The paper enumerates reasons for using Big Data platforms in detection and reinforces the need for pre-emptive detection in the Procure to Pay context.
The paper highlights the need for change in the current approaches to Procure to Pay anomaly detection with regards to two temporal aspects of detection. Firstly, the need to process federated organizational data across longer periods, which necessitates the use of Big Data platforms. Secondly, the need to reduce overall latency of the detection process through a continuous audit mechanism. Latency includes data latency i.e. time to aggregate the federated organizational data over a certain time period, detection latency i.e. processing the said data for anomalies, investigation latency i.e. time to confirm the anomalies and action latency i.e. time to take action on the anomalies detected. Pre-emptive detection, investigation and action prior to payout is the key advantage of a continuous audit mechanism, which reduces latency across the detection process.
Need for pre-emptive detection and action in the Procure to Pay process
Many organizations perform periodic audits of their data. However, a continuous audit mechanism is needed to mitigate operational risks as part of the Procure to Pay process. Pre-emptive detection of anomalies of all the invoices and other transactions created daily gives investigators sufficient lead-time to buffer investigation latencies. In addition to pre-emptive detection, action latency can also be reduced by automating certain actions for high-risk transactions, for e.g. blocking payments, cancelling invoices and blocking vendors. The reasons for reducing latency follow:
Leakage costs
Daily audits pre-empt recurring leakage payments, which can result in significant working capital losses if the audit is done only periodically. Recovery costs can also be avoided through pre-emptive detection. In case one-time vendors are used, the costs due to non-recovery of anomalous payments already made can also be high.
Additionally, daily audits involve handling smaller volumes of anomalies which allow investigators to focus on individual cases as part of the incident management process. Daily audits, therefore, minimize the chances and costs of non-detection in contrast to bulk or sample-based auditing.
Fraud costs
Pre-emptive detection reduces reputation risks due to fraudulent payments. Fraud costs also escalate with time because if a fraud is not detected, the fraudster is emboldened to continue and increase his fraudulent activities over time.
Process control failure pre-emption
As processes and policies change rapidly, pre-emptive detection is the key to test for and pre-empt process control failures. Additional process changes or controls can be put in place to pre-empt process control failures if the anomaly trends are monitored daily and mapped to corresponding process controls.
Need for a Big Data based anomaly detection platform
Historical patterns key to detection
Storing and analyzing patterns over a long period is key to detection of recurring leakages, frauds as well as compliance violations. Deviations, based on seasonal procurement and payment patterns, can only be detected based on data over at least a few years. Similarly, procurement of some capital goods is occasional. Therefore, data will be required over a period to detect anomalies in their pattern of procurement and payment.
Anomaly related analytics and machine learning models are processing overheads that are best avoided in the ERP system considering the complexity, scale and the type of data sources needed. A Big Data system dedicated for such complex processing is recommended.
More data, better the learning in AI-based systems
AI-based systems are needed to adapt to the changing process control landscape as well as to adapt to the arms race with the fraudsters. In this changing context, having large volumes of data from the past and corresponding feedback from the human-in-the-loop is the key to better AI learning and prediction, much more so than better algorithms. Moreover, feedback reduces false positives over time, thereby reducing investigation latency. Big Data is therefore key to better prediction.
Additionally, cross-client AI learning requires large volumes of information in the feature space across clients to also be stored in the Big Data based platform.
Multiple data sources for detection and control
Aggregating data across silos enhances the quality of information available for pattern-based detection as organizations may multiple systems as part of the Procure to Pay process including an invoice workflow system, a procurement system, vendor master and an ERP system. Moreover, many large organizations operate in multi-ERP environments. Aggregating transactional information across the procurement and payment process such as PR, PO, PO/PR approval, GR, Invoice, Credit memo and vendor master including new and changed transactions, significantly minimizes the process risk through improved detection.
Many process controls in the GRC platform are exclusive to the ERP system and are unable to check for cross-platform process control failures or other anomalies. For instance, segregation of duties checks across multiple systems in the organization besides the ERP systems such as HRMS system, payroll processing system, invoice processing system and access to banking portals.
Digital exhausts such as log data also contain information that is useful for fraud detection. Depending on the company’s anomaly detection needs, data outside of SAP such as physical logs and network logs can also be leveraged to determine suspicious behavior of the payment processor/PO creator/PO approver.
Storing federated organizational data in the anomaly detection system reduces data latency that would otherwise be induced if the data had been stored in a data mart or warehouse. ETL processes of data warehouses or data marts induce latency in the anomaly detection context that can be avoided with a Big Data-based platform.
Summary
There is a shift in the approach of anomaly detection systems from sifting chunks of data periodically to mining large mountains of data daily. This change in approach requires Big Data based pre-emptive anomaly detection systems.
