Data Mining in Fight Against Fraud

Magnus Stagsted & Kim Røssel Petersen

Student thesis: Master thesis


In recent years, the world has seen increased investments in the use of technology and data. One aspiring technology is Data Mining. This technology utilises machine learning in order to analyse vast amounts of data and discover patterns that are invisible to the human eye. This technology holds enormous potential for many areas. An area of outmost importance is fraud. Fraud is one of the greatest risks to society in terms of financial losses. The world's largest organisation in the area of fraud investigation, ACFE, estimates that the true cost of fraud could be as high as DKK 27.2 trillion per year. In this thesis, we investigate if Data Mining can be the means that can limit fraud in corporate enterprises. In our research, we assume that the internal controls as performed today will not be sufficient in the fight against fraud. Therefore, we analyse if Data Mining can be part of the internal control environment and what it takes to implement the technology. The thesis is carried out as a literature review on both fraud and Data Mining. The strategy of the study design is chosen due to the sensitivity of the area. Firstly, we narrowed the extensive fraud theory down to two areas which are fictitious revenue and procurement process fraud. In order to analyse the two identified fraud risks and to test if Data Mining can identify fraud, we did a large study of red flags in real fraud cases. By applying the concepts of Data Mining to these red flags, we found that the technology can uncover the trends and patterns that fraud holds. However, we found that the combination of variables was very important and that cross-validation between different techniques was needed. If not, false positives and false negatives would make the technology fallible. By confirming that the technology would potentially be able to detect and prevent fraud, we discussed whether it was possible to integrate Data Mining within the enterprises' internal control environment. Firstly, we discovered that this can be implemented as a preventive control due to its placement in the IT structure as a backend tool. We found that specialists in Data Science were needed and that this would require extensive capabilities. Furthermore, we found that the technology requires vast investments in technology, processes and people. Therefore, we do not believe it is possible to implement in one single organisation. However, it is possible to implement the technology as part of the internal controls by outsourcing fraud detection as a managed service to a service provider. If enterprises outsource fraud detection, it will allow the provider to obtain scale benefits, educate people and build the needed processes around the technology and thereby limit fraud related losses in enterprises.

EducationsMSc in Auditing, (Graduate Programme) Final Thesis
Publication date2020
Number of pages139