Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Joanna Ng: Using data to detect conflicts of interest and the harm they cause

Not all conflicts of interests lead to illegal conduct. But undisclosed connections between third-party suppliers and employees are a gateway to corruption and fraud. The best way to uncover conflicts of interests and harm flowing from them is through data.

The OECD says there’s a conflict of interest of COI when an “individual or a corporation (either private or governmental) is in a position to exploit their own professional or official capacity in some way for personal or corporate benefit.”

Detecting and investigating COIs is difficult, and most are identified by a whistleblower. Due to the confidential nature of the allegations, and to avoid unnecessary alarm bells should the allegations turn out to be false, covert investigations are often needed to determine the legitimacy of claims.

Apart from undertaking corporate record research on the third-parties mentioned, what can a company do to investigate these COI claims?

We think a two tiered approach usually works best.

1. Understand third parties through social network analysis. Social network analysis is an efficient and thorough tool to identify unknown relationships. Information is captured from many areas of an organization.

Details such as telephone numbers, addresses, company registration numbers, bank account numbers and contact emails can be extracted from a number of sources, such as employee and vendor lists, purchase orders and banking information. Fusing and analyzing these together can identify previously undisclosed social networks and links.

In one of our investigations at Control Risks, we used social network analysis and identified seven different companies sharing the same contact email address and telephone number. The companies all provided the same service and invoiced for the same amount, which were all approved by the same staff. Further investigation found, despite having different directors, the seven companies listed the same sales manager and their invoices lacked appropriate description — all signs of fraudulent payments or money laundering.

However, social network analysis is limited by the quantity and quality of data maintained by the company. The more information the company records in its system, the better the results. Additionally, ensuring data is recorded consistently and completely will make the analysis easier and allow a comprehensive understanding of your third parties.  

2. Understand how third parties act through vendor analysis. As mentioned, conflicts of interest don’t necessarily equate to misconduct. Instead, it is the response and change in behavior of the individuals and companies involved that need to be monitored. Analyzing the use and payment vendors’ patterns, through statistical and red flag analytics, can be a useful indicator of conflict of interest misconduct.

Sudden increases in use of a vendor can be a sign of preferential treatment to a related party. This is particularly of concern when the company redirects business from established organizations to smaller companies, often under the guise of “price competitiveness” or if services provided by the related party are not actually necessary. Further investigations would be required on these vendors to determine whether usual vetting and reference checks were undertaken (often not, if the service was provided urgently) and assess the ability of the third party to properly undertake the work.

Other anomalies, such as duplicate invoice numbers, split payments, and inconsistencies in the payment pattern of a vendor, can also indicate questionable behavior, suggesting controls override or payment of false invoices to the related party.

Assuming the third parties provide the same service, this chart identifies redirection of business activity to “company green.” The area circled in red indicates unusually high payments to company green compared to other vendors, suggesting deliberate preferential allocation of services.


Joanna Ng is a Senior Consultant in the Control Risks’ Compliance, Forensics and Intelligence practice in Australia. She is a chartered and certified forensic accountant. She specializes in using data analytics and forensic accounting to conduct investigations on fraud and money laundering and to assist in disputed litigation and arbitration proceedings.

Share this post



  1. The alternative is to introduce a disclosure regime at for managers at budgetary decision making level of any business interests.

  2. Good tips, Joanna! It's amazing that simple fraud patterns like the described are still successful. They should be coded into accounting software long ago

Comments are closed for this article!