TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
1 Dissertation Manuscript Submitted to North
1. 1
Dissertation Manuscript
Submitted to Northcentral University
Graduate Faculty of the School of Business
in Partial Fulfillment of the
Requirements for the Degree of
DOCTOR OF PHILOSOPHY
by
Walfyette Powell
Prescott Valley, Arizona
December 2016
3. 789 East Eisenhower Parkway
P.O. Box 1346
Ann Arbor, MI 48106 - 1346
10260269
10260269
2017
2
Approval Page
A Phenomenological Study of SAS No. 99 and Auditors'
Perception of the Fraud
Triangle Theory
By
Walfyette Powell
Approved by:
Ann Armstrong, EdD 1/30/2017
4. Chair: Ann Armstrong, EdD Date
Certified by:
1/30/17
Dean of School: Peter Bemski, PhD Date
3
Abstract
The fraud triangle theory is the underpinning principle of SAS
No 99 and it is utilized by
auditors to detect and assess the likelihood of fraud during a
financial statement audit.
Although the theory is relied upon to detect fraud many scholars
believe it is inadequate
in fraud detection. From 2002 to 2008, undetected fraud
increased from 5% to 7%. Based
on this claim it is evident that the fraud triangle theory has not
improved auditors’ ability
to detect fraud. The theory articulates three critical elements
5. that are present for a typical
individual who engages in fraud: opportunity, perceived
pressure, and rationalization.
The theory has gained recognition over the last forty years;
however, Kassem, Higson,
and Buchholz suggest that the fraud triangle is ineffective in
detecting fraud. They
suggest that a new fraud theory should be implemented that
includes motivation,
integrity, and capability because it would improve auditors’
ability to detect the
likelihood of financial statement fraud. The purpose of this
qualitative phenomenological
study was to understand and describe U.S. auditors’ perceptions
of the effectiveness of
fraud triangle theory and to determine if motivation, integrity,
and capability should be
included in fraud theory. The researchers suggest the fraud
triangle should be modified
and it should include motivation and capability which is
observable events and
rationalization should be removed because it is not an
observable event. Future research
on the fraud triangle theory should focus on two important
6. areas. First, future research
should identify techniques to determine if an employee has
rationalized their actions to
commit financial fraud and future research should focus on
modifying SAS No. 99.
Lastly, findings from this research may help auditors to perform
their duties to detect
whether financial statement fraud exists in an organization.
4
Acknowledgements
First and foremost, I would like to thank God my heavenly
father who has given
me the strength, fortitude and faith to successfully complete my
dissertation “I never
would have made it without you.” Next, I want to thank my
mother and sisters who have
always supported me in my endeavors, their words of
encouragement and faith in my
abilities inspired me throughout my dissertation journey. My
family’s love and support
7. gave me the tools I needed to achieve my goals. I know that I
am lucky to have such a
wonderful support-base - thanks for the love!
Lastly, I am forever grateful to Dr. Armstrong, my dissertation
chair. Your words
of support, Skype meetings, and telephone calls were
appreciated, and without your help,
this dissertation would not have been possible.
Faith
I can do all things through Christ which strengthens me
Philippians 4:13
5
Table of Contents
Chapter 1: Introduction
...............................................................................................
........ 7
Statement of the Problem
............................................................................................
11
8. Purpose of the Study
...............................................................................................
.... 12
Theoretical Framework
...............................................................................................
13
Research Questions
...............................................................................................
...... 15
Nature of the Study
...............................................................................................
...... 15
Significance of the Study
............................................................................................
16
Definition of Key Terms
.............................................................................................
17
Summary
...............................................................................................
...................... 19
Chapter 2: Literature Review
............................................................................................
21
Brainstorming
...............................................................................................
.............. 36
Professional Skepticism in Fraud Detection
............................................................... 39
Analytical Procedures
...............................................................................................
.. 42
SAS No. 99 and Internal Control
................................................................................ 45
9. The Evolution of Statements of Auditing Standards
.................................................. 49
Risk Assessment
...............................................................................................
.......... 55
Audit
Evidence............................................................................. ....
........................... 61
Chapter 3: Research Method
.............................................................................................
69
Research Methods and
Design(s)................................................................................
70
Population
...............................................................................................
.................... 71
Sample....................................................................................
..................................... 72
Materials/Instruments
...............................................................................................
.. 74
Data Collection, Processing, and Analysis
................................................................. 76
Assumptions
...............................................................................................
................. 82
Limitations
...............................................................................................
................... 83
Delimitations
...............................................................................................
