Febry Pamungkas C1I016008
Krisna Try Prasetyo C1I016009
Chrisna Bachtiar Octa C1I016012
Fatedy Abdul Aziz C1I016019
Understanding
and Applying Benford’s Law
There are many tools the IT auditor
has to apply to various procedures in an IT audit. Almost all computer-assisted
audit tools (CAATs) have a command for Benford’s Law.
Benford’s Law
Benford’s
Law, named for physicist Frank Benford, who worked on the theory in 1938,3 is
the mathematical theory of leading digits. Specifically, in data sets the
leading digits are distributed in a specific, nonuniform way. Frank Benford
found that the appearance of number 1 in the first digit of a random data has a
percentage greater than number 2, number 2 has a percentage greater than number
3 and so on (see figure 1). The theory covers the first digit, second digit,
first two digits, last digit and other combinations of digits because the
theory is based on a logarithm of probability of occurrence of digits.
Benford’s
Law holds true for a data set that grows exponentially (e.g., doubles, then
doubles again in the same time span), but also appears to hold true for many
cases in which an exponential growth pattern is not obvious (e.g., constant
growth each month in the number of accounting transactions ). It is best
applied to data sets that go across multiple orders of magnitude (e.g., income distributions). While it has been shown
to apply in a variety of data sets, not all data sets follow this theory. The
theory does not hold true for data sets in which digits are predisposed to
begin with a limited set of digits. For
example would be small insurance claims (e.g., between US $50 and US $100). The theory also does not hold true
when a data set covers only one or two orders
of magnitude.
THE RIGHT CIRCUMSTANCES FOR USING BENFORD’S LAW
Proponents
of Benford’s Law have suggested that it would be a beneficial tool for fraud
detection. In fact, Benford’s Law is legally admissible as evidence in the US
in criminal cases at the federal, state and local levels. This fact alone
substantiates the potential usefulness of using Benford’s Law. Of course the
usage of Benford’s Law needs to “fit” the audit objective. For instance, if the
audit objective is to detect fraud in the disbursements cycle, the IT auditor
could use Benford’s Law to measure the actual occurrence of leading digits in
disbursements compared to the digits’ probability.
The
objectives are equally applicable using Benford’s law, including analysis of:
•
Credit
card transactions
•
Purchase
orders
•
Loan
data
•
Customer
balances
•
Journal
entries
•
Stock
prices
•
Accounts
payable transactions
•
Inventory
prices
•
Customer
refunds
Examples
of data sets that are not likely to be suitable for Benford’s Law include:
•
Airline
passenger counts per plane
•
Telephone
numbers
•
Data
sets with 500 or fewer transactions
•
Data
generated by formulas
•
Data
restricted by a maximum or minimum number
The
IT auditor will need to determine whether to run a one-digit test or two-digit
test. The two-digit test will usually give more granular results, but is also
likely to reveal more spikes than a one-digit test. Once the test has been run,
the IT auditor will need to determine what results deserve more attention or
whether the results provide evidence or
information related to the audit objective.
The results that show a digit that is lower than probable occurrence are
generally ignored, unless the audit objective is in that direction.
THE CONSTRAINTS IN USING BENFORD’S LAW
The
assumptions regarding the data to be examined by Benford’s Law are:
•
Numeric
data
•
Randomly
generated numbers:
v
Not
restricted by maximums or minimums
v
Not
assigned numbers
•
Large
sets of data
•
Magnitude
of orders (e.g., numbers migrate up through 10, 100, 1,000, 10,000, etc.)
The
mathematical theory has always been applied to digital analysis, i.e., a
logarithmic study of the occurrence of digits by position in a number. It is
important to note that one assumption of Benford’s Law is that the numbers in
the large data set are randomly generated.
Thus, before applying Benford’s Law, the IT auditor should ensure that
the numbers are randomly generated without any real or artificial restriction
of occurrence.
Benford’s
Law should be applied only to large data sets. It is inadvisable to use
Benford’s Law for small-sized data sets, as it would not be reliable in such
cases. Thus, some experts recommend data sets of at least 100 records. This
author recommends that the data set be 1,000 records or more, or that the IT
auditor justify why a lower volume of transactions is suitable to Benford’s
Law, i.e., show that the smaller size still meets the other constraints and
that size will not affect the reliability of results.
The
IT auditor should be careful in extracting a sample and then using Benford’s
Law on the sample. That is especially true for directed samples in which the
amount is part of the factor allowing a transaction to be chosen. This is because
the sample is not truly a random sample. For small entities, using a data set
for the whole month, or a random day of each month, is a better sample for
Benford’s Law purposes.
CONCLUSION
Benford’s
Law can recognize the probabilities of highly likely or highly unlikely
frequencies of numbers in a data set. The probabilities are based on
mathematical logarithms of the occurrence of digits in randomly generated
numbers in large data sets. Those who are not aware of this theory and
intentionally manipulate numbers, are susceptible to getting caught by the
application of Benford’s Law. The IT auditor can also apply Benford’s Law in
tests of controls and other IT-related tests of data sets. However, the IT
auditor needs to remember to make sure that the constraints (mathematical
assumptions of the theory) are compatible with the data set to be tested.
No comments:
Post a Comment