Contents

CHAPTER 1.............................................................................................................................................4
FRAUD...................................................................................................................................................4
Introduction.......................................................................................................................................4
Unit objectives...................................................................................................................................4
Definition of Fraud.............................................................................................................................4
Definition of fraud risk assessment...................................................................................................6
Categories or Types of fraud..............................................................................................................7
Common fraud schemes....................................................................................................................9
Elements of fraud............................................................................................................................10
Activity.............................................................................................................................................10
CHAPTER 2...........................................................................................................................................11
Factors that causes employees to commit fraud/Reasons why people commit fraud.....................11
Theories on why employees commit fraud.....................................................................................11
The Fraud Triangle theory...............................................................................................................11
Reason why Employees Lie, Cheat, and Steal on the Job................................................................15
The Fraud Diamond theory..............................................................................................................17
White collar crime theory................................................................................................................18
Fraud scale theory...........................................................................................................................19
The Diamond Fraud Theory and the new Fraud Diamond Theory...................................................20
The new Fraud Diamond (NAVSMICE).............................................................................................21
High-Level and Low-Level Thieves...................................................................................................23
Identification of fraudsters..............................................................................................................24
Risk management............................................................................................................................25
Importance of risk management and fraud risk assessment in an organisation..............................25
Scope of risk management..............................................................................................................26
Approach in risk management.........................................................................................................26
Fraud Risk Assessment....................................................................................................................29
Why the need for fraud Prevention.................................................................................................30
1.0 Reasons for fraud Prevention..............................................................................................31
Fraud Prevention as a Multidisciplinary Approach..........................................................................33
Theoretical Frameworks for Fraud Prevention................................................................................34
 1.1 Various roles involved in risk management as a way of comparting fraud risks..................35
Interpreting potential red flags........................................................................................................37
Fraud risk factors are not the same as evidence of fraud................................................................37
Fraud risk factors may indicate the existence of risk other than fraud............................................38
Risk factors......................................................................................................................................39
Activity.............................................................................................................................................40
CHAPTER 4...........................................................................................................................................41
Interpreting potential red flags associated with the commission of fraud.......................................41
Definition of Red Flags.....................................................................................................................41
Importance of red flags...................................................................................................................41
Fraud Profile Perpetrator Profile:....................................................................................................42
Types of Red Flags...........................................................................................................................43
How the Auditor uses red flags........................................................................................................46
Anomalies / Exceptions...................................................................................................................46
How organisations should respond to red Flags..............................................................................47
Shortcomings of Red Flags...............................................................................................................47
Activity.............................................................................................................................................47
CHAPTER 1

FRAUD
Introduction
Fraud is an activity that takes place in a social setting and has severe consequences
for the economy, corporations, and individuals. It is an opportunistic infection that
bursts forth when greed meets the possibility of deception. The fraud investigator is
like the attending physician looking and listening for the signs and symptoms that
reveal an outbreak.

Unit objectives
By the end of this module, students should be able to:

 Define fraud
 State and outline the different categories of fraud
 Define fraud risk assessment
 State the importance of risk management and fraud risk assessment in an
organisation,
 Identify the factors that causes employees and managers to commit fraud/
why do people commit fraud.
 State the causes of fraud with reference to different fraud theories
 State the various roles involved risk management as a way of comparting
fraud risks
 Determine how fraudsters can be identified
 State the elements of fraud

Definition of Fraud
The Association of Certified Fraud Examiners

ACFE defines fraud as: “The use of one’s occupation for personal enrichment through
the deliberate misuse or misapplication of the employing organization’s resources or
assets.”
The Association of Certified Fraud Examiners defines fraud in relation to financial
statement fraud as the intentional, deliberate misstatement or omission of material facts
or accounting data that is misleading and, when considered with all the information made
available, that would cause the reader to change or alter his or her judgment or decision.
In other words, the statement constitutes intentional or reckless conduct, whether by act
or omission, that results in material misleading financial statement
Financial fraud, including theft and embezzlement, is criminal fraud of the white-collar
type It is committed against- organizations by both employees and outsiders such as
vendors and contractors
Black's Law Dictionary defines fraud as follows:
Knowing misrepresentation of the truth or concealment of a material fact to induce
another to act to his or her detriment. It could be a tort (civil matter) or it could be
criminal
Federal Bureau of Investigation (FBI) Definition of Fraud:
The Federal Bureau of Investigation (FBI) offers a definition of fraud that is applicable
to today's schemes and general understanding and that also incorporates the elements
recognized over the centuries: Lying, cheating, and stealing. That's white-collar crime in
a nutshell.
U.S. Supreme Court Definition of Civil Fraud

The U.S. Supreme Court in 1888 provided a definition of civil fraud as:

First, that the defendant has made a representation in regard to a material fact; second,
that such a representation is false;

Second, that such representation was not actually believed by the defendant, on
reasonable grounds, to be true;

Third, that it was made with intent that it should be acted on;

Fourth, that it was acted on by complainant to his damage; and,

Fifth, that in so acting on it the complainant was ignorant of its falsity, and reasonably
believed it to be true. The first of the foregoing requisites excludes such statements as
consist merely in an expression of opinion of judgment, honestly entertained; and again
excepting in peculiar cases, it excludes statements by the owner and vendor of property
in respect of its value.

The modern definition of fraud is derived primarily from case and statute law, but
many of the ancient elements remain. Fraud is a Latin noun carrying a wide range of
meanings clustered around the notions of harm, wrongdoing, and deceit. The modern
definition derived from case law focuses on the intent of the fraudster(s) to separate
the trusting victim from property or a legal right through deception for their own
benefit. This deception involves any false or misleading words or actions or
omissions or concealment of facts that will cause legal injury. Criminal prosecution
of fraud must prove beyond a reasonable doubt that an act meeting the relevant legal
definition of fraud has been committed by the accused. In civil cases, liability must be
demonstrated on a balance of probabilities, supported by the preponderance of the
evidence.

Fraud is a broad category of financial-related crimes and includes confidence

schemes, art forgery, falsified scientific research data, lying on a resume, falsifying
an insurance claim, cheating on income taxes, and hundreds of other possible
schemes that would fall under the term "fraud."

White-collar crime should be viewed as a subclass of fraud. Individuals commit white-

collar crime by embezzling funds, manipulating accounts, receiving bribes, or
committing other schemes through their place of business. What they all have in
common, however, is the intent to deceive. This book limits the discussion to the field of
white-collar crimes committed against organizations, businesses, and their accounting
systems, and will not discuss consumer and other types of fraud. The forensic accounting
techniques discussed below are central to the discovery of fraud in the business
environment.

Definition of fraud risk assessment

Fraud risk Assessment is an uncertainty surrounds us, it is part of our lives whether we
like it or not, or the negative kind of uncertainty we label risk, while the positive, we call
opportunity. Success in business and in life results from exploiting opportunities by
managing risks (Wixley & Everingham 2002;78). In the financial statement audit, there
are some risk associated with the audit, for example, the uncertainty about the
competence of management, the accounting staff, the effectiveness of internal controls
and the quality of evidence. These risks are inherent, control and detection risk (these
risks were covered in Auditing modules). Golden et al (2006), says that assessing the
degree of risk present and identifying the areas of highest risk are critical initial steps in
detecting financial statement fraud. Auditors should approach risk assessment with a
high level of professional skepticism, setting aside any prior beliefs about management
integrity.
Categories or Types of fraud
Asset misappropriation
It involves the theft or misuse of an organization’s assets. (Common examples include
skimming revenues, stealing inventory, and payroll fraud.) Corruption entails the
unlawful or wrongful misuse of influence in a business transaction to procure personal
benefit, contrary to an individual’s duty to his or her employer or the rights of another.
(Common examples include accepting kickbacks and engaging in conflicts of interest.
Misappropriation of assets occurs when employees, especially company directors, they
often use official vehicles, computers and other facilities for personal interests. Most
business assets maybe stolen by employees or third parties, or by illegal cooperation of
employees and third parties. Misappropriation of assets maybe called employee fraud as it
involves employees colluding with others to perpetrate frauds (Golden et al, 2006). These
frauds include bribery, conflict of interest, embezzlement of money and property, theft of
trade secrets of intellectual property and so on.
Bribery
Bribery includes schemes such as cuts, kickbacks or commission, bid rigging, gifts or
gratuities and manipulation of contracts. Employees collude with third parties to use his
role as an employee to obtain a personal benefit. Manning (2005) says bribery is used to
gain an improper advantage over others through intervention of corrupt employee.
Manning also defined bribery as the giving of something of value by another party without
the employer’s knowledge, to a decision maker or decision influencer in exchange for
influence in a decision making process. The loss of the bribe may not materialize to the
business early as the employer does not directly steal anything; the loss will materialize in
the long run. The loss will be through the loss of competitive advantage, higher costs or
lower quality supplies that will affect the business both in monetary terms and in
reputation. The following are some types of bribes:
Conflict of interest
Directors have a fiduciary duty to disclose any personal interest in any transaction in the
business. (More is discussed about duties of directors in business law 2 BACC205) When
they fail to disclose their personal interest in a transaction it will result in conflict of
 interest fraud. In conflict of interest fraud, the benefit is derived directly or indirectly by
the employee from acting in their self-interest. According to Manning (2005) conflict of
interest occurs when an employee takes advantage of their employer’s trust, when the
employer doesn’t realize the employee’s ulterior motive of their actions.
Embezzlement of money and property

