Audit Trail & Anomaly Detection
AI-Powered Fraud Detection & Compliance
Why Anomaly Detection Matters
In March 2023, a small trading firm in Ahmedabad discovered that a trusted employee had siphoned off ₹47 lakh over 18 months — through a combination of ghost vendor payments, inflated invoices, and round-tripping transactions. The fraud was only caught when the owner happened to personally verify a payment to a vendor he had never heard of. The lesson: if your detection system depends on someone "happening to notice," it is not a system — it is luck.
AI does not replace auditors. But it can review every single transaction — not just a sample of 50 from a population of 5,000 — and flag the ones that deviate from normal patterns. It is like having an auditor who never gets tired, never skips a page, and checks every entry against every rule simultaneously.
Types of Financial Anomalies
Open data/anomaly-patterns.json — this file defines 12 common anomaly types that AI can detect. Understanding these patterns is the first step to teaching AI what to look for.
| Anomaly Type | What It Looks Like | Why It Is Suspicious | Real-World Example |
|---|---|---|---|
| Ghost Vendors | Payments to vendors with no corresponding purchase orders or goods receipts | Fictitious vendors created to siphon funds | "M/s Sunrise Enterprises" receives ₹3 lakh monthly but has no GST registration and no delivery challans |
| Round-Tripping | Money flows out and comes back through a circular route | Inflates revenue or creates fake transactions | Company pays ₹10 lakh to Vendor A, who pays Vendor B, who pays it back to the company as "sales revenue" |
| Duplicate Invoices | Same invoice number, amount, or combination appears twice | Double payment — accidental or deliberate | Invoice INV-2026-0451 from Sharma Traders appears on Jan 15 and again on Feb 22 |
| Threshold Splitting | Multiple transactions just below a reporting threshold | Avoids audit triggers or approval requirements | Five payments of ₹49,000 each to the same vendor in one week (total ₹2.45 lakh, each below the ₹50,000 flag) |
| Weekend/Holiday Entries | Transactions recorded on Sundays or public holidays | Business was closed — who approved these? | ₹1.8 lakh payment recorded on Republic Day (26 January) |
| Round Amounts | Payments in exact round figures (₹50,000, ₹1,00,000) | Legitimate business transactions rarely result in perfectly round amounts | 15 out of 200 vendor payments are in exact multiples of ₹10,000 |
| Unusual Narrations | Vague or missing descriptions in journal entries | Hides the true nature of the transaction | Narration says "Misc expense" or "Adjustment" for a ₹2 lakh payment |
| Benford's Law Violations | First-digit distribution does not follow the expected pattern | Fabricated numbers tend to have unnatural digit distributions | Too many amounts starting with 5 or 9 (naturally, more should start with 1 and 2) |
| Spike Transactions | Amounts significantly higher than the vendor's or ledger's average | May indicate inflated invoices or unauthorized payments | Average monthly payment to XYZ Suppliers is ₹40,000; this month it is ₹3.2 lakh |
| End-of-Period Clustering | Unusual number of entries on the last day of a month or quarter | Window dressing to meet targets or manipulate financial position | 40% of all credit notes issued on March 31 |
| Reversal Pairs | A debit quickly followed by an equal credit (or vice versa) | May be covering tracks or manipulating account balances | ₹5 lakh debited to "Advance to Suppliers" on March 28, credited back on April 2 |
| Vendor Concentration | Disproportionate payments to a single vendor | Possible collusion or kickback arrangement | One vendor receives 35% of all purchase payments despite not being the largest supplier by volume |
Working with the Transaction Ledger
Open data/transaction-ledger.csv — this file contains 500 ledger entries for Bharat Trading Co. across six months. It includes all the standard fields: date, voucher type (payment, receipt, journal, sales, purchase), ledger name, debit amount, credit amount, and narration.
Here is the important part: 15 anomalies have been deliberately planted in this data. Your job, with AI's help, is to find them. This simulates a real audit scenario where you know irregularities exist but not where.
The entries look like this:
date,voucher_type,ledger,debit,credit,narration
2026-01-03,Purchase,Raw Materials A/c,45230,0,Invoice PUR-0012 from Mehta Chemicals
2026-01-03,Purchase,Mehta Chemicals,0,45230,Purchase of cleaning supplies
2026-01-05,Payment,Sharma Traders,75000,0,Payment against Invoice INV-0891Building Detection Prompts
Let us start simple and build up complexity.
Level 1: Pattern Matching
Prompt: "Analyze the transaction ledger data. Flag all entries where: (1) the amount is an exact round number (multiples of ₹10,000 above ₹50,000), (2) the transaction date falls on a Sunday, or (3) the narration contains the word 'misc' or 'adjustment'. For each flagged entry, show the date, ledger, amount, and reason for flagging."
