Thursday 24 November 2011

All fraud is detectable

I am in the business of fraud risk management solutions, enterprise-wide... with probabilities and certainties, based on assumptions or balanced scorecards. Of course, there are variables (predictive analytics), but that does not detract from the fact that you can model and measure risk. 

There are some atypical risks that are largely dependent on mathematical probability and are unpredictable.

That does not mean that risk, being a measurable quantity, is consequently negated. It means that your models built initially on the known are subject, to varying degrees, to variables... in the final analysis.

There is a pure and speculative risk. It is the pure risk we want to manage and the speculative risk that we want to aggregate and predict. The problem is that there can be events that occur that were not expected (considered in the evaluation of the risk) – such as a natural disaster, or other unplanned events.

It is, of course, easier to manage when such speculative risk is known.

Then, of course, there can be dirty data and consequent “black swans” such as the unfolding disaster at Olympus, the Japanese maker of cameras and endoscopes, which has been found hiding losses by treating them as assets since the 1990s.

Once we have that assumption, we can now construct our model to include the absolutes and also the variables. In come the data mining tools and the mathematicians (quants).

We use data mining for practical exceptions (compliance and control) and data analytics. We can apply logarithms, algorithms and equations... mathematical formulae to measure ambiguity – one element factual and the other hypothetical.

For me the challenge isn’t whether risk can be measured, but rather what risk can or can’t, should or shouldn’t be measured based on fact and probability when measured against return on investment.

This in and of itself creates an additional risk – potential oversight based on expediency.

As such, any risk model must start on the systematic identification of known risk (pure) enterprise-wide and drill down into the unknown or the weighting of probabilities based on statistical data. 

The only question remaining is to what degree the precise and imprecise impact the efficiencies of the overall model. Therein lies the variable and the common pursuit of the purists. 

Risk models can only be developed under enterprise-wide risk frameworks/guidelines.

The principle of enterprise-wide fraud risk management (EWFRM) is younger than the forensic audit profession and even younger than corporate governance.

In order to manage fraud risk enterprise-wide, one needs to study and capture fraud risk enterprise-wide and then map the risks horizontally and vertically.

It is my opinion that most, practically all, risk managers today simply haven’t spent enough time studying and understanding every facet of the enterprise to be even close to calling themselves experts.

From my experience, at least 95% don’t even know what EWFRM is. This presents a challenge - a significant challenge.

It is high time that the full spectrum of audit due diligence, internal assurance and annual attestation is digitised along internationally accepted standards, removing the subjectivity of the individual auditors representing the big firms.

Forget Ansbacher, Enron, WorldCom, Parmalat, Société Générale, Dynegy, Qwest, Freddie Mac, Refco, BCCI, Dexia, Owen Wiggins Group, Regal, Barings and the litany of corporate corpses.

There have been so many massive corporate failures after getting the all-clear from a big four accounting firm that auditor opinions are becoming a joke.

Regulators for decades have tried figuring out ways to get around this fundamental flaw by passing all sorts of rules requiring that auditors be “independent” and that they exercise the requisite standards of care, yet waves of accounting scandals keep coming.

Performing an audit and exercising due care isn’t rocket science.

All fraud is detectable, because all fraud must be expensed. Accounting is a double entry process - for every transaction there must be a flip side to the transaction.

Take Olympus for instance, if Olympus was concealing losses as assets, you can’t create an asset unless you create an expense and you can’t create an expense without creating a payment.

Basically for every asset there must be a “cost of goods” or “cost of asset”.

To make a camera or endoscope, you must buy in raw material or components. To create hundreds of millions of dollars worth of stock, you must create hundreds of millions of materials purchase orders and payments

To conceal these losses by hiding the losses in fictitious assets is a monumental task. In fact, usually these frauds manifest in the form of large and unusual adjustments at year-end because of this complexity. So picking this up shouldn’t be too difficult, and it isn’t.

The answer is the digitisation of the process of audit and assurance – the business intelligence exists, so does the technology.
The race should be on to develop the models and the world bourses should be clamouring for these solutions.

http://www.iweek.co.za/byte-a-bit/all-fraud-is-detectable

Tuesday 11 October 2011

Basket case or case for Dr. Livingstone?


