Skip to main navigation

Article on Fraud Triangle Analytics - EY - India

The Fraud Watch: January 2011

Viewpoint - Breaking the status quo: Moving beyond traditional e-mail review

  • Share

Last year’s status quo internal audit approach is no longer an effective strategy. Companies are constantly asking management to look for ways to push the envelope in proactively reviewing and analyzing data to prevent and detect fraud.

Fraud Triangle Analytics

By Dan Torpey, CPA; Vince Walden, CFE, CPA; and Mike Sherrod, CFE, CPA

In this article, we cover:



The perfect storm for a fraudulent business environment is here. The need for tougher, more aggressive, proactive approaches to fraud is pushing management to rethink its approaches. Fraud Triangle Analytics is becoming a valuable tool to revolutionize e-mail and instant message searches.



Fraud Triangle Analytics (FTA) links electronic communications to the Fraud Triangle through the development of libraries of specific keywords that relate to incentive/pressure, opportunity, and rationalization. FTA involves searching for the occurrence of those keywords within e-mail or instant message (IM) communications.

Since the introduction of FTA, corporations, regulators, attorneys, internal auditors and accountants have been very interested in this new methodology. In this article, we’ll share the feedback from those who’ve used this methodology on investigations and risk assessments to develop more robust, targeted, and aggressive anti-fraud programs.


Figure 1: Cressey’s Fraud Triangle and Keywords

The perfect storm is here

Last year, we introduced FTA simultaneously with the 2009 economic recession; we sensed that the “perfect storm was brewing” for fraud in the workplace.

With unemployment now hovering around 10 percent and employees still feeling the pinch of last year’s layoffs and budget cuts, the perfect storm for a fraudulent business environment is here. In fact, in a 2009 EY European study more than 55 percent of respondents said they expect fraud to increase. Respondents attributed the increased risk to changes in the underlying business, lack of management focus, pressures on the company, inadequate controls and procedures, and untrustworthy management.

The need for tougher, more aggressive, proactive approaches to fraud is moving management to rethink its approaches to anti-fraud programs and refine their fraud risk assessments by integrating leading data analytics methodologies into their work plans.

Last year’s status quo internal audit approach is no longer an effective strategy. Companies are constantly asking management to look for ways to push the envelope in proactively reviewing and analyzing data to prevent and detect fraud. FTA is a cutting-edge method that approaches fraud fighting from a different and often overlooked perspective.

In the past year, when we used FTA methodologies either in an investigation or as part of an aggressive anti-fraud response program, we frequently uncovered key individuals and timeframes that helped to quickly identify the who, what, and when aspects of the suspected fraud risks. We’ve collaborated with and/or deployed this new methodology in numerous global organizations. We also introduced FTA to top law firms and government agencies to start integrating FTA into their organizations.

Back to the list

FTA interface puts The Fraud Triangle at investigators’ fingertips

Investigators and regulators, during investigations, normally ask for e-mail and IM from selected individuals as the first sources of data. However, few fraud examiners apply the fraud triangle theory to e-mail review proactively.

This is because that traditional document review requires the investigator to read and annotate thousands of e-mails and IMs looking for clues of fraud. That would not only be considered intrusive but potentially contrary to basic fraud examination principles.

However, FTA changes this. We now can efficiently mine a vast amount of e-mails and IMs for evidence by automatically analyzing the frequency of specific fraud-related words and phrases – keywords. We draw these keywords from an extensive library we’ve compiled that describe individuals’ incentive/pressure, opportunity and rationalization.


Developing a keyword library for FTA

When building your keyword library around the Fraud Traingle, it’s important to consider the type of fraud you're analyzing such as as­set misappropriation, corruption, or financial misstatement Further, it s critical to incorporate industry and company-specific jargon, acro­nyms, and cultural slang that might he used within the specific group being analyzed- Global organizations might also have to develop language-specific libraries.

To get you started, here are some sample keywords for a corrup­tion analysis:

Incentive/ pressure keywords
meet the deadline, make the number, under the gun, make the deal (make the sale), under pressure, afraid, problem, just book it, lose my job, get fired

Opportunity keywords
cookie jar, facilitation fee, process fee, release expense, handover fee (or handover payment), hush money, improper payment, cash only, kick back, off the books

Rationalization keywords
everyone does it, it's the culture, trust me, therefore, they owe me, sounds justified, fix it later, nobody will notice, just an error, the boss told me to


Back to the list

Tried but true triangle

All three sides of the Fraud Triangle are still very much in play today. The Fraud Triangle illustrates some of the fundamental concepts of fraud deterrence and detection. In the 1950s, criminologist Dr. Donald R. Cressey (one of the co-founders of The Institute for Financial Crime Prevention, the precursor to the ACFE) developed it to explain why people commit fraud.

