Georgia Tech expands internal audit success with data visualization

Using software from Tableau the Georgia Tech has improved the way they respond to allegations of fraud and abuse through a data-driven approach. In the following interview, Georgia Tech’s Chief Audit Executive, Phil Hurd, explains more about the program.

US-based public colleges and universities receive billions of federal dollars each year for sponsored research and development, as well as for student financial aid. Such sponsored programs can be ripe for abuse and some institutions have found fraud in their programs. Georgia Institute of Technology–one of the biggest recipients of federal research money—has identified several fraud cases in recent years that have led to criminal prosecutions. Georgia Tech continues to respond to emerging fraud risks by stepping up efforts in its Office of Internal Auditing, including adopting a data analytics and visualization program. Using software from Tableau, in addition to other tools, the Office has improved the way that it responds to allegations of fraud and abuse through a data-driven approach to monitoring financial transactions and assessing fraud risk using predictive analytics.

In the following interview, Georgia Tech’s Chief Audit Executive, Phil Hurd, explains more about the program.

Q: Tell us about the Office of Internal Auditing at Georgia Tech. How is the team structured and what kinds of audits and investigations do you work on?

A: Georgia Tech’s Department of Internal Auditing has more than a dozen team members including three full-time investigators and a data analyst. Our audits focus on areas of risk across the organization, including financial, operational and IT risk matters. The investigations are somewhat ad hoc, as they come from both anomalous transactions identified by data analytics, and also from hotline complaints that are occasionally raised from across the organization.

Q: How is the internal audit work done by Georgia Tech’s Internal Auditing team different from the external audit work that public accounting firms or the State Auditor’s office? What is most similar to public accounting and what is most different?

A: External auditing in the public accounting environment focuses on controls that affect the financial statements and accurate reporting of financial results. Internal auditing is really a more comprehensive means to assist in advising management of control weaknesses that can affect operations. Every day is different in the internal auditing capacity, especially with regards to investigations. In a culture where we encourage employees to utilize the hotline, you never know what new items will be learned each day.

Q: Georgia Tech’s internal audit team was an early adopter of data analytics. Tell us about some of the early days. What led to the early adoption, and how has the use of data analytics affected how the department is perceived on campus?

A: We have long recognized the value of data analytics to find anomalies in data sets in ways impossible to do manually. Since 2007, we have worked to include data analytics in each audit and investigation. The early days were difficult because this was not a well-developed skill set among the auditors. Eventually, this took form and early successes led to further adoption until now, 12 years later, analytics of all kinds are integrated into audits, investigations and consulting engagements. Also, since 2012, our team has worked with Visual Risk IQ, a Tableau partner, to help us accelerate our time to value with data analytics, and now with visual reporting, as well.

Q: Why do you think Georgia Tech leads in using data analytics in internal audits? How much is culture versus other factors?

A: Georgia Tech has a goal of becoming the technological university of the 21st century. This strategic vision plus the early efforts of data analytics adoption have resulted in our current analytic posture.

Q: Can you describe what cultural factors need to be present in order for data analytics to become foundational to an organization’s internal audits? Can you give an example of a breakthrough moment, or particular insights that helped the team see the value of data analytics?

A: You have to have a team that desires positive change and embraces the strategy to get there. They have to be willing to be continuously educated and embrace the use of data analytics. An example of a breakthrough moment was when, during the first test of our early data analytics engine, we identified anomalous transactions that had been submitted with multiple false receipts thereby indicating fraud. These issues had been undetected for years, but because of the new platform’s ability to handle large volumes of information, internal audit identified suspicious transactions that were determined to be fraudulent. After these early successes, the Institution has been much more willing to embrace the use of data analytics, including visual reporting.

Q: You’ve used data analytics software to identify and investigate a number of high-profile fraud cases, including several involving federal funds. Why is that important to the Georgia Tech?

A: Research institutions like Georgia Tech depend on federal funding. Receipt of federal funding requires compliance, ethics, and audit efforts. Not doing so could put the some of the federal funding in jeopardy. Analytics acts as a force multiplier allowing many more transactions to be evaluated by the same sets of people.

