The Fraud Triangle - How to Keep It Out of Your BusinessOctober 26, 2011
White collar criminals (or fraudsters) are not easily picked out from a crowd. They blend in seamlessly with society and do not look like criminals. They are likely educated, with no criminal record, and probably do not abuse drugs or alcohol.
Fraudsters do not linger in dark alleys wearing a trench coat while they prey on victims. They disguise themselves as college graduates, churchgoers or even employees of the month. In other words, they look "normal," with traits that organizations look for in potential employees.
That said, how can organizations become more vigilant in recognizing the signs of a fraudster? And how can an organization protect itself from becoming a victim?
An organization must recognize the common elements in most fraud cases. Fraud perpetrators usually have a non-sharable pressure, they recognize a perceived opportunity, and then they rationalize their actions. These three traits are commonly known as the “Fraud Triangle”.
Examples of non-sharable pressures include excessive debt, addiction (e.g. gambling) and status seeking. Once an employee has a non-sharable pressure, they must find an opportunity to remedy his/her problem. An astute fraudster will find an opening in the organization, exploit it and feed his/her appetite until caught. Opportunity comes in many forms, including:
1) Weak or non-existent internal controls which fail to prevent or detect fraud;
2) Lack of oversight by supervisors;
3) Failure to discipline past perpetrators (i.e. no fear of reprisal), or;
4) Lack of an audit trail.
After a fraudster takes advantage of an opportunity, he/she typically rationalizes his/her actions. This takes the form of an excuse used by the perpetrator to alleviate his/her guilt. Since most fraudsters are first-time offenders, they do not view themselves as criminals. They rationalize their actions using typical excuses: “I will borrow the money now and pay it back once I turn things around.”
An organization usually has the least control over the rationalization component of the Fraud Triangle since it is up to the fraudster to justify his actions. The pressure component of the Fraud Triangle is typically not easily controlled by organizations. Therefore, it is important for organizations to proactively recognize pressures facing employees by being vigilant.
Non-sharable pressures may not ordinarily be observed in employees until after a fraud has been discovered. Only after a fraud is perpetrated do the pieces of the puzzle get put together and tell the whole story. Therefore, it is imperative that organizations know their employees. Prior to hiring an employee, that individual should have a background check performed. If he or she will be in a position to handle finances, a credit check should be done. After all, if someone previously filed for bankruptcy or had credit problems, that person probably shouldn’t be appointed in charge of paying the organization’s bills.
The organization should be rational about employees’ work habits. For instance, an employee who gets to work early, stays late and rarely takes vacation should raise a red flag. While workaholics may be lauded as ‘model’ employees, a smart organization would ask, “Why is this employee working so hard? What is his or her motivation?”
The organization should observe if employees are gamblers, have large financial losses or are deep in personal debt. Do they appear to live beyond their means? Do they discuss their problems at work? The more an organization knows about an employee, the more likely they are to recognize the symptoms of financial pressure.
The organization’s greatest control over the three Fraud Triangle components is the ability to minimize the opportunity to commit a theft. Everything starts with leading by example (i.e. Tone at the Top). If management is dishonest or absentee, then the risk of theft by employees is greater.
Second, effective control activities and procedures should be in place, such as segregation of duties. Segregation of duties ensures that one person does not manage an entire process. Ideally, three people should participate in a control process. For example, one person collects cash, a second counts the cash and a third posts the cash to the accounting records. Control procedures should ensure that transactions are properly authorized.
Third, the organization should have adequate documents and records and maintain physical control over those records. This assures an adequate audit trail exists. Fourth, independent checks – such as detection controls – may not only detect fraud but increase the perception that fraud will be discovered to deter fraudulent behavior. While no system of internal controls is perfect, it should periodically be reviewed, tested and modified to verify that any weaknesses are promptly identified and corrected. Too many organizations focus on revenue-generating activities and neglect a strong system of internal controls.
Lastly, hiring an independent third party to analyze internal controls and provide recommendations for improvement through a fraud risk assessment may help to identify fraud risks.
While addressing fraud risks, organizations should examine the cost versus benefit to ensure they concentrate on areas where the most vulnerability exists. Organizations need to take the emotional aspect out of their decisions to implement controls (e.g., “Suzy the bookkeeper is a long-time employee, she would never steal.”). By proactively addressing each leg of the Fraud Triangle, organizations can better identify red flags of fraudsters, reduce their exposure to fraud risk and avoid becoming a victim.
Michael D. Frenza, CPA/CFF, CFE, is a manager with BlumShapiro’s Litigation Services and Business Valuation Group. BlumShapiro is the largest regional accounting, tax and business consulting firm based in New England, with offices in West Hartford and Shelton, CT and Rockland, MA. The firm serves as business advisors for today’s leading companies, non-profit organizations and government entities, working to strategically tailor and consistently deliver tested solutions for unlocking an organization’s full potential. For more information about BlumShapiro, visit blumshapiro.com.