This site uses different types of cookies, including analytics and functional cookies (its own and from other sites). To change your cookie settings or find out more, click here. If you continue browsing our website, you accept these cookies.
Learn how Carnival's Internal Audit team uses Alteryx to perform fraud detection analytics in conjunction with standard audit procedures. In this use case, hear how the team has automated a vendor risk-scoring procedure to proactively identify fraud and other issues across multiple operating companies.
Describe the business challenge or problem you needed to solve
The Internal Audit team at Carnival was faced with the challenge of implementing data analytics within an internal audit function. This was especially difficult as accountants and auditors are very comfortable with Excel.
Following an investigation at Carnival, the Fraud Investigation team wanted to perform some additional measures to see if there were any other high-risk vendors across the company. The Fraud team built an entire work plan based on using traditional audit and investigative methodology. They were originally going to pull a one-time sample of vendors from an operating company, perform the analysis and provide actions. Rather than creating a work plan that could only be used once, they decided they needed a platform to help make these audit processes repeatable.
Describe your working solution
The head of the Internal Audit team at Carnival saw the opportunity to automate the manual audit process with Alteryx. The team leverages two workflows, one that where they automated the manual testing performed on vendors, and then a second one which uses k-means clustering to identify additional risky vendors.
For 2017, they were able to review 10,000 “non-PO” vendors and give each vendor a risk ranking based upon 275,000, invoices representing well over $2 billion in spending, in Alteryx. When working with a vendor, it is typical not to have a purchase order, however non-PO vendors have more risk associated with them. Because of the analysis, Carnival performed a risk audit for 10,000 non-PO accounts. They looked at the vendor, the invoices, and the payments to see if any red flags were triggered. Before Alteryx, these procedures were performed manually, but the Fraud team was able to convert it to an Alteryx workflow that ultimately fed to a machine learning platform.
The team leverages an Alteryx workflow to understand which attributes of the payment/vendor/invoice make it a little bit higher risk than usual.
The Fraud team considered the following variables:
1) Vendor Setup
a. New vendor
b. Single approval
c. Payment terms
d. High-risk country
e. PO Box
a. Vendor total over $250k
b. Sequential invoices
c. Round dollar amounts
d. Invoice structuring
a. Quick payment
b. Payment date anomalies
c. Payment currency different from invoice currency
Describe the benefits you have achieved
Reduce Materiality Threshold
One of the benefits of converting from a manual audit process to an automated one is that the team was able to significantly drop their materiality threshold. When they started this project, they were looking from $500,000 to a million dollars as the threshold given the number vendors and size of the company.
What is Materiality?
Materiality is a concept or convention within auditing and accounting relating to the importance/significance of an amount, transaction, or discrepancy. A materiality threshold determines where to draw the line between a transaction that is big enough to matter or small enough to be immaterial – and depends upon factors such as the size of the organization's revenues, expenses and professional judgment. Before Alteryx, Carnival’s threshold was $500,000 to a million dollars.
With Alteryx, the team was able to automate the entire audit process. The materiality threshold has dropped to $250,000 and in some ad-hoc cases, down to $100,000. The team can do analysis at a much greater level of detail because they no longer require the time to manually review invoices and documents.
Using this automated audit process, the team was able to identify the riskiest vendors and/or where they should perform additional audit procedures. Additionally, if the team is going to do follow-up audit procedures, they can focus on the results. They are no longer just pulling a random sampling of 30 vendors.
The team started using k-means clustering, which is a type of unsupervised machine learning to highlight the riskiest vendors. At a high level, supervised machine learning is when you have an established category. In Carnival’s case, the categories are: fraudulent, not fraudulent, high-risk, low-risk. The team used k-means clustering to detect outliers, or things that don't appear as they should.
The end-product will be a plot much like the one above. By identifying the outlying vendors on the plotted graph, the team was able to recognize high-risk vendors between each cluster. The team uses those clusters of risky vendors to build their knowledge of what represents a high-risk vendor within Carnival Corporation.
Do More, Faster
To wrap it all up, data analytics with allows us to do more, faster. Before Alteryx, the audit process was a manual procedure. Today, it is an automated workflow that runs in less than 60 seconds. Additionally, the team can also visualize the processes without serious complications.
Prior to Alteryx, if the team were to write a workflow in R, it would have taken them three times as long to do and leadership would have to review a 5,000-line R script. Instead, the team can show leadership an Alteryx workflow that illustrates conceptually how they got from point A to point B. This process has successfully identified high-risk relationships that were investigated and addressed in a timely manner.
The entire PowerPoint presentation can be found attached below. Additionally, visit thislinkto watch the entire recorded session.