Professional Documents
Culture Documents
Singh 2016
Singh 2016
Singh 2016
Access to this document was granted through an Emerald subscription provided by emerald-
srm:198285 []
For Authors
If you would like to write for this, or any other Emerald publication, then please use our Emerald
for Authors service information about how to choose which publication to write for and submission
guidelines are available for all. Please visit www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com
Emerald is a global publisher linking research and practice to the benefit of society. The company
manages a portfolio of more than 290 journals and over 2,350 books and book series volumes, as
well as providing an extensive range of online products and additional customer resources and
services.
Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the
Committee on Publication Ethics (COPE) and also works with Portico and the LOCKSS initiative for
digital archive preservation.
*Related content and download information correct at time of
download.
Downloaded by New York University At 01:50 02 February 2016 (PT)
The current issue and full text archive of this journal is available on Emerald Insight at:
www.emeraldinsight.com/0268-6902.htm
Abstract
Purpose – The purpose of this paper is to demonstrate the technical feasibility of implementing
multi-view visualization methods to assist auditors in reviewing the integrity of high-volume
accounting transactions. Modern enterprise resource planning (ERP) systems record several thousands
of transactions daily. This makes it difficult to find a few instances of anomalous activities among
legitimate transactions. Although continuous auditing and continuous monitoring systems perform
substantial analytics, they often produce lengthy reports that require painstaking post-analysis.
Approaches that reduce the burden of excessive information are more likely to contribute to the overall
effectiveness of the audit process. The authors address this issue by designing and testing the use of
visualization methods to present information graphically, to assist auditors in detecting anomalous and
potentially fraudulent accounts payable transactions. The strength of the authors’ approach is its
capacity for discovery and recognition of new and unexpected insights.
Design/methodology/approach – Data were obtained from the SAP enterprise (ERP) system of a
real-world organization. A framework for performing visual analytics was developed and applied to the
data to determine its usefulness and effectiveness in identifying anomalous activities.
Findings – The paper provides valuable insights into understanding the use of different types of
visualizations to effectively identify anomalous activities.
Research limitations/implications – Because this study emphasizes asset misappropriation,
generalizing these findings to other categories of fraud, such as accounts receivable, must be made with
caution.
Practical implications – This paper provides a framework for developing an automated
visualization solution which may have implications in practice.
Originality/value – This paper demonstrates the need to understand the effectiveness of
visualizations in detecting accounting fraud. This is directly applicable to organizations investigating
methods of improving fraud detection in their ERP systems.
Keywords Fraud, Business intelligence, Visualization, Audit trail analysis, Continuous monitoring,
Continuous auditing
Paper type Research paper
1. Introduction
Modern integrated enterprise resource planning (ERP) systems are capable of recording
several thousands of transactions daily. This makes it difficult to find a few instances of Managerial Auditing Journal
anomalous activities among legitimate transactions. For large organizations operating Vol. 31 No. 1, 2016
pp. 35-63
in an evolving global digital marketplace, this means monitoring hundreds of thousands © Emerald Group Publishing Limited
0268-6902
of transactions and then investigating suspicious ones in-depth. This may involve DOI 10.1108/MAJ-10-2014-1117
MAJ considerable expense. The demand for systems that continuously monitor transaction
31,1 data is growing as organizations become more complex, demand more integrated
business processes and acquire a global footprint (Vasarhelyi et al., 2010). The objective
of continuous auditing and continuous monitoring (CA/CM) systems is to provide
constant surveillance of transaction data on a real- or near real-time basis – against a set
of predetermined rule sets (Kuhn and Sutton, 2010). Such systems automate standard
36 audit processes and procedures (Vasarhelyi et al., 2012; AuditNet, 2012; Kotb and
Roberts, 2011), thereby enabling compliance personnel to provide a degree of assurance
on information shortly after disclosure (Rezaee et al., 2002). Consequently, as the number
of technology-enabled businesses continue to grow, new needs arise for continuous
auditing and monitoring concerning: changes in the environment and industry, the
existence and effectiveness of controls, increased human resource risks, increased use of
outsourced processes, process continuity and integrity and coherence between
Downloaded by New York University At 01:50 02 February 2016 (PT)
These mechanisms are of particular relevance to the detection of fraud in large ERP
systems.
