ISSS608 2017-18 T3 Assign Pooja Manohar Sawant Methodology Dashboard Design

BACKGROUND

DATA PREPARATION

METHODOLOGY AND ANALYSIS

INSIGHTS AND CONCLUSION

Back to Dropbox

Question 1 - Analysis of Entire organization

Communication and Purchasing patterns from Yr 2015 to Yr 2017

As provided by the insider, we have entire organization’s email, calls, meetings and purchasing details from May 2015 to December 2017. I have tried to analyze how these 4 ways of interactions are changing over the period and how organization is growing/ changing over the 2 years of period. I analyzed each communication mode (i.e. calls, emails, meetings and purchase) individually as well as combined.

• Calls pattern emerging over 2 years of period.

• Emails pattern emerging over 2 years of period.

• Meetings pattern emerging over 2 years of period.

Meeting pattern shows overall increasing trend over the period of two years after October 2015 onward. Highest number of meetings (10,821) happened in October 2017. We can say that the organization is having more formal meetings from Oct 2015 onward. Organization structure becoming more formal including more group meetings probably because of the change in higher management or CEO.

• Purchases pattern for 2 years of period are also similar to that of calls and emails. Pattern looks quite stable over the time after June 2015 with 2 dips in February 2016 and February 2017. Highest number of purchases (25,064) are made in Dec 2016.
• Also, the combined data of all the communication and purchases shows similar pattern as that of calls, emails and purchases.

After observing past data, we can say that this company is not growing much and quite stable from June 2015 onward based on its communication and purchasing behaviors. It is getting more organized in terms of formal meetings as number of meetings shows increasing trend over the period of 2 years specially after October 2015 which can be an indicator of changes in higher management for the organization.

For more interactive analysis, below are the Tableau dashboard links: https://public.tableau.com/profile/pooja.sawant6684#!/vizhome/VASTMC3_copy/Dashboard1

https://public.tableau.com/profile/pooja.sawant6684#!/vizhome/VASTMC3_copy/Dashboard2

Communication and Purchasing patterns over weeks

I have created a calendar view with the given organization's data in Tableau to analyse how communication and purchases are distributed over a week for 2 and a half year -

I observed that highest number of purchases of 887 are made in week 18 of year 2016 (i.e. in April) and surprisingly on Sunday. This can be because its an international organization and operates all 7 days. Visualization shows the equal distribution of communication and purchasing pattern over all 7 days.

Question 2 - Demystifying the suspicious network

As per the question 2, we need to analyze communication and purchases that are identified as suspicious by the insider and identify if anyone else from the organization appear to be closely associated with this group. Graph visualization tool, Gephi is used to analyze the connections among the suspicious group and to locate this group in the large organization data set to find out if there are any else is involved in suspicious activity. As detailed in the data preparation, I have already created workspace1 (with suspicious employee names as nodes and communication details as edge) and workspace2 (with suspicious employees and other employees connected with them by any mode of communication as nodes and communication details as edges).

To create network graph for suspicious group, I have selected layout– Force Atlas 2 with “LinLog mode” and “Prevent Overlap” options on and let it run for some time. Based on the modularity class, I found out 4 segments within suspicious group.

Below is the network graph for suspicious employees showing how they are connected with each other. In the graph, node size is determined by the "degree centrality", nodes color is determined by "modularity class" and edge color is determined by "type of communication among the employees".

Based on the degree of interactions we can interpret 2 of these employees are very prominent - Richard Fox and Lindsy Henion

To create a extended network graph for suspicious group, I have selected layout– Yifan Hu.

As we can see suspicious group of people have a very well-established connections and big network, not all of these transactions will be suspicious. We will try to filter out some of the nodes and edges to get more accurate suspicious transactions.

