Professional Documents
Culture Documents
Fraud Assessment
Fraud Assessment
Fraud Assessment
CHAPTER 1.............................................................................................................................................4
FRAUD...................................................................................................................................................4
Introduction.......................................................................................................................................4
Unit objectives...................................................................................................................................4
Definition of Fraud.............................................................................................................................4
Definition of fraud risk assessment...................................................................................................6
Categories or Types of fraud..............................................................................................................7
Common fraud schemes....................................................................................................................9
Elements of fraud............................................................................................................................10
Activity.............................................................................................................................................10
CHAPTER 2...........................................................................................................................................11
Factors that causes employees to commit fraud/Reasons why people commit fraud.....................11
Theories on why employees commit fraud.....................................................................................11
The Fraud Triangle theory...............................................................................................................11
Reason why Employees Lie, Cheat, and Steal on the Job................................................................15
The Fraud Diamond theory..............................................................................................................17
White collar crime theory................................................................................................................18
Fraud scale theory...........................................................................................................................19
The Diamond Fraud Theory and the new Fraud Diamond Theory...................................................20
The new Fraud Diamond (NAVSMICE).............................................................................................21
High-Level and Low-Level Thieves...................................................................................................23
Identification of fraudsters..............................................................................................................24
Risk management............................................................................................................................25
Importance of risk management and fraud risk assessment in an organisation..............................25
Scope of risk management..............................................................................................................26
Approach in risk management.........................................................................................................26
Fraud Risk Assessment....................................................................................................................29
Why the need for fraud Prevention.................................................................................................30
1.0 Reasons for fraud Prevention..............................................................................................31
Fraud Prevention as a Multidisciplinary Approach..........................................................................33
Theoretical Frameworks for Fraud Prevention................................................................................34
1.1 Various roles involved in risk management as a way of comparting fraud risks..................35
Interpreting potential red flags........................................................................................................37
Fraud risk factors are not the same as evidence of fraud................................................................37
Fraud risk factors may indicate the existence of risk other than fraud............................................38
Risk factors......................................................................................................................................39
Activity.............................................................................................................................................40
CHAPTER 4...........................................................................................................................................41
Interpreting potential red flags associated with the commission of fraud.......................................41
Definition of Red Flags.....................................................................................................................41
Importance of red flags...................................................................................................................41
Fraud Profile Perpetrator Profile:....................................................................................................42
Types of Red Flags...........................................................................................................................43
How the Auditor uses red flags........................................................................................................46
Anomalies / Exceptions...................................................................................................................46
How organisations should respond to red Flags..............................................................................47
Shortcomings of Red Flags...............................................................................................................47
Activity.............................................................................................................................................47
CHAPTER 1
FRAUD
Introduction
Fraud is an activity that takes place in a social setting and has severe consequences
for the economy, corporations, and individuals. It is an opportunistic infection that
bursts forth when greed meets the possibility of deception. The fraud investigator is
like the attending physician looking and listening for the signs and symptoms that
reveal an outbreak.
Unit objectives
By the end of this module, students should be able to:
Define fraud
State and outline the different categories of fraud
Define fraud risk assessment
State the importance of risk management and fraud risk assessment in an
organisation,
Identify the factors that causes employees and managers to commit fraud/
why do people commit fraud.
State the causes of fraud with reference to different fraud theories
State the various roles involved risk management as a way of comparting
fraud risks
Determine how fraudsters can be identified
State the elements of fraud
Definition of Fraud
The Association of Certified Fraud Examiners
ACFE defines fraud as: “The use of one’s occupation for personal enrichment through
the deliberate misuse or misapplication of the employing organization’s resources or
assets.”
The Association of Certified Fraud Examiners defines fraud in relation to financial
statement fraud as the intentional, deliberate misstatement or omission of material facts
or accounting data that is misleading and, when considered with all the information made
available, that would cause the reader to change or alter his or her judgment or decision.
In other words, the statement constitutes intentional or reckless conduct, whether by act
or omission, that results in material misleading financial statement
Financial fraud, including theft and embezzlement, is criminal fraud of the white-collar
type It is committed against- organizations by both employees and outsiders such as
vendors and contractors
Black's Law Dictionary defines fraud as follows:
Knowing misrepresentation of the truth or concealment of a material fact to induce
another to act to his or her detriment. It could be a tort (civil matter) or it could be
criminal
Federal Bureau of Investigation (FBI) Definition of Fraud:
The Federal Bureau of Investigation (FBI) offers a definition of fraud that is applicable
to today's schemes and general understanding and that also incorporates the elements
recognized over the centuries: Lying, cheating, and stealing. That's white-collar crime in
a nutshell.
