The shape of deception: understanding the fraud triangle
(As originally appeared in FEI Canada F.A.R. member e-newsletter, April 2010)
By Bob Ferguson, Partner, Fraud Investigation and Dispute Services group, Ernst & Young LLP
“I’ve earned it!” “I’m just borrowing it — I’m going to pay it back when things get better.” These are two of the most common rationalizations encountered by forensic accountants investigating misappropriated assets. And there are others.
Rationalization represents one of the three elements required for fraud to occur. When added to the other two — opportunity and motivation — it forms the “fraud triangle,” a potent combination of elements that can expose your company to significant risk.
In difficult economic times, the risk of fraud is heightened because of both an increased incidence of fraud risk factors and an increased likelihood of detecting frauds that have continued for some time. Fraud risk factors increase because individuals face more pressures, are presented with more opportunities to commit fraud and find it easier to rationalize their actions. Understanding the fraud triangle can help you manage your risk exposure and even prevent fraud before it can do your company significant damage.
This first element of the fraud triangle can include industry- or company-specific factors, or a combination of both. Industry-specific factors create opportunities, such as large volumes of cash transactions or a high incidence of trade commissions and discounts. Company-specific factors can include large volumes of related-party transactions, ineffective supervision and monitoring by management, unduly complex transactions or tax structures, or operations in remote or high-risk locations.
As a response to tough times, companies often implement cost-cutting measures, without fully considering the impact on their internal controls. One example is head-count reduction. Depending on which part of the company is affected, this can have a direct impact on internal control systems — possibly resulting in the elimination of internal controls, a level of approval or, worse, the consolidation of previously segregated functions into one role. As a result, management’s ability to review and supervise effectively may be strained, and corporate oversight functions, such as internal audit, corporate compliance and general counsel, may not be able to fully compensate for the increased risk.
In order to effectively address the opportunity element of fraud risk, your company needs to have an effective system of internal control. When you make any changes to your operations, remember to take into account both prevention and detection elements of this system. Be sure that remediation plans relating to previously identified internal control weaknesses are adequate and on schedule.
Motivation, sometimes referred to as the “need or greed” factor, is the second element of the fraud triangle. A person may be motivated by lifestyle issues — such as different vices or the desire for a bigger house, a nicer car or a vacation property. Motivation may also be driven by excessive dependence on variable compensation closely linked to company results or share price. Whatever the cause, desire can be a powerful motivator, which is compounded by early success in a fraudulent scheme.
In order to effectively address the motivation element, your company needs to be conscious of the value of red flags as an early warning mechanism. Be cognizant of your employees with lifestyles that are inconsistent with their status in the company and investigate discrepancies. While a red flag does not necessarily mean there is a problem, it indicates that some follow-up should take place to confirm or refute the existence of a potential issue.
One way to proactively mitigate fraud is to educate your employees about the red flags, and communicate ways they can escalate or share their concerns on an anonymous or confidential basis.
The third element of fraud is rationalization — a factor that allows fraudsters to convince themselves that their actions are justified. Rationalization can operate at the individual level, which may be a reflection of a different system of values and beliefs. Rationalization may also reflect the corporate culture — that there is no “tone at the top,” there is a lack of understanding about what is acceptable, a tolerance of petty wrongdoing or a lack of business principles.
In order to address rationalization, there are a number of actions your company can take. One helpful tool is an effective anti-fraud policy. This policy should clearly define fraud, state your company’s position on fraud, lay out the actions you will take to investigate fraud and clearly state the consequences of fraudulent acts. You should then communicate the policy to all of your people at all levels. You may even want your employees in key roles to sign an annual declaration of compliance with these company policies.
Another way to minimize the rationalization element is to cultivate and maintain good employee morale, treat your people fairly and reinforce the message that their contributions to your company are valued.
There is no “one size fits all” solution
While, there are many ways to try and mitigate fraud in your organization, the first step is to recognize that it’s virtually impossible to prevent all fraud. But knowing and understanding the fraud triangle can make a significant difference in reducing your exposure.