Wang et al. (2008) developed an interactive visual analytics system to explore the
Global Terrorism Database. The system is designed around depicting the most
fundamental concepts in investigative analysis, the five Ws (who, what, where, when
and why). They informally evaluated this approach and found that the system was
capable of assisting an analyst in building an integrated understanding of terrorist
activities. Huang et al. (2009) proposed a new visualization approach specifically
designed to solve the fraud detection problems in financial markets. Their visualization
framework used a 3D Treemap to perform visual surveillance of stock market and
behaviour-driven visualizations to analyse stock trading networks of suspicious
transactions. The system identifies fraud by performing pattern recognition to similar
others in a pattern database.
Chang et al. (2007) presented the WireVis system, which is specifically tailored for
visual analysis of financial wire transactions. This system assists analysts in exploring
large numbers of wire transactions and it combines keyword network views, heat maps,
search-by-example and Strings and Beads visualization. Tang et al. (2010) presented a
social network analysis approach to help detect financial crimes. They described the
relationship between detecting financial crimes and the social Web and demonstrated
the application of social network analysis techniques to find suspicious online financial
activities. Both the methodologies of Chang et al. (2007) and Tang et al. (2010) use charts
and plots; however, they make little use of graph visualizations. Di Giacomo et al. (2010)
presented V4F. This system was designed to assist an analyst to easily correlate data
and to discover complex networks of potentially illegal activities. The system uses
graph visualizations. Didimo et al. (2011) extended the V4F system. Their work, VisFan,
is an interactive visual analysis system for discovering financial crimes such as money
laundering and frauds. The system makes use of clustering and other techniques for
MAJ visual exploration of complex social networks. VisFan combines several paradigms and
31,1 uses a force-directed drawing technique to produce graph visualizations.
Dilla et al. (2010) present a taxonomy for examining the state of interactive data
visualization research related to decisions made by accountants and auditors. The
authors identify a wide number of research gaps and future research opportunities,
including using the results of earlier research on search processes used by accounting
38 professionals to build visualization designs and prototypes, and test their effectiveness,
and examining the efficacy of interactive visualization techniques for specific tasks,
including fraud detection. This is the strategy adopted in this research.
Wang et al. (2012) proposed RiskVA, an interactive visual analytics system tailored
to support credit risk analysis. Their system supports interactive data exploration and
information correlation over a large corpus of credit data. This enables analysts to
compare the performance of credit products via visually revealing market fluctuations
Downloaded by New York University At 01:50 02 February 2016 (PT)
Task analysis identifies user requirements for the target visualizations, and considering
user interface limitations. The design process defines specifications for data, processes
and interfaces, to meet these user requirements. The design is implemented using a
prototype, which is a trial version of the system used to test the concept, obtain feedback
from users and guide the production of a working system. Finally, testing involves
verification that the prototype performs as specified and validation to ensure that it
meets its specific intended purposes.
This research emphasizes the former; however, some attention is also given to the latter.
Key indicators for frauds are lack of internal controls or an ability to override existing
internal controls that are poorly implemented (ACFE, 2014). The concept of separating
critical business activities to reduce fraud is termed “segregation of duties”. SoD
principles emphasize that sensitive tasks should be divided into two or more steps, with
each step being performed by a different user, in so doing reduces conflicts of interest
(Best et al., 2009; Coleman, 2008; Li et al., 2007; Srinidhi, 1994). For example, to perpetrate
a vendor fraud, an employee may create a shell company and submit fictitious invoices
for payment by the victim organization (Best et al., 2009; O’Gara, 2004; Greene, 2003b;
Wells, 2002; Bologna, 1992). To successfully perpetrate this scheme, an employee has to
violate SoD by creating (or modifying) vendor master records and entering invoices for
payment (Little and Best, 2003; Best et al., 2009).
SAP ERP implements standard authorization concepts to protect transactions and
programs from unauthorized access. Only users who are assigned correct
authorizations are permitted to execute related transactions. This means that the
software itself restricts access based on the “principle of least privilege”. Therefore,
users must be authorized to perform an activity rather than be restricted from doing it
(Little and Best, 2003). However, as users move within an organization, they may
MAJ accumulate multiple authorizations, resulting in them having the ability to perform
31,1 incompatible transactions that may result in violations in SoD. Such violations may be
detected by examining transaction performed by users. SAP audit trails record detailed
descriptions of transactions performed within the system. Singh et al. (2013) provide a
detailed explanation of how SAP audit trails may be used to detect violations in SoD.