His premise was that all three components – incentive/pressure, opportunity, and rationalization – are present where fraud exists.

As pressure mounts for executives to make the numbers, some might resort to unusual or unconventional accounting to meet expectations or simply maintain their jobs. The problem is magnified because many companies continue to downsize and reduce spending on objectives that aren’t critical to their missions. That can create tremendous strain on internal controls and advance the opportunity for fraud.

Finally, as many companies eliminate bonus programs and employee benefits, and in some cases reduce pay, the rationalization for fraud increases.

Back to the list

FTA Best for High-risk areas

Fraud examiners can best use FTA for targeted, high-risk areas of a business in which preemptive tests are warranted based on a fraud-risk assessment or when a credible allegation or action warrants an investigation.

For example, if we analyze a subset of business units or departments that are deemed as high risk, say between 25 to 100 people per group, we can identify those individuals who are using keyword terms that link to the elements of the Fraud Triangle as demonstrated in Figures 2 and 3.

In Figure 2, management had deemed the company’s sales department to be a high-risk area for bribery and corruption. To obtain the necessary data, they coordinated with the company’s IT and general counsel to obtain the e-mail and IM files for the sales individuals that made up that department.

E-mail and IM for approximately twenty five sales professionals were indexed based on the frequency of incentive/pressure, opportunity, and rationalization keywords in their written communications, normalized on a percentage of total documents by individual.


Figure 2: Fraud Triangle Index Scores for Sales Department

The employees within the highest overall Fraud Triangle Index score appear in the upper right hand corner with the largest circles. In this case, Robert Slater, Russell Draper and Elsie Santos rank among the highest. This is one leading indicator of who management may wish to focus in terms of the roles, responsibilities, and activities of these top-scoring individuals.

Back to the list

Navigating the Information from FTA

We have found the best way to navigate the information obtained from FTA is the use of an interactive, dynamic “dashboard” interface that ties all the components together is the best deployment tool for utilizing the FTA methodology and increases the efficiency of getting to the who, what, and when of a case.

In Figure 3, the investigator can select, or click, an employee (or “custodians” of data) from the interactive dashboard which will highlight that individual’s e-mail hit frequency over time. Using “Russell Draper” as an example, we see a spike in keyword hit frequency in July 2009 from all three keyword lists representing incentive/pressure, opportunity and rationalization – see arrows.

The keywords driving those spikes for Russell Draper are also displayed on the right so that the investigator can make an assessment of the relevancy of the terms by list. In this case, the client also supplemented the library with their own “Client-Provided Terms” to further refine the analysis.

Finally, the investigator can select certain years or additional custodians for comparison purposes and the data will dynamically update via this online tool.


Figure 3: Interactive FTA Dashboard

In the end, the Interactive Dashboard helps the investigator identify top individuals of interest (based on the Fraud Triangle Theory) and key time periods and keywords to focus for further inquiry.

We can incorporate additional analytics including tests of transactions, and social network analysis between certain custodians. For example, social network analysis may include the frequency of e-mails between certain senders and receivers over time as well as the words that make up those communications.

We’ve found it to be a highly effective, relatively low-intrusive way to identify fraud risks areas within an organization because it doesn’t require a document-by-document review of e-mail to get an initial feel for where fraud risks might exist.

In the past year, FTA has been used to help investigators uncover fake billing, vendor schemes, check-kiting schemes, bribery and corruption violations, and financial misstatements. It has also worked in reverse. Sometimes no substantial keyword spikes were identified, which when combined with other corroborating evidence, suggested to the investigation team that they might look outside the company for the perpetrator.

Back to the list

FTA is a powerful weapon in the fight against fraud

While it has moved from a research project in 2008 to a viable anti-fraud weapon in 2009, FTA is still in its infancy. We believe this methodology will continue to gain in its popularity and adoptions because it attacks the status quo of traditional, document-intensive e-mail review projects and couples it with proactive anti-fraud analytics that rely solely on transaction data.

Back to the list



Source: Excerpts from the original article authored by Dan Torpey, CPA; Vince Walden, CPA, CFE; and Mike Sherrod CPA, CFE, members of Ernst & Young LLP’s Fraud Investigation & Dispute Services practice..
Back to top