As 80 percent of fortune 1000 and 60 percent of fortune 2000 companies use SAP application, a huge opportunity can be realized to prevent fraud and implement ML algorithms that can be trained and tested on segregation of duties business rule.

In the US only Fraud results in loss of $3.5 trillion, a figure that demands immediate attention. SAP application offers Roles and authorization based access that is assigned to the users based on Segregation of duties and Delegation of authorities rule. SAP has come with GRC (Governance risk and compliance ) solution that is implemented by almost 50% of the organization that offer fraud prevention by offering audit trails , avoiding SOD violations, improved efficiency and automated access controls.

Can we do something better??????

With complexity in multiple business process and associated Segregation of duty (SOD) rule we launched an experiment of integrating SOD rules and training a classifier model to learn upon it. We observed high true positive rate on our results. We have used data mining tools and algorithms such as Decision Tree, Support Vector Machines (SVM), Neural Network (NN), K-nearest neighbour (K-NN), the Bayesian network, Logistic regression, Hidden Markov model to identify legal and illegal transactions that did not adhered to segregation of duty role or potential illegal transactions and raising a red flag.

Proposed hypothesis is that ML algorithms can be trained on business processes based on segregation of duties rule that can classify decision outcomes to allow business transaction to take place or not.

The approach we have presented works on real time prevention of frauds rather than auditing the system for possible fraud scenarios. ( preventive vs corrective).