Finance AI Skill
Fraud Prevention
Manage fraud detection and prevention including transaction monitoring, anomaly detection, whistleblower management, fraud investigations, anti-money laundering (AML), and fraud risk assessment. Use when detecting suspicious transactions, managing fraud ris...
Fraud Detection & Prevention
Protect the organization through proactive fraud detection, investigation, and prevention programs.
Fraud Risk Assessment
Enterprise Fraud Risk Framework
FRAUD RISK ASSESSMENT — FY2025
═══════════════════════════════
FRAUD RISK CATEGORIES (per ACFE):
1. Financial statement fraud
2. Corruption (bribery, conflicts of interest, extortion)
3. Asset misappropriation (theft, skimming, expense fraud, payroll fraud)
RISK ASSESSMENT METHODOLOGY:
Likelihood: Unlikely (1) — Possible (2) — Likely (3) — Very Likely (4) — Almost Certain (5)
Impact: Negligible (1) — Minor (2) — Moderate (3) — Major (4) — Catastrophic (5)
Existing controls: Weak (1) — Fair (2) — Good (3) — Strong (4) — Excellent (5)
Residual risk = Likelihood × Impact ÷ Controls (adjusted)
FRAUD RISK REGISTER:
┌────┬─────────────────────────┬─────┬─────┬──────┬────────┬──────────┬────────────┐
│ # │ Fraud Type │ Like│ Imp.│ Ctrl.│ Risk │ Residual │ Owner │
├────┼─────────────────────────┼─────┼─────┼──────┼────────┼──────────┼────────────┤
│ F1 │ Expense report fraud │ 3 │ 2 │ 4 │ 6/80 │ LOW │ Finance │
│ │ (inflated receipts, │ │ │ │ │ │ │
│ │ duplicate submissions) │ │ │ │ │ │ │
├────┼─────────────────────────┼─────┼─────┼──────┼────────┼──────────┼────────────┤
│ F2 │ Procurement fraud │ 2 │ 4 │ 4 │ 8/16 │ LOW │ Procure. │
│ │ (vendor kickbacks, │ │ │ │ │ │ │
│ │ shell companies) │ │ │ │ │ │ │
├────┼─────────────────────────┼─────┼─────┼──────┼────────┼──────────┼────────────┤
│ F3 │ Payroll fraud │ 2 │ 3 │ 5 │ 6/15 │ LOW │ HR + Fin. │
│ │ (ghost employees, │ │ │ │ │ │ │
│ │ unauthorized changes) │ │ │ │ │ │ │
├────┼─────────────────────────┼─────┼─────┼──────┼────────┼──────────┼────────────┤
│ F4 │ Financial statement │ 2 │ 5 │ 5 │ 10/25 │ LOW │ CFO + │
│ │ manipulation │ │ │ │ │ │ Audit │
│ │ (earnings management, │ │ │ │ │ │ Committee │
│ │ revenue recognition) │ │ │ │ │ │ │
├────┼─────────────────────────┼─────┼─────┼──────┼────────┼──────────┼────────────┤
│ F5 │ Cyber-enabled fraud │ 3 │ 4 │ 4 │ 12/16 │ MEDIUM │ CISO │
│ │ (business email │ │ │ │ │ │ │
│ │ compromise, wire │ │ │ │ │ │ │
│ │ fraud) │ │ │ │ │ │ │
├────┼─────────────────────────┼─────┼─────┼──────┼────────┼──────────┼────────────┤
│ F6 │ Conflict of interest │ 3 │ 3 │ 3 │ 9/9 │ MEDIUM │ GC + HR │
│ │ (undisclosed │ │ │ │ │ │ │
│ │ relationships) │ │ │ │ │ │ │
├────┼─────────────────────────┼─────┼─────┼──────┼────────┼──────────┼────────────┤
│ F7 │ Cash theft / skimming │ 2 │ 3 │ 5 │ 6/25 │ LOW │ Treasury │
├────┼─────────────────────────┼─────┼─────┼──────┼────────┼──────────┼────────────┤
│ F8 │ FCPA / bribery │ 2 │ 5 │ 5 │ 10/25 │ LOW │ GC + │
│ │ (international │ │ │ │ │ │ Compliance │
│ │ operations) │ │ │ │ │ │ │
└────┴─────────────────────────┴─────┴─────┴──────┴────────┴──────────┴────────────┘
Summary:
LOW risk: 6 (75%)
MEDIUM risk: 2 (25%)
HIGH risk: 0
Critical risk: 0
Overall fraud risk rating: LOW-MEDIUM (acceptable with controls in place)
FRAUD LOSS ESTIMATION (per ACFE Report):
Median fraud case loss: $150,000 (US organizations)
Median duration before detection: 12 months
Estimated annual fraud loss: 5% of operating revenue (typical)
Our estimated exposure: $8.4M (5% of $168M revenue)