U.S. Supreme Court Definition of Civil Fraud
The U.S. Supreme Court in 1888 provided a definition of civil fraud as:
First, that the defendant has made a representation in regard to a material fact; second,
that such a representation is false;
Second, that such representation was not actually believed by the defendant, on
reasonable grounds, to be true;
Third, that it was made with intent that it should be acted on;
Fifth, that in so acting on it the complainant was ignorant of its falsity, and reasonably
believed it to be true. The first of the foregoing requisites excludes such statements as
consist merely in an expression of opinion of judgment, honestly entertained; and again
excepting in peculiar cases, it excludes statements by the owner and vendor of property
in respect of its value.
The modern definition of fraud is derived primarily from case and statute law, but
many of the ancient elements remain. Fraud is a Latin noun carrying a wide range of
meanings clustered around the notions of harm, wrongdoing, and deceit. The modern
definition derived from case law focuses on the intent of the fraudster(s) to separate
the trusting victim from property or a legal right through deception for their own
benefit. This deception involves any false or misleading words or actions or
omissions or concealment of facts that will cause legal injury. Criminal prosecution
of fraud must prove beyond a reasonable doubt that an act meeting the relevant legal
definition of fraud has been committed by the accused. In civil cases, liability must be
demonstrated on a balance of probabilities, supported by the preponderance of the
evidence.
Trusted employees misuse their privileges to gather and steal sensitive information (Caputo,
2009). Trade secrets are devices, formulas or compilation of information which a business
use to its economic advantage. This information is usually protected by use of password and
can only be accessed by top level employees in a business. Examples of theft of trade secrets
of intellectual property according to Chicago trade secret lawyers (not dated) are:
Is a form of robbing one customers’ payment to pay another’s’ because the latter payment
was stolen by the perpetrator. For example, a fraudster takes customer A’s payment,
steals it and pays it back the next day with customer B’s payment.
Overbilling schemes
An employee is given bribe, so that the employee prefers the supplier over other
suppliers. The goods maybe of a higher price than they should, or they may be of lower
quality than expected. The overpricing is the profit made from the bribe.
Under-pricing schemes
This is when an employee receives a bribe and in return the business sells goods and
services at prices that are below or on conditions that are less favorable to the business.
The benefit of the purchaser is they get a better deal than they are entitled to get. The
business gets a lower consideration than they should have made, and the cost saving is the
profit made from the bribe.
Promotions
Granting promotions to employees within the business that is the briber gets promoted
above other more qualified people or hiring of unsuitable employees.
Fictitious revenues
Fictitious revenues are created by simply recording sales that never occurred.
Inadequate disclosure
Improper disclosure can be the tactic of a fraudster to hide a fraud, disclosure notes that
are so obfuscated that it is difficult to determine the true nature of the event or transaction.
Payroll scheme
Payroll scheme involves conning the company from paying wages that were not earned,
this include ghost employee, falsified wages, commission and false workers’
compensation.
Elements of fraud.
Legal Elements of Fraud
Under common law, fraud includes five essential elements:
• A representation about a material fact, which is false;
• And made intentionally, knowingly, or recklessly;
• Which is believed;
• And acted upon by the victim; and
• To the victim’s damage.
Activity
CHAPTER 2
Opportunity
It is an open door for solving a non-shareable problem in secret by violating a trust.
Opportunity is generally provided through weaknesses in the internal controls
Some examples include inadequate or no:
Supervision and review
Separation of duties
Management approval
System controls
How easy is it for an employee to commit fraud? Does the employee believe they will
not get caught? There is a weakness in the system that the right person could exploit.
Fraud is possible. Weak internal controls, poor management oversight, and poor
separation of duties are key factors on the opportunity employees have on committing
a fraudulent act.
A perceived opportunity to commit fraud may exist when an individual believes
internal control can be overridden, for example, because the individual is in a position
of trust or has knowledge of specific deficiencies in internal control. Poor internal
controls, Management override of internal controls, Collusion between employees and
collusion between employees and third parties.
The opportunity to commit and conceal the fraud is key to encouraging fraud.
Pressure
Pressure may be anything from unrealistic deadlines and performance goals to
personal vices such as gambling or drugs.
