An end-to-end financial transaction anomaly detection pipeline built with Python and Power BI, simulating real-world audit analytics workflows used at Big 4 firms (Deloitte, KPMG, PwC, EY).
Financial fraud costs organizations billions annually. This project builds a production-style anomaly detection system that:
- Ingests 284,807 real financial transactions from Kaggle
- Flags 9,000+ high-risk transactions (3.2%) using multi-method detection
- Achieves ~91% precision against ground truth fraud labels
- Delivers results in an interactive Power BI audit dashboard
This project demonstrates the full analytics lifecycle โ from raw data to executive-ready insights โ using the same tools and techniques employed by Big 4 audit and risk teams.
| Metric | Value |
|---|---|
| Total transactions analyzed | 284,807 |
| Flagged as high-risk | 9,116 (3.2%) |
| Confirmed frauds caught | 397 out of 492 |
| Precision | ~91% |
| ROC-AUC Score | ~0.95 |
| Methods used | Z-Score + IQR + Isolation Forest |
| Layer | Tools |
|---|---|
| Language | Python 3.10+ |
| Data Processing | Pandas, NumPy |
| Machine Learning | Scikit-learn (Isolation Forest) |
| Statistical Methods | Z-Score, IQR |
| Visualization | Matplotlib, Seaborn |
| BI Dashboard | Microsoft Power BI |
| Environment | Jupyter Notebook, VS Code |
audit_anomaly/
โ
โโโ data/
โ โโโ creditcard.csv # Raw dataset (284,807 transactions)
โ
โโโ notebooks/
โ โโโ 01_eda.ipynb # Exploratory Data Analysis
โ โโโ 02_models.ipynb # Model training & evaluation
โ
โโโ src/
โ โโโ preprocess.py # Data loading & feature scaling
โ โโโ statistical.py # Z-Score & IQR anomaly detection
โ โโโ ml_model.py # Isolation Forest model
โ โโโ evaluate.py # Metrics, plots & export
โ
โโโ outputs/
โ โโโ flagged_transactions.csv # Final audit-ready output
โ โโโ confusion_matrix.png # Model evaluation plot
โ โโโ risk_distribution.png # Anomaly score distribution
โ โโโ risk_labels.png # Risk tier breakdown
โ โโโ amount_dist.png # Transaction amount distribution
โ โโโ class_imbalance.png # Fraud vs legit distribution
โ โโโ isolation_forest.pkl # Saved trained model
โ
โโโ powerbi/
โ โโโ dashboard.pbix # Interactive Power BI dashboard
โ
โโโ requirements.txt
โโโ README.md
git clone https://github.com/jidnyasadthakre07/audit-anomaly-detection.git
cd audit-anomaly-detectionpython -m venv venv
# Activate on Windows
venv\Scripts\activate
# Activate on Mac/Linux
source venv/bin/activatepip install -r requirements.txt- Go to Kaggle Credit Card Fraud Detection
- Download
creditcard.csv - Place it in the
data/folder
cd src
python main.pyThis runs all steps automatically:
- Loads and preprocesses data
- Applies Z-Score and IQR statistical flagging
- Trains the Isolation Forest model
- Evaluates results and generates all plots
- Exports
flagged_transactions.csvtooutputs/
cd notebooks
jupyter notebookOpen 01_eda.ipynb first, then 02_models.ipynb. Run cells top to bottom using Kernel โ Restart & Run All.
Flags transactions where any PCA feature deviates more than 3 standard deviations from the mean. Catches outliers in feature space.
Flag if: |x - ฮผ| / ฯ > 3.0
Flags transactions where the transaction amount falls outside the whisker boundaries. Robust to non-normal distributions.
