Profiling the Fraudster - OpenThinking Day
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Profiling the Fraudster - OpenThinking Day

on

  • 591 views

Profiling the Fraudster by Mr. Simon Padgett, Head of Forensic Services at Protiviti

Profiling the Fraudster by Mr. Simon Padgett, Head of Forensic Services at Protiviti

Statistics

Views

Total Views
591
Views on SlideShare
585
Embed Views
6

Actions

Likes
0
Downloads
17
Comments
0

2 Embeds 6

http://www.schoology.com 5
http://www.linkedin.com 1

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Profiling the Fraudster - OpenThinking Day Presentation Transcript

  • 1. Profiling the Fraudster …..its all about people Open Thinking DaySimon PadgettDirectorForensic Servicessimon.padgett@protivitiglobal.aeDubai. September, 2012© 2012 Protiviti Member Firm (Middle East) ConsultancyCONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 2. E&Y Fraud Survey – Key Findings In the last year :  2 in 3 had been defrauded  1 in 10 had more than 50 frauds  82% were committed by employees  Half of the employees had over 5 years service  A quarter had more than 10 years service  A third of the frauds were by management © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 3. The two faces of fraud:  The first face is one of systems or controls  The other face is the human element2 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 4. COSO COSO identifies 5 components, which when integrated and operating in all business units, will help establish an effective internal control framework: 1. Control Environment 2. Risk Assessment 3. Control activities 4. Information and Communication 5. Monitoring3 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 5. Fraud Risk Assessment Organizations first identify risks and prioritize them by assessing the impact and likelihood of an inherent risk. A key differentiator between Internal Controls and Anti Fraud Controls is the Human Element inherent in the decision to defraud. Failure to assess the Human Element can cause frauds to happen in organizations that otherwise seem to have a robust and comprehensive internal control framework. So, why do people commit fraud?4 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 6. One of the best theories on why people commit fraud was given by Donald Cressey in his book “Other People’s Money” Cressey stated that Fraud occurs when an individual : •Has a non sharable financial problem. •Perceives an opportunity to resolve the situation. •Has the ability to rationalize his misdeeds even before committing them.5 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 7. Pressure In other words for an individual to commit fraud, he may be under pressure from a financial problem which the individual perceives cannot be solved through other means. These problems often manifest themselves into behavioral patterns or red flags, which if spotted in time, could prevent a fraud from happening. The ACFE 2010 Report to the Nations, states that the most commonly cited behavioral red flags were perpetrators living beyond their apparent means or experiencing financial difficulties at the time of the fraud.6 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 8. Opportunity Even if an individual has the motive, he cannot perpetrate the fraud unless presented with an opportunity. Opportunities could arise due to a number of factors within the organization such as high turnover of management in key roles, lack of segregation of duties or a complex organization structure. © 2012 Protiviti Member Firm (Middle East) Consultancy7 CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 9. Rationalisation Rationalisation of the act is the last element in understanding why people commit fraud. Most people believe themselves as good and need to convince themselves that their actions were justified. Some of these justifications are: • I was going to pay it back • Everybody does it • I am not hurting anyone • I was helping my family • This is nothing compared to what xyz did.8 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 10. The Fraud Triangle To sum up, when this individual under pressure is presented with an opportunity and is able to rationalize his planned actions, fraud occurs. This hypothesis is better known as the Fraud Triangle. FRAUD9 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 11. Fraud Risk Assessment To be able to effectively analyse and prioritize fraud risks, organizations should evaluate the Human Element in the fraud risk. This can be achieved by applying the principles of the Fraud Triangle to the traditional risk assessment criteria of Impact and Likelihood. LIKELIHOOD INHERENT RISK IMPACT Traditional Risk Assessment Criteria RATING IMPACT OPPORTUNITY SITUATIONAL ATTITUDE OR FRAUD RISK Fraud Risk Assessment Criteria PRESSURE PERSONAL PRIORITY INTEGRITY The Human Elements10 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 12. Key Controls and Personal Integrity For example in an organization where an individual performs a number of key controls – if this individual’s personal integrity and values are high, the chances of fraud happening is significantly lower than when the individual’s personal integrity is low. Understanding the people who manage key internal controls in an organization, their values and attitude could go a long way in minimizing