Académique Documents
Professionnel Documents
Culture Documents
INTRODUCTION
I
n recent years, auditors have employed more sophisticated statistical techniques, such as digital
analysis using Benfords Law, as part of their fraud detection processes. Benfords Law proposes
a probability distribution for first, second, and other digits of numbers in data sets describing the
sizes of similar phenomena as long as the sizes span multiple orders of magnitude. There is much
empirical evidence suggesting that the frequencies of first and second digits of a data set that
contains credible numbers will indeed correspond to a Benfords Law probability distribution (e.g.,
Nigrini 1996; Nigrini and Mittermaier 1997). Given its potential to identify data points (e.g., transac-
tion amounts) that contain characteristics associated with fraudulent activity, digital analysis using
Benfords Law holds great promise as a fraud detection process (Coderre 1999).
The increased use of sophisticated statistical tools, like digital analysis using Benfords Law, has
been facilitated by the increased use of Computer Assisted Auditing Techniques (CAATs) as part
of the audit process. For example, an auditor seeking to apply the Benford command using ACL
(http://www.acl.com) need only identify the appropriate data field (e.g., invoice amount) within the
appropriate data file (e.g., client accounts receivable file) in order to successfully run the command.
The auditor would then have to consider whether additional audit procedures should be conducted
Richard Cleary and Jay C. Thibodeau are Associate Professors at Bentley College.
The authors gratefully acknowledge the comments from two anonymous reviewers and Bill Messier (the editor). We also
thank Jim Hunton and participants at the 2004 AAA Midyear Auditing Conference, the University of Florida Statistics
Seminar, and the University of Massachusetts Statistics Seminar for their helpful comments and suggestions.
Submitted: December 2003
Accepted: June 2004
77
78 Cleary and Thibodeau
on any field that did not conform to the Benfords Law probability distribution. It is precisely at this
stage of the process where the auditor must be aware of the costs of possible Type I errors, especially
considering the nature of a standard audit software package such as ACL.1
Standard audit software packages that feature digital analysis using Benfords Law may be
based on statistical assumptions that dramatically increase the likelihood of a Type I error. Given
their potential impact on the audit decision process, these assumptions should be more transparent.
For example, in ACL, the Benford command automatically produces an analysis completed on a
digit-by-digit basis rather than on a test-by-test basis. The need for greater transparency is
particularly salient when considering the statistical literature, which suggests that the chance of
making a Type I error is significantly greater when the Benfords analysis is completed on a digit-
by-digit basis. This is very similar to the multiple comparisons problem encountered in traditional
statistical methods such as Analysis of Variance (Ott 1993).
The purpose of this paper is to illuminate the statistical assumptions that are germane to an
auditors decision process when completing a digital analysis using Benfords Law. To do so, we first
provide a brief description of Benfords Law and a review of the literature seeking to apply Benfords
Law in various auditing contexts. We then provide a description of the Benfords Law analysis stage,
including a discussion of the possibilities for Type I errors. In this section, we also describe the
various statistical assumptions and their importance to the audit process. The final section provides
conclusions and implications to practicing auditors.
BACKGROUND LITERATURE
Benford (1938) became convinced that more numbers have small leading digits, like 1 or 2, than
large leading digits. He researched this assertion by studying many lists of data, such as the areas of
rivers, and the atomic weights of the elements. These empirical studies led Benford to propose that in
many real world applications the first digits d follow the probability distribution:
P(d = m) = log10 ((m + )/ m), for any d in the set {1, 2, 3,,9}.
This probability distribution gives P(d = 1) = log 2 = .301, P(d = 2) = log(3/2) = .176, on up to
P(d = 9) = log(10/9) = .046. In addition to Benfords empirical work, there is a sound theoretical
basis for this distribution (Hill 1995).
