Investigative Data Mining RBA

Risk Based Auditing ("RBA") is an alternative
approach to conducting a review of systems.
It focuses on the risks to assets and identifies
the possible mechanisms by which assets may be removed from the organisation. Within any organisation the risk of fraud will be minimised by specific controls, traditional separation of duties, effective pre-employment screening and clear management principles. However, when these are absent the exposure to fraud increases and methods are developed to circumvent whatever controls exist.

By focusing on the following three key areas:

assets at risk, an organisation will only become a target if there are assets worth stealing
potential opponents, internal, external or collusive. The nature of the opponent will determine the most likely approach and method by which the assets are stolen
methods of operation, the combination of asset and opponent will clarify the most probable method

it is possible to develop a series of "fraud theories" qualifying the risks within an organisation.

One of the primary controls in any purchasing and procurement review is a detailed analysis of tendering procedures. IDM's unique methodology will perform an critical analysis of the tendering procedures, using a sophisticated "win/lose" analysis IDM will identify contract manipulation including problems such as:

early issue of tenders to favoured contractors
different specifications sent out to prospective contractors (lower specifications issued to favoured contractors)
last look arrangements
collusion between contractors
"losers clubs"
small companies with no previous experience asked to submit tenders
destruction of losing tenders to hinder Internal Audit

By using RBA to identify such areas, reviews are conducted cost effectively and recommendations are based on the practical needs of the organisation. Having identified the most critical areas, fraud theories may be developed and tested in a number of ways to determine if such an approach would be likely to succeed and the possible consequences.