Shifting into High Gear: Mitigating Risks and Demonstrating Returns

Shifting into high gear: mitigating risks and demonstrating returns Global Forensic Data Analytics Survey 2016

Contents Foreword 3 Executive summary 4 01 Demand growing across the board 6 02 A maturing FDA landscape 12 03 FDA deployment: what are the key hurdles? 21 04 What does good look like? 24 05 Embracing the FDA revolution: going the distance 32 Survey approach 34 Contact information 35 b | Global Forensic Data Analytics Survey 2016

Foreword Forensic data analytics (FDA) has evolved As a result of these push and pull factors, the demand for FDA considerably over the past two years. In investment has never been higher, and FDA deployments are our 2014 survey, we found that, although maturing. Organizations recognize the value of FDA, and many companies were deploying some forms of FDA, are realizing positive results by deploying advanced technologies against meaningful volumes and varieties of data. many were missing opportunities to leverage But companies need to recognize the full spectrum of value emerging advanced tools that would enable that FDA can bring — far beyond fraud detection — and be more them to greatly strengthen and improve aggressive in its implementation. Although senior management has their risk management and investigative gained much appreciation for the value of FDA, they need to adopt response programs. it beyond the scope of traditional fraud risk management, take action, and invest in the right skills and technologies to realize its In today’s digital world, there are rapidly expanding opportunities potential. for innovation and growth. Unfortunately, these new opportunities This report is based on interviews with 665 executives between June have also brought new fraud risks in the forms of cyber breaches and September 2015, augmented by the insights of our global Fraud and internal threat. Investigation & Dispute Services (FIDS) practice. We hope it helps The mission-critical nature of information and the ease of digital businesses understand and articulate the compelling business access make organizations particularly vulnerable to cyber case for FDA and harness FDA’s full potential in managing risk. criminals and malicious insiders. Increasing regulatory We would like to thank all of the respondents and business leaders pressure further compounds the need to address these risks for taking the time to participate in this survey and for their with rigor. valuable contributions, observations and insights. On the upside, advanced data analytics tools are becoming mainstream. New technologies and surveillance monitoring techniques are being developed to help companies manage current and emerging fraud risks, and there is growing awareness of FDA’s benefits at the executive and board levels. David Stulb David Remnitz Global Leader Global Leader, Forensic Technology & Discovery Services Fraud Investigation & Dispute Services Fraud Investigation & Dispute Services Global Forensic Data Analytics Survey 2016 | 3

Executive summary Despite improving maturity overall, many organizations lack 01 Demand growing across the board an understanding of the wide spectrum of value that FDA can deliver — and few are fully realizing the potential of their FDA deployments, Organizations are looking to use FDA due to concerns over growing particularly around the cost savings and efficiencies gained from current and emerging threats, as well as the increasingly complex the use of FDA. When asked about the main benefits of using FDA, regulatory environment. Across all industries, the fastest-growing 79% indicate the ability to detect fraud that they couldn’t detect threats in the fraud risk universe are from cyber breaches and before, and 78% indicate earlier fraud detection; however, only insider threats — and respondents recognize the importance of 42% indicate reduced costs of their anti-fraud programs. harnessing FDA to respond to these new threats. Executive corporate management is listed as the top beneficiary of FDA as indicated by 73% of the respondents, followed by Internal 03 FDA deployment: Audit and the Board at 69% and 68%, respectively. Perhaps not what are the key hurdles? surprisingly, C-suite respondents also indicate a greater sense of urgency around FDA adoption with 74% agreeing they need to do Senior management can see the need for FDA to address key more to improve their current anti-fraud procedures, including the business risks but are proving reluctant to fund it. Two years use of FDA tools, as compared to 69% for non-C-suite respondents. ago, 64% of our respondents felt that their investment in FDA was sufficient; this year, only 55% are confident they are spending enough. This discrepancy between perception and practice is 02 A maturing FDA landscape partly because decision-makers aren’t aware of the broad range of business value that FDA can deliver. Focus on major FDA deployments is growing compared to our 2014 survey results, with higher levels of spending on advanced FDA success can be improved by: tools and proactive surveillance monitoring of larger volumes of • Articulating the business case for FDA to management — data from a wider variety of sources. To get the most out of these When articulating the return on investment, companies need to sophisticated tools, organizations are increasing their in-house focus on the full spectrum of value that FDA can deliver, including capabilities as indicated by a 22% increase in the number of cost reduction and improved risk management. in-house deployments as compared to the 2014 survey. In response to this trend, we also see leading technology companies introducing • Building teams with the right skills — Successful deployments anti-fraud, surveillance monitoring and insider threat product require technical skills, domain knowledge and data analytics offerings designed to address wide varieties of fraud and expertise, yet few organizations have all of these skills in place. litigation risks across the enterprise. • Deploying the right technology — While we have seen an increased level of adoption of advanced FDA technologies, there is still a substantial number of companies that are not using them. Many of those tools are vital for analyzing large quantities of multi-format data. 4 | Global Forensic Data Analytics Survey 2016

What do we mean by forensic data analytics? In this document, FDA refers to the ability to collect and use data, both structured (e.g., general ledger or transaction data) and unstructured (e.g., email, voice or free-text fields in a database), to prevent, detect, monitor or investigate potentially improper transactions, events or patterns of behavior related to misconduct, fraud and noncompliance issues. 04 What does good look like? Our survey found those organizations receiving positive results from FDA have a number of elements in common. They are more likely to: • Use advanced technology What is cybercrime? In almost every circumstance, those companies using In the context of this survey, cybercrime is the use of a more sophisticated analytics, beyond basic spreadsheet-type, computer and its network to commit fraud such as illicit rules-driven tests, report better fraud detection in less time. transferring of funds, disrupting critical business operations, These successful FDA deployments are harnessing sophisticated or stealing intellectual property (IP), confidential personal analytics tools, including social media and web monitoring, voice data and other critical digital assets. searching and analysis, and visualization and reporting tools. • Analyze more data e have observed a positive correlation between the use of large W data volumes (over 10 million records) and achieving positive results of FDA implementation. The same is relevant to data variety, with those reporting positive results also applying a much broader array of both structured and unstructured data sources. What is an insider threat? • Invest more of their total compliance and anti-fraud spend in FDA A current or former employee, contractor or business partner Our survey found those reporting positive results invest with authorized access to an organization’s network system one-third of their total anti-fraud program budget on FDA. or data who intentionally uses this access to compromise the confidentiality, integrity or availability of the organization’s Around the world, many leading organizations are harnessing data or information systems. Insider threats can include fraud, the full benefits of FDA, but others are struggling to do so. IP theft, unauthorized trading, espionage or information Boards and senior-level management who see FDA’s potential, technology (IT) sabotage — where a malicious insider disrupts but have yet to come to terms with the investment required, information systems, breaches confidentiality or destroys need to understand the broad range of value that sophisticated or corrupts data. analytics can deliver. Once this is appreciated, the business case for FDA becomes clear. Global Forensic Data Analytics Survey 2016 | 5

