Identifying disgruntled employee systems fraud risk through text mining: A simple solution for a multi-billion dollar problem

a r t i c l e i n f o Occupational fraud is a $652 billion problem to which disgruntled employees are a major contributor. Much security research addresses reducing fraud opportunity and increasing fraud detection, but detecting motivational factors like employee disgruntlement is less studied. The Sarbanes–Oxley Act requires that companies archive email, creating an untapped resource for deterring fraud. Herein, protocols to identify disgruntled communications are developed. Messages cluster well according to disgruntled content, giving confidence in the value of email for this task. A highly accurate naïve Bayes model predicts whether messages contain disgruntled communications, providing extremely relevant information not otherwise likely to be revealed in a fraud audit. The model can be incorporated into fraud risk analysis systems to improve their ability to detect and deter fraud. The Sarbanes–Oxley Act [36] was created in the wake of a series of prominent financial scandals to protect investors from their recurrence. The Act's provisions endeavor to reveal and prevent corporate fraud. Rules issued by the Securities and Exchange Commission (SEC) to enforce the Act are being construed to require all public companies to store every document that influences financial reporting, including all email messages sent and received, for a number of years [5,28,38,47]. Managing the huge volumes of text employees create every day has been called the biggest challenge for companies seeking Sarbanes–Oxley compliance [34]. Industry-specific mandates such as Securities and Exchange Commission rules for brokers and traders, Medicare requirements for healthcare companies, and many other regulations pose their own email retention requirements [45,53]. The Sarbanes Oxley Act's focus is financial reporting and certification as a fraud deterrent, or failing that, to enable fraud discovery [9]. Legislative and regulatory requirements to store email, along with techniques for analyzing unstructured text data, create a less obvious path for fraud deterrence and detection: finding non-financial predictors and indicators of fraud risk or actual fraud in employees' email communications. A national survey reports that 75% of organizations experienced fraud in the three months prior to the study, with employee fraud being the most prevalent [15]. Occupational fraud losses to companies in the United States are estimated to be around $652 billion per year, equivalent to an average of about 5% of total corporate revenues and a far greater share of profit [33]. Globally, the average fraud loss per company in the 2004–2007 period is estimated to be $8.2 million [25]. …