Fraud Basics – The Fraud Triangle – what are the drivers of fraud

To understand fraud, we have to understand what drives people to it. Are some people born to be fraudsters? What facilitates or motivates people to commit fraud and what can organizations do to prevent fraud.

In the 1950’s studies by Dr Donald R Cressey on the behavior of individuals who had embezzled funds lead to the hypothesis of the Fraud Triangle. The Fraud Triangle holds that there are three drivers of fraud: opportunity, motivation and rationale. To date the findings of Cresseys study still hold. An additional driver or facilitator has been identified as capability. According to KPMG’s 2014 study Global profile of a fraudster, People commit fraud when three elements occur simultaneously, the perfect storm; motivation, opportunity and ability to rationalize the act. In almost all cases, this explains why the fraud occurs and why a particular type of person becomes a fraudster.

Every professional involved in fraud examiners should understand the fraud triangle as a starting point in understanding fraud.

To understand the fraud triangle consider the following example. James is the Head of Finance for a Savanna Holdings. Savanna Holdings deals with purchase and sale of premium animal feed in Kenya. The animal feeds are imported from Denmark. Savanna holds all its stock in a warehouse in Nairobi from where dispatches to customers are done. As the Head of Finance James is in charge of the warehouse, the finance department, logistics and administration.  James Joined Savanna as an intern in the warehouse department. Over the course of his 17 years employment at Savanna, he has worked in the logistics department, administration department and in internal audit. Most of the policies, procedures and controls in place at Savanna were developed while James was an employee. During last year’s Audit by Milestone Associates – CPA, the auditors recommended that a detailed investigation be performed on the company’s inventory records and non performing debtors.

Momentum Advisory – CFE conducted the investigation. Their findings were that James in collusion with other employees had defrauded the company Kshs 170 million – (approx. USD 2million).  The fraud had taken place for the last three years. The investigation also found the following:

·        That James had divorced his wife and the court had ruled that about 50% of his wealth be transferred to his wife. In addition he was required to pay child support of Kshs 150,000 per month.

·        James was the overall authority in approval of all credit sales, signing off of inventory records at the end of year, signing off of bank reconciliations.

·        The ownership of Savanna had overlooked in the appointment of a new CEO four years ago.

 

The theoretical case above provides an example of how cases of fraud will exhibit the three drivers mentioned in the fraud triangle.

Opportunity and Capability

People who have stayed in the organization long enough have gained trust of the organizations. In addition, they understand the controls of the organization. In this case James has worked in the organization for 17 years, he has worked in virtually all departments that now report to him. At his position no member of staff can question his actions. These circumstances have created the opportunity for him to commit fraud. It’s like leaving the safe unlocked just because you trust your colleagues. The open door is the opportunity.

Motivation and pressure

James was recently divorced, he also has child support to take care of. These circumstances have created pressure on James to find alternative ways of raising his income. Fraud like any other crime requires motivation, this could be greed, financial gain or financial difficulty. For someone at James level, it could be difficult to observer aspects of greed[1]. If James an expensive car, nobody would think about it too much given his position of CFO.

Rationale

Fraudsters, as with other types of criminals, will frequently provide a rationale for their deeds. For example in James case, he may feel that he is getting even with the organization for overlooking him in their search for a CEO. James may also feel that he is superior enough not to play by the rules of the company.

Although the above case is theoretical, I have seen similar cases in my investigations over the years. Opportunities for fraud are many depending on the type of organization. Organizations need to be vigilant to ensure that controls are tight enough and oversight is strong enough to identify where such might occur.

Recognizing these drivers may assist organizations reduce fraud. Internal controls and trust is good, but recognizing that you are dealing with or relying on human element may enable an organization prevent fraud.

---

[1] KPMG 2014, Global profiles of a fraudster survey

…but that’s how things are done here

An article by David Mathuva

Working in any corporation may lead people to adopt repetitive patterns of behavior as was my experience once with an investigation I was involved in:

“… but I found my predecessors not ticking each and every bank reconciliation item when reviewing them!”

This is an assertive remark I got from a top finance manager in what would be classified as a blue chip company in our country. The remark emanated from a flurry of interview questions levelled on this finance manager, who, as he had indicated, “was in a hurry to attend other important business”. Being a registered CPA of Kenya with “over 15 years” of “relevant” experience in Accounting and Finance, this finance manager did not perceive the danger posed by such a practice. To cut the long story short, as a result of this “experienced” finance manager not checking each and every reconciling item on the bank reconciliations, the poor company was defrauded slightly over Kshs. 60 million over a two-year period. Only heavens know whether the company had lost more money in other years – but for the period under scope, Kshs. 60 million was gone.