Demand growing 1 across the board Current and emerging risks are converging to create greater urgency for organizations to use FDA. Cybercrime, insider threats and aggressive regulatory pressure make FDA a growing priority for boards and senior management. 6 | Global Forensic Data Analytics Survey 2016

44% 62% 32% report increasing level of concern report increasing level of concern believe the level of concern over over “bribery and corruption risk.” over “cyber breach or insider “cyber breach or insider threat” threat.” has increased significantly. Current and emerging risks driving demand This year’s survey revealed the fastest-growing threats in the fraud and investigative risk universe are from cyber breaches and insider threats, which include malicious insiders stealing, manipulating or destroying data. Historically, responsibility for managing cyber and insider threat risks falls to an organization’s IT and security departments — not those represented in our survey, who are responsible for the anti-fraud and compliance programs. Yet 62% of our respondents report increasing level of concern regarding this area, while 32% believe it has increased significantly. Figure 1: Cyber breach or insider threat is clearly top of mind Cyber breach or insider threat 32% 30% 31% 4% 1 Bribery and corruption risk 17% 27% 45% 8% Internal fraud (travel and entertainment 10% 32% 47% 9% abuse, collusion, etc.) Capital projects risk 12% 22% 54% 7% Merger and acquisitions risk 9% 19% 59% 6% Financial statement fraud 8% 18% 62% 9% Money laundering 9% 16% 61% 7% Significantly increased Slightly increased Not changed Decreased �▀ ▀ ▀ ▀ Q. Over the past two years, how has the level of concern about each risk area changed in your organization? Base: All respondents (665) The “Don’t know” percentages have been omitted to allow better comparison among the responses given. Global Forensic Data Analytics Survey 2016 | 7

Concerns about cyber and insider threat extend across industries. Nine out of nine industries rate the threat of external and internal cyber breaches as their top risk. This strong consistency in the perception of cyber threat is not surprising now that cyber attacks (both internal and external) are a fact of life for business, posing a dynamic, relentless challenge for leading companies. With a growing imperative to protect digital assets — not just physical ones — our respondents see FDA as playing a critical role in managing a broader spectrum of risks. Interestingly, “cyber breach or insider threat” is the second-highest risk area where 70% of respondents are using FDA. “Internal fraud” risk, an area that has long been managed using FDA, was ranked as the top use case at 77%. Figure 2. Perceived risks by industry — the percentage of respondents who have seen the increased level of risks Internal fraud (travel Cyber breach Bribery and and entertainment Capital Merger and or insider threat corruption risk abuse, collusion, etc.) projects risk acquisition risk Money laundering Financial services 74% 50% 47% 24% 25% 46% Life sciences 63% 49% 49% 42% 29% 19% Transportation 46% 46% 38% 38% 33% 29% Manufacturing 48% 35% 32% 32% 24% 18% Consumer products, retail 64% 38% 42% 35% 21% 23% and wholesale Technology, communications 55% 48% 49% 34% 29% 17% and entertainment Oil and gas 61% 52% 35% 35% 37% 19% Mining 52% 37% 30% 30% 33% 11% Power and utilities 56% 41% 34% 46% 44% 10% 8 | Global Forensic Data Analytics Survey 2016

Figure 3. Top fraud risks using FDA Internal fraud Internal fraud (travel and entertainment (travel and entertainment 77%77% abuse, collusion, etc.)abuse, collusion, etc.) Cyber breach or insider threatCyber breach or insider threat 70%70% Bribery and corruption riskBribery and corruption risk 68%68% Financial statement fraudFinancial statement fraud 60%60% Capital projects riskCapital projects risk 44%44% Money laundering Money laundering 43%43% Merger and acquisitions riskMerger and acquisitions risk 34%34% OtherOther 10%10% Q. In which of these risk areas or types of fraud does your company use FDA when investigating incidents and/or monitoring risks? Base: All respondents (665) Multiple answers allowed, may exceed 100%. Regulatory enforcement becoming more rigorous and widespread FDA demand is also being driven by increasing government and public scrutiny of fraud risk, with 43% of respondents citing regulatory pressure as one of the main reasons behind their investment in FDA, second only to responses to growing cybercrime risks. 43% C-suite respondents are more likely to be concerned about regulatory pressure. This is not surprising considering that high-profile regulatory enforcement actions have been of respondents cite regulatory pressure dominating the headlines, leading to billions of dollars in fines and the prosecution of as one of the main reasons driving their individual executives. investment in FDA. Figure 4. Top drivers of FDA investment Response to growing cybercrime risksResponse to growing cybercrime risks 53%53% Increased regulatory scrutinyIncreased regulatory scrutiny 43%43% Increased risk of fraud in emerging marketsIncreased risk of fraud in emerging markets 32%32% Pressure from the board or management teamPressure from the board or management team 31%31% Seeking greater cost efficiency in the fraud Seeking greater cost efficiency in the fraud 30%30% risk management processrisk management process Recent fraud risk assessment findings in the organizationRecent fraud risk assessment findings in the organization 26%26% Need for more robust third-party due diligenceNeed for more robust third-party due diligence 25%25% Increasing merger and acquisition activitiesIncreasing merger and acquisition activities 13%13% Increased calls to your “whistle-blower line”Increased calls to your “whistle-blower line” 9%9% Other main reasonsOther main reasons 4%4% Q. What are the main reasons that you are planning to increase your investment in FDA capabilities? Base: Respondents who plan to increase investment in FDA (405) Multiple answers allowed, may exceed 100%. Global Forensic Data Analytics Survey 2016 | 9