To be respected and thus complied with, laws must be rational, fair in application, and
enforced quickly and efficiently. Company policies that relate to employee honest, like
criminal laws in general, must be rational, fair, and intended to serve the company’s best
economic interests. The test of rationality for any company fraud policy is whether its
terms are understandable, whether its punishments or prohibitions are applicable to a real
and serious matter, and whether its enforcement is possible in an efficient and legally
effective way.
But what specific employee acts are serious enough to be prohibited and or punished? Any
act that could or does result in substantial loss, damage, or destruction of company assets
should be prohibited. What is acceptable or considered substantial will vary by
organization, but wherever the boundaries are defined, they must be well communicated,
exemplified by upper management, and enforced as necessary.
The greatest deterrent to criminal behaviour is sure and even-handed justice; that means
swift detection and apprehension, a speedy and impartial trial, and punishment that fits the
crime: loss of civil rights, privileges, property, personal freedom, or social approval.
Having said all that, why is it that, despite the dire consequences of criminal behaviour, it
still occurs? Apparently, it is because the rewards gained often exceed the risk of
apprehension and punishment; that is, the pains inflicted as punishment are not as severe
as the pleasures of criminal behaviour. The latter seems to be particularly true in cases of
economic or white-collar crimes. Many times, if not most, when a fraud is detected, the
extent of punishment regarding the perpetrator is to be fired, sometimes without even
paying back the fraud losses. So while potential white-collar criminals may believe they
might get caught, the ramifications are below some acceptable threshold.
As presented by Manurung and Hadian (2013) the opportunity is the pathway to fraud while
pressure and rationalization can draw the person toward it. However, it can be noted that the
person must have the capability to recognize the pathway and take advantage of it by walking
through it several times. Otherwise, pressure and motivation alone do not sufficiently impose
great effort for fraud to be committed. Wolf and Hermanson (2004) believed that many
frauds would not have occurred if the person does not have the right capabilities. According
to Abayomi (2016b), the capability factor has become important because nowadays fraud is
committed by intelligent and creative personnel in the backdrop of solid internal controls.
Therefore, assessing the capability element will assist in the auditors in detection of
fraudulent activity within the firm. Hence, the Fraud Diamond theory was proposed.
Wolfe and Hermanson (2004) also believed that numerous frauds would not have
occurred .Therefore, with the additional element presented in the fraud diamond theory
affecting individuals’ decision to commit fraud, the organization and auditors need to better
understand employees’ individual traits and abilities in order to assess the risk of fraudulent
behaviors (Manurung & Hardika, 2015). In addition, better systems of checks and balances
should be implemented and monitored to proactively minimize risks and losses as a result of
fraudulent activities in the workplace. Hence, because of the capability of those who are
engaged in fraud and other forms of mobocracies, the service of a trained and experienced
investigator like the forensic auditor is required to anticipate the occurrence of fraud.
White collar crime theory
White collar crime refers to financially motivated nonviolent crime committed by business
and government professionals (Shaheen, Sultana, & Noor, 2014; Simha, 2016). The crime is
usually committed by those who have power or influence within the Organisation. The theory
of White collar crime was propounded by Sutherland (1949) in an attempt to study crime and
society. By introducing the theory Sutherland sought to distinguish crimes associated with
‘respectable’ or legitimate occupations from the ‘ordinary’ crimes such as rape or murder of
high-status individuals, and from professional crimes. He theorized that crime is committed
by a respectable person who also holds a high social status. During his study, he observed
that less than two percent of the persons prisoned yearly belong to the upper class. The study
of the white-collar crime was meant to ascertain that crimes involving money are related to
social status. It can be argued that people steal money in order to improve their social status.
As a result, the higher the status the more likely the person will commit the crime.
In addition, the other contributing factors to white collar crime is the opportunity and the
advent of technology (Wyk, 2012.). New information technologies imply that the opportunity
of wrong doing is advanced and at the same time it can be concealed because not many
individuals and businesses are acquainted with technology. Hence, because of the status of
those who engaged in these mayhems, the services of a trained and experienced investigator
like the forensic auditor is required to envision the occurrence of such fraud?
Furthermore, the work of Dorminey et al. (2012) suggests the creation of an overarching
Meta model of white-collar crime by looking beyond the simple fraud triangle and
interconnecting it with various other elements of the crime. Dorminey asserts that the Fraud
Triangle alone may not be enough to capture the behavioral antecedents of white-collar
crime. White-collar crime can be seen as the fusion of both criminology and business. In
supporting the theory of White collar crime, Dorminey concurred with Sutherland that fraud
should be treated as a crime. Subsequently, violations of organizational regulations are often
seen as ‘technical’ rather than ‘criminal’ offences. As a consequence, it can be seen that all
wrong doings are not always regarded as criminal conduct.