Benfords law does not apply universally. For instance, when data are all about the same
magnitude, Benfords distribution will not hold. The heights of adults, measured in any units, will not
follow Benfords law because very few adults are two times as tall as any other, and none are ten
times as tall as another. For example, if the units used were inches, the first digits would nearly all be
fives, sixes, and sevens (but the choice of unit is not important). The incomes of individuals,
however, and many other financial characteristics will span many orders of magnitude so that the
largest is perhaps thousands of times as big as the smallest. Importantly, Benfords Law is not likely
to apply to measurements where human intervention has occurred (e.g., rent expense based on a
contractual lease) or where random numbers have been applied (e.g., phone numbers). In general, for
data fields that cover several orders of magnitude, it is reasonable to expect that Benfords Law will
apply.
In auditing, Benfords law has been shown to be applicable in a number of auditing contexts,
including external (Nigrini and Mittermaier 1997; Nigrini 1999a; Tapp and Burg 2001), internal
(Nigrini 1999b), and governmental (Nigrini 1996; Wallace 2002) auditing contexts. To date, the
extant literature has primarily focused on properly identifying and defining the data sets that would
be appropriate candidates for a digital analysis using Benfords Law. There has been very little
1 Among internal auditors, ACL is the current market leader in fraud detection/prevention and continuous monitoring audit
software (McCollum and Salierno 2003). In addition, each of the Big 4 audit firms uses ACL in their fraud practices.
discussion however, about the importance of analyzing the statistical output from a properly
conducted digital analysis using Benfords Law. This apparent void in the literature is surprising
because the underlying statistical assumptions made in an application of Benfords law are important
in determining the correct inference. A closer look at the analysis stage is therefore warranted.2
2 The possibility of Type I errors and the resulting audit consequences has been studied previously in a generalized manner
(e.g., Elliott and Rogers 1972; Beck and Solomon 1985).
In fact, if the test for each individual digit is carried out at significance level of 0.05 (so that the null
is rejected when the p-value is less than 0.05), then the probability of at least one Type I error in a
battery of nine tests is about 1 (.95)9 = .37.3 An auditor using this digit-by-digit approach will
thus see a false alarm when searching for fraud roughly seven times more often than an auditor
using only the overall test. An important (and potentially scary) byproduct of frequent false alarms is
that the output of a digital analysis may lose relevance for practicing auditors if it almost never
uncovers an actual fraudulent entry.
3 This calculation is not exact because it assumes that each of the nine tests is independent of the others. The authors have
completed a simulation study suggesting that the calculation is not very sensitive to this assumption.
REFERENCES
Beck, P., and I. Solomon. 1985. Sampling risks and audit consequences under alternative testing approaches.
The Accounting Review 60 (October): 714723.
Benford, F. 1938. The law of anomalous numbers. Proceedings of the American Philosophical Society 78:
551572.
Coderre, D. 1999. Computer-assisted techniques for fraud detection. The CPA Journal 69 (August): 5759.
Elliott, R., and J. Rogers. 1972. Relating statistical sampling to audit objectives. Journal of Accountancy 134
(July): 4655.
Hill, T. 1995. The significant digit phenomenon. American Mathematical Monthly 102 (4): 322327.
Keller, G., and B. Warrack. 2003. Statistics for Management and Economics. Pacific Grove, CA: Brooks/Cole-
Thomson.
McCollum, T., and D. Salierno. 2003. Choosing the right tools. Internal Auditor 60 (August): 3243.
Nigrini, M. 1996. A taxpayer compliance application of Benfords Law. The Journal of the American Tax
Association 18 (Spring): 7291.
, and L. Mittermaier. 1997. The use of Benfords Law as an aid in analytical procedures. Auditing: A
Journal of Practice & Theory 16 (2): 5267.
. 1999a. Ive got your number. Journal of Accountancy 187 (May): 7983.
. 1999b. Adding value with digital analysis. Internal Auditor 56 (February): 2123.
Ott, R. 1993. An Introduction to Statistical Methods and Data Analysis. Belmont, CA: Duxbury Press.
Tapp, D., and D. Burg. 2001. Using technology to detect fraud. Pennsylvania CPA Journal 71 (Winter): 2023.
Wallace, W. 2002. Assessing the quality of data used for benchmarking and decision making. Journal of
Government Financial Management 51 (Fall): 1622.