The United States Securities and Exchange Commission (SEC) and Department of Justice continue to lead the way in robust domestic and extraterritorial enforcement actions. The SEC’s Financial Reporting and Audit Task Force is now deploying cutting-edge FDA tools to mine data for fraud and is engaging whistle-blowers in unprecedented numbers to uncover financial reporting and disclosure problems. “ At the SEC, we have made great strides in leveraging data and technology to detect and pursue misconduct. In the enforcement arena, the Commission US$4.2b is using data analytics to help identify wrongdoers and conduct streamlined investigations to optimize our resources.” SEC Chair Mary Jo White, opening remarks at the 21st Annual International Institute for Securities Enforcement and Market Oversight, 2 November 2015 monetary remedies in this past fiscal year Outside the United States, regulators in the United Kingdom, Germany, Italy and France, among others, have been involved in major enforcement actions. In Asia, prosecutions for corruption are increasingly frequent, with China leading the way. Parallel investigations are also becoming more common, with the European Commission and Japanese regulators teaming with their US counterparts on cartel investigations. Cross-border cooperation among prosecutors is strong and will only strengthen as emerging markets, including India, Brazil and many Asian countries, pass anti-bribery/ anti-corruption legislation or take steps to bolster their enforcement efforts. Increased urgency by C-suites to adopt FDA The cost of getting it wrong is becoming too grave to ignore. Facing the severity of fraud risks and the threat of regulatory enforcement, C-suite respondents have a stronger sense % of urgency around FDA adoption than other executives. Overall, 69% of respondents agree 74 with the statement: “We need to do more to improve our current anti-fraud procedures, including the use of FDA tools.” But this percentage jumped to 74% for the C-suite cohort. of C-suite In addition, 31% of respondents say one of the main reasons to increase FDA investment respondents is pressure from the board or management team. They also cite corporate executive “ We need to do more to improve management and the board as the first- and third-highest beneficiaries of FDA activities, our current anti-fraud procedures, moving up from second and fifth, respectively, two years ago. including the use of FDA tools.” “ As we look toward COSO guidance around conducting fraud risk assessments as part of an effective internal controls framework, we will see a strong emphasis on the use of forensic data analytics.” Vincent Walden, Partner, Forensic Technology & Discovery Services, FIDS US, EY 10 | Global Forensic Data Analytics Survey 2016

Case studies Case study Fraud investigation— financial loss assessment US$4.2b Data-driven financial reconstruction in a regulatory investigation Data-driven Fraud financial investigation— reconstruction financial loss in a regulatory assessment investigation Industry: Power and utilities Industry: Manufacturing Country: Eurozone Country: United States The situation: The situation: A publicly traded technology manufacturer received a A multinational utilities company faced major financial loss for subpoena from a regulatory authority alleging improprieties fraudulent credit notes and the manipulation of billing data. around revenue recognition. How FDA helped: How FDA helped: The project team collected and analyzed nearly 1 TB of The use of FDA helped the investigation team model the data from SAP IS-U (SAP Module for Utilities) to assess order-to-cash process, including sales orders, invoices, the losses and potential impact on the organization and to receipts, shipping, discounts and rebates. The team then identify control weaknesses for immediate remediation. They executed tests to isolate the timing of certain transactions first conducted a data mining and clustering procedure to and identify high-risk customers for further inquiry. Advanced understand the variety of billing and credit entry processes. FDA techniques included using text analytics to analyze The analyses were then used to identify potential fraud the free-text notes column in the order entry system to patterns by applying statistical methods and customized data understand the nature of payments and identify suspicious analytics. The results revealed more fraud patterns and the language or corrupt intent. As a result, the company was able fact that outside collaborators were involved. The outcome to analyze 100% of the sales data within the time period for helped the company assess the damage for insurance which they were required to respond to the subpoena and run claim purposes and take immediate actions to implement targeted tests to evaluate the sufficiency of the regulator’s remediation procedures within its control environment. The claims on an expedited basis. company now plans to implement a monitoring program leveraging the FDA tools developed during the investigation. Global Forensic Data Analytics Survey 2016 | 11

A maturing 2 FDA landscape Many organizations are increasing their focus on FDA deployment, with increased spending on advanced tools and proactive monitoring of larger volumes of data. However, some are failing to recognize that the value FDA can bring to anti-fraud programs goes beyond just detection and investigation. 12 | Global Forensic Data Analytics Survey 2016

Companies want to spend more on FDA to manage today’s risk 2014 Growing organizational demand for greater FDA investment is being driven by awareness of the value it can deliver and emerging risks. We expect this trend to continue into the future 64% as data volumes and varieties continue to expand, more technologies become available and regulatory scrutiny increases. Two years ago, 64% of our respondents felt their investment 2016 in FDA was sufficient; this year, only 55% are confident they are spending enough. Three out of five respondents plan to increase their spend on FDA over the next two years. 55 We see a clear correlation between the respondents’ FDA spend and their perceptions % of risk in the chart below. of respondents think their FDA spend is sufficient. Figure 5: Risk driving spend: correlation between the FDA spend and perceptions of increased level of risk Cyber breach or insider threat 62% 72% Bribery and corruption risk 44% 52% Internal fraud 42% (travel and entertainment abuse, collusion, etc.) 50% Capital projects risk 34% 39% /5 3 Merger and acquisitions risk 28% of respondents plan to spend more on FDA. 33% Financial statement fraud 26% 29% Money laundering 25% 2 32% All respondents Those who expect to increase FDA spend over the next two years �▀ ▀ Q. Over the past two years, how has the level of concern about each risk area changed in your organization? Base: All respondents (665); those who expect to increase FDA spend over the next two years (406) Multiple answers allowed, may exceed 100%. Companies working with data sets that push the limit of traditional spreadsheet tools (i.e., more than 10 million records) are also more likely to be planning significant increases in their FDA spend. In contrast, only 13% of those analyzing fewer than 1 million data records are planning to significantly increase investment in FDA. “ In my opinion, we need to invest more money to get the best forensic data analysis tools that are available in the market.” Head of Internal Audit, Capital Markets, France Global Forensic Data Analytics Survey 2016 | 13

Companies are investing more of their FDA spend on proactive initiatives Given so much management focus on fraud prevention, this year’s survey included 63% a new question to gauge how much of a company’s FDA activities are proactive — as opposed to merely reacting to an investigation or adverse event. The results are of respondents striking. Sixty-three percent of the respondents are investing at least half of their FDA spend on proactive monitoring initiatives. spend at least half of their FDA We believe this strong proactive stance is in response to regulatory enforcement investment on proactive initiatives concerns, as well as improved surveillance analytics and compliance monitoring offerings in the market. With governments imposing substantial monetary penalties — sometimes accompanied by prison sentences for executives — organizations have every incentive to improve their FDA programs to better prevent and detect fraud. Companies investing in proactive activities also understand the value of FDA in reducing the costs of anti-fraud programs. According to the Association of Certified Fraud Examiners’ most current Report to the Nations on Occupational Fraud and Abuse, those companies with proactive data analytics in place saw a cost per fraud incident that was 59.7% lower (roughly US$100,000 lower per incident) than those companies not using proactive data analytics — more than any other control listed in the survey. Further, the median duration of a fraud incident with respect to the presence of proactive data analytics was half the time — 12 months versus 24 months. Growing sophistication in technology and the use of data Technology maturity is also growing. The use of visualization tools has doubled since our 2014 survey. Respondents also report the increasing use of social and web monitoring tools and statistical analysis and data mining packages. Half of the respondents, however, report that their adoption of advanced analytics technologies remains immature. For example, spreadsheets are still the most common tool used to manage fraud risk, with more than three-quarters of respondents indicating their use. Clearly, there is still more work to be done. The nature, variety and complexity of structured and unstructured data is changing at an exponential rate — causing companies to rethink how they monitor rogue or noncompliant activities. The Internet of Things has added another dimension to the data. In many organizations, machines are communicating with other machines without human involvement. Employees are often communicating outside corporate networks using social media, mobile phones or web logs. All of these scenarios exemplify how traditional monitoring or investigative analytics techniques deployed a decade ago may no longer be as effective given the nature, variety and complexity of data in today’s organizations. Given that unstructured content accounts for around 90% of an organization’s digital information,1 it’s encouraging to see that 75% of respondents routinely analyze a wide range of structured and unstructured data. Businesses can yield great benefits by combining structured and unstructured data (emails, file metadata, audio and video files, etc.) in their analysis to gain a comprehensive view of their risk environment. For example, comments from sales logs can show an individual’s intent to commit a fraud, while a financial transaction can provide the evidence. 1 Unlocking the Hidden Value of Information, IDC website,, accessed 23 November 2015. 14 | Global Forensic Data Analytics Survey 2016