This is when an employee trusted by business funds or property manipulate business

records to hide the theft of funds or property. Embezzlement of money and property
occurs on all levels of business:

 accounts clerk stealing petty cash

 top government official stealing large investment sums
 bank teller who pockets deposits
 bookkeeper who takes customer refunds for himself
 payroll clerk who doesn’t deposit correct amount of PAYE, keeping the rest for
himself

Theft of trade secrets of intellectual property

Trusted employees misuse their privileges to gather and steal sensitive information (Caputo,
2009). Trade secrets are devices, formulas or compilation of information which a business
use to its economic advantage. This information is usually protected by use of password and
can only be accessed by top level employees in a business. Examples of theft of trade secrets
of intellectual property according to Chicago trade secret lawyers (not dated) are:

 sell of information to a competing business

 working for a competing business
 starting a competing business

Financial statement fraud

Financial statement fraud is a deliberate misstatements and omissions of amounts or
disclosures of financial statements to deceive financial statement users, particularly investors
and creditors. Financial statement has been discussed in detail in unit five. It has been defined
by Treadway commission report (not dated) as “intentional or reckless conduct, whether by
act or omission, that results in material misleading financial statements.” financial statement
fraud is perpetrated by management, as they are responsible for producing reliable financial
reports and the four presentation, integrity, and quality of financial reporting process is the
management’s responsibility. Financial statement fraud affects all its users.
Even though the specific schemes vary, the major areas involved in financial statement fraud
include the following:
1. Fictitious revenue (and related assets)
2. Improper timing of revenue and expense recognition
3. Concealed liabilities
4. Inadequate and misleading disclosures
5. Improper asset valuation
6. Improper and inappropriate capitalization of expenses
The essential characteristics of financial statement fraud are (1) the misstatement is
material and intentional, and (2) users of the financial statements have been misled.
In recent years, the financial press has had an abundance of examples of fraudulent
financial reporting. These include Enron, WorldCom, Adelphia, Tyco, and others. The
common theme of all these scandals was a management team that was willing to “work
the system” for its own benefit and a wide range of stakeholders- including employees,
creditors, investors and entire communities- that are still reeling from the losses. In
response, Congress passed the Sarbanes-Oxley Act (SOX) in 2002. SOX legislation was
aimed at auditing firms, corporate governance, and executive management (CEOs and
CFOs), officers, and directors. The assessment of internal controls, preservation of
evidence, whistle blower protection, and increased penalties for securities fraud became a
part of the new business landscape.
Common fraud schemes
Lapping scheme:

Is a form of robbing one customers’ payment to pay another’s’ because the latter payment
was stolen by the perpetrator. For example, a fraudster takes customer A’s payment,
steals it and pays it back the next day with customer B’s payment.

Overbilling schemes

An employee is given bribe, so that the employee prefers the supplier over other
suppliers. The goods maybe of a higher price than they should, or they may be of lower
quality than expected. The overpricing is the profit made from the bribe.

Under-pricing schemes
 This is when an employee receives a bribe and in return the business sells goods and
services at prices that are below or on conditions that are less favorable to the business.
The benefit of the purchaser is they get a better deal than they are entitled to get. The
business gets a lower consideration than they should have made, and the cost saving is the
profit made from the bribe.

Promotions

Granting promotions to employees within the business that is the briber gets promoted
above other more qualified people or hiring of unsuitable employees.

Fictitious revenues

Fictitious revenues are created by simply recording sales that never occurred.

Inadequate disclosure

Improper disclosure can be the tactic of a fraudster to hide a fraud, disclosure notes that
are so obfuscated that it is difficult to determine the true nature of the event or transaction.

Payroll scheme

Payroll scheme involves conning the company from paying wages that were not earned,
this include ghost employee, falsified wages, commission and false workers’
compensation.

Elements of fraud.
Legal Elements of Fraud
Under common law, fraud includes five essential elements:
• A representation about a material fact, which is false;
• And made intentionally, knowingly, or recklessly;
• Which is believed;
• And acted upon by the victim; and
• To the victim’s damage.
Activity

1 Explain the nature of fraud and its impact on organisations

2. Define and identify the legal components of fraud.
3. Using some fraud theory write an essay on why employees perpetrate fraud
 4. Critically examine the statement that a fraudster can be identified by appearance and
+character

CHAPTER 2

Factors that causes employees to commit fraud/Reasons why

people commit fraud.
Theories on why employees commit fraud
In order to prevent and detect fraud forensic auditors need to understand how the fraudsters
think and act. This module will use the theory of Fraud triangle, Fraud diamond, White collar
crime and Fraud scale. The theories highlight 10 fertile grounds that allow a person or
employee to committee fraud namely Opportunity, Low chance of getting caught,
Rationalization in the fraudsters mind, and Justification that results from the rationalization.
The Fraud Triangle theory
Fraud triangle theory which has been provide by Cressey (1950) is critically important in
identify push factors to commit fraud. The fraud triangle theory states that the likelihood of
fraudulent activities significantly increases when a person has necessary knowledge, ability
and opportunity According to Cressey fraud occurs as a result of the interplay between three
factors: opportunity, incentive or pressure, and attitude or rationalization. The three
components are perceived opportunity, perceived pressure and rationalization as shown in
Figure 2.2.
Figure 1.1: The Fraud Triangle Theory

Source: Rasha and Andrew (2012)

Opportunity
It is an open door for solving a non-shareable problem in secret by violating a trust.
Opportunity is generally provided through weaknesses in the internal controls
Some examples include inadequate or no:
 Supervision and review

 Separation of duties

 Management approval

 System controls
How easy is it for an employee to commit fraud? Does the employee believe they will
not get caught? There is a weakness in the system that the right person could exploit.
Fraud is possible. Weak internal controls, poor management oversight, and poor
separation of duties are key factors on the opportunity employees have on committing
a fraudulent act.
A perceived opportunity to commit fraud may exist when an individual believes
internal control can be overridden, for example, because the individual is in a position
 of trust or has knowledge of specific deficiencies in internal control. Poor internal
controls, Management override of internal controls, Collusion between employees and
collusion between employees and third parties.
The opportunity to commit and conceal the fraud is key to encouraging fraud.
Pressure
Pressure may be anything from unrealistic deadlines and performance goals to
personal vices such as gambling or drugs.

 I want something but I don’t have the money for it;

 These guys are paying me peanuts how do they expect me to survive?
 I am suffering despite my high qualification and hard work

(Pressure is the aspect of what causes the employee to commit fraud.

This may be pressure from having to pay bills, drug or alcohol problems, or simply
living beyond one’s means.)
Pressure can be a financial pressure, non-financial, or political and social pressure. Non-
financial pressure can be derived from a lack of personal discipline or other weaknesses
such as gambling habit, drug addiction. While, political and social pressure occurs when
people feel they cannot appear to fail due to their status or reputation.
Rationalization
The last element to the fraud triangle is rationalization, meaning the person can justify
their actions. Rationalization is a crucial component of most frauds because most people
need to reconcile their behaviuor with the commonly accepted notions of decency and
trust.
They may believe that they have to commit the fraud in order to pay for their mortgage,
gambling problem, or for mounting family medical bills.
I have convinced myself that this fraudulent behavior is worth the risks.
Many times, the individual views the fraud as “borrowing” and believes they will pay it
back in the future; which seldom happens.)
Some examples include:
 I really need this money and I’ll put it back when I get my pay cheque

