Discover why CPA firms love the MindBridge Ai-Auditor service
Journal Entry Testing Using Machine Learning / Artificial Intelligence
Meets and exceeds the requirements of CAS 240
Our financial compliance analytics are essential in creating that value for your clients. We use the MindBridge Ai-Auditor — recently selected by the Bank of England in a worldwide competition. Its artificial intelligence and machine learning combined with traditional control points looks at every general ledger entry 21 ways! It provide a risk-based report of anomalies for your investigation.
We believe in the analysis of 100% of transactions and not just sampling of data. Today's complex challenges requires a blended approach of advanced analytics and data science combined with sensible business rules.
The use of machine learning improves the effectiveness of anti-fraud controls by identifying outliers and anomalies. Machine learning uses modeling to make data-driven predictions about a given situation. Machine learning is one way for the system to feed what it learns back into the anomaly detection engine. The more exposure to data the machine has the smarter it becomes. This eliminates manual rules maintenance and decision-making that has proven slow and ineffective to detect anomalies.
Our "data scientist in a box" and "virtual forensic auditor" quickly bring potential misstatements to your attention. At the same time, you can select from many well-accepted control points and have the financial statement reviewed based on your risk assessment and audit standards.
A Better Approach Exists
Since the start of the millennium, there have been many attempts to tackle the problem of financial statement fraud. One of these attempts was the Sarbanes-Oxley Act, 2002. This increased management's and auditor’s responsibility regarding fraud.
Even though these attempts were steps in the right direction, they did not stop financial statement fraud from happening. Companies like Hertz, Tech Data, ICE Electronics, Orthofix, Tesco, and Toshiba, all have been victims of fraud. All of them had audited financial statements.
With every high-profile case, questions arise surrounding the integrity and capability of the auditing process. These questions increase the doubt investors and other stakeholders have about the assurance provided by audited statements.
Posts — Audit Firm Support
Kingston Smith UK Chartered Accountancy adds MindBridge AI Auditor technology to its data analytics suite
MindBridge™ Analytics Inc. named one of Canada’s Companies-to-Watch in the 2017 Deloitte Technology Fast 50™ Awards
MindBridge™ Selected for ‘2017 Outstanding High Technology Company Recognition Award’ by IEEE Ottawa
Promising practices for Boards that will benefit every organization: Nose in, hands off Build a…
FAQ - Audit Firm Support
The number of accounting scandals is amazing. Most result in re-stating the accounts and some in major scandals. The issue of regulatory oversight is frequently in the press. However, even with enforcement increasing and getting penalties higher, a new accounting issue is never far behind. It continues to get worse. Just look at the impact on British Telecom’s stock because of the irregularities found in accounting in their Italian division (read about it here).
At MindBridge Ai focuses on solving one of the massive issues underlying these scandals. We are building an expert system to help both internal and external auditors. This provides us with higher levels of assurance about the financial statements they are sworn to certify.
And the baseline issue we are dealing with is the amount of financial data they need to consume. There has always been too much of it.
With Big Data, auditors are asked to “go fishing in a murky lake” and find accounting anomalies and irregularities for further review. Accountants and regulators agree to use statistical account sampling. Yet, the quality of the sample can only be measured after it has been sampled and analyzed. With the time pressure on providing audited results, if an irregularity or anomaly is found, the process has to start again. Moreover, this leads to costly re-statements which impact shareholder value and confidence in the audit firms.
To solve this, Mindbridge Ai leverages machine learning AI to provide auditors with a more highly justifiable sample before the audit begins. Our Ai Auditor service ingests and analyzes the entire leger. We pinpoint areas they should be investigating early on with a higher degree of justification against the standard, and currently accepted sampling techniques. This gives auditors a higher assurance rate. It helps them improve upon the current approaches that only meet the standard, and not move past it. This moves towards the answers we, the press and firms like British Telecom need.
Soon, you'll log in to your accounts, and you will notice a blue bar towards the right of the screen. At present, the cupboard is bare, but the full in-app documentation will be rolled out in the coming weeks. You'll be able to use this feature to get easy access to all things related to the MindBridge Ai-Auditor! It'll even be available right at your fingertips via your mobile device!
Throughout the course of the next few weeks
You're probably wondering, "what is this thing?", or "finally!" or, "I love it!". But, after months of talking to our customers, we are happy to announce that we will soon be offering an in-app support feature that'll get you all the help you need in order to effectively and efficiently use the MindBridge Ai-Auditor.