Figure 6: The increasing adoption of advanced FDA technologies Visualization 25% 12% Social media 25% 21% Statistical analysis 18% 11% 2016 2014 �▀ ▀ Q. Which FDA tools do you utilize in managing fraud risk? Base: 2016 all respondents (665); 2014 all respondents (466) Multiple answers allowed, may exceed 100%. Multiple deployment options Increasing numbers of organizations are bringing FDA deployment in-house. Respondents conducting FDA completely in-house increased from 45% two years ago to 67%. In the last two years, leading technology companies have also responded to this growing in-house FDA trend by introducing enterprise-class surveillance and insider threat capabilities to help companies better prevent, detect, monitor or investigate potentially improper transactions, events or patterns of behavior related to misconduct, fraud and noncompliance issues. For example, IBM has introduced IBM Counter Fraud, and SAP has introduced SAP Fraud Management. SAS has also strengthened its offering around its Fraud & Security Intelligence solution. However, deploying these new software capabilities, whether in-house, via the cloud or through a managed service model, requires a multidisciplinary group of professionals who have domain and subject matter knowledge (to ask the right business questions), data science and data management expertise (to translate business questions into meaningful analytics), as well as systems and IT infrastructure expertise (to maintain and secure the platform for use). Figure 7: Multiple deployment options 9% 24% 67% We do this completely in-house �▀ and plan to continue doing so. We do this completely in-house �▀ but we are considering outsourcing it. Outsource either on a project-by-project ▀ basis or via a managed service agreement. Q. Which deployment model best describes how you conduct FDA as part of the company’s anti-fraud program? Base: All respondents (665) Global Forensic Data Analytics Survey 2016 | 15

Top challenges faced by those currently Notably, a large percentage of companies are also seeking outside help for FDA, either considering outsourcing: on a project-by-project basis or through managed service arrangements. Twenty-four Challenges in combining data sources percent of respondents are already outsourcing either as projects or as a managed service; another 9% are considering it. In these circumstances, the benefits of outsourcing Lack of budget and resources outweigh the large capital investment required to build in-house FDA technologies and skill Lack of expertise sets. Outsourcing enables the companies to quickly ramp up their FDA capabilities and focus on the analytics consumption and interpretation. The finding is consistent with IDC’s Inadequate technologies currently market forecast for business analytics process outsourcing services, which estimates a in place 2 14.2% compound annual growth rate through 2019. Organizations are not recognizing the full spectrum of value FDA can deliver Despite the risk universe evolving, the main perceived benefits of FDA have not changed to keep pace. In line with our survey’s findings two years ago, respondents continue to identify the top three perceived benefits of using FDA in their anti-fraud programs as “ability to detect fraud that we couldn’t detect before,” “early fraud detection” and “faster response in investigations.” Figure 8: Main benefits of FDA — not fully realized Ability to detect fraud that we couldn’t detect before 79% Early fraud detection 78% Faster response in investigations 71% Increased business transparency 66% Getting the business to take more responsibility 64% for managing the company's anti-fraud program Reduced costs of anti-fraud program 42% Q. What do you think are the main benefits of using FDA in your anti-fraud program? Base: All respondents (665) The “Other” percentages have been omitted to allow better comparison among the responses given. Multiple answers allowed, may exceed 100%. As indicated in Figure 8, although the top three selected benefits of using FDA are clearly important, both from risk mitigation and cost avoidance perspectives, it is surprising to see how few respondents selected “reduced costs of anti-fraud program.” Only two in five see the potential for FDA to reduce the costs of their anti-fraud programs as a main benefit. By using current technology capabilities and leading analytics to help focus investigative and compliance monitoring efforts, FDA can be an important enabler of cost reduction. 2 IDC Worldwide Business Analytics Services Forecast, 2015–2019, November 2015. 16 | Global Forensic Data Analytics Survey 2016

“ [We need to] … promote a culture of risk management and use of analysis in the areas of anti-fraud across all divisions in the company, not just at the central management level.” Internal Audit Executive, Retail and Wholesale, Italy Across the board, the majority of respondents believe they have a long way to go to reap the full value of FDA in reducing program costs, with only 9% confident that they are fully realizing the benefit. Figure 9: Realizing the full benefits of FDA Faster response in investigations 20% 53% 17% 10% Increased business transparency 20% 58% 17% 5% Getting the business to take more responsibility for 19% 54% 18% 9% managing the company's anti-fraud program Ability to detect fraud that we couldn’t detect before 14% 55% 22% 9% Early fraud detection 11% 56% 22% 11% Reduced costs of anti-fraud program 9% 42% 27% 22% Fully realized Realized to some extent Realized to a small extent Not realized at all �▀ ▀ ▀ ▀ Q. To what extent have you realized the benefits of FDA over the past two years? Base: All respondents (665) “ We continue to see the global impact of cyber breach both from internal and external threats. The monitoring and analysis of an organization’s structured and unstructured data assets will be fundamental to the early detection and investigation exercise.” Paul Walker, Partner, Forensic Technology & Discovery Services, FIDS UK, EY Global Forensic Data Analytics Survey 2016 | 17

Case studies Proactive fraud risk assessment and testing Risk review of distributor management system Financial statement audit 18 | Global Forensic Data Analytics Survey 2016

