The elements of fraud also known as the fraud risk factors or fraud triangle are the following:

pressure, opportunity and rationalization.

Pressure or incentive also called motive incites action. It is the moving force which impels a
person to commit fraud. It can also be defined as the need a person tries to satisfy by committing the
fraud. It should be distinguished from intent which is the use of a particular means to commit fraud, a
mental state demonstrated by the overt acts of a person. Pressure or motive can be from financial
difficulties in an employee's personal life, desire to release positive news to the social media, thirst of
power which is a great motivator, gratification of a desire such as greed or an addiction.

Opportunity is the ability to commit fraud. An opportunity for fraud is more likely in companies
where there is a weak internal control system, poor control over cash, merchandise and organizational
property as well as a lack of compensating accounting controls are enabling factors. Moreover,
management can always override existing controls.

Rationalization is the justification for the act. Some people may rationalize fraudulent actions as
necessary, harmless, excusable or acceptable. For example, some individuals might consider that they
were entitled to the stolen item. Think that if executives break the rules, it must be all right for others to
do so as well or might not comply with rules that don't make sense to them. For those who have faced
financial difficulties have succumbed to a costly addiction or are facing other pressures rationalized that
they are just borrowing money and when their lives improve, they will pay it back.

If the company can eliminate any of these three elements, pressure, opportunity and
rationalization, the likelihood of fraud occurring is greatly reduced. The top fraud types and the top
perpetrators based on the 2020 PwC survey are enumerated on your module.

How the fraud risk factors enable asset to misappropriate? Asset misappropriation is stealing
cash or other assets. If incentive, opportunity and rationalizations are present, fraud may be committed.
For example, incentive – personal financial obligations of management or employees.

If there is an opportunity, say large amount of cash on hand, rationalization, tolerance of petty
theft, so what fraud may be committed? Theft of cash. If the opportunity is inventory items that are
small in size of high value or in high demand, the rationalization changes in behavior or lifestyle then
what fraud may be committed? Theft of inventory. If the opportunity there is an inadequate control and
the rationalization is failure to correct known material witnesses in internal control, then what fraud
may be committed? Fictitious or ghost employees on the payroll. If there is lack of segregation of duties
and poor ethical standards, so the fraud may be intercepting payments to suppliers.

Common forms of theft of cash are check kiting and lapping of receivables. Check kiting takes
advantage of the float. Usually, there are two checks involved in this case. The first check will be drawn
against the first bank, for example, such first check is usefully with insufficient funds. If the first check is
deposited, it will surely bounce. So, why write the first check? The perpetrator will write a second check
against another bank which is useful funded. The second check of the second bank will be used to fund
the first check. Before the second check is cleared, the perpetrator will encash the first check.

If the account is not planned to be replenished, the fraud is known as paper hanging. If it will be
covered by payday, it is called as paying the float. The check instead of being used as negotiable
instrument is used at a form of unauthorized credit. Check kiting is called a such as there was nothing to
support the credit besides air.

In lapping of receivables, a person with access to both customer payments and account
receivable records steals a customer's payment. The shortage in the customer’s account is then covered
with a subsequent payment from another customer.

Fraudulent financial reporting

Fraudulent financial reporting involves intentional statements including omissions of amounts or

disclosures in the financial statements to deceive financial statement users. If incentive, opportunity and
rationalization are present, fraud may be committed. For example, incentive – significant decline in
customer demand, opportunity – there's a significant related party transaction, rationalization – poor
ethical standard, so what fraud may be committed? Recording of fictitious sales and shipping,

Incentive – significant financial interest in the entity. Opportunity – the valuation based on
significant estimates. Rationalization – excessive interest in increasing the entity's stock price. So, what
fraud? Improper investment valuation.

Incentive – new accounting statutory or regulatory requirements. Opportunity – domination of

management by a single person. Rationalization – justifying inappropriate accounting on the basis of
materiality. So, what fraud? Improper or inadequate disclosures.

Incentive – performance bonus based on profit. Opportunity – ineffective accounting and

information system. Rationalization – practice of committing to stakeholders aggressive or unrealistic
forecasts. So, what fraud may be committed? Concealment of losses.

Incentive – pressure to save cash payments. Opportunity – complicated transfer pricing

mechanism. Rationalization – inclination to minimize tax payments. So, what is the fraud? Tax evasion.

The risk of the auditor not detecting a material misstatement resulting from management fraud
is greater than for employee fraud because management is frequently in a position to directly or
indirectly manipulate accounting records, present fraudulent financial information or override control
procedures designed to prevent similar frauds by other employees.

What is the difference between red flags and fraud risk factors?