Fraud scale theory
Again, the fraud scale theory was developed by Albrecht, Howe and Romney (1984) as an
alternative to the fraud triangle model. It is very similar to the fraud triangle; however, the
fraud scale uses an element called “personal integrity” instead of rationalization. This
personal integrity element is associated with each individual’s personal code of ethical
behavior. Albrecht et al. also argued that, unlike rationalization in the fraud triangle theory,
personal integrity can be observed in both an individual’s decisions and the decision-
making process, which can help in assessing integrity and determining the likelihood that an
individual will commit fraud. Experts agree that fraud and other unethical behaviors often
occur due to an individual’s lack of personal integrity or other moral reasoning (Dorminey
et al., 2010). Hence, to predict the occurrence of such fraud, the services of a forensic
auditor is necessary.
The theory is important to forensic accountants in that they need to keep it in their minds
that there is pressure or motive to commit fraud. This can either be personal pressure,
employment pressure, or external pressure and each of these types of pressure can also
happen due to financial and nonfinancial pressure. Forensic accountants should understand
the opportunity for committing fraud in order to be able to identify which fraud schemes
an individual can commit and that a fraud virus occurs when there is an ineffective or
missing internal control.
The four factors to fraud as presented by (Wolf & Hermanson, 2004) in the fraud diamond
are shown in figure 2.3
Incentive /pressure
Capability Opportunity
Rationalization
MOTIVATION
(NAVSMICE MODEL)
CORPERATE
CAPABILITIES OPPOTUNITY
GOVERNANCE
PERSONAL INTEGRITY
Figure 2.3:2 the New Fraud Diamond Model (Wolf & Hermanson, 2004)
In this model, the motivation factor is expanded and identified with the acronym:
NAVSMICE that stands for NAVS – National Value System; M = Money; I = Ideology;
C = Coercion; and E = Ego. It is important to note that Zimbabwe’s present National
Value System is bad. Little or no importance is put on good behaviuor such as honesty,
integrity and good character (Mabika, 2015,Magombedze & Gunduza, 2017) The society
does not question the source of “wealth.” Any person who suddenly gets riches or wealth
is quickly recognized, promoted and honored. It must be known that fraud exist in society
where riches are honored without question (KPMG, 2019).The Zimbabwean society is
based on wealth (materialistic society) that to a larger extent promotes fraud (Mawanza,
2014).
The model also suggests that the fraud scale should include personal integrity instead of
rationalization and it is particularly applicable to financial reporting fraud where sources
of pressure (e.g. analysts‟ forecasts, management earnings guidance, a history of sales and
earnings growth) are more observable. Personal integrity can be observable through
observing both a person’s decisions as well as the decision making process. The person’s
commitment to ethical decision-making can be observed and this can help in assessing
integrity and thus the likelihood of an individual committing fraud.
The model further suggests corporate governance as the lock to all the factors that cause
fraud to take place in Zimbabwe. An important theme of corporate governance is the
nature and extent of accountability of people in the organizations. Corporate governance is
the principle and value that guides an organization in the conduct of its day-to-day
activities and how stakeholders interrelate among one another (Anandarajah, 2001).Good
corporate governance is the missing link in developing countries, for instance Zimbabwe
which has a high index of fraud occurrence (Jose, 2014).This situation can only change
when the country achieves a positive change in the character and orientation of their
government leadership (Office of the Auditor General, 2018) The leaders can bring this
desired change by promoting good corporate governance in the Zimbabwean economy
through integrity, accountability and transparency, which would lead to attainment of
strong internal control system in developing countries and thus the likelihood of an
individual committing fraud. (Nwankwo, 2011). According to financial literature, it is
important for forensic accountants to consider all the fraud models to better understand
why fraud occurs and the reasons why frauds are on the rise. This study suggest that all
other fraud models should be regarded as an extension to Wolf and Hermanson‟s fraud
diamond and should be integrated in one model that includes motivation, opportunity,
personal integrity, capabilities and corporate governance. This should be called “New
Fraud Diamond Model.” the New Fraud Diamond Model help effectively in investigating
and assessing fraud risk
High-Level and Low-Level Thieves
At high levels of organizational life, it is easy to steal because controls can be bypassed or
overridden. The sums high-level managers steal, therefore, tend to be greater than the
sums low-level personnel steal. Or instance, according to the 2008 ACFE RTTN,
executive’s average about 834,000 per fraud, managers about $150 000, and employees
about $834,000 per fraud, managers about $150,000, and employees about $70,000. The
number of incidents of theft, however, is greater at low levels of organizations because of
the sheer number of employees found there.
