×

Retail CIOs are deploying predictive capabilities, continuous monitoring tools, and a host of innovative practices to help recover margins lost to criminals.

As widely reported in 2006, a fraudster systematically deprived retailers of more than $600,000 over a three-year period by placing counterfeit bar codes on high-end toys, greatly reducing their price. The thief then bought the toys at their artificially low price and resold the items online for nearly full value. After monitoring sales reports for trends and anomalies, loss investigators eventually caught the perpetrator—but it took them three years.¹

Since this high-tech heist was exposed, shrinkage—retail inventory losses caused by fraud or error—has not abated. In fact, global retail shrinkage increased worldwide 6.6 percent to $119 billion in 2011, an average of 1.45 percent of retail sales.²

Today, retailers routinely find themselves battling attempted manipulation of their financial statements and POS transactions, collusion among vendors, shoplifting and refund fraud, plus a host of often elaborate schemes involving salaries, wages, and employee theft.

“It’s likely retailers will have to step up the pace of innovation in their fraud prevention and detection activities if they are to recover more of the margin currently being lost to fraudsters,” says Keith Denham, a principal in Deloitte & Touche LLP’s Consumer Products, Retail, and Distribution Advisory practice. “It is time for the retail industry to consider how new technologies and data analytics may help to detect more fraud and improve margins.”

Common Fraud Management Challenges

While designing and implementing strong internal controls in known risk areas is an important part of fraud management, it may not be enough to recover more of the margin currently being lost to fraud. Consider the limitations of traditional fraud prevention activities and how deploying analytics could help CIOs and business leaders transform their approaches for combatting retail fraud:

Resource constraints and inefficiencies. The resources needed to prevent and detect fraud are often limited for budgetary reasons. Those that do exist are likely focused on traditional activities, such as internal audits and detection techniques chosen primarily for their simplicity and economy. For example, when a retailer has many locations, personnel experienced in audit and inspection processes and who possess historical knowledge of audit outcomes often determine which locations warrant increased scrutiny. Yet staff reductions throughout the retail sector have led to a loss of experienced personnel, thus hampering the effectiveness of traditional practices. “New analytics technology can help fill the void created when experienced personnel leave and take their accumulated knowledge with them,” says Darren James, a partner in the Enterprise Risk Services practice of Deloitte Canada, a member firm of Deloitte Touche Tohmatsu Limited. “By using analytics to mine transactional, financial, and other data, auditors can flag investigation locations that display greater anomalies. Moreover, they can use these tools to learn from audit and inspection efforts, and retain that knowledge for ongoing data analysis and monitoring.”

Outdated technologies and limited data analytics. “In their use of analytics, some retailers appear to be playing catch-up,” observes James. “Basic point-of-service (POS) analytics only take you so far. By deploying predictive analytics to better understand anticipated sales volume of a given stock keeping unit (SKU) and anticipated sales of products in the secondary marketplace, retailers might be able to identify certain product transactions as outliers and alert stores to increase their scrutiny of such sales.”

Inadequate control activities. Internal thefts are pervasive in the retail industry. Indeed, some of the most significant fraud is committed by employees who hold high positions and have the authority to override internal controls to achieve their goals. For example, commissioned employees might abuse their power by selling below the company’s discount limit to reach a personal sales quota, and franchise owners may be tempted to underreport sales or buy supplies from someone other than the franchiser to reduce franchise fees and procurement costs. Data analytics can provide a new level of transparency and insight into such activities.

Oversight and lack of continuous monitoring. Traditional fraud prevention techniques tend to be historical rather than predictive. As such, effective oversight processes are often labor intensive and time consuming. In contrast, the credit card industry uses real-time alerts to flag unusual customer transactions, thereby triggering a hold on these transactions and avoiding potential losses. As a result, credit card companies can use employees to intervene, when necessary, in high-value transactions requiring more sensitive handling, such as those involving lucrative accounts. “In some ways, the retail industry has not kept up with other industries in implementing continuous monitoring techniques,” says Robert Fowlie, a partner in the Forensic practice of Deloitte Canada. “Many retail companies have significant amounts of data at their disposal, captured daily through operations. But turning that data into insight through continuous monitoring and real-time feedback remains a challenge.”

Building an Effective Fraud Risk Framework

Retailers can often benefit from implementing a holistic fraud framework that supports the continuous innovation of fraud management strategies. Rather than simply augmenting traditional activities, this model takes a fresh approach to improving retailers’ ability to prevent and detect fraud.

The framework comprises four main components:

Cultural assessment. By examining a company’s culture, business ethics, and actions, decision-makers can focus their fraud management efforts and apply data analytics to important areas. One strategy for gaining needed insights could involve gathering anonymous feedback from a large group simultaneously using an established web-enabled survey tool. The survey can include six principal areas: awareness of relevant policies and follow-through; corporate culture; observed unethical or questionable actions; issues that either facilitate or reduce the likelihood of fraud occurring; respondents’ perceptions of the desired outcomes of ethics and compliance efforts; and specific risk issues. By evaluating the results of the survey, decision-makers can better identify areas of fraud risk using objective data rather than the potential biases and misinformation.

Technology and data analytics. Understanding the fraud-related challenges a company faces can help focus IT’s efforts to build and implement a tailored technology solution. An organization can likely accomplish this by analyzing data from daily transactions and activities such as purchasing, accounts payable, POS, sales projections, warehouse movements, employee shift records, returns and store-level video and audio recordings. Rigorous and regular sample-based analysis of data across the company can help pinpoint fraudulent activity and develop appropriate priorities for case management and investigation. It may also reduce the false positive rate of detection and prevention strategies.

Effective control activities. Many companies begin to build control frameworks and processes after a large and public fraud causes significant negative financial and reputational damage. All retailers—even those with established control activities—can benefit from reviewing their existing risk environment and processes, and identifying how innovation can enhance these activities before an incident occurs. One way of evaluating a control environment is to hold a series of facilitated stakeholder workshops, which can help the company assess the likelihood and potential impact of different types of fraud, as well as help to identify limitations in the control environment, such as potential management override.

Continuous monitoring and innovation. Fraudsters continuously adjust their activities to circumvent fraud prevention and detection controls. If retailers want to fight fraud effectively, they should take a similarly flexible approach. Continuous monitoring can include several tactics, such as tracking product and inventory movement for unusual patterns that may indicate shrink and store associate theft, and monitoring exceptions and trends, such as the number of invoices from suppliers over time, unusual invoice number sequencing, and the amount of money spent for goods and services purchased from a particular vendor. In addition, companies could consider building a model for a predicted number of product returns per shift. When numbers exceed a set threshold for returns by product or by individual, manager verification can be invoked.

*****

Risk management programs will vary depending upon a retailer’s fraud risk profile and the current state of its controls. Increasingly, the effectiveness of these programs may hinge on the way a retailer leverages analytics. “Staying one step ahead of the fraudsters is critical to protecting a company’s assets and reputation,” says Denham. “Implementing data analytics into the elements of a company’s fraud framework can help identify patterns, trends, and anomalies in the data. It can help detect a broader range of exposure, including previously unknown risks and uncover new patterns of fraud.”