Risk Analysis Settings
Written by Michelle Henley
Updated at October 25th, 2024
Table of Contents
The library of analyses consists of risk analytics that seek to identify transactions that directly or indirectly pose a risk of fraud, bribery, corruption, statistically unusual, or are misaligned with internal policies or controls.
Each analysis has scoring criteria that is configurable, at a minimum. Further, each analysis has specific logic and considers various slides of data, such as:
- Data at the transaction level and beyond (e.g., the payment or purchase order related to the transaction invoice),
- Historical context (e.g., the prior year of transactions of the same type or from similar subjects), or
- The subjects' aggregate metrics (e.g., the sum of the vendors' prior transactions).
In summary, each analytic is unique in its methods to extract the correct detail to evaluate multiple risk, policy, behavioral and statistical perspectives.
How to Access Risk Analysis Settings
How to Access the Risk Analysis Settings
To access Risk Analysis Settings, click Admin in the left navigation bar and then the Risk Settings tile.
Next, click the Risk Analysis Settings tile.
Main Risk Analysis Settings Page
The Risk Analysis Settings page will list all of the available analyses. Click on the Filter Icon at the top of a column to filter the results or the Arrow Up/Down Icon to sort the list.
To view the current settings for a specific analysis or to modify the setting, click on the Analysis Name in the first column.
Analysis Profile
Each individual analysis profile contains information about the specific analysis and its settings. The top left section includes a short description along with Domain, Type, and Focus.
Domains
The domain identifies the data source.
| Domain | Description |
|---|---|
| Employee | Employee travel & entertainment and procurement card spend (e.g. Concur). |
| Vendor | Spend with vendors through an ERP system (e.g., SAP, Oracle, etc.) and procurement systems (e.g., Coupa, Ariba, etc.). |
| HCX | Spend with healthcare recipients through a transparency system (e.g., Medispend, Alanda). |
| Customer | Revenue related to the transactions with customers through an ERP system (e.g., SAP, Oracle, etc.). |
Types
Analyses use different methods to achieve a result, which helps us understand the perspective of the analysis. Generally an analysis is classified as one of the following types:
| Type | Description |
|---|---|
| Flag | This analysis precisely identifies transactions that meet specific criteria, scoring them in accordance with a particular measure or attribute. |
| Context Flag | The transaction is reviewed in the context of a broader cohort of similar transactions. This cohort will include transactions for a broader time period and potentially other dimensions (e.g., function, expense type) beyond the subject itself. |
| Indicator | This analysis provides crucial information about the subject as a whole, which significantly influences the scoring of all of the subject’s transactions. |
Focus
Analyses have specific risk focuses, which helps us understand the perspective of the analysis. Generally, an analysis can be classified as one of the following focuses:
| Focus | Description |
|---|---|
| Approval | This focus area checks for proper approvals and due diligence in transactions. It ensures that all transactions comply with internal approval processes. |
| Attendee | This focus area reviews transactions related to attendees, such as expense reports involving supervisors or high per-attendee costs. It aims to detect potential misuse of funds or conflicts of interest involving attendees. |
| COI (Conflicts of Interest) | This focus area identifies transactions that may involve conflicts of interest. It aims to detect situations where personal interests could improperly influence business decisions. |
| Cash | This focus area identifies transactions involving cash, which are often higher risk due to the difficulty in tracking and auditing. It looks for unusual cash expenses or high cash reimbursement ratios. |
| Completeness / Accuracy | This focus area ensures that transactional data is complete and accurate, identifying issues like duplicates or missing required documentation. It helps to maintain data integrity and prevent errors or fraud. |
| Context Analysis | This focus area analyzes transactions within the context of various attributes, such as aggregate limits, transactional thresholds, or profile comparisons. It aims to identify transactions that stand out based on a combination of factors and historical data. |
| Favor | This focus area identifies transactions that may involve unusually favorable terms or conditions. It aims to detect potential favoritism or manipulation. |
| Financial | This focus area focuses on financial reporting and period-end activities, identifying transactions that might be manipulated to affect financial statements. |
| Location | This focus area examines the geographical attributes of transactions to identify high-risk locations or cross-border activities. It helps to detect potential risks associated with specific countries or regions. |
| Policy / Control | This focus area ensures adherence to internal policies and controls by identifying transactions that violate established rules. It helps to maintain internal compliance and prevent fraud. |
| Setting | This focus area involves monitoring specific entities or transactions that have been flagged for additional scrutiny based on predefined criteria. It allows for the targeted review of high-risk subjects. |
| Statistical | This focus area employs statistical methods to identify patterns or distributions in data that are inconsistent with expected norms. Anomalies detected through these methods can signal irregularities or potential manipulations. |
| Text | This focus area utilizes various natural language techniques, such as pattern recognition, sentiment analysis, and concept identification, to expose risky transactions based on textual data within the transactions. |
| Third-Party Risk | This focus area assesses the risk associated with third parties by checking them against public watchlists or high-risk classifications. It helps to mitigate the risk of doing business with sanctioned or high-risk entities. |
| Timing | This focus area examines the timing of transactions to identify unusual patterns. It looks for discrepancies in expected timeframes for processing transactions, which could indicate potential risks or internal control weaknesses. |
| Value | This focus area involves identifying transactions that deviate significantly in terms of monetary value when compared to historical data or predefined thresholds. It aims to detect unusually high or low transaction amounts that may indicate potential risks. |
Settings & Configuration Options
The chart below outlines the types of changes that administrators can make to all available Risk Analyses.
Note: Changes to these settings will impact the scoring process.
| Changes | Description |
|---|---|
| Enabled | Determines whether an analysis is performed and considered in the aggregated transaction risk score. |
| Importance | Adjusting the weight for a particular analysis as it is considered in the aggregated transaction risk score. |
| Rules | Configuration of the analytic's settings and applicable data (known as Rule Components) to curate and target the analytic specifically for the user or the company's risk needs. |
| Scoring Criteria | Changes made here adjust the parameters that build the Risk Score. |
| Automatic Criteria | This can be set to ensure that transactions that meet a specific criteria value are exposed for review in the Transaction Inbox, regardless of the overall transaction Risk Score. For example, a transaction with a risk score of 1.9 will still be displayed in the Transaction Inbox despite the risk threshold being set at 3.5 because it met the automatic criteria for a particular analysis. |
| Note: Changes to these settings will impact the scoring process. | |
Enable/Disable & Importance
Enabled: Determines whether an analysis is performed and considered in the aggregated transaction risk score.
Importance: Adjusting the weight for a particular analysis as it is considered in the aggregated transaction risk score
Scoring Criteria & Automatic Criteria
Scoring Criteria: Changes made here adjust the parameters that build the Risk Score.
Automatic Criteria: This can be set to ensure that transactions that meet a specific criteria value are exposed for review in the Transaction Inbox, regardless of the overall transaction Risk Score.
For example, a transaction with a risk score of 1.9 will still be displayed in the Transaction Inbox despite the risk threshold being set at 3.5 because it met the automatic criteria for a particular analysis.
More information about each analytic and how it's configured can be found here: