DD Tech Lab
Technical methods for audit, fraud-examination, and due-diligence work. Stochastic processes, knowledge graphs, platform-based DD, and the workpaper-defensible analytics behind them.
What DD Tech Lab Is
DD Tech Lab is the technical-methods publication of Sheepdog Prosperity Partners.
It is written for audit, fraud-examination, and due-diligence practitioners working on engagements where descriptive statistics, ratio analysis, and first-order Benford tests no longer carry enough signal. We focus on the methods that produce defensible findings in restatement work, related-party network discovery, period-end transaction-timing diagnostics, and long-memory fraud detection.
Every article walks the technique end-to-end: the math, the audit standards it speaks to, runnable code on synthetic data, the workpaper outputs a PCAOB inspector would expect, and full attribution to the published prosecutions where the pattern first surfaced.
Companion code for every article lives in the public repository noahrgreen/dd-tech-lab-companion on GitHub. Each script is deterministic under seed=42 and reproduces the worked example in the article exactly.
Who It Is For
- Audit seniors, managers, and directors
- Forensic-accounting practitioners (private and government)
- Financial DD officers and operational-DD analysts
- Internal audit at financial institutions
- Risk officers at banks, asset managers, and regulated entities
- Counsel and transaction stakeholders working alongside the above
What We Cover
Stochastic processes and Markov chains
Excel-based fraud detection
Knowledge graphs and Neo4j
Palantir Foundry for enterprise DD
Published prosecutions and pattern recognition
Workpaper-defensible methodology under PCAOB AS 2401 / AS 1215
Latest Articles
Time Series in Foundry: Modeling Counterparty Risk Trajectories and Early-Warning Indicator Pipelines
What you’ll be able to do after reading this. Recognize the difference between a single-point risk rating and a risk trajectory, and what the latter adds…
Quiver for Ad-Hoc Counterparty Queries: Lightweight Investigator Tooling Without a Full Workshop Build
What you’ll be able to do after reading this. Recognize the situations where Quiver is the right tool and where Workshop is. Read a saved Quiver query…
Markov Mixture Models for Round-Tripping and Lapping Detection
Round-tripping and lapping share a structural feature that breaks both Article 001’s first-order Markov framework and Article 003’s two-regime Hidden Markov Model. The transaction population is…
Code Repositories in Foundry: When to Embed Python / PySpark in the Pipeline (and When to Stay in Pipeline Builder)
What you’ll be able to do after reading this. Recognize the decision boundary between no-code Pipeline Builder and code-based Code Repositories. Read a…
Foundry Actions Framework for Audit-Trail Discipline: Risk-Rating Changes, Regulatory Documentation, and the Examiner-Ready Audit Log
What you’ll be able to do after reading this. Read an ActionType specification and understand what state change it captures. Recognize the bypass paths…
Geospatial Address Mapping in Excel: Vendor-Employee Address Overlap and Risk Clustering
The vendor-employee address-overlap test addresses a specific control objective under ACFE Fraud Examiners Manual §3.5.2 and PCAOB AS 2401.A5: detecting unauthorized payments routed through…
AIP-Driven Adverse-Media Summarization for DD Engagements: Prompt Patterns, Grounding Strategy, Hallucination Controls
What you’ll be able to do after reading this. Read an AIP prompt specification and understand what structured output it produces. Recognize the four-gate…
Workshop Application Patterns for Counterparty Risk Investigators: Single-Pane-of-Glass Investigator Workflows
What you’ll be able to do after reading this. Recognize the design principles that distinguish a regulator-defensible investigator workflow from a…
Pipeline Builder for DD Data Ingestion: Connecting Bank-Internal Systems to the Ontology Layer
Foundry Article 001 established that the ontology layer is the abstraction that insulates the analytical workflow from upstream schema churn. The ingestion layer is where that insulation is engineered. Pipeline Builder is Foundry’s primary surface for source-to-ontology
Hidden Markov Models for Earnings-Management Regime Detection in Public-Company Financials
The first-order Markov framework from Article 001 assumes the auditor can observe the state directly — an account class touched by a journal entry, a reconciliation status, a transaction…
Foundry Ontology Design for Counterparty Risk Investigations
A counterparty-risk investigation at a large financial institution does not begin with a question about a counterparty. It begins with the institution rebuilding its understanding of the counterparty from data scattered across systems that were never designed to be queried
Schema Design for Sanctions Screening: Modeling the OFAC SDN List as a Knowledge Graph for Real-Time DD Lookups
The U.S. Treasury’s Office of Foreign Assets Control publishes the Specially Designated Nationals and Blocked Persons (SDN) list as XML and CSV files containing tens of thousands of entries: individuals, entities, vessels, and aircraft subject to sanctions. The naïve screening
Frameworks & Tools
Companion code on GitHub
Workpaper Templates
Coming soon
If you face a forensic-accounting question, a complex DD scope, or a methodological challenge a single-period analytical procedure cannot answer, start with a Discovery call.