Expected loss (with controls): $200K-$400K (conservative, 2-3% of estimated)Transaction Monitoring & Anomaly Detection
Automated Fraud Detection
TRANSACTION MONITORING FRAMEWORK:
══════════════════════════════════
MONITORING RULES (Automated Alerts):
┌──────────────────────────────────┬─────────────────────────────────────────┐
│ Rule │ Threshold / Trigger │
├──────────────────────────────────┼─────────────────────────────────────────┤
│ Expense: Duplicate receipt │ Same amount + same vendor + same period │
│ Expense: Weekend/holiday claims │ Receipt date falls on non-work day │
│ Expense: Round amounts │ >$500, exact round number (e.g., $1,000)│
│ Expense: Velocity check │ >5 claims/week by same employee │
│ Expense: Policy exception │ Category outside employee's dept norm │
│ AP: Duplicate invoice │ Same invoice number + amount + vendor │
│ AP: Vendor address match │ Vendor address = employee address │
│ AP: Just-below approval │ Amount just below approval threshold │
│ AP: Weekend/holiday processing │ Invoice processed on non-work day │
│ Payroll: New bank account │ Bank account change within 30 days │
│ Payroll: Salary change >15% │ Unapproved significant increase │
│ JE: Unusual timing │ Journal entry posted after 8 PM or │
│ │ on weekend │
│ JE: Round amounts │ >$10K, exact round number │
│ JE: Just below threshold │ Amount just below approval threshold │
│ JE: Opposing entries │ Offset entries in same period │
│ Banking: Wire to new payee │ First-time wire to new beneficiary │
│ Banking: Wire amount spike │ >$50K wire (unusual for org) │
│ Access: Privileged use │ Admin account used for transactions │
│ Access: After-hours login │ System access during off-hours │
└──────────────────────────────────┴─────────────────────────────────────────┘
ANALYTICS-DRIVEN DETECTION:
Benford's Law analysis:
- Applied to: Expense amounts, invoice amounts, JE amounts
- Frequency: Monthly
- Alert: Deviation >5% from expected distribution
- Last analysis: January 2025 — NO ANOMALIES DETECTED ✓
Cluster analysis:
- Applied to: Vendor payments (identify related vendors)
- Method: Shared attributes (address, phone, tax ID, bank account)
- Frequency: Quarterly
- Last analysis: Q4 2024 — 2 matches found (both legitimate)
Trend analysis:
- Applied to: All financial transaction categories
- Method: Statistical outlier detection (z-score >3)
- Frequency: Continuous (automated)
- Alerts generated (Jan): 3 (all resolved — no fraud)
Network analysis:
- Applied to: Employee-vendor relationships
- Method: Graph analytics (identify hidden connections)
- Frequency: Semi-annual
- Last analysis: November 2024 — NO CONCERNS
MONTHLY MONITORING RESULTS:
January 2025:
Total alerts generated: 12
False positives: 10 (83%)
Legitimate exceptions: 2 (17%)
Potential fraud referred: 0 (0%)
Resolution time: Avg. 2.3 days
Trend (past 6 months):
Alerts: Declining (automation tuning reducing false positives)
False positive rate: Improving (78% → 83%)
Fraud referrals: Consistently 0 (strong controls)Whistleblower & Ethics Program
Reporting & Investigation
WHISTLEBLOWER PROGRAM:
═══════════════════════
REPORTING CHANNELS:
1. Ethics hotline (third-party, 24/7):
Phone: 1-800-XXX-XXXX
Web: [secure portal URL]
Language: 50+ languages
Anonymity: Optional (anonymous reports accepted)
2. Direct manager / HR:
Scope: Workplace conduct, harassment, discrimination
Process: Direct reporting with confidentiality assurance
3. Compliance officer:
Scope: Policy violations, regulatory concerns
Process: Formal reporting with documented follow-up
