On March 30th, 2022, to wrap up Fraud Prevention Month, MindBridge teamed up with KPMG in Canada for a joint panel on the big “F word” (fraud) and how to build trust in financials with AI. During the show, the panelists covered:
- Society’s impact on emerging risks of businesses
- How business leaders are currently thinking about risk and fraud
- How next-gen tech and procedures can help mitigate the risk of fraud
- Questions from our audience
The members of the panel included:
- John Colthart, VP of Strategic Insights, MindBridge
- Danielle Supkis Cheek CPA, CFE, CVA, VP Strategy and Industry Relations at MindBridge
- Angela Moch, CPA, Partner, National Service Line Leader, GRCS & Global Lead, Governance and IA Services at KPMG in Canada
This panel ran in a question and answer format where our expert panelists gave their point of view on many of the more pressing questions around fraud and how AI or other next-gen technologies can help mitigate the risk of fraud.
This recap will cover some of these questions, and paraphrased answers from the panelists, to give you an understanding of the state of the general sentiment around the “F word” and how others in the industry are working to reduce the overall risk of fraud.
|Thank you to everyone that attended the live event, and for anyone that missed it, you can view a recording of the webinar here or keep reading for a recap of some of the key takeaways.|
Q: In terms of fraud, what are audit boards, CFOs, and Risk Leaders talking about in their circles?
We just did a survey interviewing over 600 C-suite executives, and over 70% of them reported that in the last year, they experienced some instance of fraud risk, whether that be internal fraud, external, or some combination (collusion).
While that’s a shocking statistic, it makes sense if you think about the current state of the world. With a 2+ year pandemic and the current geopolitical tension in the world, so many business factors have gone virtual, which inevitably causes a heightened threat to organizations. In turn, this intensified threat puts additional pressure on controllers and auditors to mitigate fraud as much as possible.
So, at the C-suite level, a lot of the talk is about how you get the proper control structure in place to mitigate some of these risks but still be able to move at pace. Because things are not slowing down in the world, they will continue to move faster.
We also see that the more mature organizations, in terms of how they view risk, are looking at the interconnectivity of fraud, risk, cyber risk, and compliance with current standards. They’re not solving it on a point-by-point basis but looking at it holistically in terms of threat to the overall strategy.
Q: What are the technologies and trends you see in the space?
For us, there have always been pushes toward automation and augmenting the humans so that they can do more with the resources they have – there’s not enough of us to go around. So the trending technology ends up being ones that helped enable humans to make their judgments more efficiently. That leans towards stuff like robotic process automation, various kinds of ensemble AI, or other types of AI technologies.
I think it is a combination of the analytics and the people. As auditors, you’re working with the organization to ensure a robust risk and control structure. And by doing that, you’ve got all these capabilities that you bring to bear. Then when something starts to look a little unusual, or you begin to see a pattern or trend, you’re triggered to notice that something may be there.
And maybe you need to bring in an expert at this point. Because there might be a suspicion of fraud or some cyber issue that you may not be equipped to solve; so don’t be afraid to bring in extras.
Additionally, the other piece is, don’t wait until you’re starting to see that there might be fraud to engage the experts or the technology. Instead, engage the experts upfront about how you design your audit programs or even how you design your business itself.
There’s a team component, a personnel component, and a “how does the business operate” component. Then you have the experts who might be required to get to the outcome you’re looking for, which obviously, is to identify, acknowledge, and ultimately, stop it.
Q: Fraud Prevention has its own month. What would you recommend people do for the other 11 months? How do we enable technology? How do we enable people?
You do this by continuing to have the mindset of mitigating fraud all year. Ensure the programs are there, that you’re tapping into the data in the monitoring, and building those capabilities. All of those pieces need to happen throughout the year.
Keep adapting, keep changing things up, keep looking for those different kinds of things you don’t know may exist, and don’t ever rest on your laurels of what’s worked in the past.
In the past couple of years, We’ve seen how fast society can change and adapt. And when people can pivot on the fly, as they have, even traditional organizations need to get creative and continue testing different things within their data.
Q: Could you dive deeper into Explainable AI? How would you use AI from a fraud perspective?
You have to be able to explain everything in layman’s terms and show how you can prove what you’re saying.
As more computers and technology comes into the picture, people tend to rely on the idea that computers can’t make mistakes; however, that isn’t the case. Humans designed computers, or in terms of AI, humans wrote the original AI code, and regulators have been publicly pushing for transparency of such technologies. It has to be explainable, it has to be transparent, and you have to understand what’s happening. Otherwise, you will falsely rely upon something and make a wrong decision because you were getting poor information in the first place.
For MindBridge, technology, ethics, and explainability of AI is a cornerstone of everything we do. So, we hired the University College of London to do a code-level review of our algorithms to show that they’re free from bias.
It starts with having multiple dimensions available to you. An Explainable AI system should give you a lot of context about what’s going on. The way that MindBridge, specifically, works is to look at unusual amounts for that particular type of transaction at the actual account level, or by the vendor, etc.
This ability to then be able to look at that entry, or that transaction that’s occurring in your business and say, “Oh, I see the five things that it triggered on, and I can see why they’re consistently important” You’re going to then focus on those and use them as your Guiding Light to look for what’s anomalous going on in the business.
