What is fraud?
The word “fraud” is now firmly entrenched in the mainstream consciousness with the multitude of corporate fraud debated in the media. However there is no single commonly accepted definition, across legal jurisdictions, of what fraud constitutes. Broadly speaking, it can be interpreted as an intentional act or omission designed to deceive others with the intention of causing loss to the victim and obtaining an unfair advantage. Unlike other crimes which may be witnessed, fraud, by its very nature necessitates concealment by its perpetrators. It is obvious that all fraud has the common denominator of a “perpetrator” or person committing the fraud.
So what drives a person to commit a fraud? According to Dr. Donald Cressey, an eminent criminologist, there are three factors which are common in all fraud cases and which create an environment for a person to commit a fraud. The elements, which he sets out as components of a fraud triangle, are Opportunity, Motivation (pressure) and Rationalization (attitude).
The opportunity to create fraud can be due to factors which are either industry-specific or company-specific or a combination of both. Industry-specific factors such as large volume cash transactions, high rate of rejections, commission payouts to customers and vendors, etc., create an opportunity to commit fraud. Company-specific factors include operating from remote locations, weak internal controls, complex legal structures, pressure to satisfy customer demand, significant promotional activities, use of manual documents to circumvent system controls, etc. The employee uses his/ her position of trust to deceive and manipulate the system. In order to effectively address the opportunity element of fraud risk, it is essential that a company should have effective and well communicated internal controls.
Motivation, also referred to as the “need or greed” factor, is the second element of the fraud triangle. A person may be motivated by needs such as the desire for a better lifestyle, vices or the desire to project oneself in a better light in society.
In order to notice tell-tale signs of motivation element, one needs to be conscious of the value of “red flags” as an early warning mechanism. For example one should be aware of employees with lifestyles that are inconsistent with their status in the company. A useful way to pick-up such symptoms prevalent in an organization are to develop potential “red flag situations” and communicate to employees the need to keep a watch of such behavioral trends. Whilst a red flag does not necessarily mean there is a problem, it indicates that follow-up actions should be put in place to confirm or refute the existence of a potential issue.
The third element of fraud is rationalization – a factor that allows fraudsters to convince themselves that their actions are justified. Rationalization can operate at the individual level, which may be a reflection of a different value or belief system. Rationalization may also reflect the corporate culture – there is no “tone at the top,” there is a lack of understanding about what is acceptable, a tolerance of petty wrongdoing or a lack of business principles.
How do we prevent fraud
No entity, however large or small, can insulate itself from “occurrence of fraud”. The fundamental question therefore, that should be seriously discussed in corporate board room, is – if fraud is a known risk, “who is responsible for fraud deterrence and prevention?” This responsibility to “detect and prevent” fraud has to be internal. It is for those charged with governance that will have to take the lead role on fraud and integrity issues. Unless there is commitment from the senior management of “zero tolerance” and this has been clearly communicated, change will not happen and the benefits of reducing fraud and other integrity risks will not be fully realised.
Having set the “tone at the top”, fraud risk exposure should be assessed periodically by an organization to identify specific activities for which it needs to have controls in place to mitigate fraud risks.
A good fraud risk assessment requires relevant inputs from various sources. For this purpose, an organization should build an effective fraud deterrence team. This team should comprise individuals handpicked from levels across the organisation and include senior management team, business unit leaders, internal audit and process owners (e.g., human resources, IT, finance, sales, procurement, supply chain, operations). Each of them, with their differing knowledge, skills and business perspectives will contribute to building an effective anti-fraud program. The team members must possess diverse skill sets to address the complexities of fraud cases and proactive fraud risk initiatives. The team must clearly articulate their individual roles and responsibilities to avoid duplication of effort and ensure that the process will achieve the desired outcomes.
The anti-fraud program should also clearly articulate the ethical behavior expected of the employee by the Company and what action will be taken when the company recognizes unacceptable behavior. The Company should prioritize fraud risks and determine those risks that warrant attention. For this purpose, there is a need to install controls to mitigate identified risks or suspected fraud risks, and formulate actions to be taken once fraud is detected. It’s equally important that actions are followed through if an investigation begins.
Needless to state, effective governance processes are the foundation of effective fraud risk management. Only those companies that have developed an effective anti-fraud program which includes setting the tone at the top, developing proactive and reactive measures will be able to deal effectively deal with fraud.
[This article has been contributed by Mr. Shajan Abraham, Associate Partner – Internal Audit Division. PKF currently offers value-added internal audit services to several very large firms operating in the UAE.]