The ACFE RTTN has put together a profile of fraudsters based on the information
collected from CFEs in its surveys. The more expensive frauds, in terms of cost or losses,
are committed by fraudsters who (a) have been with the firm a long time, (b) earn a high
income, (c) are male, (d) are over 60 years of age, € are well educated (the higher the
educational degree completed, the higher the losses), (f) operate in collusion rather than
alone, and (g) have never been charged with anything criminal. The most frequent frauds,
however, are committed by fraudsters with a different profile. These fraudsters (a) have
been an employee for about the same amount of time as the high-level thieves, (b) earn
much less, (c) could be either male or female (gender doesn’t matter), (d) are between the
ages of 41 and 50, (e) have finished high school, (f) operate alone, (g) and have usually
not been charged with any criminal behavior.
Hall and Singleton provide a similar profile for a typical fraudster in general. These
criminals are (a) in a key position in the company, (b) are usually male, (c) are more than
50 years old, (d) are married, and € are highly educated. This profile is similar to the one
from the ACFE RTTN, and leads us to this overall conclusion: A white-collar criminal
does not look like a criminal!
CHAPTER 3
Identification of fraudsters
In view of the principles mentioned, one might conclude that fraud is caused mainly by
factors external to the individual: economic, competitive, social, and political factors,
and poor controls. But how about the individual? Are some people more prone to commit
fraud than others? And if so, is that a more serious cause of fraud than the external and
internal environmental factors previously discussed? Data from criminology and
sociology seem to suggest so. Begin by making a few generalizations about people.
People lie, cheat, steal on the job in a variety of personal and organizational situations.
The ways that follow are but a few.
Personal variables
Aptitudes/abilities
Attitudes/preferences
Personal needs /wants
Values / beliefs
Organizational variables
External variables
Risk management
Importance of risk management and fraud risk assessment in an organisation.
It applies to all areas of the organization and staff. All employees are required to
be responsible and accountable for managing risk in as far as is reasonably
practical within their area of responsibility.
Sound risk management principles and practices must become part of the
normal management strategy for all department and faculties within the
organization.
The management of risk is to be integrated into the organization’s existing
planning and operational processes and is to be fully recognized in the
organization’s reporting processes.
Approach in risk management
Each organization has an open and receptive approach to solving risk problems
and ensuring that risk management is integrated into normal business processes
and aligned to the strategic goals.
The organization should identify the following activities as central in the risk
management process:
(a) Risk context establishment – the strategic and organizational context
within which the risk management process of the organization will take
place.
(b) Risk identification, analysis and assessment – the identification of what,
why and how events may arise, the determination of existing controls,
and an analysis of risks in terms of the likelihood and impact of risk in
the context of those controls.
(c) Risk control and treatment – for high impact risks, the organizations
will develop and implement specific risk management plans, lower
impact risks may be accepted and monitored.
(d) Risk Register oversight and review - Monitoring and review occurs
throughout the risk management process.
(e) Risk Communication and consultation – appropriate communication
and consultation will take place with internal and external stakeholders
at relevant stages of the risk management process in a way that will
enable the origination to minimise losses and capitalize on
opportunities.
Chief Executive Officer
The CEO is accountable to the organization and the Board and has overall
responsibility for protecting the organization from unacceptable costs
and/or losses associated with its operations, and for developing and
implementing systems for effectively managing the risks that may affect
the achievement of goals and objectives.
Executive and Senior Management
The effectiveness of risk management is unavoidably linked to
management competence, commitment and integrity, all of which form
the basis of sound Corporate Governance.
Executive and Senior Management are responsible for:
Providing direction and guidance within their areas of
accountability so that subordinates best utilise their abilities in
the preservation of the organizations resources.
Promoting, sponsoring and coordinating the development of a
risk management culture throughout the organization.
Guiding the inclusion of risk management in all strategic and
operational decision making processes.
Establishing a clear profile of major risks within their area of
control incorporating both opportunity and negative risks.
Maintaining a framework to manage, monitor and report risks.
Managing risks to meet the organization’s objectives, goals and
vision, and improving Corporate Governance.
Heads of Departments
Heads of sections and departments are responsible for the adoption of risk
management practices and will be directly responsible for the results of
risk management activities, relevant to their area of responsibility.