the incidence of fraud and help build effective anti- fraud deterrents within an organization.11 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 13. Anti-Fraud Program It is important for organizations to consider the human element while managing fraud risks. An Anti-Fraud Program that considers the human element may include the following fundamental controls: •Establish a Code of Ethics. •Develop Fraud Policies. •Invest in a communication and training program on fraud and corporate fraud policies for all employees. •Ensure proper segregation of duties for key activities and functions. •Set up appropriate recruitment procedures to select the right candidates. •Set up policies for rotation of staff duties and forced vacations. •Know your key fraud risks and controls. Monitor them regularly. •Set up a whistle blower hotline. •Sound recruitment policies and psychometric testing. •Develop a Fraud Risk Assessment process.12 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 14. 13 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 15. 1. Edwin H. Sutherland  First defined “white-collar crime” in 1939 – Criminal acts of corporations – Individuals in corporate capacity  Theory of differential association – Crime is not genetic – Learned from intimate personal groups – These groups teach "definitions" (including skills, motivations, attitudes, and rationalizations) either favourable or unfavourable to the violation of the law. Criminal behaviour results when one is exposed to an excess of definitions favourable to the violation of the law over unfavourable definitions.14 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 16. 2. Harvey Cardwell  Wrote a book in 1960 on the logic and language of auditing for fraud.  Found there are primarily 3 principal factors that contribute to employees beginning to steal: – The want for money - (early or late in life and the temporary urgent need) “Years of honest service” become meaningless when presented with time pressure. – Aggrieved – stealing after years of honest work apparently when hopes have faded, when honesty & effort have failed to produce the expected measure of success. Deterrents of prior years are weakened by extreme frustration. – The ability to steal – has been deterred by fear of detection but experience brings increased ability & self-confidence15 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 17. 3. Gottfredson & Hirschi’s general theory of crime - 1990  Assume that individuals choose the behavior that they wish to perform rationally. They will weigh the potential pleasure of performing a behavior against the potential pain of the behavior. When a behavior is judged to be more pleasurable than painful, an individual is likely to perform the behavior.  Central to this decision is low self-control.  How much crime occurs will depend in part on how much crime circumstances allow.16 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 18. 4. Richard C. Hollinger Hollinger-Clark study (1983) Surveyed 10,000 workers:  1/3 had committed some form of fraud.  Many stole because of job dissatisfaction.  Employee perception of detection is important.  Employee-thieves exhibit other deviances – Sloppy work, sick leave abuses, etc.  Increased security & controls may hurt, not deter.  Management should be sensitive to employee’s attitudes.17 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 19. 5. Donald R. Cressey  Other Peoples Money  A criminologist who studied embezzlers  Why people become “trust violators”  Developed the Fraud Triangle in 1953  Cressey’s three learning principles 1) Non-shareable financial problem. 2) Perception that occupational situation can resolve the problem. 3) Ability to Rationalize the act(s).18 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 20. The Fraud Triangle:19 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 21. Fraud Risk Model “the auditor should not assume that all 3 conditions must be evident before concluding that there are High Risk identified risks.” Medium Risk Incentive/ Attitude/ pressure rationalization “…the auditor cannot assume that the inability to observe one or two of these conditions means Opportunity there is no risk…”20 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 22. 6. The triangle extended: the fraud diamond - Wolfe & Hermanson - 2004 Pressure opportunity capabilityPosition/functionThe Human brainConfidence/egoCultural issuesCoercion skillsEffective lyingImmunity to stress rationalisation21 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 23. The three parts of perceived opportunity…… 1. To commit fraud 2. To conceal fraud 3. To avoid punishment22 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 24. pressure/rationalisation capability identify opportunity act upon it; caught not do it punished commit will I be No fraud caught? don’t do it Yes maybe © 2012 Protiviti Member Firm (Middle East) Consultancy2 CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 25. Iceberg Theory of Dishonesty Overt Aspects Structural - Hierarchy Considerations - Financial resources - Goals of the organisation - Skills and abilities of personnel - Technological state - Performances stds Waterline - Efficiency measurements Covert Aspects - Attitudes - Feelings (fear, anger, etc) Behaviourial - Values Considerations - Norms - Interaction - Supportiveness24 © 2012 Protiviti Member Firm (Middle East)- Satisfaction Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 26. Characteristics of a Fraudster  College educated, white Male. ¾ of frauds are committed by men. Higher median loss (US$85,000 for men, US$ 48,000 for women).  