• Filter based on Node Betweenness Centrality - it measures how often a node appears on shortest paths between nodes in the network. I chose Betweenness Centrality > 6000.00, I determined, below employees are more often interact with suspicious employees -

1. Sheilah Stachniw
2. Terrilyn Overkamp
3. Corinne Veatch
4. Madeline Nindorf
5. Jaunita Westen

• Filter based on Node Closeness Centrality - it indicates how close the node to all other node in the network. I chose Closeness Centrality > 0.41, I determined, below employees are more close with suspicious employees -
  • Sachiko Sanabria, Garrett Sanfilippo, Lottie Grant, Palmer Kilborne, Michelina Lindorf, Bernard Harper, Laurice Eichenberg, Alexander Stevenson, Wilhelmina Nybo, Herman Todd, Jaunita Westen, Terrilyn Overkamp, Madeline Nindorf.

Conclusion – As detected above, there are some suspicious employees which are very influential and have very dense connections throughout the organization. Jaunita Westen, Terrilyn Overkamp and Madeline Nindorf are connected with suspicious employees more closely and frequently. So they will also come in highly suspicious zone alone with the suspicious group given by insider.

• Suspicious Purchases - Employees involved in suspicious purchases are -

1. Tobi Gatlin
2. Rosalia Larroque
3. Richard Fox
4. Meryl Pastuch
5. Jenice Savaria
6. Lizbeth Jindra
7. Gail Feindt

Other than suspicious employee provided by insider, only person involved is Gail Feindt who received most of the purchases. So we can conclude that this employee must be communicating with the venders to place the purchase orders.

Question 3 - Interactions of "Bad Actors" over a time

From the question 2 I found out that along with the 20 suspicious "Bad Actors" indicated by insider, there are 15 more employees who are connected with this suspicious group. Out of 15, I have chosen 3 people which I feel, are more significant based on their closeness and the frequency of communication with the suspicious employees. They are Jaunita Westen, Terrilyn Overkamp and Madeline Nindorf. So I have included them in my extended suspicious bad actor's list. So, now I have total 23 nodes which I saved in "Suspicious_Associated_node_Q3.csv" file and their corresponding transactions in "Suspicious_Associated_trans_Q3.csv" file which has total 93,733 records. I have imported these two files in Gephi as nodes and edges respectively to create a network graph for Question 3.

Layout chosen to create a network graph is - Force Atlas 2 and graph created is as shown below:

We can observe changing pattern of communication and purchase of suspicious employees over the period of 2 and a half year. I tried to analyze the group’s interactions within the group from May 2015 to Dec 2017 and I gathered some interesting insights –

• Jaunita Westen and Terrilyn Overkamp were not part of insider’s suspicious group. But based on the data, it seems like they are the one who initiated communications in the group, which we may term as suspected communications.
• In May and June 2015 communications started among Jaunita Westen, Terrilyn Overkamp and Richard Fox in the form of meetings and calls.

May 2015

June 2015

July 2015

• Till sept 2015, Terrilyn Overkamp was very much in picture in terms of communicating in this group. After September he somewhat disappeared, and Richard Fox took charge.
• From Nov 2015 onward, big group of people got involved including all the suspicious actors over calls, emails, meetings and purchases.

Nov 2015

Jul 2016 Feb 2016

• As we noticed from time series graph also, number of meetings suddenly started increasing from Nov 2015 onward. Most of the communications were happening through Richard Fox and Meryl Pastuch.
• Over the month of December 2015, suspicious activities continue involving many employees and purchase mainly handled by Alex Hall, May Burton, Sara Ballard, Patrick Lane and Glen Grant.

Dec 2015

• Even though from the network graph we observed that Lindsy Henion was very much connected with others, he was not much involved in communications before Feb 2016.
• From May-Aug 2016, suspicious activities reduced.

May 2016

Jul 2016

Aug 2016

• In sept 2016, there was only email communication between Tobi Gatlin and Refugio Orrantia.
• In nov 2016, Jaunita Westen, Terrilyn Overkamp were back in action again.
• In 2017, there were very few activities in the group, mainly involving Richard Fox.
• Suspicious activities were at the peak from Nov 2015 to April 2016 and then it reduced from May 2016 onward.

Conclusion

Probably Jaunita Westen and Terrilyn Overkamp were the initiator of these suspicious activities which were then carry forwarded by Richard Fox.