November 15 – 21, 2020 is International Fraud Awareness Week. SobelCo is a supporting organization, so we are posting useful fraud-related information throughout the month of November!
Our colleague, Megan Kelly, wrote about the Association of Certified Fraud Examiners’ 2020 Report to the Nations, a global study on occupational fraud and abuse in a recent article. Megan shared important information about the types of occupational fraud, characteristics of perpetrators and victims, and methods of detection.
One frequently referenced concept in occupational fraud is the fraud triangle, which is utilized to explain an individual’s motivation to commit fraud, and also contributes to the development of red flags that could signify a risk of fraud occurring. The fraud triangle is based on sociologist/criminologist Donald Cressey’s theory that “Trusted persons become trust violators when they conceive of themselves as having a financial problem which is non-shareable, are aware this problem can be secretly resolved by violation of the position of financial trust, and are able to apply to their own conduct in that situation verbalizations which enable them to adjust their conceptions of themselves as trusted persons with their conceptions of themselves as users of the entrusted funds or property.”[1]
More simply, an individual who normally would not commit fraud may do so when faced with some sort of pressure, i.e., an addiction or overwhelming debt; has an opportunity to commit fraud, i.e., is employed in a role with access to cash or easily converted assets and little oversight; and is able to rationalize acting in a way they normally would not, i.e., convinces oneself that committing the fraud will not hurt anyone else.
The fraud triangle is one of those theories that seems obvious in hindsight. For example, a long-term trusted employee is found stealing from the employer, and it is discovered that the employee had a gambling addiction and was living beyond their means. The employer and fellow coworkers think, after the fact, that they had always wondered how the perpetrator could afford such an expensive car and frequent fancy trips to exotic locales on the salary they earned. Once it is discovered that the perpetrator was stealing from the company to finance their extravagant lifestyle, it appears obvious that people should have figured out that fraud was occurring. However, just because those three elements exist, does not mean a fraud is in process.
In a 2004 article, to enhance the usefulness of the fraud triangle, David T. Wolfe and Dana R. Hermanson proposed the addition of a fourth element, capability, creating the fraud diamond. Capability refers to “personal traits and abilities that play a major role in whether fraud may actually occur even with the presence of the other three elements.”[2] In other words, it takes a certain kind of person to recognize the opportunity to commit fraud in order to meet their non-shareable need, and then have the fortitude to implement a fraud and then cover it up for an extended period of time.
So now that you know about the fraud triangle and the fraud diamond, what good are they to you in preventing and detecting fraud? Once you know the characteristics of individuals who are more likely to commit fraud and the circumstances under which they may do so, you can develop a catalog of behaviors to be aware of that could signal fraud risks, as well as tailor internal controls to address conditions within your company that could provide opportunities to commit fraud.
For instance, suppose you have a business where one employee has responsibility for the entire accounting function, from collecting payments, to recording them in the books and records, to taking the deposit to the bank, approving vendors, and paying bills, and there is little or no oversight of that employee. You have created an opportunity for that employee to exploit their position and commit fraud should they find themselves in a position of need, able to rationalize their actions, and capable of recognizing the opportunity and concealing their actions.
This is a scenario that occurs frequently in professional services practices. The professional service providers want to practice their craft, not deal with the back office, so they hire someone to run the back office, and entrust them with unlimited authority to do so. Unfortunately, this sometimes turns out badly when the professional service provider discovers that the trusted employee has been stealing from the practice. In such a scenario, the professional service provider must provide for a level of oversight over the activities of the back office employee, and ensure some segregation of duties to establish controls and demonstrate that they are aware of the vulnerability and are monitoring it.
Wolfe and Hermanson point out that a person with capability to commit fraud may exhibit certain characteristics, such as a strong ego and high level of confidence that they will not be caught; a persuasive personality that can be used to coerce others to participate in or conceal fraud; and the ability to lie effectively and consistently. They encourage assessing the capabilities of top executives and key personnel responsible for high-risk areas by getting to know them and interacting with them in a variety of circumstances to observe how they react in different situations, which can provide insight into how they might behave when under pressure.
Consider, for example, the Enron scandal. Enron experienced explosive growth, implemented aggressive accounting methods, and incentivized its executives with stock options, large expense accounts, and a focus on short-term earnings to maximize bonuses. These factors encouraged a culture whereby top executives did whatever they could to achieve success for the business and themselves. Such a culture favors people who have strong egos, high confidence, and charismatic personalities, all characteristics of people who are more likely to commit fraud under the right circumstances. Recognition of such a dynamic can aid in developing controls or internal monitoring to prevent and detect improper behavior.
It is important to step back occasionally to evaluate your business infrastructure, how you incentivize your employees, and the personalities and characteristics of your employees to determine whether you have established an organization and culture that is resilient to fraud risks. If you have concerns about your organization’s fraud risks, we would be happy to discuss how to assess and strengthen your fraud resilience.
Rebecca B. Fitzhugh, Member of the Firm, SobelCo
Forensic and Valuation Services