Violations such as entering an invoice and processing a payment may be identified by
40 examining specific transactions users have entered in the system.
Based on the above, the system being developed is intended to provide support for
auditor detection of accounts payable fraud in ERP systems, considering the risk of
information overload typically associated with traditional reports. In particular, visual
support is required for recognition of typical symptoms of such frauds, such as breaches
in SoD principles, vendor sharing of bank accounts, vendors with multiple bank
accounts, changes to vendor bank account details and unexpected frequencies of lead
Downloaded by New York University At 01:50 02 February 2016 (PT)
These criteria are used during the testing stage to evaluate the results from testing the
prototype (see Section 3.4).
Their motivation was that users who have these authorizations are capable of creating
shell companies and paying fictitious invoices without being detected. If these
authorizations are enforced, this type of fraud may only be perpetrated when two
employees collude. The following node-link visualizations produced in this study may
facilitate prompt discovery of the aforementioned violations in SoD:
• users performing vendor maintenance, entering invoice and processing
payments;
• users performing vendor maintenance and processing payments;
• users performing vendor maintenance and entering invoices; and
• users entering invoices and processing payments.
A special case of vendor fraud occurs when an employee modifies an existing legitimate
vendor by changing the vendor’s banking details temporarily to their own (or some
other fraudulent account that they have set up), processes a payment for the vendor and
thereafter reverts the vendor’s banking details to the original values (flipping) (Figure 1).
This scenario is extremely difficult to discover among thousands of legitimate
transactions (Best et al., 2009; Singh, 2012).
The following visualizations may assist an auditor in effectively discovering vendor
fraud relating to flipping of vendor banking details:
• Vendors sharing bank accounts: Should an employee set up one or more shell
companies to perpetrate vendor fraud and use a common account to have
payments sent to, then among the visualization of vendor bank accounts, it will
appear that both a legitimate vendor and one or more other vendors shared the
same bank account during the analysis period.
MAJ
31,1
42
Downloaded by New York University At 01:50 02 February 2016 (PT)
Figure 1.
Flipping vendor
bank account details
Once an auditor has identified users who violate SoD, he/she has a basis for further
investigation of these individuals. The auditor may choose to investigate detailed
activities performed by the targeted user, for example all bank account changes, invoice
transactions, payment transactions, duplicate transactions and vendors that the user
may have interacted with. Such investigations may potentially reveal further
clandestine activities such as collusion.
Finding potential collusion in accounting transactions is challenging and there is no
“silver bullet” to effectively identify this category of fraudulent activity. Employees may
collude to overcome well-designed internal controls (Wells, 2011). ACFE (2014) found
that 18.9 per cent of fraud against organizations occurred due to employees overriding
existing internal controls and 32.2 per cent as a result of a lack of proper internal
controls. A classic scenario in which three employees (colleagues) may conspire to
perpetrate fraud against their organization would be as follows:
• they set up a shell company (fake vendor record);
• employee 1 submits a fictitious order for goods or services;
• employee 2 authorizes the purchase; and
• employee 3 authorizes payment for the fictitious invoice.
Each task is handled by an employee with duties authorized for their specific role; SAP
consequently, they are able to bypass internal controls. Discovering such collusion may enterprise
be very difficult (Wells, 2011). Visualizations produced in this study have the potential
to highlight such activities which may assist an auditor in directing their investigations.