Red flags are conditions that indicate potential fraud. Fraud risk factors describe three factors
that are present in every situation of fraud. Fraud risk factors does not indicate presence of fraud. The
three fraud risk factors might be present yet it is possible that no fraud was committed while red flags
indicate that fraud was committed.

What are the common red flags? Inadequate or non-transparent explanation for unusual
transactions, variances or results. Large adjustments made after period, complex transactions that are
not auditable, creation of fictitious reconciling items, existence of concealment of documents, discovery
of falsification of documents and significant related party transactions just like the Enron case.

Who has the primary responsibility to prevent or detect fraud? Management, not internal not
external auditor. What is the responsibility of internal or external auditor when it comes to fraud? The
internal audit activity must evaluate the potential for the occurrence of fraud and how the organization
manages fraud risks. External auditors are expected to detect material misstatement whether duty to
fraud or error. The management may prevent fraud by applying the COSO control framework.

For example, the control elements of a fraud prevention program based on the COSO control
frameworks are first, the control environment includes such elements as a code of conduct, ethics policy
or fraud policy. A strong ethical culture and setting, the correct tone at the top are essential to
prevention. Second, a fraud risk assessment generally includes the following: identifying and prioritizing
fraud risk factors and fraud schemes, mapping existing controls to potential fraud schemes and
identifying ducts (???), testing operating effectiveness of fraud prevention and detection controls,
documenting and reporting the fraud risk assessment. Third, control activities are policies and
procedures for business processes that include authority limits and segregation of duties. Fourth, fraud
related information and communication practices promote the fraud risk management program and the
organization’s position on risk. The means used include fraud awareness training and confirming that
employees comply with the organization's policies. A fraud hotline is a convenient way for employees to
report suspected improprieties and lastly, monitoring evaluates anti-fraud controls through
independent evaluations of the fraud risk management program and use of it.

Fraud may be prevalent in a purchasing or procurement, if left unchecked. For example, the
activity in purchasing process, scoping of contract, what is the fraud risk? The contract specification is
written in a manner which favors a particular technical end-user and financial supplier.

How to prevent fraud? Use of controller assessment panel made up of representatives to ensure
that more than one person is involved in drawing up the specification. Another activity, contact
documentation. What is the fraud risk? Conditions of contracts are changed to accommodate a favored
supplier or to exclude competitors. How to prevent? Standard contract conditions and specifications to
be used. Any variations to be approved by senior management.

Other activity, setting evaluation criteria. Fraud risk, original evaluation criteria are changed
after the receipt of submissions to ensure that favored suppliers are shortlisted. How to prevent? Use
evaluation criteria as agreed by the contract panel prior to tendering.

Another activity: contractual correspondence. What is the fraud risk? Altering terms and
conditions to suit a preferred supplier. So to prevent this, contract terms and conditions should be those
of the purchasing department and not subject to change without the written approval of senior
management.

Next activity: contact management. The fraud risk false claims for work not carried out or
exaggerated claims for actual work done. How to prevent? Clear audit trails with written records,
authorization of changes to original documentation, random and systematic checks of activity.

Next activity: claims negotiation. Fraud risk – assisting the contractor to justify claims. How to
prevent? Claims negotiation should be carried out using professional advisors.
 Next activity: certification. Fraud risk – inadequate certification may lead to overpayments or
payments for work not carried out. How to prevent? Clear separation of duties between ordering the
work, certification and authorization for payment. Certification documents should be returned to the
originator.

Next activity: authorization. Fraud risk – contract splitting to keep contract values under a
particular staff members authorization financial limit. Prevention – the splitting of contracts should not
be allowed unless authorized by senior management. Internal controls should be established to detect
this.

Next activity: pricing. Fraud risk – standard prices appear to drop whenever a new supplier is
invited to bid. Prevention – management reviews of the reasonableness and competitiveness of prices.

Next activity: suppliers. Contract awarded to a company with a poor performance record.
Prevention – ensure contractors with a poor performance record are removed from the approved
suppliers list or possibly contract awarded to a contractor who is not the lowest tenderer or the lowest
bidder. So, prevention – senior management review

What are the ways to detect fraud? Some of the common ways are whistleblowing, hot line,
internal tip of, external tip of, by accident, law enforcement investigation, change of personal duties,
corporate security, risk management, external audit and internal audit.

Who are responsible for resolving fraud incidents? The management and the board. Resolution
consists of determining actions to be taken after the investigation is complete. Resolution may include
the following:

(1) providing closure to persons who were found innocent or reported a problem
(2) disciplining an employee
(3) requesting voluntary financial restitution
(4) terminating contracts with suppliers
(5) reporting the incident to law enforcement or regulatory bodies encouraging them to
prosecute and cooperating with them
(6) filing a civil suit to recover the amount taken
(7) filing an insurance claim
(8) complaining to the perpetrator’s professional association and
(9) recommending control improvements