Intelligent. The challenge of “secure systems” overcomes boredom.  Egotistical. Feel worth more than their position.  Inquisitive. Curious as to computer vulnerability.  Risk takers. Not afraid to fail. Fails to consider consequences.  Rule breakers. Likes shortcuts. Justifies infractions of laws.25 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 27. Characteristics of a Fraudster, continued  Hard Workers. In early, out late, no vacations.  Excessive overtime  Immune from stress.  Financial pressure. Medical fees, bad marriage, gambling.  Married.  Management.  Disgruntled. Feels abused, not promoted, underpaid.  Big Spender. Living beyond means.26 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 28. Characteristics of a Fraudster, continued  Sudden large purchases  Close relationships with suppliers/customers.  Don’t like people reviewing work  Unable to relax  Often display drastic behavioral changes  Need turns to greed.27 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 29. Changes in Behaviour  Sudden large purchases. House, Car, Jewellery  Brags about purchases  Carry large amounts of cash  Fending off creditors  Borrows money from co-workers  Moody, Irritable  Defensive attitude to questioning  Territorial over responsibilities28 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 30. Changes in Behaviour, continued  Workaholic  Mentions financial/family problems  Exhibits signs of addiction. Absenteeism, looks ill  Decrease in productivity  Spending excessive time with vendors/suppliers  Nervous  “Minor” infringements29 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 31. Characteristics of a Victim Organisation  Most costly abuses in organizations of less than 100 employees.  Where fraud is not perceived a risk  Management ignore irregularities  Morale is low  High employee turnover  Lack of training  Rapid increase in revenues and profits  Strong, egotistical leader  Profit is the ultimate goal, to be reached no matter what  Salary structure tied to profit30 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 32. ACFE Report to the Nations on Occupational Fraud The latest report, for 2010, was compiled from 1,843 cases and covered cases from 106 nations.31 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 33. Victims of Occupational Fraud The 2010 Report provides some information on the types of businesses that were victims of occupational frauds. The highs and lows are as follows: % of cases Median loss High Banking 16.6% Mining US$ 1 and finance million Low Mining 0.7% Education US$ 71k32 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 34. Profiling by Fraudster Position in Organisation  This is explained on the basis that more senior people in management levels and executive positions have a greater opportunity to commit and hide larger frauds. This is a common theme throughout the remainder of the profiles.  The study also found that lower level employees committed more frauds in number than management level, and about twice as many frauds as executives - probably because there are many more lower level employees that executives. Employee Management Owner/Executive 39.7% 37.1% 23.3% $70,000 $150,000 $834,000 42.1% 41.0% 16.9% $80,000 $200,000 $723,00033 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 35. Profiling by Job Description in Organisation The greatest number of cases are committed by people with the accounting area of the business, as these employees will have the knowledge of how to commit and hide the fraud and access to the records to do so. The largest median losses were incurred by frauds committed by people within the legal department. % of cases Median loss Upper Highs Accounting 22% $829,000 Management Lows Internal Audit 0.2% Internal Audit $13,00034 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 36. Profiling by Fraudster Gender Over the past surveys, the rate of fraud between the genders began to equalize in number. This was superficially explained by the trend of women getting closer to equality in the work place (in numbers and positions) Male Female Percentage 2008 59.1 40.9 Median Loss 2008 250,000 110,000 Percentage 2010 66.7 33.3 Median Loss 2010 232,000 100,00035 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 37. Profiling by Fraudster Age Median losses increase with the age of employees. Under 26 to 30 31 to 40 41 to 50 51 to 60 over 60 25 % 5.9% 10.7% 34.2% 32% 15.1% 2%36 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 38. Profiling by Educational Standard Smarter people - smarter frauds? Some Tertiary High School Tertiary Education Post Graduate Education Percentage 2008 54.7% 34.4% 10.9% Median Loss 2008 $150,000 $210,000 $550,000 Percentage 2010 28.8% 17.1% 38% 14% Median Loss 2010 $100,000 $136,000 $234,000 $300,00037 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 39. 38 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.
  • 40. 39 © 2012 Protiviti Member Firm (Middle East) Consultancy CONFIDENTIAL: This document is for your companys internal use only and may not be copied nor distributed to any third party.