Proactive fraud risk assessment and testing Industry: Life sciences Country: European company with operations in Asia-Pacific, Eastern Europe, Middle East, Africa and Latin America The situation: and social network analytics, customized for local languages. A multinational life sciences company sought a global compliance The team also developed standardized data requests and and anti-bribery/anti-corruption monitoring program and wanted extraction templates to facilitate future data analytics processes to leverage the data from its highest-risk markets to proactively and compliance audits. The project enhanced the organization’s identify risks and improve its audit sampling. global monitoring program by integrating multiple structured and How FDA helped: unstructured data sources and designing tests that helped identify The project team collected and analyzed data from various systems potentially improper payments to high-risk vendors, employees of multiple business units in more than 10 countries across the and distributors. Besides fraud detection and process globe. They built tailored dashboards for each market, including improvements, the FDA efforts helped the audit and compliance transaction and vendor risk scoring, comparative customer analysis team save time and money during fieldwork activities. Risk review of distributor management system Industry: Consumer products Country: India The situation: amounting to over 50 million records pertaining to the company’s A leading consumer products company based in India planned India distributors for a period of three years. Detailed risk analyses to perform a risk review of its distributor management system were carried out to identify high-risk distributors along with the in order to identify vulnerabilities in its sales process and develop associated financial implications for the company. Visualization subsequent risk mitigation strategies. dashboards were created to provide senior leadership with complete visibility across all of the distributors. Based on the How FDA helped: outcome of the data analytics performed, the company is The company, working with an outside professional services firm, formulating a risk monitoring and control plan. developed fraud scenarios based on potential rogue transactions. The team analyzed sales transactions and other relevant data Financial statement audit Industry: Media and entertainment Country: Australia The situation: dashboards across the accounts payable (AP) process, including A media and entertainment company needed to better employee-vendor relationships, duplicate payments, segregation of understand the risk of financial loss. duties and delegation of authority. The dashboards gave the company How FDA helped: great visibility over the internal controls and fraud risks by testing 100% The company teamed with a professional services firm to of its AP transactions in a timely fashion. The company ultimately develop a suite of analytics tests and data visualization expanded the FDA deployment to include monitoring of additional processes and risk areas. Global Forensic Data Analytics Survey 2016 | 19

“ We need to do Greater sense of urgency in emerging markets Respondents in these markets have the greatest sense of urgency to adopt FDA. more to improve A much larger percentage (78%) of respondents from these markets agree with the statement: “We need to do more to improve our current anti-fraud procedures, including our current anti- the use of FDA tools,” compared with 65% of organizations in developed markets. fraud procedures, including the use Figure 10: Perceived effectiveness by country of FDA tools.” 88% 83% 78% 78% 78% 78% of respondents from emerging 75% markets agree with the above 73% 70% statement, compared with 65% of 68%65% 65% organizations in developed markets. 63%60% 60% 58% 55% Emerging markets versus developed markets Respondents using FDA to Mexico India Brazil China / Hong KongAustraliaSouth AfricaJapanUKIrelandUAEUS France SingaporeGermanyItaly Switzerland 66% 72% actively address cyber breach or Developed markets Emerging markets insider threat �▀ ▀ Q. To what extent do you agree that “We need to do more to improve our current anti-fraud procedures, including the use of FDA tools”? Base: All respondents (665) Respondents The sense of urgency, however, is focused more on using FDA to combat traditional fraud, 48% 59% saying their such as bribery and corruption, than to address cybercrime or insider threat. Only 66% budget is of respondents in emerging markets are using FDA to actively address cyber breaches “sufficient” or internal threats, compared with 72% in developed markets. This is not to suggest that organizations in emerging markets don’t realize the potential for FDA to manage cyber and insider risks. On the contrary, 79% of emerging markets respondents think that FDA Respondents could play a significant role in combating cyber and insider risks. Focusing FDA investment saying they on more traditional fraud risks is understandable given likely funding constraints and the need to improve underlying maturity of the local market. 79% 61% management Forty-eight percent of emerging markets respondents say their budget is “sufficient,” awareness of the compared with 59% of their peers in developed markets. The funding challenge is directly benefits of FDA tied to management awareness. A significant 79% of emerging markets respondents say they need to improve management awareness of the benefits of FDA, compared with 61% in developed markets. The resulting focus of FDA investment on more traditional fraud risks rather than cybercrime or internal threats appears to be due to budgets and is clearly a gap to be bridged. 79% of emerging markets “ In Asia-Pacific, we are seeing more and more companies respondents think that FDA could play a significant role in investing in advanced forensic data analytics capabilities combating cyber and insider risks. for effective compliance monitoring, as well as fraud prevention and detection.” Reuben Khoo, Principal, Forensic Technology & Discovery Services, FIDS Singapore, EY 20 | Global Forensic Data Analytics Survey 2016

FDA deployment: what are the 3 key hurdles? To realize FDA’s full potential, organizations need to deploy the right technology and develop new skills. But to justify the investment required on both fronts, FDA proponents must be able to articulate a business case that demonstrates the full value chain of FDA. Global Forensic Data Analytics Survey 2016 | 21

Making the business case for FDA to management Our survey reveals that organizational reluctance to invest significantly in FDA is partly due to lack of management buy-in around its potential return on investment. Respondents believe they need to be better equipped to articulate the business case of FDA to management: 68% say they need to improve management’s awareness of the benefits of FDA in their anti-fraud programs. “ [We need to] … educate management on what constitutes adequate funding. It’s not Business context just about support from management; they must recognize the need to invest in of FDA improving our fraud investigation capabilities.” Head of Compliance, Banking and Capital Markets, Singapore When articulating the business value of FDA, the conversation needs to This finding highlights a discrepancy between perception and practice. In our survey, focus on the full spectrum of business we found that senior management has an increased sense of urgency to adopt FDA, yet value and stakeholder beneficiaries. respondents also cite the need to educate this group on the need for sufficient investment. Below are common use cases: We believe the gap between perception (that management can see the need for FDA) and practice (their reluctance to fund it) can stem from the lack of awareness of the full Regulatory and litigation spectrum of risk management benefits that FDA can deliver. response 1 Figure 11: Growing need for management’s awareness Internal or cyber-breach 68% investigations 2 62% — 2014 3 Surveillance analytics Internal and external 18% 4audit support 13% Agree Neither agree nor disagree Disagree ▀ ▀ ▀ Industry-specific fraud and compliance Q. To what extent do you agree that “We need to improve management’s awareness of the benefits 5risk management of FDA in the company’s anti-fraud program”? All respondents (665) The “Don’t know” percentages have been omitted to allow better comparison among the responses given. 22 | Global Forensic Data Analytics Survey 2016

