How Continuous Transaction Monitoring Uses Targeted Analytics to Prevent Fraud

How to stop fraud, strengthen controls and improve business processes by finding and fixing root causes behind improper transactions in real time.

By Patrick Taylor, CEO, Oversight Systems

There are two simple questions, asked with increasing frequency during internal audits inside the executive suite and within corporate boards:

  • Everything's computerized, including our audit controls, so why do we still have so many fraudulent or improper transactions?

  • How do we know we're catching them all?

Surprisingly, few enterprise organizations can answer either question with any degree of confidence. The usual reasons for this gap fall into three areas:

  • There are too many transactions

  • There are too many different systems that can't talk to each other

  • There is no way to ensure that every user entering a transaction is, in fact, an authorized user

According to a recent Gartner publication (see Notes at end of article), "No single layer of fraud prevention or authentication is enough to keep determined fraudsters out of enterprise systems. Multiple layers must be employed to defend against today's attacks and those that have yet to appear." In short, classic protections against insider fraud -- such as segregation of duties or employee authorizations -- are no longer enough. The only safe assumption is that there is no 100-percent guarantee that any authorized user is, in fact, an authorized user, or that any transaction is truly legitimate and genuine.

The Manual Response

The traditional response to these challenges is to try and audit every transaction using manual reconciliation and audit processes. However, doing so requires a large, expensive audit staff and introduces weeks or months of delay between when a transaction is recorded and when an exception can be identified, investigated, and resolved. More than likely, any funds disbursed improperly or discounts not claimed are long gone.

The sheer volume of transactions generated by automated ERP all but requires that manual auditors use some form of sampling to reduce the workload to manageable levels. Because not every transaction is examined, a certain number of errors is accepted as part of the cost of doing business. Adding to the "acceptable" losses is the lack of a standardized skill set across the audit team. Every auditor needs to be experienced, observant, knowledgeable, and diligent. The reality is that few auditors are truly top-tier -- most don't have the requisite training and experience to catch subtle forms of fraud and misuse.

Continuous Auditing Also Falls Short

Automating audit controls by filtering transactions through software rules is a great idea in theory, but a number of issues limit its effectiveness. The first challenge comes from the differing data models used in disparate ERP systems across the enterprise. Controls designed for one system won't work for another, which means it becomes extremely difficult to create and enforce efficient and effective enterprisewide standards.

The second difficulty is that controls only measure what they're designed to see. Something that fits accounting standards and regulatory requirements may still be fraudulent. For example, consider the two vendor numbers:


The only difference is that one has four leading zeroes and the other doesn't. If both are properly entered into two different ERP systems, then audit controls will see them as two different vendors. It's quite possible -- even likely -- that the vendor will receive duplicate payments or that an intentional fraud can take advantage of this discrepancy.

Continuous Transaction Monitoring -- Targeted Analytics to the Rescue

Continuous transaction monitoring (CTM) is a different approach, one that reaches down to the root causes behind anomalous transactions. By uncovering these root causes in real time -- or close to it -- CTM gives both internal audit staff and senior managers the insight they need to address faulty or incomplete controls as well as improve their business processes.

CTM starts by automatically extracting transaction data from every ERP and financial system across the enterprise, then placing this information into a common data model so that apples-to-apples comparisons can be made. Next, CTM analyzes each transaction using a variety of sophisticated forensic analytics techniques to determine whether it's proper. CTM then builds a body of evidence that shows why a transaction is suspect and what auditors and business process owners should do about it.

It's this extra level of analysis, across a common data model and a consistent, comprehensive set of measurements throughout the enterprise, that CTM provides organizations. Results are compared both within and across controls to uncover potential problems in business processes that audit-based tools can't see, let alone resolve.

These targeted analytics create a deep connection between individual transactions, audit controls, and business processes, which in turn gives managers the information they need to enact continuous improvement loops across those controls and processes. It also gives executives the operational insight into business trends that they need to quickly connect key performance indicators to potential issues that affect the profitability of the organization.

A Real-World Example

Consider a credit card company that can't process payments on a Saturday, and banks typically remain closed on Sundays, even for online transfers. Customers with due dates on Saturdays who submit payments on time won't have those payments processed until the following Monday.

This company's system interprets this gap as a late payment and assesses a penalty on each affected customer. The charges are reversed automatically when the Monday batch gets processed. However, the customers still receive late payment e-mail alerts indicating a late fee and a negative impact on their credit rating, which results in irate phone calls to customer service.

Clearly, the business process itself is broken because potentially tens of thousands of customers received improper notifications that they hadn't paid on time. At the same time, automated audit controls can't see that there's anything wrong. The payments are properly recorded as late because they aren't processed until 48 hours after the due date. The improper late payments are properly reversed once the weekend's batch run is complete. From a controls standpoint, everything has worked properly.

These transactions aren't necessarily fraudulent, but they are improper entries that shouldn't happen, and this broken process is expensive. The company loses the ability to use Saturday payments as cash for 48 hours. They have to increase their customer staff to handle the increased level of complaints -- and they have to investigate a large number of needless claims. Finally, ill will from the confusion encourages customers to take business elsewhere.

A Broader Perspective Means Better Results

A CTM solution's targeted analytics work from the business process down rather than from individual accounting controls up. In short, CTM answers a second question ("Are we optimized?") that is equally as important as "Are we compliant?"

By looking at the situation from this broader perspective, CTM would immediately recognize that an unusual number of late payments were being recorded, and that those payments were being assessed against customers who generally had good to excellent payment histories. These transactions would then be assigned to both internal audit and the business process owners, along with the evidence that something is amiss and the recommendations for remediation.

These managers would then be assigned specific tasks by the solution's built-in workflow so that the situation might be quickly resolved. By working in a best-practices context across both controls and business processes, both the business process itself and the controls within the process can be improved to prevent a repeat of the occurrence -- and the improvements documented to show cost containment and to prevent a repeat occurrence.

Don't Look for Answers. Make the Answers Find You

Enterprise organizations must find and fix improper financial transactions, inadequate controls, and broken business processes in as close to real time as possible, not weeks or months after the fact. Failure to do so can easily escalate into a business-defining crisis, with millions of lost dollars and massive negative publicity.

CTM empowers audit and executive staff to dramatically reduce fraud error and abuse by ensuring that enterprise operations are both compliant with policy and optimized for profitability. It delivers a rapid time-to-value in terms of finding and fixing improper transactions. It also generates actionable insights into previously unseen ways to cut costs and help discover hidden opportunities. The results can be dramatic. One federal agency estimates that it saves over $1 billion per year by using CTM and real-time, targeted analytics.

CTM represents a powerful, cost-effective solution that complements and extends ERP deployments and controls-based auditing by collecting and analyzing essential financial transactions in real time, then applying targeted analytics to detect fraud, identify potential errors, and deliver best-practices guidance for resolving these issues. As a result, CTM also helps organizations build continuous monitoring programs that improve business processes over time.


Gartner, Inc., The Five Layers of Fraud Prevention and Using Them to Beat Malware, Avivah Litan, April 21, 2011

Patrick Taylor is the president and CEO of Oversight Systems. Patrick launched Oversight in 2003 as an innovator in continuous transaction monitoring (CTM). Today, a wide variety of organizations use Oversight's CTM solutions to stop fraud and improve operations by finding and correcting suspect transactions in real time.

Must Read Articles