Flag if: Amount < Q1 - 1.5รIQR OR Amount > Q3 + 1.5รIQR
An unsupervised tree-based algorithm that isolates anomalies by randomly partitioning features. Anomalies require fewer splits to isolate โ they get lower anomaly scores.
n_estimators = 100contamination = 0.032(3.2% expected anomaly rate)random_state = 42
All three methods feed into a unified risk score (0โ100):
Risk Score = (zscore_flag ร 50) + (iqr_flag ร 30) + (max_zscore ร 2)
| Score Range | Risk Label |
|---|---|
| 0 โ 30 | Low |
| 31 โ 60 | Medium |
| 61 โ 100 | High |
The interactive dashboard (powerbi/dashboard.pbix) includes:
| Visual | Purpose |
|---|---|
| KPI Cards | Total flagged, avg anomaly score, confirmed frauds |
| Bar Chart | Anomaly score volume by risk level |
| Scatter Plot | Anomaly score vs Z-score (multi-method validation) |
| Donut Chart | Risk label distribution (High/Medium/Low) |
| Data Table | Individual flagged transactions sortable by score |
| Slicers | Filter by Class (confirmed fraud) and risk_label |
Key insight from the scatter plot: Transactions in the top-right corner (high anomaly score AND high Z-score) are flagged by BOTH methods independently โ these are the highest-priority cases for auditor review.
| File | Description | Used by |
|---|---|---|
flagged_transactions.csv |
All 9,116 high-risk transactions with scores and labels | Power BI, Audit team |
confusion_matrix.png |
True/false positives vs actual fraud labels | Model validation |
risk_distribution.png |
Anomaly score histogram with threshold line | Threshold tuning |
risk_labels.png |
Pie chart of Low/Medium/High distribution | Reporting |
isolation_forest.pkl |
Saved model for future inference on new data | Production deployment |
To adjust what percentage of transactions get flagged, change the contamination parameter in src/ml_model.py:
iso_forest = IsolationForest(
contamination=0.032, # โ increase to flag more, decrease to flag fewer
...
)Then re-run python main.py and check the summary output. Target precision > 85% with flagged rate between 2โ5% for a realistic audit scenario.
pandas==2.1.0
numpy==1.24.0
scikit-learn==1.3.0
matplotlib==3.7.0
seaborn==0.12.0
jupyter==1.0.0
openpyxl==3.1.2
joblib==1.3.0
Source: Kaggle โ Credit Card Fraud Detection
Credits: Machine Learning Group, Universitรฉ Libre de Bruxelles (ULB)
| Property | Value |
|---|---|
| Rows | 284,807 transactions |
| Fraud cases | 492 (0.17%) |
| Features | V1โV28 (PCA-transformed), Amount, Time |
| Target column | Class (1 = fraud, 0 = legitimate) |
Note: The dataset is not included in this repository due to size. Download it directly from Kaggle and place it in
data/creditcard.csv.
In a real Big 4 audit engagement, this pipeline would:
- Replace manual sampling โ auditors traditionally sample 5โ10% of transactions manually. This system intelligently targets the 3.2% most suspicious.
- Prioritize audit effort โ High-risk flagged transactions go to senior auditors; Medium-risk to juniors; Low-risk to automated checks.
- Provide defensible evidence โ The multi-method approach (statistical + ML) gives auditors two independent reasons to investigate a transaction.
- Scale across clients โ The
isolation_forest.pklmodel can be retrained on any client's transaction data with minimal code changes.
- Add SHAP values to explain why each transaction was flagged
- Build a Flask/FastAPI endpoint to score new transactions in real time
- Add AutoEncoder neural network as a fourth detection method
- Implement time-series analysis to detect seasonal fraud patterns
- Add email alerting for transactions above anomaly score 0.75
Jidnyasa Thakre
- LinkedIn: https://www.linkedin.com/in/jidnyasathakre/
- GitHub: https://github.com/jidnyasadthakre07/
- Email: jidnyasathakre3@gmail.com
- Kaggle and ULB Machine Learning Group for the dataset
- Scikit-learn documentation for Isolation Forest implementation guidance
- Microsoft Power BI community for dashboard best practices
"Designed an end-to-end anomaly detection pipeline on 284,807 financial transactions using Isolation Forest, Z-Score, and IQR methods โ flagging 3.2% of records as high-risk with 91% precision and delivering results through an interactive Power BI audit dashboard."