DD Tech Lab
Technical methods for audit, fraud-examination, and due-diligence work. Stochastic processes, knowledge graphs, platform-based DD, and the workpaper-defensible analytics behind them.
What DD Tech Lab Is
DD Tech Lab is the technical-methods publication of Sheepdog Prosperity Partners.
It is written for audit, fraud-examination, and due-diligence practitioners working on engagements where descriptive statistics, ratio analysis, and first-order Benford tests no longer carry enough signal. We focus on the methods that produce defensible findings in restatement work, related-party network discovery, period-end transaction-timing diagnostics, and long-memory fraud detection.
Every article walks the technique end-to-end: the math, the audit standards it speaks to, runnable code on synthetic data, the workpaper outputs a PCAOB inspector would expect, and full attribution to the published prosecutions where the pattern first surfaced.
Companion code for every article lives in the public repository noahrgreen/dd-tech-lab-companion on GitHub. Each script is deterministic under seed=42 and reproduces the worked example in the article exactly.
Who It Is For
- Audit seniors, managers, and directors
- Forensic-accounting practitioners (private and government)
- Financial DD officers and operational-DD analysts
- Internal audit at financial institutions
- Risk officers at banks, asset managers, and regulated entities
- Counsel and transaction stakeholders working alongside the above
What We Cover
Stochastic processes and Markov chains
Excel-based fraud detection
Knowledge graphs and Neo4j
Palantir Foundry for enterprise DD
Published prosecutions and pattern recognition
Workpaper-defensible methodology under PCAOB AS 2401 / AS 1215
Latest Articles
DD Tech Lab: Build a Medicare Outlier Screen, Step by Step
In the companion piece, Catching Fraud With Public Data, I described outsiders — data-analytics firms like Lincoln Analytics, reimbursement analysts,…
The Public-Data Toolkit: Free Datasets That Expose Government Fraud
Every recovery in this section — the cardiac-device case, the PPP affiliation suits, the Medicare outlier screen — started in the same place: a free,…
DD Tech Lab: Screening a State’s Medicaid Market with Public Data, a CPA’s Weekend Walkthrough
I am a CPA and a Certified Fraud Examiner, and most of my week is due diligence. This piece is about a weekend question I finally sat down to answer: how…
Transaction-Timing Diagnostics in the CTMC Family: Poisson Arrivals, End-of-Period Spikes, and When to Escalate to Multi-State Models
Articles 001-009 modeled discrete-state sequences in discrete time. The implicit assumption — transactions occur at evenly-spaced moments — discards the most diagnostic feature of period-end audit…
Correlation Diagnostics for Journal-Entry Pairs: Revenue ↔ AR, COGS ↔ Inventory, and Cash ↔ Operating-Expense
Revenue tracks accounts receivable until the collection cycle breaks. Cost of goods sold inversely tracks inventory changes until capitalizations distort the flow. Cash tracks operating expenses…
Higher-Order and Variable-Order Markov Models for Long-Memory Fraud Schemes
First-order Markov modeling assumes the next state depends only on the current state — what happened one step ago tells you everything you need to know about what happens next. For most audit…
Frequency-of-Amount Analysis: Detecting Approval-Limit Avoidance Schemes Through Histogram-of-Counts
Coarse-band threshold testing catches major asymmetric clusters but misses two refinements requiring dedicated analysis. Bimodality — where the amount distribution shows two distinct peaks at…
Two-Stage Screening: Benford’s Law as a Stationary Distribution Combined With First-Order Markov Tests
Benford’s Law and first-order Markov anomaly detection are usually presented as separate tools. Practitioners run each in isolation, get two binary “deviation / no deviation” signals, and either use…
Date-Pattern Analysis: Weekend Postings, End-of-Period Clustering, and Holiday Anomalies
Management override of internal controls frequently manifests through journal-entry timing patterns. PCAOB AS 2401.A.5 identifies three temporal characteristics that elevate entries from routine to requiring substantive testing: entries posted on non-business days, entries
Neo4j Aura vs Self-Hosted vs Alternative Graph Databases: Architecture Choices for the Mid-Size DD Practice
The methodology articles in this sub-series have used Neo4j as the working substrate. The choice is not accidental — Cypher is the most mature graph…
Stochastic Volatility Models for Restatement-Timing Anomalies
Public-company restatements do not arrive at a constant rate. They cluster — temporally Sarbanes-Oxley wave 2004-2006, financial-crisis wave 2008-2010, revenue-recognition-standard wave 2018-2019…
Loading and Maintaining Production-Scale DD Graphs: APOC Procedures, Bulk Loading, Index Strategy, and Memory Tuning
The Neo4j sub-series up to this point has lived in the data-modeling and query-design layer. The methodology is correct; the queries make sense; the…
Frameworks & Tools
Companion code on GitHub
Workpaper Templates
Coming soon
If you face a forensic-accounting question, a complex DD scope, or a methodological challenge a single-period analytical procedure cannot answer, start with a Discovery call.