 I’d rather have the company on my back than Zimra

 I just can’t afford to lose everything – my home, car, everything

According to Manurung and Hadian (2013), the pressure to commit fraud emanate from
financial stability, personal financial need, financial targets and external pressure. In
addition, CGMA (2012) also argued that the motivation or pressure for fraud is typically
based on greed or need that result from financial difficulties which an individual will be
experiencing. Furthermore, Murdock (2008) also argued that pressure can be a financial
pressure, non-financial, or political and social pressure. Non-financial pressure can be
derived from a lack of personal discipline or other weaknesses such as gambling habit,
drug addiction. While, political and social pressure occurs when people feel they cannot
appear to fail due to their status or reputation. However, Rae and Subramaniam (2008),
concluded that pressure gives employees some degree of motivation to commit fraud as a
result of greed or personal financial pressure.
Consequently, an opportunity may rise where there are weak internal controls such as
poor security, little fear of exposure or likelihood of detection (Ashraf, 2011). In his study
on fraud occurrence, Cressey (1950) also mentioned that perceived opportunity arises
when the fraudster sees a way to use their position of trust to solve the financial problem,
despite the fact that fraud will be detected. Thus, understanding the opportunity for fraud
to occur is essential to the auditor in matching fraud schemes with internal controls gaps.
Thus, internal controls gap present opportunities for an employee to commit fraud.
Therefore, in each kind of fraud, the three elements of the Fraud Triangle Theory have to
be present, although in varying degree (Mackevičius & Giriūnas, 2013). If the perceived
pressure is huge, then the rationalization does not have to be that intricate. For example, if
one has a lot of pressure to get money in a very short period of time, the perceived
pressure holds a higher degree of influence than the rationalization element. However, if
the employee has a pressure of getting a new and expensive car, then there is need for
rationalization. However, Cressey (1973), who was the first to propose the fraud triangle,
explained that the pressure to commit fraud can be identified with a person’s internal
motives, but he stressed that the presence of financial trouble does not mean that people
will be inclined to commit fraud.
Cressey’s fraud theory, normally known as the fraud triangle theory, has been widely
supported and used by audit professionals and standards’ setters as an instrument for
detecting fraud. While Cressey (1950) identified the three elements that are now referred
to as the fraud tringle, it has been noted that the study was limited to funds embezzlement
and not to fraud in general. Although Cressey’s fraud triangle has been supported by audit
regulators, critics such as Albrecht et al. (1984); Wolfe and Hermanson (2004; Kranacher,
et al. in 2010; Dorminey et al.2010) argued that the model alone is an inadequate
instrument for fraud. This has seen the introduction of the Fraud Diamond by Wolfe and
Hermanson (2004) and the Fraud scale theory by Albrecht et al (1984). However, other
fraud models should be regarded as an extension to Cressey’s fraud triangle model.
As provided for by Wolfe and Hermanson (2004) the Fraud diamond has four elements;
thereby adding the capability element to the original fraud triangle. The argument was
Wolfe and Hermanson believed that although the fraudster may have the pressure,
opportunity to commit the fraud and rationalize the ideology of betraying the trust. Yet,
he cannot conceal unless he has the capability to do so. Many opponents of the Fraud
triangle claim that the triangle is not sufficiently detailed because it lacks a crucial
element which is capability (Kassem & Higson 2012; Anandarajan & Kleinman, 2011).
Thus, not every person who has the motivation, opportunities, and realization may decide
to commit fraud due to the lack of the capability to circumvent internal controls.
Furthermore, Dorminey, et al. (2010) argued that the model cannot solve the fraud
problem alone because two sides of the fraud triangle, pressure and rationalization, cannot
be easily observed. More importantly, factors like fraudsters’ capabilities are ignored by
the fraud triangle (Higson, 2012).
However, it can be observed that the merging of the components of the fraud theories can
strengthen the knowledge of the external auditors. In fact, it is important for auditors to
consider all fraud models to better understand why fraud is committed. Hence, it is
necessary to have an integrated model that includes motivation, opportunity, integrity,
and fraudster’s capabilities.
Reason why Employees Lie, Cheat, and Steal on the Job.
These 25 reasons for employee crimes are those most often advanced by authorities in
white-collar crime (criminologists, psychologists, sociologists, risk managers, auditors,
police, and security professionals):

1. The employee believes he can get away with it.

2. The employee thinks she desperately needs or desires the money or articles stolen.
3. The employees feels frustrated or dissatisfied about some aspect of the job.
4. The employee feels frustrated or dissatisfied about some aspect of his personal life
that is not job related.
5. The employee feels abused by the employer and wants to get even.
6. The employee fails to consider the consequences of being caught.
 7. The employee thinks: “Everybody else steals, so why not me?”
8. The employee thinks” “They’re so big, stealing a little bit won’t hurt them.”
9. The employee doesn’t know how to manage her own money, so is always broke and
ready to steal.
10. The employee feels that beating the organization is a challenge and not a matter of
economic gain alone.
11. The employee was economically, socially, or culturally deprived during childhood.
12. The employee is compensating for a void felt in his personal life and needs love,
affection, and friendship.
13. The employee has no self-control and steals out of compulsion.
14. The employee believes a friend at work has been subjected to humiliation or abuse
or has been treated unfairly.
15. The employee is just plain lazy and will not work hard to earn enough to buy what
she wants or needs.
16. The organisation’s internal controls are so lax that everyone is tempted to steal.
17. No one has ever been prosecuted for stealing from the organization.
18. Most employee thieves are caught by accident rather than by audit or design.
Therefore, fear of being caught is not a deterrent to theft.
19. Employees are not encouraged to discuss personal or financial problems at work or
to seek management’s advice and counsel on such matters.
20. Employee theft is a situational phenomenon. Each theft has its own preceding
conditions, and each thief has her own motives.
21. Employees steal for any reason the human mind and imagination can conjure up.
22. Employees never go to jail or get harsh prison sentences for stealing, defrauding,
or embezzling from their employers.
23. Human beings are weak and prone to sin.
24. Employees today are morally, ethically, and spiritually bankrupt.
25. Employees tend to imitate their bosses. If their bosses steal or cheat, then they are
likely to do it also.

To be respected and thus complied with, laws must be rational, fair in application, and
enforced quickly and efficiently. Company policies that relate to employee honest, like
criminal laws in general, must be rational, fair, and intended to serve the company’s best
economic interests. The test of rationality for any company fraud policy is whether its
terms are understandable, whether its punishments or prohibitions are applicable to a real
and serious matter, and whether its enforcement is possible in an efficient and legally
effective way.

But what specific employee acts are serious enough to be prohibited and or punished? Any
act that could or does result in substantial loss, damage, or destruction of company assets
should be prohibited. What is acceptable or considered substantial will vary by
organization, but wherever the boundaries are defined, they must be well communicated,
exemplified by upper management, and enforced as necessary.
The greatest deterrent to criminal behaviour is sure and even-handed justice; that means
swift detection and apprehension, a speedy and impartial trial, and punishment that fits the
crime: loss of civil rights, privileges, property, personal freedom, or social approval.
Having said all that, why is it that, despite the dire consequences of criminal behaviour, it
still occurs? Apparently, it is because the rewards gained often exceed the risk of
apprehension and punishment; that is, the pains inflicted as punishment are not as severe
as the pleasures of criminal behaviour. The latter seems to be particularly true in cases of
economic or white-collar crimes. Many times, if not most, when a fraud is detected, the
extent of punishment regarding the perpetrator is to be fired, sometimes without even
paying back the fraud losses. So while potential white-collar criminals may believe they
might get caught, the ramifications are below some acceptable threshold.

The Fraud Diamond theory

Wolf and Hermanson (2004) present the four factors to commit fraud as a diamond. It is
generally viewed as an expanded version of the Fraud Triangle Theory proposed by
Cressey (1953). And many researchers have acknowledged the fraud diamond theory as
valuable framework in understanding the occurrence of fraud (Abayomi, 2016b; Mansor et
al., 2015; Manurung & Hardika, 2015; Ruankaew, 2016).
Figure 2.2: The Fraud Diamond
Source: Abayomi (2016b)
The proponents of this theory posit that many billion-dollar frauds would not have taken
place if the fraudsters had no right capabilities. In other words, the potential perpetrator must
have the skills and ability to commit fraud (Manurung & Hardika, 2015). Furthermore,
Albrecht et al. (1995) believe that only the person who has an extremely high capacity will be
able to understand the existing internal control, to identify its weaknesses and to use them in
planning the implementation of fraud. Hence, it can be argued from this point of views that
not every person who possessed motivation, opportunities, and realization may commit fraud
due to the lack of the capability to carry it out or to conceal it.