As part of the annual planning cycle, Heads of departments and sections
will be required to consider, document existing risks and their impact on
proposed plans.
Any new risks identified due to changes in the business environment
must also be documented.
Risk records must be maintained up-to-date on an on-going basis to
reflect any changes which may occur.
All Employees
All employees are responsible for:
Identifying areas where risk management practices should be
adopted and advice their supervisors accordingly.
Taking all practical steps to minimize the Organization’s exposure to
contractual and professional liability.
Acting at all times in a manner which does not place at risk the
health and safety of themselves or any other person in the workplace
Risk Management Committee
The Committee is responsible for:
Reviewing the organization’s strategic risk assessment on an annual
basis.
Reporting regularly to the board summarizing its review and
monitoring activities as they relate to oversight of the risk
management process.
Reviewing the policy document every three years, or sooner where
considered necessary.
Loss control in Risk Management
The Loss control department will support the Organisation in risk
management through:
Identification of hazards within the Organisation.
Provisions of control measures.
Reporting and advising on identified risks and hazards.
Internal Audit in Risk Management
The Internal Audit Department supports the organist ion in Risk
Management Committee through:
Carrying periodic independent reviews of risk management practices
and procedures in place.
Providing assurance on the efficiency and effectiveness of the reviews
in the management of risk.
Quality Assurance in Risk Management
In liaison with relevant departments and units, the unit will:
Ensure that appropriate processes are in place and are followed to
manage risks effectively.
Fraud prevention and detection is not a static process. There is no starting and ending
point, it is an ongoing cycle involving monitoring, detection, decisions, case
management and learning to feed improvements in detection back into the system.
Fraud prevention is the implementation of a strategy to detect fraudulent transactions
or banking actions and prevent these actions from causing financial and reputational
damage to the customer and financial institution (Rossouw, G.J., 2000)
(f) Reduction in losses, cost savings and increased revenue and profits.
Fraud causes losses on individuals and corporates that fall victims. From the
researches done by the Association of Certified Fraud Examiners (ACFE) 2014 it is
evident that an average organization losses 5 % of its annual turnover as a result of
fraud. They also found out that the second highest number of frauds occurred in Sub-
Saharan Africa where 173 cases (12, 8%) of fraud were reported. Therefore fraud
prevention can reduces losses caused by fraud namely the direct losses from fraud,
additional cost for investigations and litigation costs. To cover for the said losses the
organizations need to work hard to increase their revenue and profits so as to maintain
the required rate of return by shareholders. The most important reason is to prevent a
financial loss in organization (KPMG,2005).Thus, investing in security and fraud
prevention although costly, can save an organization’s money in the long run as it will
also prevent a lot of potential future paperwork and the time wasted to resolve
fraudulent activity (ACFE,2014).
Management
These are responsible for setting up systems and procedures in order to safeguard the
company’s assets. Management is also responsible for coming up with policies and
measures which prevents fraud. They come up with controls which should be
followed by all employees (Elliott, R.K. and Willingham, J.J., 1980).
Staff
They should be trained to identify fraud and misconduct in the work place. A
reporting line should be available for all staff members, which assures anonymity.
Any ignorance or failure to report fraud or other offences should also result in a
disciplinary hearing. Employees should be aware of the organization’s ethics policy,
and be obligated by their contracts to adhere to the rules and procedures as set by
management. Employees should know their duties at the work place such that if they
make a mistake they will be accountable for that mistake and misconduct and
disciplinary actions should be taken against employees who violate the code of
conduct or ethics code.
Computer Experts
They are responsible for coming up with effective controls that will prevent fraud and
that will protect the Organisation against computer crimes such as hacking.
Legal Advisors
They are responsible for assisting the company in any legal proceeding .Legal
advisors can be internal or external to the company.
Fraud Experts
They have knowledge of identifying fraud indicators and they can assist in fraud
investigation. These may include internal and external auditors and also fraud
investigators who assist in prevention, detection and investigation of fraud.
Theoretical Frameworks for Fraud Prevention
There are three theoretical frameworks that an organization can use in the prevention
of fraud. These are firstly creating and maintaining a culture of honest and high
integrity, secondly evaluation process of the fraud and implementing the process,
putting controls and procedures to mitigate on risk and lastly developing oversight.
