When your work duties revolve around auditing or the detection of fraudulent behavior, the Fraud Triangle model is a useful resource in identifying potential offenders or situations. But what if your duties involve risk assessment or training? The Fraud Triangle can also provide a visual analysis of future business decisions and the building blocks of instructor-led training.
The Fraud Triangle helps fraud examiners understand why individuals commit fraud. The three elements — perceived pressure, opportunity and rationalization — create a trifecta of the perfect storm. The illustration of fraud inception originated from early criminologist Donald Cressey's hypothesis as he stated in "Other People's Money" (Patterson Smith, 1973, page 30):
Trusted persons become trust violators when they conceive of themselves as having a financial problem which is non-shareable, are aware this problem can be secretly resolved by violation of the position of financial trust, and are able to apply to their own conduct in that situation verbalizations which enable them to adjust their conceptions of themselves as trusted persons with their conceptions of themselves as users of the entrusted funds or property.
As fraud examiners, this theory should remain constantly in our thoughts throughout the workday. We often need to educate others on our way of thinking or why we've reached a particular conclusion. That's when visual analysis provides a valuable teaching and business development tool for clients who don't live in the world of fraud, corruption and bad behavior. Cressey's Fraud Triangle is the perfect vehicle to demonstrate what goes on in the mind of a fraud examiner when he or she provides risk assessments and recommendations. This article will give you practical ideas for using the Fraud Triangle in risk assessments, mitigation and training.
To understand the risk, understand the organization
Whether you're working as an auditing or compliance professional, or you're a hired consultant, you should be embedded and engaged in an organization so that owners or managers seek your guidance and are open to your input. Without this relationship, you won't secure a seat at the table (or the podium in this case) to begin this type of analysis.
If you're now deeply involved in the organization, its leaders might request, let's say, your advice about the risks of entering into a new geographical market. Or they might want to conduct a risk profile for a new position they're creating. Whatever the situation, they're looking for your guidance.
Which risk is highest priority?
The first step of the risk assessment is identifying the organization's main concern. Is it anti-corruption? Theft? Conflicts of interest? Don't overlook this step because it provides the basis for populating the Fraud Triangle. Don't focus too narrowly; the exercise might result in additional analysis, so allow it to lead you where it may.
Often, the organization's main concerns are synonymous with the concerns and components of its compliance program. If the client is international, everyone is worried most about anti-corruption and trade controls and their resulting penalties, which can be "company killers." If your client operates domestically, its biggest concerns might be supply chain issues and cash handling. It's very important that you're in tune with the client's larger compliance concerns so you can keep your more specific assessments in line.
Let the sides guide you
Start the process of identifying the risk areas on each leg of the triangle. You might have to research culture, processes and requirements before you begin. If you're entering into a new market or business process, you might be no more educated than your client. So identify a select team for a brainstorming exercise to promote your client's trust and buy-in. Find people that have experience in the risk area you're analyzing and engaging.
Now the process begins for examining the three legs of your Fraud Triangle. If you get stuck, here are some things to consider:
- Pressure – What are employees' external and internal pressures? Are you moving them around the world? Are they the family breadwinners? What kind of message is the company sending them about success, and is this adding undue pressure?
- Rationalization – Some typical rationalizations: Employees might not think it's harmful to take from a company that's doing well. Or they're disgruntled. Or their families are in financial crises.
- Opportunity – Engage business personnel from sales, accounting, supply chain and operations for answers. What are the holes in the organization's processes and procedures? Does it have proper separation of duties? What are the fraud touchpoints? Touchpoints, if you're focusing on anti-corruption, for example, might be any contact with government officials.
Solve risks with a mitigation plan
Once you've identified all the risk areas in each side of the Fraud Triangle, begin to address mitigation. A fraud examiner with extensive training and experience is well-suited for this task. Mitigation methods can provide priorities and direction. For example:
- Send a clear message – Mission statements, memos from the CEO and certifications all help communicate an organization's stances on a risk area.
- Training – Necessary focused training, based on risk, is a component of governmental guidance on compliance programs, such as those the U.S. Department of Justice issued on the Foreign Corrupt Practices Act.
- Employee relocation – Expats and relocated employees might need special attention to help them with their job and life transitions. This can include obtaining a driver's license, bank accounts, getting personal items shipped or providing tax advice. Prepare them for cultural nuances in their assignment country. Don't give them a reason to feel abandoned or disenfranchised.
- Hiring – A critical fraud prevention measure is the hiring of employees who believe in an ethical culture and show a high measure of integrity. Hiring key people in your risk area might require additional screening.
- Audits and check-ups – More employees are working remotely or with limited supervision. Auditing, site visits and frequent contact are necessary in such high-risk situations.
The end product
When I first discuss the Fraud Triangle concepts with organization management, I'll often draw the illustration in an informal meeting. But once management begins to understand those concepts, I'll later show a professional PowerPoint presentation of a completed risk assessment Fraud Triangle for maximum impact and a strong visual argument. (When preparing the presentation, don't forget to talk to the organization's legal department about maintaining attorney-client privilege and/or work product assertions.)
These presentations — whether on the back of a napkin or on the wall — usually spark a lot of discussion so be ready to answer questions and provide supporting documentation. Plans, programs and materials will emerge, and hopefully you'll be right in the middle of them.
The Fraud Triangle as a training tool
If you find yourself in a training role, the Fraud Triangle is a great tool for scenario-based training sessions. Give your trainees a blank triangle and a well-written fraud problem and guide them through the process. The expectation isn't to turn business personnel into fraud examiners, auditors or law enforcement, but if they can learn the critical skill of fraud issue identification then your job will be a bit easier, and the organization will be more likely to maintain a culture of compliance. Your interactive, scenario-based training sessions will help you solidify your reputation as an expert, and educating others provides additional job satisfaction.
As fraud examiners, we must often take our world to others who don't live in it, who aren't comfortable thinking about the negative side of business or are unaware of all of the risks they're exposed to in the midst of business development opportunities. A simple visual using Cressey's Fraud Triangle theory — a cornerstone of fraud examination — is an effective way to open the door.
Leslie D. Reed, CFE, CP, is a compliance and paralegal consultant, based in Tulsa, Oklahoma. Her email address is: lesliedreed@yahoo.com.