Going forward, when you log into your account, you will always notice this little blue bar towards the right of the screen. At present, the cupboard is bare, but the full in-app documentation will be rolled out in the coming weeks. No firm date yet, but by golly it'll be spectacular!
Soon you'll be able to use this feature to get easy access to all things related to the MindBridge Ai-Auditor! It'll even be available right at your fingertips via your mobile device!
With in-app support you will be able to:
- Have access to in-app chat from Monday to Friday between 9 AM and 5 PM (EST).
- Get uninterrupted navigation of your MindBridge Ai-Auditor account.
- Seek explanation of the key features of your account.
- Get instant access to information you need about any aspect of your account.
- Book a call with a MindBridge support team member at any time.
- Read detailed descriptions for all releases (constantly updated).
- Quickly see the status of our servers.
- Get email support for off-hours.
Throughout the course of the next few weeks, you will receive additional emails informing you more about in-app documentation, and other support initiatives.
It’s important to note that an unusual transaction depends on the context. An unusual transaction for one company might be completely normal for another company. The internal audit team has a better sense of what’s normal in an organization.
In our fraud case, study the CFO reversed Cost of Goods sold. It was flagged as highly unusual.
Machine learning is often used to spot “red flag” patterns in structured data (data with a predictable structure, like spreadsheets, databases, and financial data formats). Examples an unusual transaction include identifying suspicious insurance claims, unusual banking transactions, and credit card activity.
Machine learning is also useful in network relationship analysis. In this application, machine learning explores the connections between people and entities. Often complex, relationship networks are quickly quantified with an unsupervised learning approach called “clustering” allowing the examiner to efficiently find key relationships and the web of communications and influence. The source of such data is often corporate email, but may also include phone records and social media.
We believe in the analysis of 100% of transactions to detect anomalies and not in the sampling of data. We also believe that sensible business rules based controls can help, to comply with existing audit recommendations. Vitally important is that these methods are combined with advanced analytics and data science.
You don’t want to choose one approach or the other, but instead a blended approach.
Use of Machine Learning
It much improves the effectiveness of anti-fraud controls by identifying outliers and anomalies by combining rule-based techniques with robust algorithms. This enhances accuracy based on what they see. Machine learning uses modeling and makes data-driven predictions about a given situation. Machine learning is one way for the system to feed what it learns back into the anomaly detection engine. The more exposure to data they have the smarter they become. This is important because it alleviates the manual rules maintenance and decision-making that has proven slow and ineffective in the previous generation of financial anomaly detection.
By doing this, the investigator have access to not only a data scientist in a box but a virtual forensic auditor that brings potential misstatements to your attention. At the same time the auditor or internal auditor can select from a number of well accepted fraud scenarios (control points). They have the financial statement reviewed based on his/her risk-assessment and comply with company policy and audit standards.
The MindBridge data scientist team consulted extensively with auditors to determined the default control points values. Remember, marking them all as 100% is like you saying everything is important to you. Not really conducive to finding what you don’t like. These values provided a reasonable risk profile.
We recommend that you start out with the values at default. Over time adjust your weighting to focus on a specific risk area.
Depending on the rule-based and Machine Learning-based risk scores for every transaction will be assigned an aggregated risk score and grouped into low, medium, and high-risk strata(i.e., buckets), which allows for easy prioritization and further review from the audit team.
Rule-based control points
For rule-based control points, the control point indicators should be customized to consider client-specific risk areas. For example:
- Weekend entries might be normal business practices for one company and irrelevant to them, but highly suspicious for another.
- Material Value may be set to something other than 0 because most organizations do not care about 0.00$ transactions. They consider that “normal”. That’s not to say that every company is the same, but if it’s important to include it audit for a client, then enabling it to be >5% (with a value of whatever you wish, e.g., $100) would say that anything that has a value > $100, start giving it a higher Risk Score because that’s important for our analysis.
The reversal control point flags transactions which are reversals of a previous transaction in the ledger.
The reversed control point flags transactions which are reversed by a subsequent transaction in the ledger.
The algorithm kind of finds both at once and then pairs them together. The earlier one is “reversed” and the later one is “reversal”.
Here’s an example
Basically a normal buyer/seller relationship is
- I sell you something
- You give me money
- I give you what you paid for
- You’re happy
What Manager 1 was doing, is that he was pretending to be the Buyer
- He would sell himself goods
- Take the money
- Shortly after, he’d ‘return’ the item into Inventory, but never actually took the money back. This is known as “Reversed“.