As presented by Manurung and Hadian (2013) the opportunity is the pathway to fraud while
pressure and rationalization can draw the person toward it. However, it can be noted that the
person must have the capability to recognize the pathway and take advantage of it by walking
through it several times. Otherwise, pressure and motivation alone do not sufficiently impose
great effort for fraud to be committed. Wolf and Hermanson (2004) believed that many
frauds would not have occurred if the person does not have the right capabilities. According
to Abayomi (2016b), the capability factor has become important because nowadays fraud is
committed by intelligent and creative personnel in the backdrop of solid internal controls.
Therefore, assessing the capability element will assist in the auditors in detection of
fraudulent activity within the firm. Hence, the Fraud Diamond theory was proposed.
Wolfe and Hermanson (2004) also believed that numerous frauds would not have
occurred .Therefore, with the additional element presented in the fraud diamond theory
affecting individuals’ decision to commit fraud, the organization and auditors need to better
understand employees’ individual traits and abilities in order to assess the risk of fraudulent
behaviors (Manurung & Hardika, 2015). In addition, better systems of checks and balances
should be implemented and monitored to proactively minimize risks and losses as a result of
fraudulent activities in the workplace. Hence, because of the capability of those who are
engaged in fraud and other forms of mobocracies, the service of a trained and experienced
investigator like the forensic auditor is required to anticipate the occurrence of fraud.
White collar crime theory
White collar crime refers to financially motivated nonviolent crime committed by business
and government professionals (Shaheen, Sultana, & Noor, 2014; Simha, 2016). The crime is
usually committed by those who have power or influence within the Organisation. The theory
of White collar crime was propounded by Sutherland (1949) in an attempt to study crime and
society. By introducing the theory Sutherland sought to distinguish crimes associated with
‘respectable’ or legitimate occupations from the ‘ordinary’ crimes such as rape or murder of
high-status individuals, and from professional crimes. He theorized that crime is committed
by a respectable person who also holds a high social status. During his study, he observed
that less than two percent of the persons prisoned yearly belong to the upper class. The study
of the white-collar crime was meant to ascertain that crimes involving money are related to
social status. It can be argued that people steal money in order to improve their social status.
As a result, the higher the status the more likely the person will commit the crime.
In addition, the other contributing factors to white collar crime is the opportunity and the
advent of technology (Wyk, 2012.). New information technologies imply that the opportunity
of wrong doing is advanced and at the same time it can be concealed because not many
individuals and businesses are acquainted with technology. Hence, because of the status of
those who engaged in these mayhems, the services of a trained and experienced investigator
like the forensic auditor is required to envision the occurrence of such fraud?
Furthermore, the work of Dorminey et al. (2012) suggests the creation of an overarching
Meta model of white-collar crime by looking beyond the simple fraud triangle and
interconnecting it with various other elements of the crime. Dorminey asserts that the Fraud
Triangle alone may not be enough to capture the behavioral antecedents of white-collar
crime. White-collar crime can be seen as the fusion of both criminology and business. In
supporting the theory of White collar crime, Dorminey concurred with Sutherland that fraud
should be treated as a crime. Subsequently, violations of organizational regulations are often
seen as ‘technical’ rather than ‘criminal’ offences. As a consequence, it can be seen that all
wrong doings are not always regarded as criminal conduct.
Fraud scale theory
Again, the fraud scale theory was developed by Albrecht, Howe and Romney (1984) as an
alternative to the fraud triangle model. It is very similar to the fraud triangle; however, the
fraud scale uses an element called “personal integrity” instead of rationalization. This
personal integrity element is associated with each individual’s personal code of ethical
behavior. Albrecht et al. also argued that, unlike rationalization in the fraud triangle theory,
personal integrity can be observed in both an individual’s decisions and the decision-
making process, which can help in assessing integrity and determining the likelihood that an
individual will commit fraud. Experts agree that fraud and other unethical behaviors often
occur due to an individual’s lack of personal integrity or other moral reasoning (Dorminey
et al., 2010). Hence, to predict the occurrence of such fraud, the services of a forensic
auditor is necessary.

Figure 2.3: Fraud Scale Theory

Source: Albrecht, Howe and Romney (1984)
The Diamond Fraud Theory and the new Fraud Diamond Theory
It is of paramount importance that forensic accounts understand why people committ fraud
in order to develop the measures and techniques of mitigations. Frauds occur because of
the existence of a right person with right capabilities implementing the details of the fraud.
The theory observed four traits for committing fraud: a position of authority within the
entity, capacity to understand and exploit accounting systems and internal control, the
confidence that one will not be detected, or get caught, and if caught one will get out of it
easily, and as well as the capability to deal with the stress created.

The theory is important to forensic accountants in that they need to keep it in their minds
that there is pressure or motive to commit fraud. This can either be personal pressure,
employment pressure, or external pressure and each of these types of pressure can also
happen due to financial and nonfinancial pressure. Forensic accountants should understand
the opportunity for committing fraud in order to be able to identify which fraud schemes
an individual can commit and that a fraud virus occurs when there is an ineffective or
missing internal control.

The four factors to fraud as presented by (Wolf & Hermanson, 2004) in the fraud diamond
are shown in figure 2.3

Incentive /pressure

Capability Opportunity

Rationalization

Figure 2.3.1 Fraud Diamond Model (Wolf & Hermanson, 2004)

The new Fraud Diamond (NAVSMICE)

The critic to diamond theory argue that although the fraud diamond added the fourth
variable “capability” and filled the gap in other theories of fraud, the model alone is an
inadequate tool for investigating, deterring, preventing and detecting fraud. This is
because, incentive/pressure and rationalization) cannot be observed, and that other
important factors like national value system and corporate governance are not considered.
This research therefore suggests another model that can be termed “New Fraud Diamond,”
that was designed by (Dorminey, Fleming, & Riley, 2010). The New Fraud diamond
model is given in shown in figure 2.3 .2below;

MOTIVATION

(NAVSMICE MODEL)

CORPERATE

CAPABILITIES OPPOTUNITY

GOVERNANCE

PERSONAL INTEGRITY

Figure 2.3:2 the New Fraud Diamond Model (Wolf & Hermanson, 2004)

In this model, the motivation factor is expanded and identified with the acronym:
NAVSMICE that stands for NAVS – National Value System; M = Money; I = Ideology;
C = Coercion; and E = Ego. It is important to note that Zimbabwe’s present National
Value System is bad. Little or no importance is put on good behaviuor such as honesty,
integrity and good character (Mabika, 2015,Magombedze & Gunduza, 2017) The society
does not question the source of “wealth.” Any person who suddenly gets riches or wealth
is quickly recognized, promoted and honored. It must be known that fraud exist in society
where riches are honored without question (KPMG, 2019).The Zimbabwean society is
based on wealth (materialistic society) that to a larger extent promotes fraud (Mawanza,
2014).

The model also suggests that the fraud scale should include personal integrity instead of
rationalization and it is particularly applicable to financial reporting fraud where sources
of pressure (e.g. analysts‟ forecasts, management earnings guidance, a history of sales and
earnings growth) are more observable. Personal integrity can be observable through
observing both a person’s decisions as well as the decision making process. The person’s
commitment to ethical decision-making can be observed and this can help in assessing
integrity and thus the likelihood of an individual committing fraud.
The model further suggests corporate governance as the lock to all the factors that cause
fraud to take place in Zimbabwe. An important theme of corporate governance is the
nature and extent of accountability of people in the organizations. Corporate governance is
the principle and value that guides an organization in the conduct of its day-to-day
activities and how stakeholders interrelate among one another (Anandarajah, 2001).Good
corporate governance is the missing link in developing countries, for instance Zimbabwe
which has a high index of fraud occurrence (Jose, 2014).This situation can only change
when the country achieves a positive change in the character and orientation of their
government leadership (Office of the Auditor General, 2018) The leaders can bring this
desired change by promoting good corporate governance in the Zimbabwean economy
through integrity, accountability and transparency, which would lead to attainment of
strong internal control system in developing countries and thus the likelihood of an
individual committing fraud. (Nwankwo, 2011). According to financial literature, it is
important for forensic accountants to consider all the fraud models to better understand
why fraud occurs and the reasons why frauds are on the rise. This study suggest that all
other fraud models should be regarded as an extension to Wolf and Hermanson‟s fraud
diamond and should be integrated in one model that includes motivation, opportunity,
personal integrity, capabilities and corporate governance. This should be called “New
Fraud Diamond Model.” the New Fraud Diamond Model help effectively in investigating
and assessing fraud risk
High-Level and Low-Level Thieves
At high levels of organizational life, it is easy to steal because controls can be bypassed or
overridden. The sums high-level managers steal, therefore, tend to be greater than the
sums low-level personnel steal. Or instance, according to the 2008 ACFE RTTN,
executive’s average about 834,000 per fraud, managers about $150 000, and employees
about $834,000 per fraud, managers about $150,000, and employees about $70,000. The
number of incidents of theft, however, is greater at low levels of organizations because of
the sheer number of employees found there.

The ACFE RTTN has put together a profile of fraudsters based on the information
collected from CFEs in its surveys. The more expensive frauds, in terms of cost or losses,
are committed by fraudsters who (a) have been with the firm a long time, (b) earn a high
income, (c) are male, (d) are over 60 years of age, € are well educated (the higher the
educational degree completed, the higher the losses), (f) operate in collusion rather than
alone, and (g) have never been charged with anything criminal. The most frequent frauds,
however, are committed by fraudsters with a different profile. These fraudsters (a) have
been an employee for about the same amount of time as the high-level thieves, (b) earn
much less, (c) could be either male or female (gender doesn’t matter), (d) are between the
ages of 41 and 50, (e) have finished high school, (f) operate alone, (g) and have usually
not been charged with any criminal behavior.