4. Audit Committee (bypass management):
Scope: Financial reporting, senior management misconduct
Process: Direct to independent board members
Contact: Via company website (private channel)
REPORTING STATISTICS (FY2024):
Total reports: 23
By channel:
Ethics hotline: 14 (61%)
Direct to manager/HR: 6 (26%)
Compliance officer: 2 (9%)
Audit Committee: 1 (4%)
By category:
Workplace conduct: 8 (35%)
Harassment/discrimination: 3 (13%)
Financial/procurement: 4 (17%)
Data privacy/security: 5 (22%)
Other: 3 (13%)
Anonymity:
Anonymous: 9 (39%)
Identified: 14 (61%)
Substantiation:
Substantiated: 3 (13%)
Unsubstantiated: 15 (65%)
Inconclusive: 5 (22%)
Retaliation reports: 0 (ZERO — positive indicator)
INVESTIGATION PROCESS:
Step 1: Triage (within 24 hours)
- Assess severity and scope
- Determine investigation type (formal/informal)
- Assign investigator (internal or external)
- Notify relevant parties (GC, CHRO, CEO if senior)
Step 2: Investigation (timeline by severity)
- Low severity: 5-10 business days
- Medium severity: 10-20 business days
- High severity: 20-40 business days
- Critical: Immediate (ongoing, expedited)
Step 3: Evidence gathering
- Document review (emails, transactions, records)
- Witness interviews (structured, documented)
- Data analytics (transaction patterns, system logs)
- External evidence (if applicable)
Step 4: Findings & recommendations
- Substantiated / unsubstantiated / inconclusive
- Recommended corrective action (if substantiated)
- Systemic improvements (process/policy updates)
Step 5: Resolution & follow-up
- Disciplinary action (if warranted)
- Remediation (refund, system fix, policy update)
- Monitoring (ensure recurrence prevention)
- Closure notification (reporter, if identified)
INVESTIGATION RESULTS (FY2024):
Substantiated cases:
1. Expense policy violation (manager inflated travel expenses)
Finding: $8,500 in improper expense claims over 6 months
Action: Repayment + termination + policy training refresh
2. Vendor conflict of interest (undisclosed relationship)
Finding: Employee's relative owned consulting firm on vendor list
Action: Employee reassignment + vendor contract renegotiation
3. Data handling violation (improper customer data access)
Finding: Employee accessed records outside scope of work
Action: Final warning + access rights tightened + training
Average resolution time: 14 days
Employee satisfaction (post-investigation survey): 4.1/5.0
No retaliation identified: ✓ CONFIRMEDAnti-Money Laundering (AML)
AML Compliance Program
ANTI-MONEY LAUNDERING PROGRAM:
══════════════════════════════
APPLICABILITY ASSESSment:
Business type: SaaS (software-as-a-service)
AML risk level: LOW (non-financial institution)
Regulatory exposure:
- BSA/AML (US): Limited applicability (not a financial institution)
- EU AMLD (European): Enhanced due diligence requirements
- OFAC sanctions screening: Required (all US companies)
- Local AML laws (international operations): Varies by jurisdiction
AML CONTROLS IMPLEMENTED:
1. Customer Due Diligence (CDD):
- KYC (Know Your Customer): For enterprise contracts >$100K
- Beneficial ownership identification (enterprise customers)
- Enhanced due diligence (high-risk jurisdictions)
- Ongoing monitoring (annual review)
2. Sanctions Screening:
- OFAC SDN list screening: All customers, vendors, employees
- Frequency: Onboarding + quarterly refresh
- Method: Automated screening (compliance platform)
- Last screening: January 2025 — 0 matches
- False positive rate: 2.1% (automated filter)
3. Transaction Monitoring:
- Wire transfers >$10K: Enhanced review
- Unusual payment patterns: Automated alert
- Cross-border transactions: Enhanced documentation
- Cash transactions: Prohibited (company policy)
4. Recordkeeping:
- Customer records: 5 years minimum
- Transaction records: 7 years minimum
- AML program documentation: Current + 3 years
HIGH-RISK JURISDICTION SCREENING:
Customers by jurisdiction:
US: 65% (LOW risk)
EU/UK: 20% (LOW-MEDIUM risk)
Canada/Australia: 8% (LOW risk)
Asia-Pacific: 5% (MEDIUM risk — enhanced review)
Other: 2% (varies)
Enhanced review for:
Countries on FATF grey/black list: 0 customers
Countries with high corruption index: 2 customers (enhanced review)
Countries with sanctioned entities: 0 customers
Status: ✓ COMPLIANT — all high-risk customers screened
AML TRAINING:
Annual training: Mandatory for all employees
Completion rate: 100%
Duration: 45 minutes
Specialized training: Finance, Sales, Legal (90 minutes, enhanced)
Specialized training completion: 100%
AML PROGRAM REVIEW:
Annual independent review: ✓ Completed (November 2024)
Reviewer: External compliance consultant
Findings: 0 deficiencies
Recommendations: 2 (minor process improvements)
Status: ✓ PROGRAM EFFECTIVEFraud Prevention Controls
Preventive Measures
FRAUD PREVENTION CONTROLS:
═══════════════════════════
PREVENTIVE CONTROLS (Stop Fraud Before It Occurs):
1. Segregation of Duties (SoD):
Status: ✓ Implemented (critical SoD enforced)
Coverage: Finance, procurement, payroll, IT
Monitoring: Quarterly access review
2. Approval Hierarchies:
Expense claims: Manager → Dept Head (>$1K) → Finance (>$5K)
Procurement: Buyer → Procurement Mgr (>$10K) → CFO (>$50K)
Journal entries: Accountant → Controller (>$10K) → CFO (>$50K)
Wire transfers: Dual approval mandatory (all amounts)
Status: ✓ Implemented
3. Policy Framework:
Code of Conduct: 100% acknowledgment (annual)
Anti-fraud policy: Documented and communicated
Expense policy: Clear guidelines + examples
Procurement policy: Competitive bidding, vendor approval
Gifts & entertainment: <$100 limit + disclosure
Status: ✓ All policies current
4. Access Controls:
Role-based access control (RBAC): ✓ Implemented
Principle of least privilege: ✓ Enforced
MFA (multi-factor authentication): ✓ All systems
Session timeout: ✓ 15 minutes (financial systems)
Privileged access monitoring: ✓ Daily review
Status: ✓ Strong
5. Vendor Management:
Vendor approval process: ✓ All vendors pre-approved
Vendor due diligence: ✓ Screening on onboarding
Vendor master maintenance: ✓ Restricted access
Duplicate vendor check: ✓ Automated
Status: ✓ Controls effective
DETECTIVE CONTROLS (Identify Fraud After It Occurs):
1. Reconciliations:
Bank reconciliations: Monthly (100% coverage)
Sub-ledger to GL: Monthly (100% coverage)
Intercompany: Monthly (100% coverage)
Status: ✓ All completed on time
2. Management Review:
Financial statements: Monthly (Controller + CFO)
Exception reports: Monthly (automated)
Variance analysis: Monthly (>5% or >$50K)
Status: ✓ Completed
3. Internal Audit:
Audit plan: Risk-based (annual)
Coverage: Finance, operations, IT
Independence: Reports to Audit Committee
Status: ✓ Active
4. Continuous Monitoring:
Automated alerts: ✓ Active (20+ rules)
Data analytics: ✓ Monthly (Benford's, outlier)
System logs: ✓ Reviewed (privileged access)
Status: ✓ Operating effectively
FRAUD AWARENESS PROGRAM:
Employee training:
Annual anti-fraud training: 100% completion (45 minutes)
Phishing simulation: Quarterly (failure rate: 4.2%)
Fraud awareness campaign: Annual (month-long)