systems
Charts and graphs are diagrammatic representations of a data set. They assist a
reader to easily interpret discrete or continuous data. The information usually
determines the presentation method; for example, a continuous line chart implies that 43
values can be taken at any point on the line. Conversely, discrete data are more suited to
being plotted using a bar or column chart (Hensinger, 1986). This study predominantly
uses bar charts to demonstrate that conformity of invoice amounts to Benford’s law, or
the law of large numbers, which gives expected frequencies of digits in numerical data
(Benford, 1938). Frank Benford found that contrary to common belief, digits in tabulated
data are not equally likely and are biased towards lower digits. The basic digits tests are
Downloaded by New York University At 01:50 02 February 2016 (PT)
tests of the first digit, second digit and first-two digits. These are called the first-order
tests. The first digit test is a high-level test of reasonableness that is actually too
high-level to be of much use. For accounts payable and other data sets involving prices,
the first-two digits test is a more focused test that detects abnormal duplications of
digits and possible biases in the data (Nigrini, 2011). This study implements Frank
Benford’s first-two digits test to investigate accounts payable transaction data. Spikes
in the results may be indicative of fraud and require further investigation.
also invokes Graphviz and executes DOT code on a user’s behalf and displays resulting
visualizations. The complete code generation sequence is illustrated below (Figure 4).
The Graphviz code writer is a “black box” solution that translates a data set into DOT
code. It assumes that the data set contains the targeted filtered records only. Below is a
description of the code generation process from the preceding example (Figure 2) to
illustrate this process:
Step 1 – read filtered data set into the Graphviz code writer.
Step 2 – define the type of graph (directed in this example), preconfigure related
attributes and identify the hub of the graph.
Code writer:
Figure 2.
Simple node-link
diagram generated
using DOT language
SAP
enterprise
systems
45
Downloaded by New York University At 01:50 02 February 2016 (PT)
Figure 3.
Example of a
node-link
visualization
Figure 4.
Graphviz dynamic
visualization process
Step 5 – find associations between users and transactions, establish edges and
preconfigure the relevant attributes. An SQL select statement extracts the username,
transaction code (tcode) and transaction count (tcounttxt) data. Transaction count is
used as label information for the edges that connect users to transaction codes.
Code writer:
3.4 Testing
Data were obtained from the SAP ERP system of a large organization (specific
information on the organization has been withheld due to confidentiality reasons). The
organization provided a sample of accounting transaction data which included between
500,000 and 800,000 individual transactions across data tables:
• CDHDR – change document headers;
• CDPOS – change document items;
• BKPF – accounting document headers;
• BSEG – accounting document line items; and
• LFA1 – vendor general data, for a six-month period.
primarily on performing internal audits and had not made any effort to investigate
application controls. He relied on the IT team to ensure that users had appropriate
access and authorizations. It was also discovered that the IT team had limited
accounting background and concentrated on providing users access to systems
only and the concept of SoD did not appear to be of concern. Although the audit
manager did have knowledge of audit tools and their capabilities, he preferred to use
standard office productivity tools (spreadsheets, word processors and email) due to
the cost of implementing new tools and the attitude that these new tools would not
have an impact on the findings of current audits. Explanations for the visualizations
are provided below.
The dashboard provides several key indicators linked to underlying detailed reports
(Figure 5):
• AP system summary: An overview of system being investigated.
• T-code statistics: Analysis of all related transaction codes performed by users.
• Critical combinations: Identifies number of users who have violated SoD and the
total value of invoices and payments processed by this group of users.
• Top 5 vendor invoices and payments: The five highest ranking vendors by
invoices received and payments processed.
• Dashboard dials for vendors sharing bank accounts, vendors with multiple bank
accounts and vendors with multiple changes to their bank accounts: Overview of
all vendor banking-related activities.
• Benford’s law analysis of invoice and payment amounts: Actual vendor invoice
and payment amounts are compared to the expected values.
• Fraud risk index: Uses various metrics to predict an organization’s vulnerability
to fraud.
48
31,1
MAJ
Figure 5.
dashboard
Fraud analytics
SAP
enterprise
systems
49
Downloaded by New York University At 01:50 02 February 2016 (PT)
Figure 6.
Users performing
vendor maintenance,
invoice and payment
activities
50
Downloaded by New York University At 01:50 02 February 2016 (PT)
Figure 7.
Users performing
vendor maintenance
and processing
payments
SAP
enterprise
systems
51
Figure 8.
Downloaded by New York University At 01:50 02 February 2016 (PT)
Users performing
vendor maintenance
and entering invoices
In this case, user SANJEEWAH has interacted with 18 vendors and has
performed a variety of transactions across vendors, including entering invoices,
processing payments and making changes to vendor bank account details.
