Let’s Get Digital: Putting Benford’s Law to Use in Fraud Examinations

What do digits, logarithms, physicists, and fraud have in common? 

A man by the name of Frank Benford.  In the 1930s, physicist Benford developed a theory of leading digits, now known as Benford’s Law.  Benford’s Law tells us that in a variety of data sets, the probability of occurrence of each digit (0 through 9) as the first digit in a number follows a certain distribution.  That is, the digit 1 will occur with about a 30% frequency, followed by the digit 2 at 17.6%, through the digit 9 at 4.6%.  See Figure 1.

So what does this tell us, and how does it relate to fraud?

Because of its predictive component, Benford’s Law can be a useful tool for fraud examiners when applied to the right data sets – that is, large unrestricted sets of data that are not predisposed to begin with a limited number of digits.  Many data analytics software programs (such as ACL, Arbutus Analyzer, and even Microsoft Excel with ActiveData) now contain a Benford function which allows users to test numerical fields in data sets for digit frequency.  Leveraging this capability allows fraud examiners to quickly pinpoint (or rule out) areas for further examination and to determine anomalies and red flags for fraud, waste, and abuse.

Here’s an example of Benford at work:

Company ABC’s purchasing policy requires that all purchases $2,500 or greater be bid out and accompanied by a purchase order.  ABC employee Bill Smith is in collusion with Vendor XYZ: Smith uses ABC company funds to “purchase” hundreds of thousands of dollars’ worth of goods from Vendor XYZ and receives kickbacks from XYZ in return.  Vendor XYZ submits hundreds of false invoices to ABC, each for just below ABC’s threshold of $2,500, thus circumventing ABC’s purchasing policy.   ABC notices cash flow problems and hires fraud examiners to conduct a fraud vulnerability assessment.  The fraud examiners run preliminary tests to identify red flags and to pinpoint areas for further examination.  After running the Benford test on the purchasing data, the fraud examiners discover an anomaly in the digit distribution (see Figure 2).  The fraud examiners note that the digit 2 is occurring most frequently and much more frequently than Benford’s Law would indicate that it should.  The fraud examiners are then able to direct their efforts appropriately and to seek supporting documentation for the activity in question.

Add Benford to your tool kit!

Benford’s Law, which also includes second digits, first two leading digits, last digits, and other digit combinations, can be applied to credit card transactions, loan data, stock prices, transaction listings, inventory records, and much more.  It is important that fraud examiners keep this tool in their kits – it may prove fruitful in future fraud examinations.

Figure1-Let's Get Digital: Putting Benford’s Law to Use in Fraud Examinations

Figure2-Let's Get Digital: Putting Benford’s Law to Use in Fraud Examinations



“Bring your own device,” or “B.Y.O.D,” is a concept that an increasing number of companies are implementing.  B.Y.O.D allows employees to use their personally-owned devices in the work place. These devices can range from laptops and tablets to cell phones and flash drives. While B.Y.O.D may be a good plan in theory – employees can work with devices they are comfortable using – It is important for employers to thoroughly consider the implications and potential pitfalls before implementing a B.Y.O.D policy.  Consider, for example, the following key areas regarding the security of corporate information and infrastructure:

Network security: When an employee connects their personal device to the corporate network, they are exposing the company to many risks, including the potential for a virus to enter the corporate network.

Corporate information: The security of confidential corporate information may be at risk with B.Y.O.D.  An electronic device connected to the corporate network could be used to capture key corporate information that may be removed from the company.

Employee understanding: There should be a clear agreement between the company and the employee regarding B.Y.O.D. Many companies allow employees to purchase and use their own cell phones for business communications but don’t allow personal computers to connect to the network. When you consider that today’s cellphones are little more than small computers, often with access to the same information that can accessed from a laptop, such a policy can provide a false sense of security. For this reason, many companies limit cell phone access to corporate email.

Device security: Corporate policy should include a requirement that cell phones be password protected.  Many cell phones now have the capability to be remotely wiped, which can aid in protecting corporate information on personal devices if lost or stolen.

Policies and procedures: The key to a successful B.Y.O.D program is a well-documented and enforced corporate policy – one that is in place before the first employee-owned device connects to the network. These policies should include consideration of:

  • A list of approved devices
  • What data may be accessed from a personal device
  • Whether data may be downloaded to a personal device
  • Who is responsible for securing the device
  • Who will provide technical support for the device
  • What the expectation of privacy is as it relates to B.Y.O.D in the workplace
  • What steps must be taken when an employee leaves the company

It is important that these polices not be written once and set on the shelf never to be changed.  B.Y.O.D policies will need to be revisited often to ensure that they are reflective of the current trends in technology.