Building teams with the right skills “ We need a new IT team — analytics is a different area, and our operational staff For successful deployment, the human element of FDA is an important consideration, are not analytics people. It is a different requiring three distinct skill sets: skill set.” • Technical skills — to understand the organization’s systems and advise on acquiring CFO, Transportation, Singapore additional technology • Domain knowledge — familiarity with the relevant risk areas in the business and the ability to interpret analytics results in the context of the organization • Data analytics (e.g., data science) expertise — mathematical, computer science and business intelligence techniques, such as pattern recognition, statistical analysis, query design and data visualization Yet few organizations have all of these skills in place, as evidenced by the emerging trend reported toward outsourcing. Although more than 80% of our respondents say their organizations have sufficient domain knowledge, about one-third lack data analytics expertise and nearly 40% lack technical skills. Clearly, one key enabler to realizing the full value of FDA is adequate training and expertise. To develop a comprehensive and effective FDA program, companies need to tie all three skill sets together — this typically involves teaming among compliance, legal, internal audit, the business and IT. According to Gartner, the need for data scientists is growing at about three Deploying the right technology times that for statisticians and business intelligence analysts, and there is an Respondents continue to rate “challenges in combining data sources” as the top issue to anticipated 100,000-plus-person analytic overcome in implementing FDA. This suggests that organizations need to think about their 3 talent shortage through 2020. data holistically, deploy the right technology and promote the required skill sets. Building data sets that talk to one another is the first step to successful analytics. Another sticking point for moving to more advanced tools appears to be budget, which our respondents rank as the second-largest FDA challenge — higher than in our previous survey. However, analytics technology has improved, making deployment and accessibility easier. For example, more “self-service” applications are available via the cloud that require less customization to implement. Further, significant improvements in computing power and scalability (i.e., Hadoop), combined with ever-decreasing storage costs, make the use of FDA more cost-effective. These developments help demonstrate the return on investment of FDA to senior management and should bolster the FDA business case. “ The human element is perhaps the most important factor to achieving long-term success. To succeed, ask the ANALYTICS: DON’T FORGET THE HUMAN ELEMENT right business questions that address key DATA AND ANALYTICS IMPACT INDEX risks, and engage the stakeholders in the Don’t forget the human element design. Only then should they map those of your FDA program questions to the right technology and data sources.” Chris Mazzei, Chief Analytics Officer, EY “ In 39% of leading analytics organizations — versus 12% of the rest — analytics skills are recognized, effective, efficient, monitored and clearly used to support decisions. More than one-third of the top 10% also have well-defined competencies for each role and level, along with robust training programs that address potential skills shortages.” EY and Forbes Insights, Data and Analytics Impact Index: don’t forget the human element of analytics, 2015. 3 Defining and Differentiating the Role of Data Scientist, Doug Laney, Gartner 2012 Global Forensic Data Analytics Survey 2016 | 23

What does good 4 look like? Not every organization is getting the full spectrum of value from FDA, but the ones that are have a number of elements in common. They are more likely to use advanced FDA tools that enable them to analyze larger volumes of data from a wide range of data sources, both structured and unstructured. They put a higher percentage of their total anti-fraud program spend into FDA, and they tend to focus on proactive activities, not just reactive ones. 24 | Global Forensic Data Analytics Survey 2016

Survey respondents who say they are currently getting positive results or recoveries from their FDA tools are more likely to: 01 Use advanced technology Companies that successfully deploy FDA harness sophisticated analytics tools. A much higher percentage of those who report positive results are using social media, web monitoring and visualization tools. 56% Figure 12: The use of advanced FDA technologies agree Visualization 29% “ We currently get positive results 20% or recoveries from the FDA tools Social media 30% that we use.” 14% Statistical analysis 7% 2% Agree Disagree �▀ ▀ Q. What tools do you utilize in managing fraud risk? Base: Among all respondents (665), 56% (370) agree and 21% (140) disagree that “We currently get positive results from the FDA tools that we use.” Multiple answers allowed, may exceed 100%. 02 Analyze large data volumes More powerful analytics tools allow organizations to analyze more data, both in terms of volume and variety. Our survey shows a high correlation between reports of positive results and the use of large data volumes. Seventy-nine percent of those reporting positive results, versus 11% of those who don’t, are using more than 10 million records, which are typically outside the domain of spreadsheets and thus require more sophisticated tools for analysis. Of those who are not seeing positive results with FDA, data volume analyzed is low, with only a small minority of respondents analyzing more than 1 million records. Companies are likely to see better results from their FDA tools when they start applying them to more of their data. Figure 13: Data volume used in FDA Under 1 million 23% 53% Between 57% 1 million and 10 million 19% More than 10 million 79% 11% Agree Disagree �▀ ▀ Q. What data volume (in records) do you typically work with in your FDA tasks? Among all respondents (665), 56% (370) agree and 21% (140) disagree that “We currently get positive results from the FDA tools that we use.” Multiple answers allowed, may exceed 100%. Global Forensic Data Analytics Survey 2016 | 25

Broader FDA capabilities to help mitigate insider threat, cyber and fraud risks His t Backdate Hoax C t Descriptive tests t Diplomat expense yber at Honorarium oric Graph Sort Friend fee Pressure Expedite Hack Government official al datQuery = Subtract Pie char ymen Special t ÷ a s Fraud Access ack Divide ∑Group t + a t running Special payment Analytical� Average Aler onFrustrated Entertain Risk r Management override F Insider threat Add * Bogus Multiply Reporting Special pWorried Secretive Facilitation Rules-based descriptive tests and reporting — By using historical Keyword search — The process scans free text fields and data with simple and complex analytical weighted tests, significant unstructured data sources to identify suspicious or high-risk value can be achieved to identify areas of risk. Alerts will be language used. Companies can develop their own library of high- produced when a specific condition is met. For example, if an risk terms that incorporates industry and company-specific jargons, employee submits an expense for reimbursement with an expense acro nyms and cultural slangs that might be used within the specific amount in excess of a predefined reimbursement policy, then an group being analyzed. The process can be developed to take into alert would be triggered. These types of analytics are often easy account industry-specific terms, multiple languages and historical to implement as they rely on predefined conditions and policies. events so that suspicious language can be tagged and escalated for For this reason, this is the most common FDA technique used further review. by businesses. Topic modeling and linguistic analysis — These tools use text Statistical analysis and machine learning — This technique analytics to identify suspicious phrases, high-risk topics or leverages historical facts in the data and machine learning to unusual patterns of behavior in the free text components of the make predictions about future or otherwise unknown events. data. Beyond keyword searching, topic modeling seeks to cluster, The incorporation of statistical models into this approach further quantify and group the key noun or noun phrases in the data, increases the confidence that items identified as outliers warrant enabling the investigative team to quickly gain an understanding additional review, thus limiting the amount of false positives and of what information may have been compromised or the corrupt increasing the efficiency of the review process. intent of certain business activities. Linguistic analysis techniques use the results of text analytics to identify the emotive tone of the communication — identifying angry, frustrated, secretive, harassing or confused communications, among other sentiments. 26 | Global Forensic Data Analytics Survey 2016