MAJ
31,1
52
Downloaded by New York University At 01:50 02 February 2016 (PT)
Figure 9.
Users entering
invoices and
processing payments
Figure 10.
Vendors sharing
bank accounts
Although this user has breached SoD principles, almost all of the incompatible
transactions have been spread across multiple vendors. One vendor, however, is of
interest, as the user has performed multiple incompatible transactions for the same
vendor (0000030155).
(1) Transactions performed by user SANJEEWAH for vendor 0000030155 were
investigated and the following audit trail was observed (Table II):
• Two invoices for $48,000.00 and $5,760.00, respectively, were posted on 21/
02/2011, using transaction code FB01.
SAP
enterprise
systems
53
Downloaded by New York University At 01:50 02 February 2016 (PT)
Figure 11.
Vendors having
multiple bank
accounts
MAJ Date User Tcode Amount Bank details Doc. No.
31,1
6/01/2011 SOHAN XK02 NDBSSLQQ 5000811 00474973300
11/01/2011 INDIKA FB60 $718.15 19000161190
24/01/2011 INDIKA FB60 $1,800.00 19000161190
27/01/2011 SANJEEWAH XK02 NDBSSLQQ 5000811 0048291325
54 3/02/2011 SOHAN XK02 BECYLKZ 0714343 00048493355
9/03/2011 INDIKA FB60 $422.15 19000161191
Table I. 15/03/2011 INDIKA FB60 $119.29 19000161192
Timeline analysis for 24/03/2011 INDIKA FB60 $357.00 19000161193
vendor bank account 21/04/2011 INDIKA F110 $1,406.70 15000025082
changes 21/04/2011 INDIKA FB01 $315.15 19000161195
Downloaded by New York University At 01:50 02 February 2016 (PT)
Figure 12.
Detailed activities of
a single risky user
• One payment for $5,760.00 was posted on 23/02/2011, using transaction code
F110.
• One change to vendor banking details made on 27/01/2011, using transaction
code XK02.
Doc. date Post. date Doc. no. Co. code Vendor id. Amount Tcode
SAP
enterprise
Invoices systems
21/02/2011 23/02/2011 1900152463 6000 0000030155 $48,000.00 FB01
21/02/2011 23/02/2011 1900152464 6000 0000030155 $5,760.00 FB01
N⫽2 Total $53,760.00
Payments 55
23/02/2011 23/02/2011 1500024177 6000 0000030155 $5,760.00 F110
N⫽2 Total $5,760.00
Date Doc. no. Co. code Vendor id. Bank details Tcode
Table II.
Changes to vendor bank details Audit trail for a
Downloaded by New York University At 01:50 02 February 2016 (PT)
27/01/2011 48291325 6000 0000030155 NDBSLQQ 5000811 XK02 single user and
N⫽1 vendor
Figure 13.
Users interacting
with a single vendor
(2) A specific vendor may be targeted for further analysis to identify which users have
interacted with the vendor. This may provide further insight into what activities
have been performed on the vendor. In the following visualization (Figure 13), it was
observed that invoices were entered for vendor 0000030044 by several users. One
user performed changes to the vendor’s banking details. It is interesting to note that
invoices were being entered by normal users and support staff using generic logins
(i.e. COM-MGR, REPORTING, CLSTADMIN and SAPTEAM). This practice is not
recommended and violates normal SoD principles – separating users from SAP
support functions, and separating entry of invoices/postings and payment
functions. Posting of financial transactions ought to be restricted to users with
relevant authorizations. This presents a considerable fraud risk.
(3) Benford’s law of large numbers gives expected frequencies of digits in numerical
data. Analysis of the first-two digits for vendor invoices revealed large spikes at 11,
MAJ
31,1
56
Downloaded by New York University At 01:50 02 February 2016 (PT)
Figure 14.
Benford’s law
analysis of invoice
amounts
22, 27, 36, 45, 54 and 67 (Figure 14). Other smaller spikes were also observed but
appeared insignificant. Each of the spikes required further investigation to
determine the reason for deviation. Spike 36 was selected, as this was the largest
spike. The subsequent report contained 1,217 records, of all invoice amounts
containing 36 as the first-two digits. Several identical amounts appeared to have
been recorded for the same vendors. These transactions were entered by different
users. A follow-up investigation was conducted and several duplicate invoices were
discovered. (Further details of this investigation were not provided by the
organization).