Creating and maintaining a culture of honest and high integrity
1.1 Various roles involved in risk management as a way of comparting fraud risks.
Prevention and Detection of fraud starts with identifying the most likely fraud scheme
and how it might have been perpetrated. Singleton et al (2010) says the investigator
should identify the fraud scheme (fraud tree) and the fraud triangle (controls) and a lot
about the red flags. Forensic investigators need to observe indicators, symptoms or red
flags of fraud. Once detected, the fraud should be investigated whether it is an error or its
actual fraud. After clearing an issue, in a particular area, other red flags in the area may
be dismissed.
In a business there are controls which are put in place to make sure that the business runs
efficiently. These controls’ objectives are fraud prevention and detection. When
employee’s overrides these internal controls, it contributes to the most common types of
frauds and compromises the purpose of fraud prevention and deterrence.
These anomalies often occur where business systems do not integrate. Investigators
should distinguish high risk anomalies and low risk anomalies. Sunder (2015) explained
that one must understand the business systems, the business and also understand the
industry. Knowledge of these will help investigators to separate the normal and expected
anomalies from those that have fraud potential.
The business
The auditor must understand
understand how the business makes money
identify the key business partners (customers, vendors, and so on)
understand the corporate culture and organizational structure
The Industry
Auditors must:
A chairman and a CEO were accused of earning substantial bonuses and profiting on the
sale of shares in a company on the bases of fraudulent financial reporting that
misrepresented the company’s results. The present of bonus and other incentive is not the
evidence of fraud but are the risk factors.
Other risk factors include a weak corporate governance policy for instance when power
is concentrated in the hands of senior management without an effective counterbalance
from the board.
Fraud risk factors may indicate the existence of risk other than fraud
Risk factor doesn’t indicate fraud risk only but may also suggest heightened risk of
material misstatements due to human and process error. For example, deficiencies in
internal controls maybe regarded as fraud risk factors and they also pose the risk that
errors may occur and go undetected without any intent to commit fraud. Golden et al
(2006) also says internal controls fail to limit or identifying accounting reporting
mistakes.
There are companies with complex structures, that have a large number of overseas
subsidiaries and significant intracompany trading may indicate fraud risk.
For instance, an accounts clerk who drives a car he appears to be unable to afford may
indicate a risk that the clerk has misappropriated company assets. Auditors should
investigate further; maybe the clerk has a spouse whose income may allow them to enjoy
those luxuries.
So, the focus must be on fact finding and critical assessment of cumulative evidence
Golden et al (2006).
There is no linear relationship between the number of fraud risk factors and the
level of fraud risk
In general, it may be said that, the more risk factors identified by an auditor, the greater
the overall risk of fraud. Golden et al (2006) suggests that few risk factors should not be
taken for granted because to quantify fraud risk by a count of risk factors is misguiding.
Golden et al (2006) says individual risk factors should be considered as a whole and
should not be of limited significance in isolation.
For example, the dominant CEO may be bullying,
CEO lack of counterweight among other senior executives
Absence of an effective audit committee, supervisory board or similar
corporate governance function.
contain a number of separate risk factors, that when looked at together, they
create a risk situation. For instance:
The auditor attempts to interpret evidence of potential risk factors within the wider
context of other observations about the company, its management and the business
environment in which it operates. Therefore, the auditor considers whether one particular
risk factor may, in fact, be linked to one or more other factors.
Some fraud risk factors are very difficult to observe
Certain risk factors are impossible to observe directly as they are related to individual
private or personal financial affairs. The auditor should be aware of indirect signs, the
potential for fraud is increased.
Risk factors
Statement on auditing standards 99 (SAS99) 2002, defines fraud risk categories that
auditors may evaluate in assessing the risk of fraud. The three main categories of fraud
risk factors are:
management characteristics
industry characteristics
operating characteristics
Management characteristics
These are management abilities, pressures, style and attitude in line with internal control
and financial reporting process. These characteristics include:
Activity
1. Critical discuss the concept risk management and fraud risk assessment.
2. Identify the factors that are considered in considering fraud risk of an organisation.
Motivate the need for fraud prevention and how it can be achieved by an
organization
Describe what is meant by a multidisciplinary approach to fraud prevention?
Describe the roles of each of the role players in a multi-disciplinary approach to
fraud prevention.
Critically evaluate how the following could prevent or reduce fraud in an
organization
(a) Fraud Risk assessments
(b) Internal controls
(c) Corporate governance
Discuss the different elements of a fraud prevention strategy and evaluate their
effectiveness.
