How do you identify fraud, waste, and abuse when your procurement office handles more than a million transactions a year and $2.2 billion in disbursements? Manually, if you’re Stanford University, just like most institutions of higher education do. But, faced with a changing audit landscape, the California school is now looking to analytics to help detect transaction irregularities.
The need for a new approach is rooted in two factors, one old and one new. First, the sheer volume of transactions makes it impossible for the university to monitor them all manually. “We knew our existing approach just wasn’t sustainable: The number of individuals who can audit these transactions is small,” said Ben Moreno, chief procurement officer for Stanford. “Obviously, we can’t look at every transaction, so we audit only a certain number of transactions on the back end to see if they fall within our standards for federal regulations, our admin guide, our policies, and procedures.” In the case of business expenses, for example, Stanford has been looking at only 40 percent to 50 percent of the transactions that come through the procurement office.
Second, the university noticed that some of the external auditors, especially for government-funded programs, had abandoned their old sampling approach in favor of analytics software that looked at an entire year or two of transactions. “Their analytics software was picking out trends, picking out outliers, and really focusing on certain transactions,” said Moreno. “We started to have concerns around the level of due diligence that we could achieve doing our own self-audits with a manual approach.” That’s when he reached out to FICO, an analytics software company, with an idea to use their experience with algorithms to help the university score and profile every transaction in a standardized way.
Two years later, the system, known as Falcon Assurance Navigator, is up and running at Stanford. “We’re using the solution for every financial transaction that comes through our department that requires a payment from Stanford,” said Moreno. “It could be a transaction, it could be a purchase order, it could be something that faculty members require to do their research that’s not part of a grant.”
(Next page: How the system works; Stanford’s implementation plan)
Phase 1: Practicality for Policies
The school is currently wrapping up phase one of what Moreno says is a three-phase implementation. Phase one is primarily focused on building out a comprehensive rule set that encompasses both internal and government policies. “The tool is built in such a flexible manner that it’s constantly learning and getting smarter,” said Moreno. “You can add or edit rules. As the federal government makes changes to the regulations, we have the ability to make those edits along the way.”
Phase 2: Emerging Tech for Accuracy
Phase two, which has just begun, will apply FICO algorithms, machine learning, image capturing, and text mining to connect the dots between a wide range of transaction data points and the rules implemented in phase one. “What’s really exciting is that it’s going to look at receipts, images, and very unstructured data, and begin to make sense of them,” said Moreno. “It will start to look at free-text fields and begin to mine them for intelligence in potential fraud, waste, and abuse cases.”
For example, a group of faculty might travel to a conference where all meals are included in the price. If some of those faculty members then submitted expense reports listing those meals as an additional expense, Navigator would flag the issue. “It’s almost humanly impossible for us to capture that through a manual effort,” said Moreno. “The neat thing about the tool is that you don’t have to pour through mounds and mounds of data to find an issue like that—it highlights the area you need to look at.”
Phase 3: Proactive Power
Currently, Falcon Assurance Navigator sits at the tail end of the transaction stream, which allows members of the procurement team to identify transaction irregularities but only after they have already taken place. In phase three, the goal is to move the system upstream before transactions are submitted for approval. “That’s where we really see the power of this solution in reducing the number of transactions that are rejected and the number of transactions that have to be looked at on the back end,” said Moreno. “When the solution is moved upstream, the FICO engine will provide instant feedback to an individual about the requested transaction, and whether it’s been profiled as possible fraud, waste, or abuse, and how to fix that transaction so it can be approved.”
Not surprisingly, the FICO system will become most visible to the campus community in phase three, and Moreno is acutely aware of the need to roll it out slowly. “We’re very careful that we’re not going too fast,” he said. “By the time we get to phase three, we’re going to do a very small piloted approach, so we don’t pull the whole campus into the deep end at once.”
As much as Moreno hopes the analytics engine will change behavior among his campus constituents, he also hopes to alter how auditors and the federal government conduct their reviews. Currently, audits are fraught with uncertainty, since different auditing firms take different approaches. “The rules are the same, but how they are interpreted changes slightly depending on the auditing firm,” said Moreno. “We want to get away from that constant change to a more standardized solution that is bullet-proof. We want to raise the bar and create an environment that audits itself to a higher degree of accuracy than anybody else could achieve.”