I have written articles on bank reconciliations and warned that these can be used to perpetrate fraud by concealing it. Without a great deal of attention in reviewing bank reconciliations, hell can break loose after having caused massive damage over an extended period of time. However, this is not the focus of this article right now, in case you want to read more on bank reconciliation fraud, visit my blog on: http://dmathuva2012.blogspot.com/2013/08/the-fading-role-of-bank-reconciliation.html.

Back to the key issue under focus: this culture, this rite…this ritual, has cost companies dearly. Talk of sloppiness in adhering to policies and procedures in the name of culture, to committing fraud – again, in the name of culture! Do not blame [wrong] tone at the top, No.  This is one culture type that must be weeded out since it is disastrous. It demonstrates unwillingness by staff, not only to evade doing what should be done, but it may also signify a lack of willingness to take initiative or be innovative. Corporate leaders must be wary of elements within the company who have this cultural orientation and “align them” early before things get worse. This is because, this culture is infectious and very tempting as it more of a “short-cut” way of doing things as opposed to the “hard” formal way.

I do not want to sound philosophical but, come to think of it, when corporate leaders talk about change, they usually have a desired result in mind: gains in performance, a better a better approach to customers, the solution to a formidable challenge as Schwartz, Gaito & Lennick (2011) put it. With this kind of a culture, all this becomes “a wish” which is either not realized or partially realized. Never realized if all employees are entrenched in this culture and partially realized if there are a few elements who are into this addiction. The former is rarely experienced in corporations. The latter is often than not found is nearly 70% of the corporations.

I am not writing off employees who are entrenched in this culture: No. As Schwartz, Gaito & Lennick (2011) view it, being forced at work to try something new can trigger fear and anger (sometimes called the “amygdala hijack”), the urge to flee, or exhaustion disproportionate to the actual provocation. And this is justifiable. You can ask yourself, “this company has introduced a million +1 procedures and policies just recently”, and all along we have been operating with only the 1 policy +1 procedure called “Just do it”. Why now are we being subjected to the million+1 policies and procedures? What has changed now that we did not see change 5 years ago? This is often the unconscious rationalization employees entrenched in this culture have. And it is this rationalization that leads to the worst…. sloppy controls and thereby creating an enabling environment for fraud to happen.

Corporations, both in public and private sectors, let us put an end to this venomous culture, embrace discipline in adhering to policies and procedures! Most importantly, let us strive to weed out those elements stuck in this lethal culture, not forgetting that compliance comes before performance!

David Mathuva is a Forensic Investigator based in Nairobi.

He holds a Bachelor’s degree in commerce and a Masters in Forensic Accounting from Strathmore University. David is also a CPA.

You can read his articles on http://dmathuva2012.blogspot.com

Reference: Schwartz J., Gaito P. & Lennick D. (2011). “That’s the Way We (Used to) Do Things Around Here”. Strategy & Leadership, Issue 62 (Spring 2011).

Trust is not an internal control...

In the recent past I have investigated a number of irregularities whose root cause has been lapse internal controls and lack of enforcement. Over the last few years many firms have crafted internal controls, some even appreciating that a risk department should be established. Many of the these firms have spent huge amounts of money crafting what I would call wonderful documents in as far as identifying risks and how to control/manage them.

I always appreciate the efforts that companies make to ensure that they documented controls. However, the implementation of such controls is wanting in most cases. And this is where the whole risk management process fails. In the anti-fraud profession we have come to appreciate that if a fraudster knows that he will not be detected, then internal controls fail. Fear of detection is what prevents fraud and misconduct. Think about your organization, do you think the internal controls would deter a potential fraudster. Detection entails: having the right internal controls, resources in your risk department, committed management that sets an example, being tough on non-compliance and ensuring that there is right communication to staff.

I have come across organizations particularly small NGOs and family run businesses where internal controls are non-existence.

It always saddens me as an owner of a business or a director of an NGO narrates how, they have always trusted person X to handle their accounts for the last ten years and he has always performed, only for them to find out that the trusted fellow was running a separate organization. Some of these cases have resulted in consequences that would have never been anticipated: Freezing of funding from donors, tax claims from the tax authorities or closure of the organization.

However much you trust your employees, ensure you review their work or have an independent person do it. Have a questioning mind especially for long serving employees in certain positions…trust cannot be an internal control. I have seen instances where family members who have been placed in positions of trust turning out to be real fraudsters. I have also investigated a case where a receipting clerk defrauded his organization about Kshs 200 million in a period of two years – he had served in the position for over ten years.