CHAPTER 4
Red Flags for Fraud Red flags point out that possible fraud may have been committed; The
American Institute of Certified Public Accountants has issued a Statement on Auditing
Standards. (SAS) No. 99 - Consideration of Fraud in a Financial Statement Audit - that
highlights the importance of fraud detection. This statement requires the auditor to
specifically assess the risk of material misstatement due to fraud and it provides auditors
with operational guidance on considering fraud when conducting a financial statement
audit. SAS 99’s approach is also valuable for other types of audits.
• A red flag is a set of circumstances that are unusual in nature or vary from the normal
activity • It is a signal that something is out of the ordinary and may need to be investigated
further. • Remember that red flags do not indicate guilt or innocence but merely provide
possible warning signs of fraud.
Fraud Profile Perpetrator Profile:
41.2 percent of occupational fraud cases are committed by employees. However, the median
loss for fraud committed by managers was $218,000, which is almost three times greater
than the loss resulting from an employee scheme.
Approximately 61 percent of the fraud cases were committed by men. The median loss
resulting from fraud by males was $250,000, which is more than twice the median loss
attributable to women.
87.9 percent of fraud perpetrators have never been charged or convicted of a crime. This
supports previous research which has found that those who commit occupational fraud are
not career criminals.
Nearly 40 percent of all fraud cases are committed by two or more individuals. The median
loss in these cases is $485,000, which is almost five times greater than the median loss in
fraud cases involving one person.
The median loss attributable to fraud by older employees is greater than that of their
younger counterparts. The median loss by employees over the age of 60 was $713,000.
However, for employees 25 or younger, the median loss was $25,000.
• Most costly abuses occur within organizations with less than 100 employees.
• Government and Not-for-Profit organizations have experienced the lowest median losses.
• Management ignores irregularities.
• High turnover with low morale.
• Staff lacks training.
Data/Transaction Classification model for Fraud (source: Fraud Auditing and Forensic
Group A
Accounting) No Red Flags No observable Risks
Group B
Examiner Not Anomaly
4 Suspicious
Red Flags
Group C1: ERROR
Anomaly
Group C2: FRAUD
Anomalies / Exceptions
By anomaly or exception is meant something I the data or transaction that is not correct. It
could be missing data, violation of policies or internal controls, or the presence of FRAUD
red flag.
Risk: is in association with the threat from the threat, and the likelihood that the threat will
actually come to pass.
For those anomalies identified, if the transaction does not violate policies or controls, and
does not specifically identify a fraud, then it should be classified as a level 1 anomaly. If the
data or transaction violates policies or controls, it is assigned a level 2 anomaly (medium
probability and medium risk). Such types of anomalies should be examined carefully to
determine if it is an error or fraud. If it is an error, the level 2 remains. If it is not determined
in a reasonable time to be an error, then it should be assigned a level 3 anomaly (high
probability and high risk).
How organisations should respond to red Flags
Activity
References
Crumbley, D. L., L. E. Heitger, and G. S. Smith, Forensic and Investigative
Accounting, 4th ed. Chicago: CCH Incorporated, 2009.
Golden, T. W., S. L. Skalak, and M. M. Clayton, A Guide to Forensic Accounting
Investigation, 2nd ed. Hoboken, NJ:
John Wiley & Sons, 2011. Hopwood, W. S., J. J. Leiner, and G. R. Young, Forensic
Accounting and
Fraud Examination, 2nd ed. New York: McGraw-Hill Irwin, 2011. Kranacher, M-J., R.
A. Riley/Jr., and J. T. Wells, Forensic Accounting and Fraud Examination. Hoboken,
NJ: John Wiley & Sons, 2011.
W. S. Hopwood, J. J. Leiner, and G. R. Young, Forensic Accounting. (New York:
McGraw-Hill Irwin, 2008), 3, 5.
M-J. Kranacher, R. A. Riley, Jr., and J. T. Wells, Forensic Accounting and Fraud
Examination. (Hoboken, NJ: John Wiley & Sons, 2011), 9-
D. L. Crumbley, L. E. Heitger, and G. S. Smith, Forensic and Investigative Accounting,
2nd ed. (Chicago: CCH Incorporated, 2005), 1-3-
Coenen, T. L. Essentials of Corporate Fraud. Hoboken, NJ: John Wiley & Sons, 2008.
Kapian, J. A. "Why Corporate Fraud Is on the Rise." Forbes Magazine (June 10, 2010).
www.forbes.com/2010/06/10/corporate-fraud-executive-compensation-personal-
finance-risk-list-2-10-kaplan.html.
Schilit, H., and J. Perler. Financial Shenanigans: How to Detect Accounting Gimmicks
& Fraud in Financial Reports, 3rd ed. State: McGraw-Hill, 2010