Anomaly Detection
Written by Michelle Henley
Updated at October 24th, 2024
Table of Contents
Use Case:
Organizations need to ensure that employee expenses align with company policies and flag any unusual activity that could indicate fraud, policy violations, or errors. Expenses in categories such as meals, lodging, or airfare can occasionally show unexpected variations, warranting closer attention.
The Anomaly Detection risk analytic identifies transactions that deviate from typical patterns by calculating a z-score, which measures how far a transaction’s value is from the average of similar transactions within a comparable group over a one-year historical period. The analysis groups transactions based on both payment method (e.g., cash, T&E cards, P-cards) and expense type (e.g., meals, lodging), establishing an expected range or "norm" for each group. Transactions that exceed two standard deviations from this average are flagged for review, helping organizations detect potential issues and ensure policy compliance.
| Description | Identification of anomalous transactions according to the transaction's value relative to a historical period of related transactions (1 year). Related transactions are those of the same payment method (cash, T&E card, P-card) and the item's nature (expense type - e.g., meals, lodging, airfare). |
| Domain(s) | Employee |
| Analysis Type | Context Flag |
| Focus Area | Value |
| Score Methodology | The 'z-score' (number of standard deviations from the mean) for the transaction relative to its peer group. By definition, 68% of transactions are within 1 standard deviation of the mean, while 95% are within 2 standard deviations, and finally 99.7% of transactions are within 3 standard deviations. It is recommended to avoid having a criteria with less than 2. |
Default Scoring Criteria
Importance: 5 (default)
Enabled: True (default)
| Risk Result | Default Value | Notation |
|---|---|---|
| Weak | 2.5 |
The 'z-score' (number of standard deviations from the mean) for the transaction relative to its peer group
|
| Moderate | 3 | |
| Strong | 4 | |
| Auto | Not Set |
Unique Configuration
- The historical period for anomaly context is 365 days
- Configuration of cohort to detect anomalies
- Default dimensions configuration: Payment Method, Nature Detailed
Available dimensions:
- Payment Method (Cash, TE Card, P-Card)Expense Type (mapped expense category - see Reference Data)
- Country
-
All values are log-transformed, which allows us to mitigate the undesirable effects of a “long tail” distribution. This enhances the occurrence of our anomaly detection.
Exclusions
- Items less than $40 cannot receive a risk result