This catches the most obvious anomalies — round amounts, weekend entries, and vague narrations. It is the equivalent of the basic checks a junior auditor performs.
Level 2: Statistical Analysis
Prompt: "For each vendor in the transaction ledger, calculate: average transaction amount, standard deviation, number of transactions, and total value. Flag any individual transaction that exceeds 3 standard deviations from that vendor's average. Also flag any vendor who receives more than 20% of total purchase payments."
This goes deeper — it uses statistical methods to find transactions that are unusual relative to the normal pattern for that specific vendor. A ₹3 lakh payment might be normal for a large supplier but highly unusual for a vendor who typically invoices ₹30,000-₹50,000.
Level 3: Relationship Analysis
Prompt: "Look for potential duplicate invoices in the transaction ledger. Check for: (1) exact same amount to the same vendor within 30 days, (2) same invoice number referenced in the narration appearing more than once, (3) payments to different vendors for the exact same amount on the same date. Explain why each finding is suspicious."
This catches more sophisticated anomalies — duplicates that were spaced out to avoid detection, or payments to different entities that might actually be the same party.
Configuring Audit Rules
Open data/audit-rules.json — this file contains 20 configurable audit rules. Each rule has a name, description, threshold, severity level, and the action to take when triggered.
Here is an example rule:
| Rule | Threshold | Severity | Action |
|---|---|---|---|
| Round amount flag | Any payment > ₹50,000 that is an exact multiple of ₹10,000 | Medium | Review narration and supporting documents |
| Weekend entry | Any transaction on Sunday or gazette holiday | High | Verify with the person who recorded it |
| Vendor concentration | Any vendor receiving > 25% of total purchase payments | High | Verify vendor existence, visit premises if possible |
| Threshold splitting | 3+ transactions to the same party within 7 days, each below ₹50,000, totaling > ₹1 lakh | Critical | Investigate for deliberate splitting |
| Spike detection | Transaction > 3x the vendor's average amount | Medium | Verify invoice, check goods receipt |
| Missing narration | Any entry above ₹10,000 with blank or single-word narration | Low | Request detailed narration from the bookkeeper |
These rules can be customized for your specific client or business. A manufacturing firm might set the round-amount threshold at ₹1 lakh (because raw material payments are naturally larger). A professional services firm might lower it to ₹25,000.
Prompt for custom rules: "Using the audit rules from the data file, scan the transaction ledger and generate an audit exception report. For each exception, show: rule triggered, transaction details (date, ledger, amount, narration), severity level, and recommended action. Sort by severity (Critical first, then High, Medium, Low)."
Building an Audit Trail
An audit trail is the complete, chronological record of every transaction and every change to a transaction. In digital accounting, a proper audit trail means:
AI can help you verify that an audit trail is complete by checking for gaps in sequential voucher numbers, entries with recording timestamps significantly later than the transaction date (backdating), and modifications to entries after the end of the month.
The Pre-Audit Checklist
Before beginning any statutory or internal audit, use AI to generate a customized checklist. Here is a prompt that produces an actionable output:
Prompt: "Create a pre-audit checklist for a small Indian trading firm with ₹5 crore annual turnover. The firm is registered under GST (regular scheme), files monthly GSTR-1 and GSTR-3B, has 3 bank accounts, maintains inventory of 200+ SKUs, and has 25 regular vendors. Include sections for: (1) GST compliance verification, (2) TDS compliance (Section 194C, 194J, 194H), (3) Bank reconciliation for all 3 accounts, (4) Inventory physical verification, (5) Vendor verification (GSTIN, PAN, existence), (6) Fixed asset register verification. For each item, specify the document to check and the common error to look for."
Practical Application: The Monthly Anomaly Review
Instead of waiting for the annual audit to find problems, institute a monthly anomaly review:
Week 1: Export the previous month's ledger from Tally
Week 2: Run it through your AI anomaly detection prompts (pattern matching + statistical analysis)
Week 3: Investigate flagged items — verify with supporting documents, confirm with relevant staff
Week 4: Document findings, update audit rules if new patterns emerge, report to management
This proactive approach catches problems while they are still small. The ₹47 lakh fraud in Ahmedabad would have been caught in the first month if someone had simply asked AI to flag payments to vendors with no corresponding purchase orders.
Key Takeaways
This is chapter 4 of AI for Commerce & Finance.
Get the full hands-on course — free during early access. Build the complete system. Your projects become your portfolio.
View course details