(4) Finding potential collusion is challenging and may be very difficult to detect.
The following visualization demonstrates the potential of the model to detect
such clandestine acts among employees conspiring to override well-designed
internal controls (Figure 15). This visualization was produced from test data
and demonstrates the possibility to “see” relationships among multiple users
and common vendors. In the example, it is observed that vendors appear to
be clustered around specific users, i.e. a particular user may be responsible
for processing transactions for a group of vendors. However, there are some
outliers that have more than one user in common. Although there may be a
perfectly legitimate reason for this occurrence, these circumstances warrant
further attention.
The strategy used to provide validation for these visualization methods is provided by
Singh et al. (2013). Validation is an attempt to ensure that developed methods meet their
specific intended purpose. This is assessed with reference to the performance criteria
identified in Section 3.2 Task analysis. The results from testing the prototype system
were assessed by obtaining independent reviews from an expert and a panel of auditing SAP
practitioners. enterprise
The Executive Director – Information Systems Audit of a top international accounting systems
firm, stated:
57
Downloaded by New York University At 01:50 02 February 2016 (PT)
Figure 15.
Transaction clusters
MAJ […] automated fraud detection software can provide internal auditors with a tool to efficiently
assess the presence of fraud within an organization …. In general, I found the functionality of
31,1 the tool to be useful. The user interface would require a minimal level of training and some
level of understanding of the SAP application, which is a reasonable constraint. The graphs
and visualizations clearly communicated a message for the reader (Singh et al., 2013).
Feedback from the panel of auditing practitioners was very positive. They found the
58 visualizations easy to understand, and useful in aggregating large volumes of data.
Visualizations were also seen as enabling identification of relationships or patterns
in data that would otherwise be difficult in textual data. Overall, the panel rated the
visualizations as innovative and important tools in a fraud investigator’s toolkit
(Table 3).
To test our prototype, data are extracted from an SAP ERP system and processed using
SQL queries. The results are a series of data sets that may potentially contain hundreds
or thousands of anomalous activities. This study makes a contribution to the literature
59
by developing a framework to dynamically transform filtered data sets into explicit
visualizations, as described above. In addition to identifying patterns of activities within
a data set, visualization may be used to identify suspicious activities. These activities
may result from unintentional errors or potential fraud. Further investigations will
ideally distinguish between the two. It may be impossible to investigate all suspicious
activities due to cost concerns (Cleary and Thibodeau, 2005). Therefore, auditors may
Downloaded by New York University At 01:50 02 February 2016 (PT)
5. Conclusion
With the increasing complexity of ERP systems, fraudsters are finding new opportunities
and conceiving intricate methods to perpetrate fraud and outsmart implemented system
controls. The complex nature of these frauds and other “white-collar” crimes requires novel
approaches to view and leverage the enormous amount of information being produced.
Thousands of transactions daily generate thousands of lines of data in an ERP system.
Hidden among these gigabytes of data may possibly be fraudulent transactions that are
nearly impossible to detect. Forensic analysts and auditors are obliged to seek new and
innovative methods to discover fraud (Marane, 2008). Complete fraud detection is
challenging and there is no “silver bullet” to effectively ensure it. Visualization, when
combined with other techniques, may improve an auditor’s ability to identify suspicious
activities not otherwise identifiable, and to encourage further investigations.
The contributions made by this research provide new stimulus for research in the
area of visualization. Further work is encouraged in applying such techniques to detect
other fraud schemes, and exploring other innovative visualization methods. The human
eye processes information more efficiently when presented as images as opposed to
textual information. As our instincts develop over time, so does our ability to process
complex concepts through visual identification. By representing information spatially
and with images, humans are able to grasp its meaning, to group similar ideas and to
connect it with prior knowledge effortlessly. Using illustrations or diagrams to
MAJ represent large amounts of information facilitates easier understanding and helps reveal
31,1 patterns and relationships. Our research highlights the effectiveness of using
visualization to identify suspicious activities in accounts payable transactions. We
demonstrate that using interactive visualization techniques coupled with traditional
analyses enhances an auditor’s ability to “see” patterns and efficiently narrow these
down to individual activities. The feasibility of applying low-cost, open-source software
60 to implement such techniques was also demonstrated.
