Donald Cressey’s Fraud Triangle historically has received a lot of attention during the ACFE’s Fraud Week and for good reason. It supplies a useful set of analytical distinctions in its three components—opportunity, rationalization, and pressure or motivation—that lead us to look at specific relevant factors that affect fraud in organizations. Understanding the causal forces at work helps us to take steps to address them.
The opportunity for fraud is the most straightforward causal factor for organizations to address because it is rooted in the organization itself. Unlike motivation or rationalization, opportunity does not depend on the potential fraudster’s personal circumstances or state of mind. Therefore, opportunity reduction works regardless of whether or not a potential fraudster exists in the workforce at any given time.
Opportunity has long played a part in the general policy of crime prevention. For example, in the 1980’s, a prominent theory was Crime Prevention through Environmental Design (CPTED). The aim was to create living and working spaces that removed opportunities for crime. In turn, CPTED was based on Jane Jacobs’ insight that safer cities were those that had vibrant, people-filled public spaces with lots of eyes on the scene. The idea that opportunity can be managed to reduce the incidence of crime, regardless of how potential criminals think or behave, has a solid pedigree. … Continue reading
As part of the annual fraud awareness week, we wanted to bring you a quick summary of the principles of fraud risk management. These points are based on an extensive review titled Managing the Business Risk of Fraud: A Practical Guide.
As the Practical Guide emphasizes, “An organization should strive for a structured as opposed to a haphazard approach.” The Guide is a good place to start developing a fraud prevention and detection program as part of your overall risk management efforts (or structuring a review of an existing program). But as always, diving into the details of organizing and implementing a program like this requires significant effort. Skipping steps or making assumptions about risks and mitigation practices without systematic assessment will often lead to gaps or weaknesses in the plan. … Continue reading
Given the high prevalence of organizational fraud, as reported by the Association of Certified Fraud Examiners (ACFE), companies have strong incentives to invest in fraud auditing capabilities—both internal and independent (external) audits. While both are extremely effective, this article is focused on internal audits.
It turns out, companies with properly-structured internal audit systems are less likely to experience severe losses due to internal fraud. Further, we find the existence of a strong internal audit capability is of significant interest to underwriters when reviewing applications for crime and fidelity insurance coverage.
All companies can benefit from an internal audit system. When properly structured it provides a layer of protection and sends a strong message to both company vendors and employees that fraud will be detected quickly and won’t be tolerated. Continued monitoring leads to ever changing processes and controls that provide corrective measures designed to deter and detect fraudulent activity.
However, the likelihood of a company having an internal audit unit varies with the size of the company. Small companies are more often found without the internal audit departments, largely based on cost. These firms utilize the services of an independent audit firm to minimize exposure to fraud. This will be the topic of our next article.
7 Best Practices for Internal Audit
The internal audit, like any audit, requires sufficient autonomy, resources, skills, and access to relevant records to produce reliable results. It should operate according to a plan created and/or approved by the Board of Directors, with transparency in its functions that communicates its purpose to all vendors and employees. Communicating a strong message of zero tolerance on fraud and abuse is essential. The internal audit committee has an obligation to report the self-identified audit issue to the Audit Committee or the Board of Directors itself, if possible. … Continue reading
Organizational fraud is a hidden crime. But when it is detected, it is often by a colleague or employee of the perpetrator who happens to discover the fraud – over 40% of the initial detection of a fraud is through a tip, most often from an employee. That’s why the ACFE Fraud Prevention Checkup highlights the necessity of a fraud reporting mechanism, in other words, a whistle-blower program.
An effective whistle-blower program has to both encourage the person who discovers the crime to report it and give him the means to do so. A potential whistle-blower may be someone who works closely with the perpetrator, with bonds of friendship or fears of retribution. The program needs to overcome these barriers to be effective.
In fact, research by the law firm Labaton Sucharow reported in Security Magazine in an article by Jim Ratley found that 34% of employees have learned about “workplace misconduct” and that most of them would report it if they could. The factors that could encourage them to report the issues included remaining anonymous, avoiding retaliation, and getting a reward. … Continue reading
Most managers, and in fact employees at all levels, assume their co-workers are honest and working to do their best for the organization. Unless they are the one who is perpetrating a fraud.
Unfortunately, occupational fraud is a lot more common than most people think. The Association of Certified Fraud Examiners (ACFE) has published a series of reports based on fraud examiners’ actual cases that document the pervasiveness of these hidden crimes. The 2014 edition of the Report to the Nations on Occupational Fraud and Abuse confirms that fraudsters steal 5% of top line revenue every year, which amounts to over $650 billion per year in the U.S. alone, and an astonishing $3.7 trillion worldwide. … Continue reading