Data visualization: dashboards — Dashboards can be very Data visualization: pattern and link analysis — This technique powerful in the identification of unknown events. Data visualization, provides insights, hidden patterns and relationships from vast, including heat maps, geospatial analysis, time series analysis, seemingly unrelated data sources. Data, both structured and word clouds, stratification and drill-down techniques, enables the unstructured, is provided in a variety of visual and link formats that identification of trends and outliers in one, easy-to-understand can be used to connect one data source to another, exposing hidden interface. By combining transactions scoring, dashboards can relationships. aggregate threats across multiple criteria and data sources to prioritize the review. “ We are seeing companies broadening their forensic data analytics capabilities beyond traditional anti-fraud and compliance functions into areas such as legal, information governance and cybersecurity.” Todd Marlin, Principal, Forensic Technology & Discovery Services, FIDS US, EY Global Forensic Data Analytics Survey 2016 | 27

03 Analyze a wide variety of data Those seeing positive results are also analyzing a wider variety of data from both structured and unstructured data sources. Our survey findings indicate that respondents who have reported positive results from using FDA are using a wider variety of data sources. This offers another avenue for companies with low-volume data to leverage FDA more effectively: broadening the data sources they analyze could make their analytics more effective. Figure 14: Use of unstructured data sources to analyze risk Electronic communication 77% 67% Free text payment descriptions 58% in accounting data 55% News feeds or 57% external data sources 42% Social media 49% 31% Customer call or meeting notes 46% 32% Network system 71% or server information 61% Agree Disagree ▀ �▀ Q. Which of the above unstructured data sources does your organization use to analyze fraud risks? Base: Among all respondents (665), 56% (370) agree and 21% (140) disagree that “We currently get positive results from the FDA tools that we use.” Multiple answers allowed, may exceed 100%. 04 Invest more of their total anti-fraud spend in FDA Those who spend a larger portion of their anti-fraud program budget on FDA have reported a higher success rate in seeing the positive results of FDA. Those agreeing with the positive results statement spend 33% of their total anti-fraud program budget on FDA; those disagreeing spend only 26%. Figure 15: Anti-fraud program spend in FDA 33% 26% Agree Disagree ▀ ▀ Q. Of your annual spend on preventing and detecting fraud risks, what percentage is on FDA specifically? Base: Among all respondents (665), 56% (370) agree and 21% (140) disagree that “We currently get positive results from the FDA tools that we use.” 28 | Global Forensic Data Analytics Survey 2016

FDA maturity model In our 2014 survey, we introduced an FDA maturity model that provides a four-quadrant “ We have to bring innovative and effective framework for assessing an FDA program’s precision (i.e., its ability to better detect relevant technology to eliminate or curtail money risk issues) and accuracy (i.e., its ability to reduce the number of false positives). laundering or cybercrime, as well as to In that model, the most mature companies integrate all four quadrants of analytics achieve more transparency.” capabilities into their FDA activities, adopting advanced data analytics technologies and CFO, Retail and Wholesale, India combining structured and unstructured data. We have since updated the model to show the progression of an organization’s FDA maturity journey starting from rules-based, descriptive tests and reports, through keyword searching, data visualization, topic modeling and linguistic analysis, to statistical and predictive techniques. The model still suggests that as multiple analytics techniques are incorporated, the fraud detection rate increases and the false positive rate decreases. It also highlights the importance of considering both structured and unstructured data sources as indicated by the yellow arrows, regardless of the techniques being used. Our survey revealed that, overall, companies have increased their FDA maturity since 2014. “ When combined with industry knowledge The vast majority of companies are adopting more advanced tools. Statistical use cases rose and investigative experience, insights 7%; the use of unstructured data sources rose 8%. Of note, within unstructured data sources, gained from the use of leading forensic the highest growth category was the use of email, up 16% from 57% to 73%, while the use of data analytics techniques can get clients call log and phone data more than doubled from 20% to 41%. Finally, the use of visualization faster answers to key business issues.” tools also more than doubled, with one in four respondents now using these advanced tools. Jim McCurry, Partner, EMEIA FIDS Leader, Our 2016 survey findings reinforced the validity of our maturity model. In almost every EY UK circumstance, those companies using more sophisticated analytics beyond rules-based tests report better fraud detection in less time as compared with those using only rules- based tests. Figure 16: Data analytics maturity journey Lower Detection rate Higher Structured Topic modeling Statistical data sources Linguistic analysis and predictive Unstructured data sources Keyword searching Data visualization ComplexityUnstructured data sources Structured Rules-based, data sources descriptive tests and reporting Higher False positives Lower Business value and ROI Global Forensic Data Analytics Survey 2016 | 29

Case studies Responding to a major cyber breach — theft of confidential Detecting bank customer information deposit fraud Responding to a cyber attack — account takeover and redirect Surveillance monitoring: Know Your Trader (KYT) Responding to a major cyber breach — theft of confidential customer information Industry: Retail Country: United States The situation: investigation and analysis of financial systems at the operating The company’s information systems were hacked by external system, database and network layers, as well as of log data from a actors, resulting in the loss of confidential customer information. variety of sources, to assess the reliability of the financial controls. The company was able to confirm the integrity of its financial How FDA helped: IT system despite the deficiency in logical access controls. The The company used FDA to assess the scope of the breach and deficiency in logical access controls was subsequently remediated. its potential impact on financial systems. It conducted a forensic 30 | Global Forensic Data Analytics Survey 2016

Responding to a cyber attack — account takeover and redirect Industry: Internet service provider Country: Eurozone The situation: determine if the intrusion had gone beyond the initial attack A large European top-level domain name registrar reported that vector. Using pattern and link analysis to visualize network the domain names for major international companies had been traffic, the investigation team determined that the intrusion hijacked and redirected to inappropriate internet sites. was indeed limited in scope, which the company was able to demonstrate to regulators. The analyses provided substantive How FDA helped: evidence that the intrusion was limited in scope, causing minimal The company used FDA techniques to isolate the intrusion damage to the company. mechanism and to evaluate the network infrastructure to Detecting bank deposit fraud Industry: Banking Country: Asia The situation: into a network of high-performance computers on-site. The A large Asian bank was seeking to uncover bank deposit bank developed customized counter-fraud risk-scoring models fraud patterns across its retail business in order to improve leveraging visual analytics, link analysis, statistical anomaly its internal controls environment and build trust with detection and predictive analytics techniques to spot unusual customers and employees. patterns of potential bank deposit fraud schemes. The bank uncovered hidden relationships between its customers and How FDA helped: employees, highlighted suspicious insider activities and detected The company used advanced FDA techniques to harness data transactions that were designed to avoid internal reporting never before extracted from its core banking system, which was thresholds. The bank put together a fraud task force to review linked with data from other business units, such as branch and case observations resulting from the models and validated that internet banking. Several billion bank transactions were loaded the reduction in false positives had significantly improved. Surveillance monitoring: Know Your Trader (KYT) Industry: Financial services Country: Australia The situation: review by applying: The bank was investigating concerns raised by an Australian • A series of keywords and ontologies designed to detect rogue regulator with respect to various FX and financial benchmark trading and noncompliance with bank regulations processes. Specifically, the regulator issued a series of • A communication risk-scoring model that assigns an agreed compulsory notices to the bank requiring it to produce certain weight to each test and ranks each communication based on documents and information. the co-occurrence of how that communication meets each test criterion How FDA helped: The bank deployed KYT forensic data analysis techniques By using FDA to enable a targeted document review based on spanning more than 10 million documents — covering corporate text mining and an objective risk-scoring model, the number of email, instant messaging, and Reuters and Bloomberg Chat documents requiring review was substantially reduced — cutting data — to identify potentially high-risk communications between costs by millions, with a better risk mitigation outcome. the bank’s securities traders, industry analysts and other parties. By using FDA, the project team performed targeted document Global Forensic Data Analytics Survey 2016 | 31

