discovery purposes. Consequently, they can ensure the completeness of disclosure documents, assemble piecemeal financial documents and information, and interpret and relay the story behind complex transactional data. Forensic accountants can also undertake pre-litigation assessments to inform clients whether the likelihood of award enforcement is potentially remote, to avoid 'throwing good money after bad'.
Forensic accountants possess a combination of expertise in finance acumen and traditional information gathering techniques. This is complemented with cutting-edge technology to collect and understand patterns in large datasets. And it is this last point we will explore in more detail in the context of litigation: overlaid across the required competencies for forensic accountants is the demand that their analytical skills are enhanced with computer-assisted methods including, artificial intelligence-enabled assessment tools.
2024 trends and fraud overview
When an employee, manager, officer or owner of an organisation commits fraud to the detriment of the business, it is known as occupational fraud. When technology is used to commit such fraud, it is called computer-based occupational fraud. Occupational fraud trends spanning the covid-19 period were associated with the sudden shift to remote offices: many employees quickly moved to working in less secure environments. At the same time, there was an immediate increase in electronic communication. Regular procedures were disrupted, and working remotely provided an opportune setting for occupational fraud schemes: it was easier to create fake signatures, request fraudulent payments and falsify invoices or other accounting records unsupervised. Aside from internal threats, external threats also increased: remote workers are more vulnerable to cyberattacks such as phishing attempts, which trick recipients into downloading malware or innocently and unwittingly granting access to sensitive company information. Covid-19 made it harder for internal auditors to prevent, detect, deter and investigate fraud because of travel limitations, ongoing delays in communications and engagements, and a lack of access to evidence. Anti-fraud professionals typically cite three challenges associated with remote workforces: interview challenges, change in control and lack of oversight. The other perspective of this is, of course, a formidable opportunity for fraud to occur. Visibility and supervisory issues were problematic internally, as above, but were equally problematic for external parties including suppliers, customers, lenders, statutory bodies and regulators as well. For example, overseas lenders experienced difficulty in verifying that businesses in jurisdictions with severe travel constraints were in fact still operating rather than having been mothballed. With travel and related restrictions now largely lifted, more of these frauds are coming to light, and this trend is expected to continue throughout the year.
The 13th edition of the biannual publication of the Association of Certified Fraud Examiners (ACFE) Report to the Nations (2024) provided an important high-level perspective on the rise of occupational fraud. The report is a comprehensive study of the costs, methods, victims and perpetrators of occupational fraud, compiled from 1,921 real cases of fraud investigated in 138 countries, which totalled US$3.1 billion in losses, with an average loss per case of US$1.7 million.
The report found that organisations lose approximately 5 per cent of revenue each year to fraud, principally stemming from asset misappropriation, corruption and financial statement fraud. Three primary categories of fraudulent schemes[1] tended to be the most prevalent in the cases reviewed:
asset misappropriation, entailing the theft or misuse of company assets. This type of fraud is the most common, occurring in 89 per cent of the cases reported, but are also the least costly, with an estimated median loss of US$120,000
financial statement fraud, which involves a deliberate over- or understatement of financial statement figures to deceive the users of financial statements – the shareholders, creditors, bankers, customers, tax authorities and the wider market at large. This type of fraud is less common than asset misappropriation, occurring in only 5 per cent of the cases reviewed, but is the costliest, with an estimated median loss per case of US$766,000; and
corruption schemes, which involve dishonest conduct of people in position of power, which includes, inter alia, bribery, kickbacks, conflicts of interest and extortion. These schemes occurred in 48 per cent of the cases reviewed.
Aside from pandemic-related security issues, the most prominent financial trend that contributed to the rise in fraud cases has been the surge in blockchain technology and the associated use of cryptocurrencies and other virtual assets. In an evolving digital landscape, the latter has created new methods for money laundering and collecting ransoms, particularly when it comes to perpetrators who engage in bribery and kickback schemes to aid the conversion of misappropriated assets. Of the cases analysed, 4 per cent had an element of cryptocurrency, with 47 per cent of those involving conversion of stolen assets into cryptocurrency, and 33 per cent involving bribery or kickback payments made to co-conspirators in cryptocurrency.
The implication for forensic accountants is clear: occupational fraud is predictably on the rise. Particularly vulnerable are those organisations that were overconfident regarding their data protection. The common thread in nearly every publication covering the fraud landscape during the course of the pandemic was that a specialised toolbox is required by those seeking to undo financial wrongs in order to comprehend the myriad ways modern financial crime is conducted. This remains the case today.
How then are forensic accountants best suited to assist in the fight back against such rampant abuse? In the next section, we examine the nature of investigating frauds whose evidentiary trail lies in what we refer to as 'big data'.
