FraudPosted: July 23, 2018
One great session at the TSCPA Annual Meeting of Members was an optional CPE session on the Changing Face of Internal Fraud presented by Steve Dawson, CPA, CFE. The session addressed all three corners of the Fraud Triangle – Incentive/Pressure, Rationalization and Opportunity. This blog will briefly cover each corner.
Incentive/Pressure can come from internal aspects such as compensation plans, but most often the pressure to commit fraud comes from outside the organization. The person committing fraud has some perceived financial need that cannot be shared and can only be resolved by committing fraud. Need may come from something bad like a gambling or drug habit, but it does not necessarily imply financial hardship. The “need” may be to show success by having money to buy a new boat or take fancy trips. The point here is that often the need is a perception of the fraudster and not something that can be directly addressed by an organization.
Rationalization is very important and underappreciated in how it enables fraud. The reality is that a clear majority of people committing fraud think of themselves as decent people. How does a decent person convince themselves that stealing is not bad? Often times they justify the fraud by saying they intended to pay the money back, or that they were entitled to the money because of how hard they worked, or how important their contribution was to growing the organization. The ability of the human mind to make bad actions seem appropriate, or even noble, can be amazing.
The final corner of the triangle is opportunity; and this is one area where the organization can have direct impact. Internal controls are put in place not only to detect fraud, but to increase the perception of detection. Controls need to focus on the mind of the potential perpetrator. Think of the last holiday where you passed three police officers in a 15-mile stretch. I bet you drove closer to the speed limit because your perception of being caught for speeding was increased. The point of controls is to increase the perception of being caught and get people to do the right thing as a result.
Controls such as fraud and expense policies, and policies that remove a presumption of privacy such as the ability of the company to review any emails sent over its network, all serve to increase the perception of being caught. So, do publications that talk about the results of fraud investigations (with appropriate details removed to protect privacy). If people hear about others being caught, they are less likely to think they can get away with fraud, and therefore less likely to commit fraud in the first place.
The bottom line is to create a perception that the organization takes fraud seriously, and the best way to create that perception is for the organization to take fraud seriously. Does your organization take fraud seriously?