Three years ago or so, I was invited to Zimbabwe to speak on the subject of Fraud Management by the Institute of Chartered Accountants at their winter school in Vic Falls.

I decided to make the trip by road electing to turn the invitation into an adventure.

As that wise saying goes, many a road to hell is paved with good intentions.

Zimbabwe three or four years ago was a wasteland if you ventured into the country by road.

I took the trip in a Nissan 4x4 Double Cab stockpiled with jerry cans of extra fuel that simply wasn’t enough to get me from Pretoria, through Musina, Bulawayo, on to Hwange and finally Vic Falls.

I made the mistake of offering to pay a local familiar with conditions on the ground I found in South Africa to drive my wife and I as far as Bulawayo, where I would leave them with their family and pick them up on the way back.

Our “local” had two things against him, if you discount his personality, I was to discover.

The first was the fact that he only had one eye, and the other, he couldn’t add.

On a road trip where the fact that a country is in the grips of a total economic meltdown can prove reckless and just mildly inconvenient when the consequence of economic meltdown is a complete lack of fuel or food on the shelves.

Hurtling through the night on ill defined and crumbling roads driven by a one eyed Kamikazi pilot is also not as fun or exiting as one might expect.

The fact that he was from Bulawayo and miscalculated the distance from Bulawayo to Vic Falls by 600 kilometres round trip didn’t help?

Zimbabwe at the time was a ghost country.

We travelled for hours without seeing another car in any direction.

We solved the fuel issue by finding black marketeers that sold us fuel for an extortionate R12 a litre?

Vic Falls, which is what this is about, at the time, was a town in the grips of starvation.

It was heartbreaking to witness the coal face of Zimbabwe’s failed policies.

Last week I once again made the trip to Vic Falls to lecture but without the David Livingstone spirit, I flew.

What struck me was the fact that my flight was packed.

So was the sleepy town of Vic Falls.

The place was abuzz with visitors from the four corners of the globe, a veritable league of nations following the footsteps of that intrepid explorer of yonks ago and marvelling at the sights and sound of the great Zambezi River.

I was booked to stay at a place called a-Zambezi River Lodge, a mere kilometre or two from town on the banks of the Zambezi.
Unconvinced by the throngs of tourists any reservation I had about returning to Vic Falls was dispelled.

a-Zambezi River Lodge turned out to be a hidden gem, revamped at a cost of R40 million it is a destination of note and judging from the number of guests at dinner, a not very well kept secret.

Maybe the Government of National Unity isn’t working but someone forgot to tell Vic Falls that?

Well apart from the more obvious, the thing that’s got me thinking is the state of ICT in the country but more specifically internet connectivity and cell phone coverage, signal quality and reliability.

There’s something to be said for enjoying free Wi-Fi access in the middle of the African bush.

Okay, let’s rethink complaining about bandwidth.

Connectivity in Zimbabwe is poor, very poor, although I’m sure Econet isn’t.

The question is where to now for Zimbabwe?

Judging by the patently obvious economic activity funded by cold hard tourist US $’s, the desperate need for spending in ICT for any economy that wants to be relevant, Zimbabwe is stirring.

Naturally the nationalisation debate still has investors spooked.

What can’t be ignored is the fact that our northern neighbour is starting to look viable again and that bodes well for the region.

The question isn’t whether Zimbabwe is or isn’t relevant given the existing climes.

The question is whether the Mugabe Regime is?

The fact is I’ve experienced enough seasons to know that they change and whether the Mugabe Regime is relevant or not, or will remain so if it still is doesn’t really matter.

The reality is that the digital age is here and its here to stay.

Zimbabwe has only one way to go and that’s up no matter what.

Having spent enough time in that country throughout its economic meltdown, the one sector begging for ICT, dripping with opportunity and pointing a more seductive beckoning finger at entrepreneurs than a hooker at a beer fest, its jolly old basket case Zim.

So if you have a bit of the David Livingstone in you, some spare cash and operate in the ICT space, open a little office in Harare and start looking around.