Accounting fraud and big data
When we think of big data in fraud investigations, we imagine an impenetrable maze of figures: transaction numbers, journal entries, time stamps, names, places, text messages, telephone records, keystrokes, mouse clicks, IP addresses, blockchain entries, relationships and other identifiers. This is not far from the reality. There is no formal threshold for the size of data that can be referred to as 'big data'. Its classification, much like its content, is much more complex than a number, although one terabyte appears to be currently accepted as a dataset that qualifies as 'big data'.
Such massive collections of information arise as a mechanical result of the large amounts of transactional information collection and creation from several interrelated industries: inter alia, transportation, telecommunications, marketing, entertainment, banking, financial services, healthcare, government and cybersecurity. Relating specifically to these industries and their information overflow, big data analytics has become an essential research topic in recent decades. In this context, the commercial interest in big data relates to the process of uncovering trends, patterns and correlations in large amounts of raw data to help make data-driven decisions. Much of what we hear about big data relates to how organisations attempt to (or fail to) organise it, secure it, integrate[2] it, study it and create predictive models based on it. On the other hand, the forensic accounting use case for big data relates to the implications for both burying evidence of fraud and revealing the evidence of fraud.
To get a better idea of where this data is being generated from and where it is maintained, it is helpful to note that for any given firm – and indeed for any and all of the firm's individual agents[3] – there will be both a centralised domain of information held within the firm itself as well as a dispersed collection of information held in various forms externally. In the former case, various categories of relevant information, each of them representing a distinct and potentially 'big' dataset, can be found within a firm's books and records, and is collected from multiple data sources: computers, smartphones, websites, social media networks, e-commerce platforms and now internet of things (IoT) devices. During an investigation, forensic accountants are likely to seek access to as large a pool of relevant internal information as possible. Expanding the data horizon even further is all the pertinent information that lies outside the premises of the company and its advisers – the external accountants, bankers, insurers, lawyers, service providers and so on.
The data gathering process is followed by the integration of that information. At a high level, this is where we compile, summarise and report on the data collected before we can zoom out to see the big picture and where we can see how certain identified transactions of interest sit within and stand out among the overall 'story' of the data. Since information retrieved from disparate sources is often difficult to compare, the aim of the integration stage is that the relevant data, collected from different sources and in different formats, will eventually need to be amalgamated and displayed visually in what can be thought of as a sort of relationship chronology. In so doing, forensic accountants are concerned with the constant and evolving challenges inherent in integrating data so that it can be visualised and distilled into knowledge that can be understood and applied in the litigation setting.
Taking a hypothetical example of a billing scheme[4] perpetrated by the accounting staff of a retail company over a one-year period, this would require the analysis of its purchase and payment data over the relevant time frame. With every transaction, the company is going to generate a lot of information, so it is conceivable that the universe of potentially relevant information would easily be in the range of tens of millions of lines of data. The challenge therefore is synthesising an enormous amount of information into a format that can be applied to pattern analysis with the aim of, for example, identifying unusual fund movements that signal fraudulent transactions. Afterwards, the investigation team needs to illustrate (most often using relationship diagrams) its conclusions in a manner that can dovetail with a compelling story that has a logical beginning, middle and end. This way, forensic accountants are concerned with a narrative that relates every relevant detail of the fraud; a chronology that translates accounting concepts and all other material data points into facts that are usable in a legal setting. For instance, who was involved, how was the fraud perpetrated and over what period, how much money was misappropriated, how did the funds flow to illegitimate destinations, is the destination of the funds known, and what are the impediments to recovery?
Certain types of investigations are more prone to big data issues than others. Credit card fraud, market manipulation, corporate fraud and money laundering matters most commonly saddle legal teams with overwhelming amounts of transactional information in which significance and meaning is easily overlooked or misunderstood. Likewise, the consequence of expanding digitisation is that many other types of cases, formerly not prone to such data burdens, will pose similar challenges in the future.
We have briefly touched upon the commercial sources of big data. In these cases, the uses of big datasets are most often applied to incremental operational efficiencies that can lower expenses, reduce time to market for innovative product features, identify promising new market segments, guide the development of new products and services, and more generally create a culture of evidence-based decision making. The uses of big data for forensic accountants are quite different.
