Fraud detection, Benford analysis, duplicate detection, segregation of duties (SOD), whistleblower management, and legal holds.
Fraud & Governance provides automated fraud detection using statistical methods (Benford Analysis for invoice amounts), duplicate detection across POs/invoices/vendors, Segregation of Duties enforcement to prevent single-person transaction completion, whistleblower channel for anonymous reporting, and legal hold management for evidence preservation. SOD rules ensure no user can both create and approve financial transactions.
| Status | Description | Allowed Actions | Next States |
|---|---|---|---|
| Alert | Potential fraud/violation detected | Investigate | Under Investigation |
| Under Investigation | Investigation in progress | Resolve, Escalate | Resolved, Escalated |
| Resolved | Investigation completed, no fraud | Close, Document | Closed |
| Confirmed | Fraud confirmed | Legal Action, Disciplinary | Closed |
| SOD Violation | Duty separation rule breached | Override with Approval, Block | Resolved |
alert_id — PKalert_type — benford | duplicate | anomaly | sod_violationentity_type, entity_id — Referenced transactiondescription, risk_score — Alert detailsdetected_date, investigated_by — Trackingstatus — New → Investigating → Resolved / Confirmeddetection_id — PKentity_type — invoice | po | vendorrecord_a_id, record_b_id — Matched pairmatch_score — Similarity score 0-100match_fields — Which fields matched (amount, date, vendor)status — Detected → Reviewed → Confirmed / False Positiverule_id — PKrule_name, description — Rule definitionaction_a, action_b — Conflicting actions (e.g., create_po, approve_po)enforcement — block | warn | logis_active — Enabled/disabled flagreport_id — PKreport_date, description — Anonymous reportcategory — financial | safety | harassment | corruptionevidence_url — Attached evidenceassigned_to, status — Investigation trackingis_anonymous — Reporter identity protectedhold_id — PKcase_reference — Legal case or investigation referencedescription, hold_date, release_date — Hold periodcustodian_id — FK → admin.userstatus — Active / ReleasedSystem runs nightly batch jobs: Benford analysis on invoice amounts, duplicate detection across POs/invoices, and anomaly detection on transaction patterns.
Fraud alerts reviewed by Internal Audit. Risk score (0-100) determines priority. High-risk alerts investigated within 48 hours.
Investigation team examines transactions, interviews personnel, and collects evidence. Legal hold placed on relevant records to prevent deletion.
SOD rules configured for all financial workflows. When user attempts conflicting action, system blocks or warns based on rule severity. Override requires senior management approval.
Anonymous reporting channel available via web/mobile. Reports categorized and assigned to appropriate investigator. Reporter identity protected even from management.
-- First-digit distribution of invoice amounts vs Benford expected SELECT first_digit, actual_count, actual_pct, benford_pct, ABS(actual_pct - benford_pct) AS deviation FROM ( SELECT LEFT(CAST(FLOOR(ai.gross_amount) AS TEXT), 1)::int AS first_digit, COUNT(*) AS actual_count, ROUND(COUNT(*)::numeric / SUM(COUNT(*)) OVER() * 100, 1) AS actual_pct FROM accounts_payable.ap_invoice ai WHERE ai.gross_amount > 0 GROUP BY first_digit ) a JOIN fraud.benford_analysis ba ON ba.digit = a.first_digit ORDER BY deviation DESC;