When talking about data, especially within the financial ecosystem of the business, you end up with a vast swath of not only what’s happening or who’s making those transactions happen, but you also have much diversity depending on how big and complex your business is.
Using an old-school-rules approach to say, “show me everything that happened on the weekend,” may not be as relevant. Instead, you want to look at the clusters where it actually happened on the weekend with these five other things. That’s where you start getting to a level of explainability that we feel very confident about from a MindBridge perspective.
Q: How can people get started setting up their new program? What guidance would you give them?
First of all, you need access to the data, but from a test perspective or in small pieces. I always use the visual of a puzzle. When you are going to do a puzzle, most people do it a fairly standard way. Almost everyone dumps the puzzle onto a table and looks for the four corners. This method isn’t used because it will give you the best picture or the best starting point of the picture. After all, the picture tends to be in the middle. The reason people find the corners is because they know what the corners look like. They’re easy to find, you know where they go, you can start to get some success, then you begin to build the edges around it. And as you move inward, you begin to get a better idea of the complete picture, which could be the view of your organization, the various risks, and where there could be fraud from a financial perspective or other perspectives.
So that’s the message. Start easy and small with something that may be easy to find, get that success, and continue building and refining. By doing this, you not only get value from potentially uncovering fraud or anomalies, but you also get insights around compliance with controls having been placed on the pieces you already covered.
Many tools can be used for many things out of the box. Use them for those out-of-the-box use cases, then get creative and fine-tune them for what makes sense for your organization.
Q: How do I get my boss to buy in, and how do I make sure I get all the right people involved at the correct times?
If I go back to my puzzle example, start with ‘the four corners’. Start small with something that you have a high change of finding potential risk. One of the easiest places to start is by doing some analytics around distinct areas where you may find fraud, e.g., procurement in the supply chain or employee expenses. Sometimes the best way to get buy-in is to pick those easy areas and get early success.
Additionally, efficiency could be used as a selling point. And while you may not precisely be finding fraud, the value you get from the efficiencies provided or from uncovering anomalies more than pays for the cost of the license to do the analytics or the cost of bringing someone in to do it for you.
Q: How does machine learning work? Is it something that the standards will adjust to so that its evidence is replicable?
There’s already been significant movement in the space as far as standards. So, for example, the International Ethics for CPAs will expect the CPA or CAE to assess the use of technology the same way that they’d expect to evaluate the use of an expert. However, what’s different about that proposed standard is that it also applies to those in industry and in commercial business.
The standards will always be behind innovation because of the due diligence the standards have to go through to ensure no unintended consequences. But the standards have already made the shift and are already going toward not just permissibility but also encouragement.
For instance, if you dive into select industries, like the financial services space, it’s already baked into the regulations that thou shalt use data. So it’s not whether you should use data and do this analysis; there’s an expectation that you should use it if data is leveraged.
When you’re working through technology and get to the level of explainability and understanding as a professional, you need the technology to have some guardrails. In MindBridge, specifically, we give you the version, the weightings, anything else that changed period over period, and then we can actually walk you back to the first time you ran that analysis.
Look for technology providers where you can understand the level of granularity you can get to so that you can get to the level of confidence to then build evidence.
Q: When it comes to organizations that grow through acquisitions, how do you go about finding anomalies when the data isn’t consistent, or the company’s bookkeeping is entirely different?
If you’re new to this space, it probably makes sense to pick a discrete area where the data is consistent instead of solving for the whole organization and its data challenges. However, if you have experience with analytics, or some semblance of continuous monitoring, continuous auditing, or some level of sophistication, there are tools and capabilities to help with the transition.
With those capabilities and tools, such as MindBrridge, you can take very disparate datasets, pull them together, and do analysis across the organization.
Q: What are your thoughts on barriers to something like MindBridge? What guidance would you give?
It’s about finding what message resonates with whom you’re trying to talk to. I learned very early in my career that what I say may not matter; it’s how I say it. And then figuring out through what lens somebody is looking at me.
In relation to MindBridge, I like using tools out of the box first to take on something small. Then, after that, I can figure out what I see and what makes sense and fine-tune from there.
Selling the unknown internally within your organization is very difficult. So I usually put together a phased approach with hard stops at the end of each phase. And then we say, “this is what we’re going to assess for”; what is phase two? And then what is phase three? And there you get the structure around the unknown of “what does the next step look like”?
Be aware of the pressures of whoever’s making the decision, tie in to those pressures, and then try to put some structure around what is known to be unknown. Give people comfort that it’s not just some wild goose chase but that there is structure. We have to know the results of phase one to get to phase two.
Fraud happens, and frankly, no organization is immune to its susceptibility. As the market evolves and society introduces new legislation, stakeholders will continue to scrutinize operations, thus increasing expectations of audit quality and rooting out fraud. Additionally, changing societal norms have presented auditors with new obstacles in the way they work with their teams and clients.
To combat these changes, organizations must adopt a more provocative risk management approach using next-gen technologies and procedures or risk running into an even bigger “F word”— failure.
Technology isn’t a nice-to-have anymore; it’s a must-have. First, however, we must ensure people are educated and brought along the journey to use technology most effectively. When it comes down to charting a course for your business or organization, it’s all about making sure that you bring people, processes, and technology into an aligned phase. Do something small to get to a good answer and get to the next phase.
For a more in-depth discussion on the topics presented above, click below to watch the entire webinar.Watch Full Webinar