Hall and Singleton provide a similar profile for a typical fraudster in general. These
criminals are (a) in a key position in the company, (b) are usually male, (c) are more than
50 years old, (d) are married, and € are highly educated. This profile is similar to the one
from the ACFE RTTN, and leads us to this overall conclusion: A white-collar criminal
does not look like a criminal!

CHAPTER 3

Identification of fraudsters
In view of the principles mentioned, one might conclude that fraud is caused mainly by
factors external to the individual: economic, competitive, social, and political factors,
and poor controls. But how about the individual? Are some people more prone to commit
fraud than others? And if so, is that a more serious cause of fraud than the external and
internal environmental factors previously discussed? Data from criminology and
sociology seem to suggest so. Begin by making a few generalizations about people.

 Some people are honest all of the time.

 Some people are dishonest all of the time.
 Most people are honest some of the time.
 Some people are honest most of the time.
Research has been conducted to ask employees whether they are honest at work. Forty
percent say they would not steal, 30 percent said they would, and 30 percent said they
might. Beyond those generalizations about people, what can one say about fraud
perpetrators? Gwynn Nettler, in Lying, Cheating and Stealing, offers these insights on
cheaters and deceivers.

 People who have experienced failure are more likely to cheat.

 People who are disliked and who dislike themselves tend to be more deceitful.
 People who are impulsive, distractible, and unable to postpone gratification are
more likely to engage in deceitful crimes.
 People who have a conscience (fear of apprehension and punishment; that is;
perception of detection) are more resistant to the temptation to deceive.
 Intelligent people tend to be more honest than ignorant people. Middle land
upper-class people tend to be more honest than lower class people. The easier it is
to cheat and steal, the more people will do so.
 Individuals have different needs and therefore different levels at which they will
be sufficiently motivated to lie, cheat, or steal.
 Lying, cheating, and stealing increase when people have great pressure to achieve
important objectives.
 The struggle to survive generates deceit.

People lie, cheat, steal on the job in a variety of personal and organizational situations.
The ways that follow are but a few.

Personal variables
 Aptitudes/abilities
 Attitudes/preferences
 Personal needs /wants
 Values / beliefs

Organizational variables

 Nature/scope of the job (meaningful work)

 Tools/training provided
 Reward/recognition system
  Quality of management and supervision
 Clarity of role responsibilities
 Clarity of job-related goals
 Interpersonal trust
 Motivational and ethical climate (ethics and values of superiors and co-workers)

External variables

 Degree of competition in the industry

 General economic conditions
 Societal values (ethics of competitors and of social and political role models)

Risk management
Importance of risk management and fraud risk assessment in an organisation.

The purpose of risk management is to explain the organization’s underlying

approach to risk and risk management. Each organization is committed to the
management of risk as an integral part of its operations, focusing on strategies
to minimize risks that might impact negatively on the achievement of the
organization goals and objectives.
It relates to the culture, processes and structures directed towards the effective
management of potential opportunities and adverse effects within the
organization’s environment.
The objectives of this policy are to:
 Outline the organization’s approach to risk management;
 Improve decision-making, accountability and outcomes through the
effective use of risk management;
 Integrate risk management into daily operations of the organization.

Scope of risk management

It applies to all areas of the organization and staff. All employees are required to
be responsible and accountable for managing risk in as far as is reasonably
practical within their area of responsibility.
Sound risk management principles and practices must become part of the
normal management strategy for all department and faculties within the
organization.
The management of risk is to be integrated into the organization’s existing
planning and operational processes and is to be fully recognized in the
organization’s reporting processes.
Approach in risk management

Each organization has an open and receptive approach to solving risk problems
and ensuring that risk management is integrated into normal business processes
and aligned to the strategic goals.
The organization should identify the following activities as central in the risk
management process:
(a) Risk context establishment – the strategic and organizational context
within which the risk management process of the organization will take
place.
(b) Risk identification, analysis and assessment – the identification of what,
why and how events may arise, the determination of existing controls,
and an analysis of risks in terms of the likelihood and impact of risk in
the context of those controls.
(c) Risk control and treatment – for high impact risks, the organizations
will develop and implement specific risk management plans, lower
impact risks may be accepted and monitored.
(d) Risk Register oversight and review - Monitoring and review occurs
throughout the risk management process.
(e) Risk Communication and consultation – appropriate communication
and consultation will take place with internal and external stakeholders
at relevant stages of the risk management process in a way that will
enable the origination to minimise losses and capitalize on
opportunities.
Chief Executive Officer
The CEO is accountable to the organization and the Board and has overall
responsibility for protecting the organization from unacceptable costs
and/or losses associated with its operations, and for developing and
implementing systems for effectively managing the risks that may affect
the achievement of goals and objectives.
Executive and Senior Management
The effectiveness of risk management is unavoidably linked to
management competence, commitment and integrity, all of which form
the basis of sound Corporate Governance.
Executive and Senior Management are responsible for:
 Providing direction and guidance within their areas of
accountability so that subordinates best utilise their abilities in
the preservation of the organizations resources.
 Promoting, sponsoring and coordinating the development of a
risk management culture throughout the organization.
 Guiding the inclusion of risk management in all strategic and
operational decision making processes.
 Establishing a clear profile of major risks within their area of
control incorporating both opportunity and negative risks.
 Maintaining a framework to manage, monitor and report risks.
 Managing risks to meet the organization’s objectives, goals and
vision, and improving Corporate Governance.
Heads of Departments
Heads of sections and departments are responsible for the adoption of risk
management practices and will be directly responsible for the results of
risk management activities, relevant to their area of responsibility.
 As part of the annual planning cycle, Heads of departments and sections
will be required to consider, document existing risks and their impact on
proposed plans.
Any new risks identified due to changes in the business environment
must also be documented.
Risk records must be maintained up-to-date on an on-going basis to
reflect any changes which may occur.
All Employees
All employees are responsible for:
 Identifying areas where risk management practices should be
adopted and advice their supervisors accordingly.
 Taking all practical steps to minimize the Organization’s exposure to
contractual and professional liability.
 Acting at all times in a manner which does not place at risk the
health and safety of themselves or any other person in the workplace
Risk Management Committee
The Committee is responsible for:
 Reviewing the organization’s strategic risk assessment on an annual
basis.
 Reporting regularly to the board summarizing its review and
monitoring activities as they relate to oversight of the risk
management process.
 Reviewing the policy document every three years, or sooner where
considered necessary.
Loss control in Risk Management
The Loss control department will support the Organisation in risk
management through:
 Identification of hazards within the Organisation.
 Provisions of control measures.
  Reporting and advising on identified risks and hazards.
Internal Audit in Risk Management
The Internal Audit Department supports the organist ion in Risk
Management Committee through:
 Carrying periodic independent reviews of risk management practices
and procedures in place.
 Providing assurance on the efficiency and effectiveness of the reviews
in the management of risk.
Quality Assurance in Risk Management
In liaison with relevant departments and units, the unit will:
 Ensure that appropriate processes are in place and are followed to
manage risks effectively.

Fraud Risk Assessment

Uncertainty surrounds us- it is part of our lives whether we like it or not .The negative kind of
uncertainty we label risk ,while the positive and we call opportunity .Success in business and
in life results from exploiting opportunities by managing risks (Wixley & Everingham
2002;78).In the financial statement audit, there are some risk associated with the audit, for
example, the uncertainty about the competence of management, the accounting staff, the
effectiveness of internal controls and the quality of evidence. These risks are inherent, control
and detection risk (these risks were covered in Auditing modules.) Golden et al (2006), says
that assessing the degree of risk present and identifying the areas of highest risk are critical
initial steps in detecting financial statement fraud. Auditors should approach risk assessment
with a high level of professional scepticism, setting aside any prior beliefs about management
integrity.

Why the need for fraud Prevention

Fraud prevention has proved to be important aspect of every project because it is well
known that prevention is better than cure and also they are cost associated with
detecting and tracking fraud, these cost maybe avoided when there is a well
implemented fraud prevention strategy. Benefits than can be derived from fraud
 prevention than detection. According to American Institute of Certified Public
Accountants (AICPA,2005).The primary responsibility for prevention and detection
of fraud rests with those charged with governance and management .However, Wilson
(2004) argues that the best scenario is one where the management, employees, internal
auditors and external auditors all work together to combat fraud. Therefore fraud
prevention is very critical to the organization.

