In the past, forensic investigations involved a paper trail, reviews of hard-copy files, and interviews. Today, they cannot be performed without IT and access to digital sources. In this article, Jack de Raad gives his view on the future of forensic investigations. The explosive growth of data and digital capabilities will play a major role in future developments.
Looking at the Future
There are two major developments which will have a significant impact on Forensic Investigations, specifically on the technological aspects. One is the ongoing exponential growth of data, as private business data is estimated to double every 1.2 years, and the other is the evolving predictive power in the field of Big Data & Analytics. The latter is driven by techniques based on Artificial Intelligence, but equally by the increase of powerful analytical and visualization software.
Currently, we are already working with algorithms that can detect anomalies ([Rijn11]), which are often strong indicators for fraud, based on data itself instead of known fraud detection rules. This enables fraud investigators to go through all three layers in fraud detection, i.e.,
- confirming known facts when using your data;
- identifying areas of anomalies based on predefined risk indicators (e.g., transactions performed by super users); and
- identifying new areas of risk without the use of prior knowledge.
Behavioral Analytics and Prediction
We expect that in due course we will develop strong capabilities in the third layer of fraud detection, which will even enable us to predict fraud based on the “behavior” of data. This may refer to the behavior of organizations, extracted from financial figures in annual statements or their presence in (social) media. Another interesting angle, however, is the analysis of the behavior of individuals extracted from e-mail data, business chat platforms or basically any digital traces left by individuals, the number of which is growing every year. Such behavioral analytics need to be given careful thought and require sophisticated procedures to ensure the data privacy rights of the individuals involved.
A good example of how sophisticated fraud detection algorithms are already being used for real-time monitoring is found in the financial sector. When, for example, a credit card company identifies irregularities in your credit card usage compared to your historical usage, they will give you a ring to verify that it was indeed you who performed the transaction. We also see developments, mainly in the scientific domain for the time being, in the prediction of financial statement fraud ([Dong14]).
We expect that in the future, fraud prediction will be as common as the weather forecast and equally accurate. All the same you are advised to keep a spare umbrella at your elbow, especially if you live in the Netherlands.
The Game Changer for our Developments
Another notable phenomenon is that fraud risk is higher on the agendas of organizations than ever and has become a common topic for discussion in the board room. Organizations often have dedicated “anti-fraud” departments investigating internal indications of fraud and seeking to prepare themselves better for the handling of fraud cases. This is driven by examples of fraud cases where companies were completely taken by surprise, with devastating consequences.
Internal or External Investigations: That’s the Question
The fact that every large company has reasons to perform an internal investigation once in a while has not changed over time. These days, however, technology plays a much bigger role in such investigations, which often involve electronic searches of e-mails, documents and even speech files such as phone calls. So, the amount of data and its complexity has increased considerably over time.
Over the last 10 years we have often assisted companies in performing ad-hoc investigations. Generally, they had no predefined procedures for such investigations. So, to obtain digital data such as e-mails and documents, we often had to ask an IT administrator to secure data for an investigation for the first time. As a result, important data is often difficult to access or even unavailable, and valuable time was lost checking whether certain investigative steps were not inconsistent with internal policies.
Nowadays, we usually see IT administrators familiar with the drill. It is not the first time they have to collect data for an investigation and they are perfectly aware that it is not very likely to be the last time either. These organizations feel the need to formalize procedures when it comes to internal investigations. They want to make sure their IT systems are configured correctly and all relevant data is available when needed. Nor are they reluctant to hire external resources when needed, negotiate terms & conditions or get acquainted with the external team members and get them up to speed with the company’s details and specifics. In other words: they want to be prepared.
We cater to these companies by assisting them proactively by means of Forensic Readiness Services. This includes getting to know the company, its IT infrastructure and the team that is responsible for conducting internal investigations. We assist them in implementing formalized procedures, organizing their data and IT assets, by sharing information on trends in fraud and finally, by training the team to the latest standards. Once we have assisted an organization to achieve Forensic Readiness, internal investigations are handled much more efficiently. When a whistleblower reports a serious incident, the team can start right away, the IT department knows what to do to freeze the data required for the investigation and the investigation is performed efficiently. In the end, these kinds of investigations will often be less costly, produce more conclusive results and have less impact on the daily operation of the organization and its reputation.
The arena of forensic investigation has evolved considerably in the last few decades. From the paper office review it progressed to rule-based analytics on known fraud symptoms, and from rule-based analytics it is evolving into predictive analytics. Expectations are that the growth of data, and the advancing field of Big Data & Analytics will have tremendous impact on the field of forensic engagements. This is likely to lead to enhanced use of available data and ability to predict fraud.
We expect that in the more recent future companies will want to prepare themselves for forensic investigations. This makes perfect sense, as the past has taught us that forensic investigations may have a negative impact on various aspects of the company. Adequate preparations will reduce the impact, and predictive analytics may even help render investigations superfluous.
[Dong14] Dong, Wei et al., The detection of fraudulent financial statements: an integrated language model, 2014.
[Rijn2011] Q. Rijnders, P. Özer, T. Eijken and V. Blankers, Zelflerende software detecteert opvallende transacties, MAB, maart 2011.
Jack J. de Raad is Chairman of Forensic and IARCS The Netherlands, EMA Forensic Chairman. He joined KPMG in 1996 and heads the Forensic and IARCS practice, a department of approximately 100 employees. Jack has carried out and led numerous cross-border investigations for large multinational companies, across all industrial sectors. Engagements have also included Dispute Advisory services and Forensic Technology services for various organizations, the specification and implementation of automated transaction monitoring technologies and advisory activities focusing on the development of anti-fraud strategies for multinational companies. He participated in setting up the Global FITA (Forensic in The Audit) initiative in 2002, which involved various forensic specialists joining KPMG audit teams aiming to enhance audit focus relating to fraud risk areas, including the risk of bribery and corruption. Jack is also an active member of the Global Forensic Executive Committee.