5 Key Steps to Take When Investigating Big Data

13,311,666,640,184,600. According to Bill Hardin, CFE, CPA, CFF and Director of Navigant Consulting, this is the number of devices that will be connected to the Internet in 2020. Hardin led the session, “Five Lessons Learned with Managing Big Data in an Investigation” this morning and gave five key steps to take when managing the big data that can and will be found in connected devices. 

“Data is growing by the day,” Hardin said. “And these large data sets require imagination. It is up to the fraud examiner to look at the data from a different perspective to find the trends and analysis they need to find fraud.”

Below are the five key steps Hardin suggested:

  1. Know your sources before, during and after an event. These sources of information can come from two different types of data sets: structured (databases, spreadsheets, logs) and unstructured (email, text messages, instant messages, voicemails).
  2. Use tools outside of your comfort zone. In addition to Microsoft Excel and Microsoft Access, seek out tools you are less familiar with (read more below). They are valuable and will make your investigations less time-consuming.
  3. Know how to evaluate the data and make it talk. Hardin said he likes to “interrogate the data” so he can find the trends and conclusions he needs.
  4. According to Hardin, the biggest part of using big data in an investigation is knowing how to effectively present your data to key stakeholders. He said you have to be able to tell a good story succinctly. “Summarize the data, and give the clients the bits they need to take action,” Hardin said.  
  5. Remember to update your standards based on your data. Is an event isolated or recurring? Do you need to change any policies or procedures after reporting your findings? Hardin also recommended asking whether an incident is repeatable. To truly know this you must make your data collection automated so you can evaluate it on a regular basis.

Hardin shared a useful example of No. 2 (using resources outside one’s comfort zone) when speaking about a tool called Catelas. Typically when examiners look for organizational relationships within a company to find out who to interview regarding a suspicious employee they first look to a formal organizational chart. Hardin suggested using a tool like Catelas instead. Catelas reverse engineers a user’s email box to find the most active relationships and connections. Hardin said using this to create an organizational chart based on an employee’s email activity gives you more insight into who may be the best person to speak to first about the employee’s misconduct.

Along with the five key steps mentioned above, Hardin also repeatedly shared the importance of thinking outside of the box when conducting big data investigations. “Look at cases from multiple perspectives using multiple tools,” Hardin advised. “And increase your network both inside and outside your company so you are not staying siloed while trying to manage large amounts of data.”

You can find more coverage from the ACFE Global Fraud Conference at FraudConference.com