Fraud prevention and detection is not a static process. There is no starting and ending
point, it is an ongoing cycle involving monitoring, detection, decisions, case
management and learning to feed improvements in detection back into the system.
Fraud prevention is the implementation of a strategy to detect fraudulent transactions
or banking actions and prevent these actions from causing financial and reputational
damage to the customer and financial institution (Rossouw, G.J., 2000)

It is vital to an organization, large or small, to have fraud prevention plan in place. A

company can suffer a loss if an employee commits fraud for a long period of time
without being detected. It is preferable to deal with fraud before it happens and not
after .Fraud prevention occurs before the fraud attempts. Its goal is to reduce the risk
of future fraud (Wells, J.T., 2017). There are ways you can minimize fraud
occurrences by implementing different procedures and controls. In order to minimize
the risk of fraud it is important that businesses recognize the possibility of fraud
occurring and the possible damage caused.

1.0 Reasons for fraud Prevention

(a) Fraud occurs everywhere, and no organization is immune to its potential for
damage or even devastation. In fact, research shows that fraud perpetrators are usually
insiders and normally well respected, highly placed, experienced, tenured, and good
performers.
(b) Recent history reveals that fraud is not discriminating. It can reap unimaginable
havoc regardless of size or industry. Originating anywhere from the mailroom to the
board room and ultimately bringing a company to its knees (e.g., home loan fraud,
trading frauds, financial reporting frauds).
 (c) Today’s changing business environment includes globalization technological
advances, broad availability of information, and economic uncertainty.
(d). Communities, regulators, and investment markets expect organizations to catch
major fraud and deal with it in a timely manner. Understanding vulnerabilities can
Help organizations deal with risks effectively and economically.
(e) It is better to prevent fraud than to detect.

(f) Reduction in losses, cost savings and increased revenue and profits.
Fraud causes losses on individuals and corporates that fall victims. From the
researches done by the Association of Certified Fraud Examiners (ACFE) 2014 it is
evident that an average organization losses 5 % of its annual turnover as a result of
fraud. They also found out that the second highest number of frauds occurred in Sub-
Saharan Africa where 173 cases (12, 8%) of fraud were reported. Therefore fraud
prevention can reduces losses caused by fraud namely the direct losses from fraud,
additional cost for investigations and litigation costs. To cover for the said losses the
organizations need to work hard to increase their revenue and profits so as to maintain
the required rate of return by shareholders. The most important reason is to prevent a
financial loss in organization (KPMG,2005).Thus, investing in security and fraud
prevention although costly, can save an organization’s money in the long run as it will
also prevent a lot of potential future paperwork and the time wasted to resolve
fraudulent activity (ACFE,2014).

 Reduces reputation risk

If an organization is able to prevent or avoid fraud, it is guaranteed that its business
will be deemed credible by investors such as suppliers, financial institutions and
customers (AICPA, 2005). According to KPMG (2009) it was found that 8-18% of
company’s share price is attributed to corporate reputation. Occurrence of fraud
signifies existence of weak internal control system and poor corporate governance.
Investors and financiers would not want to risk their funds in such an organization.
Hence, fraud can easily ruin the reputation with the company’s investors. Therefore, it
is important for the company to prevent fraud to occur.

 Increases organizational confidence

 According to KPMG (2006) investors, partners and auditors will all have more
confidence in a company’s ability to control its fate if they have a strong fraud
prevention program. Thus in general an organization probably thinks a lot about the
risky other organization pose to them: the flip side is that they also contemplate of
that organization as a risk (KPMG, 2006). Therefore, demonstrated efforts to reduce
risky of fraud, both internally and externally, makes an organization to be a better
investment, business partner, insurance risk and supplier.

 To create and maintain a culture of honest and high ethics

For a company with a proper fraud prevention strategy, maintaining a culture of
honesty can help employees want to be more honest, and any staff will be able to
know right from the start that any dishonest behavior will not be tolerated (ACFE,
2014). This is supported by Kassem and Higson (2012) that training of both old and
new employees on the values of the organization also assist in fraud prevention
awareness thereby creating culture of honest and high ethics within the organization.
• A professional attitude of positivity and know legibility of control system.
• Workers share, participate and contribute to the process.
• It enhances future confidence in system
• The process assists to know how to identify causes and environments which
trigger fraud.

Below are some of the reasons why it better to prevent fraud

• Fraud prevention will automatically changes the behavior of workers.it cuts
bad acts and attitude in organization
• It knocks sense on the significance of accountability
• Resources are responsibly used for the benefit of the organization that is promotes
equitable use for the resources
o Promotes good polices, honesty reporting and genuine documentation
o It eliminates unethical behaviour and practice of theft
o It promotes good corporate governance and corporate administration
o An organization is able to survive, growth and sustain itself from resources
o Records are recorded well and asset are well appropriated
o It promotes companies to grow in a healthy financial status
o It instil discipline, credibility and confidence in the long run
Fraud Prevention as a Multidisciplinary Approach
Fraud prevention is a multidisciplinary approach that include management, staff,
members, oversight bodies, computer experts, internal and external fraud experts, and
legal advisors. All of the bodies in the organization are responsible for the prevention
and detection of fraud. Multidisciplinary approach involves team work where each
party must play their role.
The parties include, management, staff, computer experts, legal advisors, fraud
experts (Vander Beken, T., 2002).Each party plays an important party

 Management
These are responsible for setting up systems and procedures in order to safeguard the
company’s assets. Management is also responsible for coming up with policies and
measures which prevents fraud. They come up with controls which should be
followed by all employees (Elliott, R.K. and Willingham, J.J., 1980).

 Staff
They should be trained to identify fraud and misconduct in the work place. A
reporting line should be available for all staff members, which assures anonymity.
Any ignorance or failure to report fraud or other offences should also result in a
disciplinary hearing. Employees should be aware of the organization’s ethics policy,
and be obligated by their contracts to adhere to the rules and procedures as set by
management. Employees should know their duties at the work place such that if they
make a mistake they will be accountable for that mistake and misconduct and
disciplinary actions should be taken against employees who violate the code of
conduct or ethics code.

 Computer Experts
They are responsible for coming up with effective controls that will prevent fraud and
that will protect the Organisation against computer crimes such as hacking.

 Legal Advisors
They are responsible for assisting the company in any legal proceeding .Legal
advisors can be internal or external to the company.
  Fraud Experts
They have knowledge of identifying fraud indicators and they can assist in fraud
investigation. These may include internal and external auditors and also fraud
investigators who assist in prevention, detection and investigation of fraud.
Theoretical Frameworks for Fraud Prevention
There are three theoretical frameworks that an organization can use in the prevention
of fraud. These are firstly creating and maintaining a culture of honest and high
integrity, secondly evaluation process of the fraud and implementing the process,
putting controls and procedures to mitigate on risk and lastly developing oversight.
Creating and maintaining a culture of honest and high integrity

This theoretical framework involves a number of activities.

 Setting a good tone

Leaders leading by example Management are responsible for “setting the tone” for
their organization. The tone in this case means the control environment which is the
tone of the organization at all levels. It includes the integrity, ethical values and
competence of management. It also consists of management ‘s philosophy and
operating style, its methods of assigning authority and responsibility, the organization
and development of staff. It also includes the manner the board of directors put
attention and directs the organization’s operational and financial activities.
 Creating a positive working environment
Creating a positive working environment involves a number of activities .Namely
creating good remuneration, good training, competent staff, favorable promotions,
good communication Employees who are motivated, well paid, developed and
empowered will feel part of the organization. They will feel they own the organization
and will not commit fraud. Human resources must therefore initiate programs to
empower workers.
 Hiring and promoting appropriate employees.
Organizations should minimize the chances of hiring or promoting individuals with
low levels of honest and particularly to positions of trust. Proper hiring and firing
procedures must be put in place to ensure the organization hires the properly qualified
and skilled staff and ensure it does not keep dishonest stuff at work.
  Training.
Ongoing training programs must be maintained to ensure new and old employees are
continually trained to maintain organizational values and code of conduct. Workshops
and refresher trainings ensure that the workers maintain their competent and relevant
to their jobs.
 Confirmation.
Employees must sign the code of allegiance to the organization. They must commit
themselves in writing that they are responsible and committed to their responsibilities
and position of trust
 Discipline-
The consequence of committing fraud must be clearly be communicated to all
employees. Discipline must be applied to everyone and fairly.

1.1 Various roles involved in risk management as a way of comparting fraud risks.
Prevention and Detection of fraud starts with identifying the most likely fraud scheme
and how it might have been perpetrated. Singleton et al (2010) says the investigator
should identify the fraud scheme (fraud tree) and the fraud triangle (controls) and a lot
about the red flags. Forensic investigators need to observe indicators, symptoms or red
flags of fraud. Once detected, the fraud should be investigated whether it is an error or its
actual fraud. After clearing an issue, in a particular area, other red flags in the area may
be dismissed.

In a business there are controls which are put in place to make sure that the business runs
efficiently. These controls’ objectives are fraud prevention and detection. When
employee’s overrides these internal controls, it contributes to the most common types of
frauds and compromises the purpose of fraud prevention and deterrence.