Leadership training: Enhanced (90 minutes)
Communication:
Code of Conduct reminder: Quarterly (email)
Fraud hotline awareness: Ongoing (intranet, posters)
Case studies (anonymized): Semi-annual
Tone-from-the-top: CEO message (annual)
Culture metrics:
Psychological safety: 4.3/5.0 (survey)
Ethics comfort level: 4.1/5.0 (survey)
Reporting confidence: 4.4/5.0 (survey)
Trend: Improving (all metrics +0.2 YoY)Output
Fraud Prevention Dashboard
FRAUD PREVENTION DASHBOARD — Jan 2025
══════════════════════════════════════
Fraud Risk Overview:
Overall risk: LOW-MEDIUM (acceptable)
High/critical risks: 0
Medium risks: 2 (cyber fraud, conflict of interest)
Low risks: 6 (well controlled)
Transaction Monitoring:
Active rules: 20
Alerts (January): 12 (10 false positives)
Fraud referrals: 0
Resolution time: Avg. 2.3 days
Benford's Law: ✓ No anomalies
Whistleblower Program:
Reports (YTD): 2 (both unsubstantiated)
Average resolution: 12 days
Retaliation: 0 reports
Hotline utilization: 23 reports (FY2024)
Substantiation rate: 13% (FY2024)
AML Compliance:
Sanctions screening: ✓ Current (Jan 2025)
High-risk customers: 2 (enhanced review)
OFAC matches: 0
Training: 100% complete
Program review: ✓ Effective (Nov 2024)
Controls:
SoD conflicts: 0 active (5 mitigated)
Access review: ✓ Q4 completed (98% certified)
Approval compliance: 99.2% (0.8% exceptions — all resolved)
Reconciliations: ✓ All on time
Internal audit: On plan (8 engagements)
Fraud Loss:
Estimated exposure: $8.4M (5% of revenue)
Expected loss (with controls): $200K-$400K
Actual loss (YTD): $0
Insurance coverage: D&O + crime policy ($5M)
Actions:
1. Conflict of interest disclosure campaign (Feb)
2. Cyber fraud awareness refresh (Mar)
3. Semi-annual network analysis (Apr)
4. AML quarterly screening (Apr)
5. Internal audit — Revenue Recognition (Feb start)Integration Points
- ERP/GL (NetSuite, SAP): Transaction data for monitoring and analytics
- Expense platforms (Rippling, Concur): Expense fraud detection
- GRC platforms (AuditBoard, ServiceNow): Fraud risk register, investigation tracking
- AML platforms (ComplyAdvantage, Refinitiv): Sanctions screening, KYC
- Data analytics tools (ACL, IDEA, Tableau): Benford's analysis, outlier detection
- Ethics hotline platforms: Reporting, tracking, investigation management
- HRIS: Employee data for payroll fraud detection
- BI platforms: Fraud dashboards, trend analysis
- Identity/access management (Okta, SailPoint): Access control, privilege monitoring
- Cybersecurity platforms: BEC detection, email security
Edge Cases
- CEO/C-suite fraud: Tone-at-the-top failure; board oversight critical; external investigation
- Collusive fraud: Multiple employees circumventing SoD; harder to detect; data analytics key
- Cyber-enabled wire fraud: Business email compromise; urgency tactics; dual approval essential
- International FCPA violations: Third-party agents; facilitation payments; local customs; enhanced due diligence
- Vendor master manipulation: IT insider access; automated duplicate check; periodic review
- Expense fraud (small, frequent): Below radar; aggregate analysis; policy enforcement
- Payroll fraud (ghost employee): HR-IT collusion risk; headcount reconciliation; manager verification
- Financial reporting fraud: Earnings pressure; revenue recognition; journal entry controls; auditor scrutiny
- Cryptocurrency fraud: Emerging risk; policy clarification; transaction monitoring
- Post-incident response: Forensic investigation; regulatory notification; insurance claim; reputation management