References
ACFE (2012), “Report to the nation on occupational fraud and abuse”, available at: www.acfe.com/
rttn (accessed 27 February 2013).
ACFE (2014), “Report to the nation on occupational fraud and abuse”, available at: www.acfe.com/
rttn (accessed 2 June 2014).
Downloaded by New York University At 01:50 02 February 2016 (PT)
Albrecht, W.S., Albrecht, C.C. and Albrecht, C.D. (2009), Fraud Examination, 3rd ed., Thomson/
South-Western.
Alles, M., Brennan, G., Kogan, A. and Vasarhelyi, M.A. (2006), “Continuous monitoring of
business process controls: a pilot implementation of a continuous auditing system at
Siemens”, International Journal of Accounting Information Systems, Vol. 7 No. 2,
pp. 137-161.
Alles, M.G., Kogan, A. and Vasarhelyi, M.A. (2008), “Putting continuous auditing theory into
practice: lessons from two pilot implementations”, Journal of Information Systems, Vol. 22
No. 2, pp. 195-214.
Argyriou, E.N., Sotiraki, A.A. and Symvonis, A. (2013), “Occupational fraud detection through
visualization”, 2013 IEEE International Conference on Intelligence and Security
Informatics (ISI), IEEE, pp. 4-6.
AuditNet (2012), “AuditNet 2012 state of technology use by auditors”, AuditNet LLC, available at:
www.auditnet.org/ (accessed 27 February 2013).
Battista, G.D., Eades, P., Tamassia, R. and Tollis, I.G. (1998), Graph Drawing: Algorithms for the
Visualization of Graphs, Prentice Hall PTR.
Benford, F. (1938), “The law of anomalous numbers”, Proceedings of the American Philosophical
Society, pp. 551-572.
Best, P.J., Rikhardson, P. and Toleman, M. (2009), “Continuous fraud detection in enterprise
systems through audit trail analysis”, Journal of Digital Forensics, Security and Law, Vol. 4
No. 1, pp. 39-60.
Bologna, J. (1992), “Thinking like a thief”, The Internal Auditor, Vol. 49 No. 4, pp. 30-33.
Chang, R., Ghoniem, M., Kosara, R., Ribarsky, W., Jing, Y., Suma, E., Ziemkiewicz, C., Kern, D. and
Sudjianto, A. (2007), “WireVis: visualization of categorical, time-varying data from
financial transactions”, IEEE Symposium on IEEE Visual Analytics Science and
Technology, VAST 2007, pp. 155-162.
Cleary, R. and Thibodeau, J.C. (2005), “Applying digital analysis using Benford’s law to detect
fraud: the dangers of type I errors”, AUDITING: A Journal of Practice & Theory, Vol. 24
No. 1, pp. 77-81.
Coleman, K. (2008), “Separation of duties and IT security”, CSO Security and Risk, available
at:www.csoonline.com/article/446017/separation-of-duties-and-it-security (accessed 8 June
2012).
Datawatch (2014), “Modeler”, Datawatch, available at: www.datawatch.com/products/monarch/
(accessed 12 January 2015).
Di Giacomo, E., Didimo, W., Liotta, G. and Palladino, P. (2010), “Visual analysis of financial SAP
crimes:[system paper]”, Proceedings of the International Conference on Advanced Visual
Interfaces, ACM, pp. 393-394.
enterprise
Didimo, W. and Liotta, G. (2006), “Graph visualization and data mining”, Mining Graph Data,
systems
pp. 35-63.
Didimo, W., Liotta, G., Montecchiani, F. and Palladino, P. (2011), “An advanced network
visualization system for financial crime detection”, 2011 IEEE Pacific Visualization 61
Symposium (PacificVis), IEEE, pp. 203-210.
Dilla, W., Janvrin, J.D. and Raschke, R. (2010), “Interactive data visualization: new directions for
accounting information systems research”, Journal of Information Systems, Vol. 24 No. 2,
pp. 1-37.
Eick, S.G. (2000), “Visual discovery and analysis”, IEEE Transactions on Visualization and
Computer Graphics, Vol. 6 No. 1, pp. 44-58.