Q: How has the use of data analytics–more specifically, data visualization–influenced the investigations you’ve worked on?

A: We now use Tableau as a data visualization tool to analyze several key factors of risk through a project we call a Fraud Risk Assessment (FRA). This is an example of a project where we engaged Visual Risk IQ to work with us as experienced guides, because of challenges with both data acquisition and also some of the complex risk-scoring calculations that we do within Tableau. The FRA gives us the ability to quickly assess each campus unit’s fraud risk and use that for aspects of merit assessment. In addition, we use Tableau to analyze large data sets, such as the institution’s entire travel spend within larger campus units.

Q: In terms of quantifiable results, can you cite specific metrics such as savings in time or costs, or in the number of incidents discovered?

A: We have two primary types of results. The first is improved depth of coverage, and the second is speed. Before data analytics, our audits would take only a small sample of transactions and test for business compliance. With data analytics, we can expand from auditing only a sample to auditing an entire population of data. In short, we have been able to identify and resolve many deviations from policy at the managerial level so they never became issues worthy of an investigation. Furthermore, through the use of data analytics, our investigations create solid, actionable efforts on issues far more quickly than when review was done manually

Q: Visual reporting, including Tableau, has become more important in the last five to seven years. Why do you think visual reporting is an important tool for internal auditors to have in their tool belt? How has it affected your team’s work?

A: Visual reporting allows the brain to assimilate a large quantity of parameter information very quickly. It also allows for a comparative analysis of discrete data sets without having to have an in-depth knowledge of each transaction stream. As a result, internal auditing is more effective at determining issues that need human review. Also, it has dramatically changed the way that the auditing team views the risk landscape and determines the risk-based audit plan.

Q: So many of these cases were actually discovered by data analytics routines that were part of your Continuous Auditing and Monitoring efforts. Can you briefly describe Continuous Auditing and Monitoring? Why do you think there have been so many fraud cases discovered, even after the first few were prosecuted?

A: Continuous Auditing and Monitoring is the systematic application of business rules analysis to every transaction on a near real-time basis. I think people keep committing fraud, even in the face of so many discoveries, because they rationalize away the risk. Folks sometimes think of it like a police officer who pulls over a motorist and a car speeds by because he believes the officer is occupied. “I’m entitled,” “I am too smart to get caught,” “I am a long-time employee,” “I am a good person who will just borrow…” are a few of the rationalizations that go through people’s minds.

Q: What are some of the ways that you feel Georgia Tech is leading among universities in stamping out fraud, waste, and abuse?

A: For several years, we have used predictive analytics for assessing fraud risk across the university. We believe moving from descriptive analytics, which reviews past results, to predictive analytics, can be a goal for most data analytics efforts. Our ability to find signature patterns of misappropriation and compare those to other risk elements can help us target potential problem areas before or as issues arise. This early detection can save tens of thousands of dollars in investigative and cleanup costs.

Q: How do you see Georgia Tech’s audit and investigative team continuing to expand your use of Tableau? What are the next long- and short-term goals for the team? How will Tableau be used to support these objectives?

A: For investigations, we expect to continue to use Tableau to quickly assist in identifying whether claims of fraud, waste and abuse have merit. For instance, for an allegation of travel misuse, the ability to visualize multiple years of data within a department or within the Institute increases efficiency for the overall investigative process. This includes whether or not concerns raised have merit, and if the data points to the need for a full investigation.

Q: What advice would you give to a university or government auditor starting out with data analytics and Tableau? What are some good first projects to consider? Why?

A: Good first projects are grants and contracts because of the importance of staying in front of federal scrutiny. The federal government uses a variety of data analytics to determine what to sample and for determining appropriate costs. Replicating those analytics and running them locally can allow for better documentation and decreased audit issues. As for advice, we value our relationship with Visual Risk IQ and recommend others consider working with an experienced guide to accelerate their time to value for their data analytics investments.

To learn more about how Tableau can help your organization reduce financial risks and improve outcomes with the power of your data, visit our Public Sector for Finance Analytics page.