Saturday 8 October 2011

Killers in our midst


This past week the media were at pains to point out that a “gay” man had been found bound and gagged in his home and had it appeared been strangled to death.

My immediate reaction to the headline was why it was deemed necessary to label a victim “gay” or “heterosexual”, as if this mattered a jot? 

Someone murdered is simply someone murdered. That in of itself is a tragedy. 

In any event it didn’t take too long before I was extremely grateful for that headline. 

The reason being that as the news story unfolded my mind kept going back about five years to when I had one of those dreaded phone calls notifying me that a friend of 20 years had been murdered in his flat in Linden. 

There were many similarities between the profiles of the two victims. 

Sinisterly it also crept into my mind that there also too many similarities in the crime scene.

I couldn’t help myself from thinking long and hard that there was a distinct possibility that this latest murder was the work of a serial killer. 

I simply could not let this uneasy feeling rest and found myself communicating with friends and family of the recently deceased via an online memorial site put up on Facebook. 

It turned out that the journalist, who broke the story, broke the story because he knew the victim. 

After chatting with the journalist for a short while and comparing notes we both felt there was merit to my suspicions and we began to ask questions about the possibility that there may be more victims of this type of crime. 

What I discovered rather quickly was that while the crimes were reported to the police as murders often happen to be, the murders themselves were not covered at all in the media. 

As I scoured the newspapers for any story at all on the demise of my late friend in such a heinous, lonely manner I discovered I couldn’t find a single sentence. 

It quickly became apparent that these types of murders weren’t the type loved ones wanted covered in the media. 

Who wants to add insult to injury to a grieving family by seeing a story of a “gay” man, bound and naked, dead in what appears to be a sex game gone wrong? 

Not many I can assure you. 

Then of course there are the SAPS themselves. 

South Africa is a homophobic society whether you like it or not and I suspect the murder of “gay” men doesn’t feature high up on the investigation priority chain. 

As a result it seems to me that this type of crime can continue unnoticed and that if a serial killer were on the loose, we wouldn’t notice for a long time if at all. 

It seems though, that the journalist is hot on the trail of the likelihood of a serial killer operating in the Johannesburg environs and that there are at least 4 similar murders in the past few months.

Well the SAPS don’t have to break their backs investigating these crimes. 

The South African Police Services (SAPS) has allocated more than R3 billion to information systems.

Its digital capacity to detect fingerprints at crime scenes through technology to photograph and enhance fingerprints lifted from crime scenes project is 100% complete in terms of hardware deployment, but the service is 0% complete in terms of training and rollout. 

The integrated case docket management system (ICDMS) entailing the management and administration of criminal cases, inquests and enquiries throughout the lifecycle of a case from its inception to its disposal is 10% complete in terms of software deployment. 

The automated fingerprint identification system (AFIS) is 70% complete, however, is 0% complete in terms of publishing tenders for the procurement of the new AFIS. 

The SAPS set a target of replacing 5 052 PCs, 395 notebooks and tablets, 2 740 colour printers, 9 593 mono printers and 1 011 fax machines. 

To date, it has replaced 287 PCs (6% progress), 168 notebooks (43%), 219 mono printers (2%), 211 colour printers (8%) and 68 fax machines (7%). 

In some cases hardware was rolled out, but no progress was made on implementation, because officials still have to be trained to use the equipment. 

It will take decades to fully implement the e-docket systems at police stations across the country. 

At the Pretoria police station scanner, printer and computer are all on different floors. In addition, there is no quality control with regards to the e-docket. 

It seems to me we’re not getting much for our R3 billion? 

It also seems to me the SAPS don’t have to work awfully hard to uncover crime patterns with the correct technology in place.

Heck, all they have to do is capture the data? 

Don’t be mistaken folks but there are people culpable for the murderers of our citizens getting away with murder.

They are the ones responsible for depriving the men and women in uniform of the tools to do the job.

Monday 19 September 2011

Thank you!


To all of you that heeded the call to vote to stop the Info Bill, my deepest gratitude. To those who haven't speak up! While you still can. FIGHT for your right!!!!!