Forensic Analytics: The Basics

“Forensic Analytics describes the act of obtaining and analyzing electronic data using formulas and statistical techniques to reconstruct, detect, or otherwise support a claim of financial fraud.”
Mark J. Nigrini, Forensic analytics

Although it seems like a task that could be performed solely using computer software, we were astonished to discover that there were no proper tools to perform these analyzes. Instead, tools like Microsoft Excel and Access are constantly used by auditors and accountants to run Forensic analyzes on their data. Although these tools perform extremely well in different contexts, when it comes to Forensic Analytics, they make lousy tools. Analyzing a simple dataset involves writing a bunch of formulae, generating charts, copying and pasting data from place-to-place; bottom line: it’s a big mess.

Forestpin was developed to solve this issue. Forestpin allows you to run complex forensic analyzes on your data in less than a second while it might take up to weeks to perform the same set of tasks using other tools.

(You can learn more about Forestpin on

Running Forensic Analyzes

Forensic analytics generally involves four steps.

1. Data Collection

2. Data Preparation

3. Running Forensic Analyzes

4. Evaluation, investigation, and reporting.

Forestpin simplifies the latter three steps for you. To run analyzes on your data: just copy and paste data from Excel, or just upload your data in the .csv format.

High-Level Data Overview tests

High-Level Data overview tests allow investigators to get an overview of the dataset they’re analyzing. Forestpin offers a number of High-Level data overview tests, including Data Summary, Transaction ID summary, Transaction ID analysis by Vendor…

Summary of all the transactions
Transaction ID analysis by Vendor

Duplicate Tests

Duplicate tests allow investigators identify recurring transactions and evaluate risks involving them. According to Mark J. Nigrini, excessive duplications within subsets are indicators of fraud and errors.

There is always going to be some amount of normal duplication, this makes it irrational to analyse duplicates based solely on the number of recurrences. To provide the investigator with more insight, Forestpin lists High-Risk duplicates: those might be worth investigating further.

List of all the duplicates sorted by the risk value.

Transaction vs Time

Analysing data with respect to time could be helpful when identifying fraudulent transactions. This type of analyses proves to be useful when detecting large anomalies. Among analyses Forestpin provide are Monthly timeline, Daily Transaction Volume and Daily Transaction Value. Summaries of these analyses are provided alongside with simple visualisations.

Monthly which shows the distribution of payments over the months.
Distribution of Transactions

Vendor Analysis

There are several forms of Vendor Fraud Schemes. Vendor fraud can be carried out by internal parties, vendors, or by internal parties who are working with vendors in return for personal gain. There are multiple ways that vendor fraud can take place. Ghost vendors, overbilling, kickbacks (employees accepting misappropriate funding from vendors to enable fraudulent activities) are a few of them.

Forestpin allows you to run multiple forensic analyses on vendors.

Vendor Analysis: Number of Transactions and Total Value

This analysis gives a summary of all the vendors, with intuitive visualizations for the number of transactions per vendor, the total value of transactions per vendor and distribution of payments of the vendor over time.

Relative Size Factor and Z-Score

R.S.F and Z-score gives an idea about the distribution of payments for a certain vendor. These analyzes can help you identify the pattern of payments and help you identify large fraudulent transactions.

Relative Size Factor compares the highest value payment to the average payment.

R.S.F. will take a high value when the highest transaction is significantly larger than the average. If a vendor has a high R.S.F., further investigation is recommended.

Z-Score gives the difference between the highest and the lowest transactions with relative to the Standard Deviation of the vendor.

Z-score helps you find payments that deviated from the normal payment pattern and it gives you a better indication about the authenticity of the transaction.

A single golf clap? Or a long standing ovation?

By clapping more or less, you can signal to us which stories really stand out.