Fraud Triangle Analytics

Applying Cressey's Theory to E-mail Communications

By Dan Torpey, CPA, CITP; Vince Walden, CPA, CFE; and Mike Sherrod CFE, CPA

2009-JulyAug-Email Analytics and Fraud Triangle 
A well-known statistic from the 2008 ACFE Report to the Nation on Occupational Fraud & Abuse says that 66 percent of occupational fraud is detected by anonymous tips or by accident rather than by internal audit, internal controls, or other measures. Internal audits discover only 19.4 percent of occupational fraud, according to the report.

(See Figure 1.)   

These statistics challenge the profession. Why isn't internal audit - often the focus of a large amount of time and money in organizations - at the top of the list for detecting incidences of fraud? Part of the answer could be right in front of many CFEs.

The Gartner Research Group, in its May 2005 study, "Introducing the High-Performance Workplace: Improving Competitive Advantage and Employee Impact," states that 80 percent of enterprise content - such as e-mails, user documents, presentations, and Web material - is unstructured in nature. Yet, most internal audit and anti-fraud testing only focuses on the remaining 20 percent of data that's structured, like financial accounting systems or transactional databases.

Reviewing someone's e-mails for potential fraud can be like searching for the proverbial needle in a haystack. Companies might also be a little squeamish about invading the personal privacy of their employees, even though they're typically scanning all employee e-mail activity daily for various threats.

Yet, while organizations have access to the many volumes of e-mail data that flow to and from their offices, there hasn't been a systematic way to cull the data into an organized and effective anti-fraud solution. That is, until now. Welcome to Fraud Triangle Analytics.



For full access to story, members may sign in here.

Not a member? Click here to Join Now. Or Click here to sign up for a FREE TRIAL.