- He went back into the books and adjusted the original transaction. This is known as “Reversal“.
Reversal happens when they go back and adjust the original ‘purchase’ (i.e., previous). Reversed is “oh darn, they returned their goods. we gave them back their 100$” (how a typical return happens. The Manager in this case just wasn’t returning the $)
This is a common type of fraud where someone would say, “look how much money we’re making! We sold so much!” then they would reverse the transaction and say, “oh darn, they returned all their stuff… 🙁 but thanks for all the money you paid us for our stock!!”
Machine learning compares the data set by looking at Row 1 and its columns vs Row 2 and its column data. Then, Row 3, etc. The MindBridge Ai-Auditor ingests 100% of the file. It then analyzes 100% of the file with 100% of the rest of the file. This is hard to explain as this is the background of how the MindBridge Ai-Auditor works, but it takes data from the GL and breaks them down into ‘nodes’ where the machine learning occurs.
We use this approach in all of our financial risk assessment services and examine every transaction.
Data Set — An Example
The example follows a simple use-case: CITY POPULATION. Imagine every dot represents 1 person in a city.
Those circled by Green show that it’s within normality. In that, the large part of the population lives near to one another. There isn’t anything odd about where they live. That’s not to say that once you dive in you won’t find anything (there might be cases of crime, theft, etc), but from a high-level, it looks normal.
Then, Orange is starting to show that the distribution of people is starting to scatter. This is odd. Why is that? Why are they living slightly further away from the general population?
Now, those in Red are real outliers. Why are they so far from not only the general population but also from one another? What is the story behind these dots?
This is what you would consider a High-Risk %, and would need further analysis.
Think of MindBridge Ai-Auditor like that when it breaks the file down. Think of machine learning as everything a human cannot do. There is absolutely no way a human would be able to ingest 100% of the file for 100,000 Journal Entries. More so, a person would not be able to properly map out every single entry into a format that makes sense.
Due to the unique and creative ways employees “game” the system with purchasing cards and expense reimbursements, machine learning is also useful in identifying previously unknown schemes in these areas. These activities can create unusual combinations of debt and/or credit.
Case experience has shown machine learning to be effective in identifying purchasing behavior such as frequent vendors, unusually consistent amounts, certain transactions that occur in tandem with each other and items occurring with unusual regularity. Similarly, expense reimbursements may be flagged as unusual by a machine learning based system that may not conform to typical rules-based observations such as rounded amounts, “just under” threshold amounts and the traditional Benford’s Law analysis.
It basically boils down to the fact that we (humans) cannot analyze the entire file and find trends in that data. Machine learning in the MindBridge Ai-Auditor can decompile the entire structure, observe trends, identifies unusual combinations and present that information. These are anomalies that are ‘unusual’, and which the auditor might not have thought about.
Machine-based learning anomaly detection
Machine learning is a useful type of artificial intelligence. Machine-based learning anomaly detection looks at all the numbers. It is able to learn without predefined decision rules. Machine learning constructs its own decision tree based on meta-tagged data, e.g., “red flag” or “not,” to decide how “red flag” transactions are related. Machine learning applies the learned logic to new data and is remarkably adept at making the right decision. Machine learning’s ability to learn from a complex array of data and not just a few variables leads to greater accuracy.
Traditional analytics rely on rule-based methods to detect anomalies. These decision rules follow simple Boolean logic: if a vendor address matches an employee address and its wire transfer account matches the employee bank account, then it is likely a fictitious vendor.
Another type of machine learning called “unsupervised learning,” constructs decision trees without meta-tagged data; it identifies patterns of interest and anomalies using its own decision-making criteria. This allows fraud examiners to find new forms of fraud not previously detected or codified into rules-based methods. Both supervised and unsupervised machine learning systems are self-refining, in that they become more accurate as more data is encountered.
You can bulk create tasks for those reports, export and print them in the MindBridge Ai Auditor.
You can also create reports by going to Transaction Table, Filter on what you want, then go to Bulk > Export, and voila!
MindBridge Ai-Auditor Local
The minimum requirements to deploy the MindBridge Ai-Auditor in your environment are:
- 6 vCPU, 24 GB RAM
- 3 disks
- OS - 16 GB ○ Data - 270 GB (thin, SSD)
- Backup - 270 GB (thin, nearline)
The MindBridge Ai-Auditor requires considerable computing power. We recommend our secure cloud-based solution.
