By 2011, I was becoming more and more involved in data analysis to detect fraud. I had been doing this for years but had never really thought about the approaches I was taking to assess fraud risk and determine the analytics to perform. The following is the result of my deliberations (which continue to this day).
The unrelenting advancement of technology is affecting virtually every aspect of our lives. And as technology becomes more pervasive, so do schemes to commit fraud. Fraudsters are taking advantage of users’ inexperience with newer technology and weaknesses in the controls to perpetuate these schemes. This is proving to be a challenge for evaluators, auditors and investigators in their efforts to identify and detect fraud. However, technology is also a tool that can help prevent and detect fraud. Data analysis techniques can search for the symptoms on fraud that are buried in the millions of transactions flowing through the business process.
Whether you are investing to see if a fraud occurred or following up on an allegation of fraud, a good first step is to understand the ‘why’ of fraud. The “Fraud Triangle”, created by famed criminologist Donald Cressey, outlines three basic things that must be present in order for fraud to occur: opportunity, pressure or motivation, and rationalization.
Opportunity. An opportunity is likely to occur when there are weaknesses in the internal control framework or when a person abuses a position of trust. For example:
- organizational expediency e.g. it was a high profile rush project and we had to cut corners;
- downsizing means that separation of duties no longer exists;
- business re-engineering removed checks and balances in the control framework
Pressure. The pressures are usually financial in nature, but this is not always true. For example, unrealistic corporate targets can encourage a salesperson or production manager to commit fraud. The desire for revenge – to get back at the organization for some perceived wrong; or poor self-esteem – the need to be seen as the top salesman, at any cost; are also examples of non-financial pressures that can lead to fraud. In addition, living a lavish lifestyle, a drug addiction, and many other aspects can influence someone to commit fraud.
Rationalization. In the criminal’s mind rationalization usually includes the belief that the activity is not criminal. They often feel that everyone else is doing it; or that no one will get hurt; or it’s just a temporary loan, I’ll pay it back, and so on.
Interviews with persons who committed fraud have shown that most people do not originally set out to commit fraud. Often they simply took advantage of an opportunity; many times the first fraudulent act was an accident – perhaps they mistakenly processed the same invoice twice. But when they realized that it wasn’t noticed, the fraudulent acts became deliberate and more frequent.
Interestingly, studies have shown that the removal of the pressure is not sufficient to stop an ongoing fraud. Also, the first act of fraud requires more rationalization than the second act, and so on. As it becomes easier to justify the acts occur more frequently and the amounts increase in value. This means that, left alone, fraud will continue and the losses will increase.
While I have been unable to find conclusive evidence to support the 10-80-10 rule, but it is well known in the ACFE-world. Basically, it states that 10% of the people would never commit fraud; 80% might; and 10% are actively searching for opportunities to commit fraud. I think as auditors and fraud investigators we must be concerned not only with the 10% who are actively attempting to commit but, but also the 80% who might. By ensuring that the fraud triangle is not adversely affecting these people we can prevent fraud and save people careers and lives.
Pressure – audit can examine corporate performance targets and inform management of times when targets are likely to contribute to cutting corners, bypassing controls and possibly committing fraud.
Rationalization – an audit of corporate value and ethics program and the top-at-the top can help to make sure that the tone-at-the-top is aligned to organizational goals and objectives.
Opportunity – by performing fraud risk assessments and addressing control weakness in the areas most prone to fraud audit can protect the 80% from making a mistake.
Next week I will describe two approaches that can assist you in determining where you have fraud risks and the data you require to perform analytics to determine if fraud is happening.