Red flags maybe internal control irregularities, accounting anomalies, analytical

anomalies, tips and behavioral changes. Irregularities should be examined and the
appropriate actions taken and documented. The documentation will assist in
implementing corrective measures to the internal controls. Accounting anomalies are the
unusual items associated with accounting systems. Journal entries are a high risk area as
they allow concealment of fraud activities. Manual journal entries should be reviewed
with care and automated journal entries should be tested.
Analytical anomalies are anything that is out of the norm. Examples include:

 behavioural and lifestyle changes

 too many or too few transactions
 unexpected items
 unusual relationships between items
 unexpected timing of transactions or events
 unusual accounts or accounts balances
 inconsistencies
 gaps and duplicates of item numbers
 unexpected payment methods
 unreasonable items

These anomalies often occur where business systems do not integrate. Investigators
should distinguish high risk anomalies and low risk anomalies. Sunder (2015) explained
that one must understand the business systems, the business and also understand the
industry. Knowledge of these will help investigators to separate the normal and expected
anomalies from those that have fraud potential.

Auditors’ ability to detect fraud is enhanced by personal understanding of the business

and its environment in which it operates. With this knowledge, the auditor is in a better
position to identify anomalies and the potential red flags. It is important for the auditor to
understand:

 The business
The auditor must understand
 understand how the business makes money
 identify the key business partners (customers, vendors, and so on)
 understand the corporate culture and organizational structure
 The Industry
Auditors must:

 identify competitors or comparable companies

 determine competitors or comparable companies perform
  Consider changes in the competitive structure such as mergers and new entrants
to the market, change in the company’s market share, trends and overall issues
affecting the industry.
 control procedure in place
 budgeting process
 accounting policies
 general economic climate affecting the company
Interpreting potential red flags
It is not easy to identify potential red flags as fraud is a crime of deception and deceit.
Some of the difficulties inherent in identifying and interpreting potential red flags are as
follows:

Fraud risk factors are not the same as evidence of fraud

According to Golden, Steven and Clayton (2006) risk factors are not evidence of fraud.
Risk factors point to an environment or situation in which there is an increased risk that
material misstatement due to fraud might occur either generally or in a specific
functional. Management may be motivated by the prospect of bonuses and incentives to
manipulate financial statements to their advantage and in a manner that may amount to
fraud. For example:

A chairman and a CEO were accused of earning substantial bonuses and profiting on the
sale of shares in a company on the bases of fraudulent financial reporting that
misrepresented the company’s results. The present of bonus and other incentive is not the
evidence of fraud but are the risk factors.

Other risk factors include a weak corporate governance policy for instance when power
is concentrated in the hands of senior management without an effective counterbalance
from the board.

Fraud risk factors may indicate the existence of risk other than fraud
Risk factor doesn’t indicate fraud risk only but may also suggest heightened risk of
material misstatements due to human and process error. For example, deficiencies in
internal controls maybe regarded as fraud risk factors and they also pose the risk that
errors may occur and go undetected without any intent to commit fraud. Golden et al
(2006) also says internal controls fail to limit or identifying accounting reporting
mistakes.

Fraud risk factors can be ambiguous

There are companies with complex structures, that have a large number of overseas
subsidiaries and significant intracompany trading may indicate fraud risk.

For instance, an accounts clerk who drives a car he appears to be unable to afford may
indicate a risk that the clerk has misappropriated company assets. Auditors should
investigate further; maybe the clerk has a spouse whose income may allow them to enjoy
those luxuries.

So, the focus must be on fact finding and critical assessment of cumulative evidence
Golden et al (2006).

There is no linear relationship between the number of fraud risk factors and the
level of fraud risk

In general, it may be said that, the more risk factors identified by an auditor, the greater
the overall risk of fraud. Golden et al (2006) suggests that few risk factors should not be
taken for granted because to quantify fraud risk by a count of risk factors is misguiding.

Fraud risk factors are of limited significance in isolation

Golden et al (2006) says individual risk factors should be considered as a whole and
should not be of limited significance in isolation.
For example, the dominant CEO may be bullying,
 CEO lack of counterweight among other senior executives
 Absence of an effective audit committee, supervisory board or similar
corporate governance function.
 contain a number of separate risk factors, that when looked at together, they
create a risk situation. For instance:
The auditor attempts to interpret evidence of potential risk factors within the wider
context of other observations about the company, its management and the business
environment in which it operates. Therefore, the auditor considers whether one particular
risk factor may, in fact, be linked to one or more other factors.
Some fraud risk factors are very difficult to observe

Certain risk factors are impossible to observe directly as they are related to individual
private or personal financial affairs. The auditor should be aware of indirect signs, the
potential for fraud is increased.

Risk factors
Statement on auditing standards 99 (SAS99) 2002, defines fraud risk categories that
auditors may evaluate in assessing the risk of fraud. The three main categories of fraud
risk factors are:
 management characteristics
 industry characteristics
 operating characteristics
Management characteristics

These are management abilities, pressures, style and attitude in line with internal control
and financial reporting process. These characteristics include:

 management motivation to engage in fraudulent financial reporting

 achieving aggressive financial targets
 high senior management turnover
 strained relationship between management and external auditors
 known history of securities violations
 Industry characteristics
 This pertains to the economic and regulatory environment in which the entity operates
 regulatory requirements
 increased competition
 market saturation
 Adoption by the company of more aggressive accounting policies to keep pace with
the industry.
Operating characteristics

It encompasses items such as

 the nature and complexity of the entity and its transactions

 the geographical area in which it operates
  number of locations where transactions are recorded and disbursements made
 entity financial condition and its profitability.

Activity

1. Critical discuss the concept risk management and fraud risk assessment.

2. Identify the factors that are considered in considering fraud risk of an organisation.

3. Discuss the tools that are used in assessing fraud risk.

 Motivate the need for fraud prevention and how it can be achieved by an
organization
 Describe what is meant by a multidisciplinary approach to fraud prevention?
 Describe the roles of each of the role players in a multi-disciplinary approach to
fraud prevention.
 Critically evaluate how the following could prevent or reduce fraud in an
organization
(a) Fraud Risk assessments
(b) Internal controls
(c) Corporate governance
 Discuss the different elements of a fraud prevention strategy and evaluate their
effectiveness.

CHAPTER 4

Interpreting potential red flags associated with the commission of

fraud
Definition of Red Flags
Red flags is a term that describes indicators or symptoms of specific occurrences, events or
behavior that are employed to commit or conceal fraud. Red flags are warnings that
something could be or is wrong. It is an indicator of a symptom of fraud .it is a warning sign
and it does not indicate the presence of fraud, but conditions commonly present when fraud
is present. Red flags can be categorized as being related to two significant areas;
 Financial statement fraud which is aimed at defrauding shareholders, financiers and
other external parties.
 Misappropriation of assets, which is committed by employees to benefit from assets
belongings to the company.
Importance of red flags
Red flags have many advantages
• Auditors, employees, and management need to be aware of red flags in order to monitor
the situation and then take corrective action as needed.
• Employees who notice that red flags are ignored may mistakenly believe that it is okay to
game the system or that they won’t get caught.
• A little fraud soon becomes a large one if left to grow

A research conducted by the Association of certified Forensic examiners discovered that

fraud is a big scheme that should have been uncovered sooner. It starts small and gets bigger
and bigger until something noticeable different or unusual is discovered.

Occupational fraud can be detected through a number of different methods. According to

the ACFE’s 2006 Survey:
• 34.2 percent of frauds were detected through tips,
• 25.4 percent by accident,
• 20.2 percent through internal audits.
• 20.2 percent through red flags

Red Flags for Fraud Red flags point out that possible fraud may have been committed; The
American Institute of Certified Public Accountants has issued a Statement on Auditing
Standards. (SAS) No. 99 - Consideration of Fraud in a Financial Statement Audit - that
highlights the importance of fraud detection. This statement requires the auditor to
specifically assess the risk of material misstatement due to fraud and it provides auditors
with operational guidance on considering fraud when conducting a financial statement
audit. SAS 99’s approach is also valuable for other types of audits.
• A red flag is a set of circumstances that are unusual in nature or vary from the normal
activity • It is a signal that something is out of the ordinary and may need to be investigated
further. • Remember that red flags do not indicate guilt or innocence but merely provide
possible warning signs of fraud.
Fraud Profile Perpetrator Profile:
41.2 percent of occupational fraud cases are committed by employees. However, the median
loss for fraud committed by managers was $218,000, which is almost three times greater
than the loss resulting from an employee scheme.
Approximately 61 percent of the fraud cases were committed by men. The median loss
resulting from fraud by males was $250,000, which is more than twice the median loss
attributable to women.
87.9 percent of fraud perpetrators have never been charged or convicted of a crime. This
supports previous research which has found that those who commit occupational fraud are
not career criminals.
Nearly 40 percent of all fraud cases are committed by two or more individuals. The median
loss in these cases is $485,000, which is almost five times greater than the median loss in
fraud cases involving one person.
The median loss attributable to fraud by older employees is greater than that of their
younger counterparts. The median loss by employees over the age of 60 was $713,000.
However, for employees 25 or younger, the median loss was $25,000.
• Most costly abuses occur within organizations with less than 100 employees.
• Government and Not-for-Profit organizations have experienced the lowest median losses.
• Management ignores irregularities.
• High turnover with low morale.
• Staff lacks training.

