Detect fraud by understanding data

Written on Oct 01, 2020

By Jessica Salerno, OSCPA senior content manager 

If you’re going to use data to better detect fraud and protect your company, it’s vital to learn what types of data can be used. “When you distinguish between the different types of data that can be used and the tools to use, you can pinpoint the red flags of fraud,” said Jeremy Epstein, CPA, managing director at Crowe in Chicago. 

Man wearing suit and smiling for camera

Epstein, along with Caitlin Poirier, forensic practice at Crowe, spoke Sept. 23 at OSCPA’s Virtual Cincinnati Accounting Show about how data analytics can help businesses discover fraud. Epstein said companies are under more pressure to use data to strengthen internal controls and improve compliance programs. 

One of the more popular types of data is “big data,” which is a combination of structured, semi-structured and unstructured data from multiple sources. These sources could include business transactions, customer databases, medical records, social media and more. 

“It’s basically everywhere,” Epstein said. 

Structured data is easily searchable and works well in excel spreadsheets. Unstructured data is qualitative, with no predefined format or organization to it and is more difficult to collect and analyze. Epstein said there estimates that 80% of data gathered is unstructured. 

Woman smiling for camera.

“It can be expensive for companies to mine value out of this,” he said. “But companies that learn how to do so have a competitive advantage over the competition.” 

Working with big data takes time and investment, and it’s crucial to make sure that the data is as up to date as possible. 

“If you have garbage data going in, you’ll get garbage analytics going out,” Poirier said. 

To better protect themselves, companies must establish security policies to protect their own data from hackers and fraud. Epstein said most experts agree 10% of an IT budget should be spent on security, but the average is 7-8% and many times businesses don’t spend money on security until after they’ve been hacked. 

Poirier said a typical fraud case lasts 14 months before a company detects it, and they lose an average of $8,300 a month during that time. Unfortunately, some organizations’ platforms simply were not designed to address security concerns, Epstein said. 

“They might not have the technology that is vital in today’s world,” he said. “Many businesses will need to rebuild their entire infrastructure.” 

To register for the upcoming Virtual Cleveland or Columbus Accounting Show, click here