Downloaded by New York University At 01:50 02 February 2016 (PT)
Fetaji, B. (2011), “Development and analyses of dynamical visualization process tool in run time
and its usability evaluation”, TTEM-Technics Technologies Education Management, Vol. 6
No. 2, pp. 447-454.
Gansner, E., Hu, Y. and Kobourov, S. (2010), “GMap: drawing graphs and clusters as maps”, IEEE
Pacific Visualization Symposium, IEEE, pp. 201-208.
Ghoniem, M., Fekete, J.-D. and Castagliola, P. (2005), “On the readability of graphs using node-link
and matrix-based representations: a controlled experiment and statistical analysis”,
Information Visualization, Vol. 4 No. 2, pp. 114-135.
Gleicher, M., Albers, D., Walker, R., Jusufi, I., Hansen, C.D. and Roberts, J.C. (2011), “Visual
comparison for information visualization”, Information Visualization, Vol. 10 No. 4,
pp. 289-309.
Graphviz (2010), “Graphviz - graph visualization software”, available at: www.graphviz.org/
About.php (accessed 21 December 2011).
Greene, C.L. (2003a), “Audit those vendors”, The White Paper, McGovern & Greene, available at:
www.mcgoverngreene.com/archives/archive_articles/Craig_Greene_Archives/audit_
vendors.html (accessed 21 September 2010).
Greene, C.L. (2003b), “Focus on employee frauds – purchasing frauds”, McGovern & Greene,
available at: www.mcgoverngreene.com/archives/archive_articles/Craig_Greene_
Archives/Focus-Employee_Frauds-Purch.html (accessed 29 September 2010).
Hensinger, R.N. (1986), “Standards in pediatric orthopedics: tables, charts, and graphs illustrating
growth”, Journal of Pediatric Orthopaedics, Vol. 7 No. 3, p. 345.
Herman, I., Melancon, G. and Marshall, M.S. (2000), “Graph visualization and navigation in
information visualization: a survey”, IEEE Transactions on Visualization and Computer
Graphics, Vol. 6 No. 1, pp. 24-43.
Huang, M.L., Liang, J. and Nguyen, Q.V. (2009), “A visualization approach for frauds detection in
financial market”, 2009 13th International Conference on Information Visualization, IEEE,
pp. 197-202.
IBM (2014), “i2 analyst notebook”, IBM, available at: www-01.ibm.com/software/info/i2software/
(accessed 8 August 2014).
Jinson, Z. and Mao Lin, H. (2013), “5Ws model for big data analysis and visualization”, 2013 IEEE
16th International Conference on Computational Science and Engineering (CSE), IEEE,
Sydney, NSW, pp. 1021-1028.
Kotb, A. and Roberts, C. (2011), “The impact of e-business on the audit process: an investigation of
the factors leading to change”, International Journal of Auditing, Vol. 15 No. 2, pp. 150-175.
MAJ Koutsofios, E. and North, S. (1991), “Drawing graphs with dot”, Technical Report
910904-59113-08TM, AT&T Bell Laboratories, Murray Hill, NJ.
31,1
Kuhn, J.R. Jr and Sutton, S.G. (2010), “Continuous auditing in ERP system environments: the
current state and future directions”, Journal of Information Systems, Vol. 24 No. 1,
pp. 91-112.
Kuhn, J.R. and Sutton, S.G. (2006), “Learning from WorldCom: implications for fraud detection
62 through continuous assurance”, Journal of Emerging Technologies in Accounting, Vol. 3
No. 1, pp. 61-80.
Lanza, R.B. (2003), Proactively Detecting Occupational Fraud Using Computer Audit Reports, The
IIA Research Foundation, FL.
Lanza, R.B. (2007), “Auditing vendor accounts for fraud or at least some cash recovery”, Fraud
Magazine, September/October, ACFE, Austin.
Li, N., Tripunitara, M.V. and Bizri, Z. (2007), “On mutually exclusive roles and
Downloaded by New York University At 01:50 02 February 2016 (PT)
For instructions on how to order reprints of this article, please visit our website:
www.emeraldgrouppublishing.com/licensing/reprints.htm
Or contact us for further details: permissions@emeraldinsight.com