Types of Red Flags

There are 3 types of red flags;
 Employee red flag
 Management red flag
 General Red Flags
Employee Red Flags
 Employee lifestyle changes: expensive cars, jewelry, homes, clothes
  Significant personal debt and credit problems
 Behavioral changes: these may be an indication of drugs, alcohol, gambling, or just
fear of losing the job
 High employee turnover, especially in those areas which are more vulnerable to
fraud
 Refusal to take vacation or sick leave
 Lack of segregation of duties in the vulnerable area
Management Red Flags
 Reluctance to provide information to auditors
 Reluctance to provide information to auditors
 Managers engage in frequent disputes with auditors
 Management decisions are dominated by an individual or small group
 Managers display significant disrespect for regulatory bodies
 There is a weak internal control environment
 Accounting personnel are lax or inexperienced in their duties
 Decentralization without adequate monitoring
 Excessive number of checking accounts
 Frequent changes in banking accounts
 Frequent changes in external auditors
 Company assets sold under market value
 Significant downsizing in a healthy market
 Continuous rollover of loans
 . Excessive number of year end transactions
 High employee turnover rate
 Unexpected overdrafts or declines in cash balances
 Refusal by company or division to use serial numbered documents (receipts) •
Compensation program that is out of proportion
 Any financial transaction that doesn’t make sense either common or business •
Service Contracts result in no product
 Photocopied or missing documents
1 Changes in Behavior “Red Flags”
2 The following behavior changes can be “Red Flags” for Embezzlement:
 Borrowing money from co-workers
 Creditors or collectors appearing at the workplace
 Gambling beyond the ability to stand the loss
 Excessive drinking or other personal habits
 Easily annoyed at reasonable questioning
 Providing unreasonable responses to questions
 Refusing vacations or promotions for fear of detection
 Bragging about significant new purchases
 Carrying unusually large sums of money
 Rewriting records under the guise of neatness in presentation
Red flags for various fraudulent schemes/departments
A number of fraudulent schemes have different ways of arrangements;
Cover Quoting
Cover quoting is a process whereby the requiring to present a prescribed number of
quotes before an order may be placed for the purchase of an item, or contract for
services may be entered into, is bypassing by obtaining the prescribed number of quotes
from a single supplier.
Ghost employees
So called ghost employees are employees that exist on the payroll but do not actually
work for the company at all.
Red Flags in Cash/Accounts Receivable
Since cash is the asset most often misappropriated, local government officials and
auditors should pay close attention to any of these warning signs.
 Excessive number of voids, discounts and returns
 Unauthorized bank accounts
 Sudden activity in a dormant banking accounts
 Taxpayer complaints that they are receiving nonpayment notices
 Discrepancies between bank deposits and posting
 Abnormal number of expense items, supplies, or reimbursement to the employee
Presence of employee checks in the petty cash for the employee in charge of
petty cash
 Excessive or unjustified cash transactions
  Large number of write-offs of accounts
 Bank accounts that are not reconciled on a timely basis
Red Flags in Payroll
Red flags that show up in payroll are generally worthy of looking into.
Although payroll is usually an automated function, it is a vulnerable area, especially if
collusion is involved.
 Inconsistent overtime hours for a cost center
 Overtime charged during a slack period
 Overtime charged for employees who normally would not have overtime wages?
 Budget variations for payroll by cost center
 Employees with duplicate Social Security numbers, names, and addresses
 Employees with few or no payroll deductions
Red Flags in Purchasing/Inventory
 Increasing number of complaints about products or service
 Increase in purchasing inventory but no increase in sales
 Abnormal inventory shrinkage
 Lack of physical security over assets/inventory
 Charges without shipping documents
 Payments to vendors who aren’t on an approved vendor list
 High volume of purchases from new vendors
 Purchases that bypass the normal procedures
 Vendors without physical addresses
 Vendor addresses matching employee addresses
 Excess inventory and inventory that is slow to turnover
 Purchasing agents that pick up vendor payments rather than have it mailed

How the Auditor uses red flags

An auditor is affected by red flags in a number of ways. Firstly an auditor may be at risk
of issuing a report that has not compiled on the basis of an adequately independent
relationship with the auditee. Secondly, the auditor must use red flags throughout the
audit process to determine whether fraud has occurred. ISA 240
 Purpose of Fraud / Forensic Auditing and Investigation
The first step should not be to decide on the purpose of the audit / investigation. They
are several possibilities among the following: -
 Gathering evidence for prosecution.
 Confirming the extent of the fraud for audit purposes and / or for the purpose of
gaining prosecution.
 Discovering how the fraud was committed and preventing its recurrence.
 Attaching blame to those allowing the fraud to happen. (Disciplinary / Legal
action).

Data/Transaction Classification model for Fraud (source: Fraud Auditing and Forensic
Group A
Accounting) No Red Flags No observable Risks

Group B
Examiner Not Anomaly
4 Suspicious

Red Flags
Group C1: ERROR
Anomaly
Group C2: FRAUD

Anomalies / Exceptions
By anomaly or exception is meant something I the data or transaction that is not correct. It
could be missing data, violation of policies or internal controls, or the presence of FRAUD
red flag.
Risk: is in association with the threat from the threat, and the likelihood that the threat will
actually come to pass.
For those anomalies identified, if the transaction does not violate policies or controls, and
does not specifically identify a fraud, then it should be classified as a level 1 anomaly. If the
data or transaction violates policies or controls, it is assigned a level 2 anomaly (medium
probability and medium risk). Such types of anomalies should be examined carefully to
determine if it is an error or fraud. If it is an error, the level 2 remains. If it is not determined
in a reasonable time to be an error, then it should be assigned a level 3 anomaly (high
probability and high risk).
How organisations should respond to red Flags

 Allow anonymous type of reporting from employee to management

 Use whistle blowing techniques
 Report the matter to the police only with correct facts
 Use special investigation to establish the correct facts
 Don’t ignore red flag
 probe to the bottom.

Shortcomings of Red Flags

According to ISA 500 an auditor should gather sufficient and relevant evidence in terms of
red flags it is difficulty to gather sufficient and relevant evidence because there is no data
base for fraud.
 Lack of consistence and conformity in evidence through red flags.
 Unavailability of technology or models that can be used to detect fraud.
 No written down evidence of findings from red flags.
 Scarcity of documents

Activity

1. Define the term red flags

2. Identify and describe the red flags that point out to
(a) financial statement and
(b) misappropriation of assets.
3 Critically evaluate how an auditor can make use of red flags in detecting fraud.

References
Crumbley, D. L., L. E. Heitger, and G. S. Smith, Forensic and Investigative
Accounting, 4th ed. Chicago: CCH Incorporated, 2009.
Golden, T. W., S. L. Skalak, and M. M. Clayton, A Guide to Forensic Accounting
Investigation, 2nd ed. Hoboken, NJ:
John Wiley & Sons, 2011. Hopwood, W. S., J. J. Leiner, and G. R. Young, Forensic
Accounting and
Fraud Examination, 2nd ed. New York: McGraw-Hill Irwin, 2011. Kranacher, M-J., R.
A. Riley/Jr., and J. T. Wells, Forensic Accounting and Fraud Examination. Hoboken,
NJ: John Wiley & Sons, 2011.
W. S. Hopwood, J. J. Leiner, and G. R. Young, Forensic Accounting. (New York:
McGraw-Hill Irwin, 2008), 3, 5.
M-J. Kranacher, R. A. Riley, Jr., and J. T. Wells, Forensic Accounting and Fraud
Examination. (Hoboken, NJ: John Wiley & Sons, 2011), 9-
D. L. Crumbley, L. E. Heitger, and G. S. Smith, Forensic and Investigative Accounting,
2nd ed. (Chicago: CCH Incorporated, 2005), 1-3-
Coenen, T. L. Essentials of Corporate Fraud. Hoboken, NJ: John Wiley & Sons, 2008.
Kapian, J. A. "Why Corporate Fraud Is on the Rise." Forbes Magazine (June 10, 2010).
www.forbes.com/2010/06/10/corporate-fraud-executive-compensation-personal-
finance-risk-list-2-10-kaplan.html.
Schilit, H., and J. Perler. Financial Shenanigans: How to Detect Accounting Gimmicks
& Fraud in Financial Reports, 3rd ed. State: McGraw-Hill, 2010