14.10.2022Back to blog list
Identifying fraud cases with process mining
Such illegal acts, as deliberate deception or concealment, are often referred to fraud or white-collar crime categories. They are committed, for instance, in order to gain assets, funds or services, personal or business advantage or in order to avoid payments. Fraud often results in significant financial losses and irrevocable damage to a company's reputation, when incidents become publicly known. How can you prevent the occurrence of fraud cases or at least detect them with first signs?
Detect fraud with the help of permanent monitoring (process)
In order to prevent fraud incidents occurrence, companies’ employees in charge have first of all to know how their processes actually work and which processes or process patterns are critical. Only in case processes are absolutely transparent for employees in charge and permanent monitoring is ensured, potential fraud cases may be identified at an early stage. Via Process Mining implementation, these processes become transparent. Process Mining enables to visualize the actually running processes in the company and also helps with the continuous monitoring of the processes. Thus, it becomes possible to:
- monitor the processes regularly
- uncover risk indicators at a very early stage
- monitor red flags regularly and detect critical process patterns just in time
Process Mining shows you when processes deviate from the "normal" flow. This gives you the opportunity to identify at an early stage whether processes are lasting atypically long or alert in case control instances are being bypassed - these could be indications of fraud.
CEO fraud: high risk of fraud for companies
In this fraud scam, perpetrators try to manipulate people in companies who are authorized to make decisions. Perpetrators try to convince companies’ decision-makers to transfer large amounts of money abroad. Intruders pretend that the order comes directly from the head of the company (managing director or board of directors = chief executive officer = CEO). This is a form of the so-called social engineering, in which the "human vulnerability" is exploited. The number of cases, related to this type of fraud continues to increase.
One of the prior target for intruders, using this fraud scheme is the segment of small-size companies with relatively high turnover. It may be so simply because such companies quite often don’t have, don’t implement , which finally results into lack of efficient and reliable protection system. It can be assumed that these companies are the focus of the perpetrators because they generally do not have a well-developed compliance management system or other professional protection mechanisms in place. According to the latest study by the accounting firm PricewaterhouseCoopers and Martin Luther University Halle-Wittenberg, 40 percent of the companies surveyed claim to have been victims of attempted CEO fraud. In case with five percent of the companies, the perpetrators were successful.
The perpetrators usually prepare well. First of all, by obtaining as much information as possible about the company and its’ structures. Special attention is paid to numerous details, related to business partners and future investments, e-mail and even data in social networks on company’s employees.
Basing on this information, well-organized perpetrators succeed, for example, in impersonating themselves to be company's managing director or decision-maker, authorized to issue instructions. Intruders send multiple e-mails and make numerous phone calls in order to trick accountants or other decision-makers of a company and force them to believe, that urgent and secret money transfer has to be performed rapidly and inconspicuously. The perpetrators often success in posing great psychological pressure. Thus, they often succeed in persuading even experienced employees to transfer large amounts of money.
- Make your employees aware of the risks and help them to strengthen computer literacy skills
- Reveal and pay attention to the data on our company, which is publicly available
- Check your absenteeism regulations and internal control mechanisms
- In case of unusual payment instructions receive, it’s strictly important to take control of the situation before the payment is conducted
- Check the email sender address and correct spelling precisely
- Verify the payment request with the alleged ordering party by calling back or making a written inquiry
- Inform your management or supervisor
- If a transaction has already taken place, act quickly. Inform your financial institution and the police immediately.