In the context of an asset tracing or debt recovery investigation, investigators often use software specifically designed for illustrating, inter alia, personal and professional links between individuals and companies involved in the movement of assets being traced. The basis for establishing the links is their proximity to the asset movements under scrutiny – some of which may not be obvious at all. Many pieces of information, such as names of individuals and companies, addresses, phone numbers, birthdates, internet domains, blockchain records, accounting ledger data and bank account data are integrated with the aim of identifying the whereabouts of assets and those responsible for their movements. Throughout 2023 and into early 2024, as more regulations are put in place for digital assets and trading platforms and investigation tools become more widely adopted, investigators are becoming better equipped to handle the urgency of digital asset misappropriations and can more rapidly access and interpret blockchain information with actionable conclusions. In the context of money laundering, authorities are usually set in motion by one or more red flags raised by the financial system: unusual transactions, seemingly illogical high-volume payments, immediate withdrawal of funds from accounts, discrepancies in the identity verification or due diligence process, and frequent conversions to name a few. Once an investigation is under way, the movement of funds through numerous bank and securities accounts is often necessary to reveal certain hallmarks of money laundering: placement, layering and integration. Information applied to such cases is principally bank account transaction data, although there is no outer-bound to the sphere of information that may also be called upon to either support or undermine the explanation of seemingly illicit transaction patterns, once detected.
Valuation matters present other big data problems entirely. In the context of statutory appraisal litigation, such as those required under Section 238 of the Cayman Islands Companies Act (2022 Revision) for example, disclosure orders are often drafted in a manner that requires the subject company to produce large swathes of financial data that includes (at a minimum) volumes of internal and external communications, meeting minutes and financial projections, including outdated versions, drafts, supporting documents and internal calculations. Given valuations conducted for Section 238 proceedings take account of both public and private information relevant to the subject company, discovery needs to address a substantial informational gap. While disclosure in such matters typically imposes significant obligations on the company in question and often requires that the company produce volumes of data that are inevitably unhelpful to the valuation exercise, this is necessary since, from a valuation perspective, the valuation experts need to gain a full and accurate understanding of the condition of the company, its past history and its future prospects at the relevant valuation date. Sorting through the discovery production and identifying documents of interest is often a big data challenge assisted by artificial intelligence.
The biggest value of big data is its ability to illuminate previously unseen insights. But that data is effectively useless if the intended audience cannot easily understand it. That is why how it is communicated is so important. Several analytics software programs can offer the ability to transform data into relationship charts or other visual formats, to provide a clearer picture of the intended insights.
Visual database software is applied to create a link analysis that summarises and illustrates the information collected. This seemingly disparate web of data points, once integrated, can be used to conduct a link analysis to determine the title of assets or to identify otherwise hidden relationships between entities and individuals. For example, the Washington-based International Consortium of Investigative Journalists (ICIJ) maintains the ICIJ Offshore Leaks Database, which is a very good, publicly available example of visualisation using Neo4j and Linkurious software applied to big data sets. As a public source, albeit containing the output of several embarrassing public data breaches, the ICIJ Offshore Leaks Database is also a very valuable teaching tool to illustrate how software allows comprehension of big data. More topically, the ICIJ Offshore Leaks Database intends to increase awareness of cross-border crime, corruption and the accountability of power. In this example, the visual database illustrates how offshore entities are used to disguise sources of wealth, though the data itself seems to be most newsworthy when it concerns the offshore activities of world leaders.[5]
Why is specialised software required to access and understand big data? Excel, for example, can only handle 1,048,576 rows by 16,384 columns of information.[6] While this is sufficient for many sizeable collections of transactions, spreadsheets alone are no longer sufficient to perform meaningful analyses of the large datasets that are becoming increasingly common. The key considerations in the process of handling big data are data integration (as above), and data validation – tying the data to a reliable source.
In order to effectively test, detect, validate, correct and monitor control systems against fraudulent activities, businesses entities and organisations rely on specialised data analytics techniques such as data mining, data matching, sounds like function, regression analysis, clustering analysis and gap analysis. Techniques used for fraud detection fall into two primary classes: statistical techniques and artificial intelligence.
Some forensic accountants specialise in computer forensic analytics, which is the procurement and analysis of electronic data to reconstruct, detect, or otherwise support a claim of financial fraud. The main steps in forensic analytics are data collection, data preparation and integration, data analysis, interpretation and reporting. For example, forensic analytics may be used to review an employee's card purchasing activity to assess whether any of the purchases were diverted or divertible for personal use.
Artificial intelligence, the branch of computer science that deals with the automation of intelligence behaviour, includes several techniques such as machine learning and deep learning that can also assist. Artificial intelligence solutions may be classified into two categories: 'supervised' and 'unsupervised' learning. These methods search for accounts, customers, suppliers and so on that behave 'unusually' to output suspicion scores, rules or visual anomalies, depending on the method. Supervised learning is based on training data of known fraud and legitimate cases while unsupervised learning uses data that is not labelled as such. Bedford's law,[7] commonly used as a baseline for determining whether a dataset is genuine or fabricated, is an example of unsupervised learning. In supervised learning, a random sub-sample of all records is taken and manually classified as either 'fraudulent' or 'non-fraudulent'. Relatively rare events such as fraud may need to be over sampled to get a big enough sample size. Records classified manually as 'fraudulent' are then used to train a supervised machine-learning algorithm. After building a model using training data, a properly trained algorithm should be able to classify new transactions as either 'potentially fraudulent' or 'unlikely fraudulent'.
