- Big Data:-Though firms like Opera Solutions and McK Global Research Institute are waking up the the opportunities and challenges in analyzing huge data volumes, companies and Bschools are yet to wake up to that. Frauds can be invisibly concealed in the mass of big data, if analytics is not developed enough to investigate trends, outliers etc.
- Complexity of Systems:-As butterfly effect/Chaos theory would show, it is difficult to predict the path of complex systems(which most organizations are), and thus predicting all leaks is difficult
- Changing User behavior:-Be it social mores(breakdown of lifelong employment social contract), use of personal computing devices in workplace, social engineering etc, employee behavior is changing and fraud management must keep up.
- Continuous evolution of fraud:- Similar to computer viruses, frauds can never be totally removed unless of course you have a closed system like that of Apple's Mac. There is always a cat and mouse game between fraud detection('anti virus') and fraudsters, and indeed auditors can learn a lot from the antivirus industry in terms of updates/learning on frauds etc
- Risk of false alarms:- Unlike the famed Mongol conqueror Genghis Khan who was rumoured to kill several suspects to avoid the guilty going unpunished, modern judicial systems in most developed countries presume a person innocent unless proven otherwise. And given that fraud accusations are not 'routine', false alarms could lead to the employee quitting or suing the company for defamation.
- Privacy/Discrimination:- Since fraud prevention needs extensive data analysis and setting up behavioral profiles, that could be challenged and lead to adverse PR if the news leaks out. For instance, certain PIN codes(zip codes in USA parlance) could be fraud prone as could certain demographic groups in lending default. But fairness in lending/other rules usually demand giving rationale in certain cases, and that would need quantifiable data instead of merely suspicion.
Sunday, March 11, 2012
Why is it so difficult to detect/prevent frauds?
While reading up on information security audit, I noticed some interesting explanations in the ICAI 100hr ITT material on the difficulties in fraud management(http://18.104.22.168/22522ittstm_U9_cp1b.pdf pg 346) and thought I would expand on that