Here are some pros and cons of cloud vs in house servers.
PROS AND CONS OF CLOUD SERVERS
|No need for onsite hardware or capital expenses. Well suited to rapidly growing companies that may outgrow their infrastructure too quickly.||The user experience is limited by the speed of the Internet connection.|
|Easily scalable; can be added to as needed. Solutions are often on-demand, so you only pay for the options you want.||Third party cloud services could have direct access to your data.|
|Workers can connect from anywhere, using any computer, tablet, or smartphone. Companies can implement BYOD (bring your own device) policies.||If the Internet goes down on your side or on your cloud provider’s side, you won’t have access to any of your information.|
|Data can be backed up in the cloud as regularly as 15-minute intervals, minimizing data losses in disaster situations.||The costs can outweigh the benefits for companies not as dependent on uptime.|
PROS AND CONS OF IN HOUSE SERVERS
|Gives you physical control over your server.||Requires a capital investment in hardware and infrastructure.|
|Keeps critical data in-house; no third party has access to your information.||Requires space in your office for rack space or a server room/closet, as well as dedicated IT support.|
|No need to rely on an Internet connection for access to data.||May be more susceptible to data loss during disaster situations due to in-house location. How often you take the data offsite will reflect how much data you’ll lose in an emergency.|
|Can be more cost-effective for companies that are not as concerned about uptime.||No uptime guarantees.|
Technically, No. We’re able to ingest exports from most accounting software programs into the MindBridge Ai-Auditor and use it in our financial risk assessment services.
However, some data massaging might be needed to have them conform to some requirements.
- Account Number
- Account Description
- Transaction ID
If anything fails during upload, we’ll work with the client by
- requesting permission to view the file
- adjusting the ingestion process to take that file into consideration
For instance, there are some ledgers that have account numbers after the ####-#### format. At present, those cannot be ingested, but by working closely with us, we’ve made, the next update will take allow those formats, but we also work with the client to ‘adjust’ the column(s) to work today while addressing the future.
Exporting from Oracle/SAP works. the column names must be uniformed as outlined them above. Oracle has uses a format such as, “ACNT_DESC”. Changing that to Account Description will work.
Rules in the machine based learning anomaly detection in the MindBridge AI Auditor "if yes, then this”. They are specifically geared to check a use-case. If something falls outside of the scope because the rule was not geared to catch it, it’ll go unnoticed. Think of it this way, if I told you to only pay attention to tell me how many people in red shirts came into the store today, you’re only going to report back the number of red shirts while ignoring every other coloured shirt.
See our complete set of financial analytics that use machine based learning anomaly detection.
Traditional analytics rely on rule-based methods for anomaly detection. These decision rules follow simple Boolean logic: if a vendor address matches an employee address and its wire transfer account matches the employee bank account, then it is likely a fictitious vendor.
Machine learning is a useful type of AI that is able to learn without predefined decision rules. Machine learning constructs its own decision tree based on meta-tagged data, e.g., “red flag” or “not,” to decide how “red flag” transactions are related. Machine learning applies the learned logic to new data and is remarkably adept at making the right decision. Machine learning’s ability to learn from a complex array of data and not just a few variables leads to greater accuracy.
Another type of machine learning, called “unsupervised learning,” constructs decision trees without meta-tagged data; it identifies patterns of interest and anomalies using its own decision-making criteria. This allows fraud examiners to find new forms of fraud not previously detected or codified into rules-based methods. Both supervised and unsupervised machine learning systems are self-refining, in that they become more accurate as more data is encountered.
The MindBridge Ai-Auditor machine learning translates every incoming GL into a language the machine understands (the 5 account mapping feature). Because of this translation, the machine is able to understand the monetary flows within a GL and identify unusual transactions. Traditional CAAT tools don’t do that, they simply scan numbers in isolated (for example show me all weekend entries). They don’t need to understand the GL to find such transactions.
Machine learning translates the GLs use in our suite of financial compliance risk services.
Existing practices in financial anomaly detection typically use rules-based systems to find breaches of control. An example of such a rule is a transaction amount limit.
Using rules-based systems is the backbone of today’s auditing methods. However, often this approach fails to find material financial misstatements and fraud. Clever fraudsters understand these rules and get around them. Rules only capture what is explicitly coded into them.