Whether supervised or unsupervised methods are used, the output gives us only an indication of fraud. No stand-alone statistical analysis can assure that a particular transaction is a fraudulent one, but it can identify them with very high degrees of accuracy. As a result, effective collaboration between the machine learning model and the forensic accountant is vital to both the success of fraud detection applications and, in the litigation setting, the ability to explain their output meaningfully.
In the litigation setting, much of the transactional data required needs explanation and context before it can be understood by the intended audience. Having some sympathy for the judiciaries that also now need to comprehend how they demonstrate the frauds in question, the most effective use of a forensic accountant is in filtering the material transactions at issue and in communicating their underlying substance. Ultimately, the risk of leaving the investigation of financial records and big data in untrained hands is that the story in that data will be neither faithfully reconstructed nor succinctly communicated.
Data mining identifies patterns and relationships hidden in data and is part of a larger process called 'knowledge discovery', which describes the steps that must be taken to ensure meaningful results. This makes data mining very valuable in fraud prevention and detection since it classifies and segments data groups and looks for patterns. Suspicious patterns are then learned and used to detect further repeating patterns. Big data analysis and data mining techniques help forensic accountants identify patterns and generate hypotheses, but it does not itself validate hypotheses.
Evidence collected using big data solutions can carry huge weight but, when combined with the analysis of forensic accounting investigators and expert witnesses capable of communicating their implications, their power is further enhanced, and they can lead to compelling conclusions. It is the seamless blending of these two very different investigative approaches which can, in many cases, be the making of clear-cut success in a fraud investigation.
While fraud continues to increase, so do the consequences of related activities.
Big data fraud detection in the hands of forensic accountants is an innovative way to use trends to prevent and detect suspicious transactions and activities since even slight differences can be picked up, analysed and red flagged as potential fraud activities.
References
Association of Certified Fraud Examiners Inc, 'Occupational Fraud 2022: Report to the Nations'.
'Data trove offers glimpse of how the rich hide their money'. The New York Times. Associated Press. 4 April 2016. Retrieved 4 April 2016.
Bilton, Richard (4 April 2016). 'Panama Papers: Mossack Fonseca leak reveals elite's tax havens'. BBC News.
International Consortium of Investigative Journalists, The Panama Papers, accessed 30 March 2022, https://www.icij.org/investigations/panama-papers/.
Dr Raffaele Marcello, Universita Telematica 'Pegaso'. 'The use of Big data in analytics and artificial intelligence tools to prevent fraud in the audit field: A conceptual frame'.
Crumbley, Heitger, Smith. Forensic and Investigative Accounting, 7th Edition. 2015.
Endnotes
1 Based on a review of more than 20,000 occupational fraud cases reported by Certified Fraud Examiners since 1996.
2 Big data comes in diverse forms and formats and originates in many different places. Integration refers to the means by which analysts ingest different formats of data into a single repository and transform it into a unified format for analysis tools.
3 According to an oft-cited albeit poorly referenced statistic, every person on earth created an average of 1.7 megabytes of new data every second in 2020, and only a small minority capable of being analysed, leaving an ocean of untapped information.
4 Billing scheme: an occupational fraud scheme in which an agent causes their company to issue a payment by submitting invoices for fictitious goods or services, inflated invoices or invoices for personal purchases. Billing schemes are usually classified into three categories: shell company schemes, non-accomplice vendor schemes and personal purchase schemes.
5 On 3 April 2016, the German newspaper Süddeutsche Zeitung announced that 11.5 million confidential documents from the firm had been leaked to them. These documents, dubbed the 'Panama Papers', reveal how clients hid billions of dollars in tax havens. The 2.6 terabytes of data was given to Süddeutsche Zeitung in 2015 by an anonymous source. Because of the amount of data, assistance from the ICIJ was sought. The review of the Panama Papers data implicated at least 140 politicians from more than 50 countries in tax evasion schemes.
6 Excel for Microsoft 365, Excel 2021, Excel 2019, Excel 2016, Excel 2013, Excel 2010, Excel 2007.
7 Benford's law, also known as the Newcomb–Benford law, the law of anomalous numbers, or the first-digit law, is an observation that in many real-life sets of numerical data, the leading digit is likely to be small. In sets that obey the law, such as population counts, accounting data, and network traffic, the number 1 appears as the leading significant digit about 30 per cent of the time, while 9 appears as the leading significant digit less than 5 per cent of the time.
This article was authored by Gwynn Hopkins and Tavish MacLean and originally published by Lexology. Download the PDF here.