DD Tech Lab
Technical methods for audit, fraud-examination, and due-diligence work. Stochastic processes, knowledge graphs, platform-based DD, and the workpaper-defensible analytics behind them.
What DD Tech Lab Is
DD Tech Lab is the technical-methods publication of Sheepdog Prosperity Partners.
It is written for audit, fraud-examination, and due-diligence practitioners working on engagements where descriptive statistics, ratio analysis, and first-order Benford tests no longer carry enough signal. We focus on the methods that produce defensible findings in restatement work, related-party network discovery, period-end transaction-timing diagnostics, and long-memory fraud detection.
Every article walks the technique end-to-end: the math, the audit standards it speaks to, runnable code on synthetic data, the workpaper outputs a PCAOB inspector would expect, and full attribution to the published prosecutions where the pattern first surfaced.
Companion code for every article lives in the public repository noahrgreen/dd-tech-lab-companion on GitHub. Each script is deterministic under seed=42 and reproduces the worked example in the article exactly.
Who It Is For
- Audit seniors, managers, and directors
- Forensic-accounting practitioners (private and government)
- Financial DD officers and operational-DD analysts
- Internal audit at financial institutions
- Risk officers at banks, asset managers, and regulated entities
- Counsel and transaction stakeholders working alongside the above
What We Cover
Stochastic processes and Markov chains
Excel-based fraud detection
Knowledge graphs and Neo4j
Palantir Foundry for enterprise DD
Published prosecutions and pattern recognition
Workpaper-defensible methodology under PCAOB AS 2401 / AS 1215
Latest Articles
Round-Number Bias and Threshold-Avoidance Pattern Detection: When Approval Limits Drive the Distribution
A disbursement file containing 5,000 vendor payments reveals its control architecture through statistical anomalies. The auditor observes 285 payments clustered in the narrow $9,500–$9,999 range…
Graph-Based Wash-Sale and Layering Detection in Securities Transactions
The Cypher Patterns for Transaction-Graph Anomaly Detection article in this sub-series introduced cycle detection on transaction graphs for…
Temporal Graph Patterns: Modeling Ownership Changes, Entity Lifecycle, and Beneficial-Owner Transitions Over Time
A static ownership graph answers “who owns what” — present tense, single snapshot. For most regulatory and audit work, that is the wrong question.…
Markov Decision Processes for Risk-Based Audit Sampling Under Cost-of-Type-II Constraints
Risk-based audit sampling under PCAOB AS 2315 directs the engagement team to allocate substantive procedures toward higher-risk accounts. The continuous version of that decision — how heavily, in…
Community Detection for Related-Party Cluster Identification: Louvain, Label Propagation, and Their Audit Use
PCAOB AS 2410 requires the auditor to obtain an understanding of the entity’s related-party relationships and transactions. Management’s representation…
Time-Series Anomaly Detection in Excel: Rolling Z-Scores, Exponentially-Smoothed Residuals, and the Period-Over-Period Variance Diagnostic
Year-over-year percent change with a 10% threshold remains the most common analytical procedure on multi-period balance trends. The metric has known limitations the practitioner should account for: it is undefined when the base is near zero, it carries no notion of the
Random Walks on DD Graphs: PageRank, Personalized PageRank, and Influence Ranking for Counterparty Investigations
The Schema Design for Sanctions Screening article in this sub-series handled the direct-match screening problem: counterparty name matches an SDN entry,…
GraphRAG for Due-Diligence Knowledge Management: Combining LLM Retrieval With Cypher Path Queries
The DD practice accumulates institutional knowledge in a specific shape: structured (CRM entries, ownership data, transaction records) plus unstructured…
Random-Walk and Stationarity Tests on Account Reconciliations
A reconciliation account that should oscillate around its expected balance—intercompany clearing, suspense, accrued-payroll roll-forward—but instead wanders without bound has failed its control…
Foundry vs Snowflake + DBT vs Databricks for DD Analytics: Architecture Trade-Off Framework
What you’ll be able to do after reading this. Score your institution against a 10-dimension platform-comparison scorecard. Apply one of three elicited…
OSINT for Financial Fraud in Excel: Integrating Public-Source Verification Into the Workpaper Workflow
Vendor validation at engagement scale breaks when each lookup requires manual browser navigation. The auditor opens OpenCorporates, searches the vendor name, copies registration status, switches to EDGAR, runs full-text search, copies filing presence, opens PACER, searches party
Foundry Ontology Design for Beneficial-Ownership Networks: Person, Entity, Officer, and Jurisdiction Modeling at Bank-Group Scale
What you’ll be able to do after reading this. Recognize the ontology pattern as the difference between a structured relationship database and a flat…
Frameworks & Tools
Companion code on GitHub
Workpaper Templates
Coming soon
If you face a forensic-accounting question, a complex DD scope, or a methodological challenge a single-period analytical procedure cannot answer, start with a Discovery call.