Rules are designed and implemented for each known circumstance that requires control or management. This means rules based systems will not catch unanticipated scenarios. Even with the example of the transaction amount limit, the commonly known way to ‘work around’ simple limit rules is transaction splitting. Often the rules themselves create the opportunity or scenario for the exploit. The data from the Association of Certified Fraud Examiners shows that the higher the education level of the perpetrators, the higher the loss the organization suffers and in most scenarios the perpetrators have at least a University level education.
Tip-off most likely way to catch a fraudster today
The most likely means of which a fraudster gets caught today is through a tip-off, roughly 40%, and industry associations tell organizations to add “fraud hot lines” to gather these tips. Conversely, automated controls and IT systems based on rules only catch a small percentage of scenarios — approximately 3%.
The rate of fraud is increasing and the time to detect fraud is also increasing. In almost every measurable way rules based systems which use data sampling are losing this battle. To compound the problem, Lexis Nexis estimates that the cost to correct $1 of fraud is $2.40.
It’s time for a change because clever people will figure out a way around rules.
Yes. CAS 240 is the Canadian Audit Standard that deals with the risk of management override of control. This standard needs to be met in all financial audits regardless if the auditor’s risk assessment gives concern for such an override or not. This risk is unpredictable and requires special audit considerations.
The main approach suggested in CAS 240 to address this risk is to test journal entries for material misstatements due to fraud or error. CPA Canada acknowledges that practitioners struggle with this goal. The wide-spread use of sampling techniques to select journal entries for testing gets increasingly criticized.
CAS 240 Compliance — Five step approach to guide auditors
To assist practitioners we propose a five step approach to guide auditors through the process of identifying and testing journal entries:
- Understand the information system and business processes relevant to financial reporting.
- Make inquiries of people about inappropriate or unusual activity on the processing of journal entries and other adjustments.
- Select the journal entries and other adjustments with characteristics of potentially inappropriate journal entries and other adjustments.
- Test the appropriateness of journal entries and other adjustments.
We describe each of these steps in detailed documentation and show how our approach meets and exceeds the CAS 240 requirements. It is a must for auditors. It makes sense that management uses the high standard that their auditors will use in their internal review processes.
It is often the case that it is not a single transaction that indicates an anomaly but a group of transactions such as a recurring monthly event. As such, normal outlier detection does not work as it is often a set of transactions that individually may seem to be normal or acceptable practices but collectively do not follow normal or acceptable practices. To address this, outlier detection is built in several layers to consider how rare a given business process may be and the outlier score of transactions based on other transactions in its group, and the ledger.
Anomalies such as financial misstatements, or fraud, are often not detected because they are carefully hidden among other similar transactions. Sophisticated fraudsters hide their work among similar account interactions and values.
This is where outlier systems need to consider many dimensions of the data at once. While human beings are good at seeing an outlier in 2 or 3 dimensions, a machine can do the same work tirelessly, considering 10 or more dimensions at a time. This capability helps machines to spot the outliers which are hiding next to normal activity and within an established process.
Below is a comparison of MindBridge versus traditional audit analytics tools.
Traditional Audit Analytics Tools
Coverage of testing
|100% of known areas of interest||100% of known and unknown cases||MindBridge|
|Trusted, but outdated technology||Breakthrough technology, with growing evidence of its effectiveness|
(MindBridge positioned to surpass)
Knowledge curve (coding)
|100% of known areas of interest||Not required|
Ease of use (user interface)
|Cumbersome, requires repetitive, extensive user training||Highly visual, intuitive with little-to-no training|
|Time-consuming to set up rules for each client file||Not required|
|Dependent on ERS resource||Self-service||MindBridge|
Composition & depth of algorithms
|Rules are hand-crafted scripts and results are logged.||Packaged industry standard rules enhanced with automated, scientific algorithms, results are logged and exported||MindBridge|
|Rules are created to handle each case||Once flagged, machine learning automatically excludes them from future analysis|
|Built-in, automated “smart ingestion” leveraging machine learning|
|Subjective & selective: reliant on professional skepticism and experience to find potential financial misstatements||Objective & inclusive: AI risk-based analytic tests prescribed by the Center for Audit Quality, plus extended analysis that further improves audit assurance|
You can learn about how we use advanced financial compliance analytics to conduct a financial risk assessment in audit, internal audit and financial due diligence for merger and acquisition work.
You may find the Top 14 Financial Frauds of All Time to be of interest.