Embracing the FDA revolution: going 5 the distance The rapidly evolving digital world is seeing more and more new risks for companies to evaluate, manage and mitigate. As a result, regulators are employing more tools to detect noncompliance and working across borders to prosecute offenders. This environment has alerted boardrooms to the need to manage their risk much more effectively than before. 32 | Global Forensic Data Analytics Survey 2016

Companies recognize their vulnerabilities, and many more are using technology and tools, particularly around visualization, to extract more from their data. In-house capabilities are increasing, but so are outsourced services. Yet firms are failing to appreciate the full value of FDA technologies, commit to them and reap their benefits. One major reason for FDA tools being less effective than they could be is the lack of investment. Although the C-suite is aware of the need for these tools, many companies do not invest enough in the right technology or the right skill sets to follow through and close the loop. The signals are clear. Companies that have benefited greatly from their FDA investment use advanced technology to analyze both large volumes and a wide variety of data. They invest more of their total risk management and investigative spend in FDA. Many organizations have already taken steps to monitor risks proactively. They have in place systems to monitor, detect and combat risks, rather than merely react to allegations and crises. Still, 37% of the respondents spend more than half of their FDA investment on reactive matters. We believe these organizations should consider investing more in proactive measures that can result in better risk management up front and reduce potential cost from fraudulent activities or noncompliance in the long run. Emerging markets are showing awareness of cybercrime, but they have not committed as many resources to combating it as their counterparts in developed markets. Lack of funding appears to be a major constraint, but this also leaves companies at increased risk of an attack. The final picture of FDA in 2016 is of a technology that is slowly gaining traction and “ We need to provide better technical beginning to yield returns on investment. But companies have not yet thrown their full training to our people and improve the weight behind the paradigm, choosing instead to invest piecemeal and reap only some quality of information in our corporate of the benefits. In order to leverage the full power of FDA, firms need to commit, invest systems and applications.” 5and implement the strategy in its entirety. In doing so, they will join those that are already Risk Executive, Life Sciences, Brazil riding the crest of the analytics revolution. 37% of the respondents spend more than half of their FDA investment on reactive matters. Global Forensic Data Analytics Survey 2016 | 33

Survey approach Between June and September 2015, researchers from Longitude Research, a business-to-business research and content agency, conducted 665 interviews across 17 countries with organizations actively using FDA. Respondents had to be the decision- makers responsible for their company’s anti-fraud program. A breakdown of these survey respondents is as follows: Job title Interviews Industry Interviews Head of internal audit/CRO 192 Financial services 162 Other audit/risk 81 Consumer products, retail and wholesale 149 Other finance 51 Life sciences 59 Head of compliance 61 Oil and gas 62 CFO/FD 68 Power and utilities 41 Head of legal 34 Transportation 24 Financial controller 58 Manufacturing 62 CEO/COO/CIO 28 Mining 27 Head of business unit/division 16 Technology, communications and entertainment 77 Head of investigations 14 Other 2 Head of security 17 Company secretary 5 Other management staff 40 Revenue Interviews Geographic location Interviews More than US$5b 182 Australia 40 US$1b—US$5b 225 Brazil 40 US$500m—US$1b 63 China (including Hong Kong SAR) 40 US$100m—US$500m 195 France 40 Germany 40 India 40 Ireland 40 Italy 40 Japan 40 Mexico 40 Singapore 40 Middle East (UAE and Saudi Arabia) 40 South Africa 40 Switzerland 40 UK 40 US 65 34 | Global Forensic Data Analytics Survey 2016

Contact information The following EY FIDS professionals contributed to this research and are available for comments: Contacts David Stulb David Remnitz Global FIDS Leader Global FIDS FTDS Leader +44 20 7951 2456 +1 212 773 1311 Area FIDS Leaders Americas EMEIA Asia-Pacific Japan Brian Loughman Jim McCurry Chris Fordham Ken Arahari +1 212 773 5343 +44 20 7951 5386 +852 2846 9008 +81 3 3503 1100 FIDS subject-matter resources Australia Brazil China France Warren Dunn Marlon Jabbur Chi Chen Olivier Mesnard +61 411 755 595 +55 11 2573 3554 +86 21 22284361 +33 1 46 93 67 62 Germany Hong Kong India Ireland Anita Kyung-Hee Eric Young Mukul Shrivastava Eoin O’Reilly Kim-Reinartz +852 2629 3166 +91 226 192 2777 +353 1 2212 698 +49 211 9352 16812 Stefan Schaffer Jack Jia Anil Kona +49 619 6996 23595 +852 2846 9002 +91 806 727 3300 Italy Japan Middle East Mexico Fabrizio Santaloia Ken Arahari Mike Adlem Ignacio Cortes Castan +39 02 8066 9733 +81 3 3503 1100 +971 4701 0524 +52 55 5283 1300 Luca Marzegalli Ichiro Sugiyama Paul Marsters +39 335 6653345 +81 3 3503 1100 +971 4332 4000 Singapore South Africa Switzerland Reuben Khoo Charles R De Chermont Paul Wang +65 6309 8099 +27 11 502 0426 +41 58 286 5826 Lance Poon +27 11 772 4207 United Kingdom United States Paul Walker Todd Marlin +44 20 7951 6935 +1 212 773 7709 Carl Judge Vincent Walden +44 20 7760 9347 +1 212 773 3643 Global Forensic Data Analytics Survey 2016 | 35

EY | Assurance | Tax | Transactions | Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit About EY’s Fraud Investigation & Dispute Services Dealing with complex issues of fraud, regulatory compliance and business disputes can detract from efforts to succeed. Better management of fraud risk and compliance exposure is a critical business priority — no matter the industry sector. With our more than 4,200 fraud investigation and dispute professionals around the world, we assemble the right multidisciplinary and culturally aligned team to work with you and your legal advisors. And we work to give you the benefit of our broad sector experience, our deep subject matter knowledge and the latest insights from our work worldwide. © 2016 EYGM Limited All Rights Reserved. 1512-1788039 SCORE No. AU3666 In line with EY’s commitment to minimize its impact on the environment, this document has been printed on paper with a high recycled content. This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.