................ 83
Ethical Assurances
13. year 5% of a
company’s revenue is lost due to fraud (Campanelli, 2016). This
number is staggering
because it equates to millions of dollars each year. In the worst-
case scenario, financial
statement fraud has destroyed billion-dollar companies, such as
Enron, Arthur Anderson,
and WorldCom. Because financial statement fraud has a
catastrophic effect on the
economy, it is a major concern to the Public Company
Accounting Oversight Board
(PCAOB), whose responsibility it is to protect the investing
public by ensuring that
financial statement fraud does not occur or that the impact of
financial statement fraud is
kept to a minimum.
To ensure that financial statement fraud is kept to a minimum,
the Public
Company Accounting Oversight Board (PCAOB) has specific
guidelines that auditors
must follow when an auditing a company’s financial statements
(http://pcaobus.org/Rules, 2016). Auditing is the process of
verifying accounting
14. information to ensure that the data is accurately presented.
However, because of the
increase in financial statement fraud, new regulations require
that auditors improve their
auditing procedures to detect the likelihood of fraud during an
audit (Kranacher et al.,
2011). To ensure auditors improve their ability to detect fraud,
The Statement on
Auditing Standard No. 99 (SAS No. 99) was enacted (AICPA,
2002). SAS No. 99
identifies the skills, provides the guidance, and identifies the
standards that auditors must
follow to plan and perform the audit to obtain reasonable
assurance about whether the
financial statements are free of material misstatement (AICPA,
1997). To obtain this
reasonable assurance, auditors must look for fraud throughout
the entire audit process.
8
Fraud is defined as an “intentional deception,” whether by
omission or co-
omission, that causes its victim to suffer an economic loss or
15. the perpetrator to realize a
gain (Kranacher, Wiley, & Wells, 2011, p. 5). Fraud can occur
in many forms, such as
check fraud, securities fraud, occupational fraud, and financial
statement fraud
(Kranacher, Wiley, & Wells). Financial statement fraud arises
from financial reporting
misstatements and from misappropriation of assets (Casabona &
Grego, 2003). To ensure
that public companies did not prepare fraudulent financial
statements, they are required to
have an annual audit that follows the policies and procedures of
SAS No. 99.
SAS No. 99, which was enacted in October 2002, and which
supersedes SAS No.
82 (Casabona & Grego, 2003). SAS No. 82 identified the
responsibilities of auditors in
evaluating the risk of material financial misstatements due to
fraud, whereas as SAS No.
99 identifies how auditors plan the audit in response to the risk
identified (Whittington, &
Landsittel, 2001). SAS No. 99 does not change the auditors’
responsibility to detect
fraud; nonetheless, it is an improved version of SAS No. 82
16. because it provides
additional guidance on how auditors should plan and perform
the audit to detect fraud
(AICPA, 2002).
One of the major components of SAS No. 99 is the fraud
triangle. The fraud
triangle was developed by Donald Cressey (1953), an American
criminologist and
sociologist who conducted extensive research on the mindset of
white-collar criminals.
Cressey’s research led him to develop the fraud triangle theory.
The theory articulates
three critical elements that must be present for a typical
individual to engage in fraud
(Kranacher et al., 2011). The three elements are perceived
opportunity, perceived
pressure, and rationalization (Kranacher et al., 2011).
9
Individuals can be pressured financially for many reasons, such
as poor credit,
living beyond one’s means, gambling, and drugs (Buchholz,
17. 2012). Individuals may
attempt to relive financial pressure by stealing from their
organization (Buchholz, 2012).
For example, the fraudster may obtain economic benefits by
stealing cash from an
organization. However, a fraudster cannot steal cash from the
company without having
the opportunity, which is another component of the fraud
triangle theory.
Opportunity is an element of the fraud triangle theory over
which companies have
the most control. Companies have control over opportunity
because the opportunity to
commit fraud is determined by the company’s internal control
structure. Therefore, if a
company creates a secure internal control structure, it will
reduce the opportunity for
fraud to occur. To create a secure internal control structure, a
company must design the
appropriate policies and procedures. If a company’s internal
controls are not properly
designed, these internal controls can be compromised
(Buchholz, 2012). To illustrate, if a
company keep checks or cash in an unsecure location, the
18. opportunity for an employee to
steal the cash or checks is present.
The last component of the fraud triangle theory is
rationalization, which is the
process of a fraudster justifying his or her actions for doing
wrong (Kranacher et al.,
2011). Rationalization may include thoughts such as
dissatisfaction with the company
because of poor working conditions, low wages, unreasonable
working hours, or lack of
health insurance. During rationalization, the fraudster comes to
believe that he or she is
entitled to steal because of dissatisfaction with the company
(Bucholz, 2012).
10
Background
The fraud triangle is a theory that auditors rely on when
assessing a company’s
vulnerability to financial statement fraud. The fraud triangle
19. theory is the underlying
principle of SAS No. 99; however, eleven years after the
implementation of SAS No. 99,
financial statement fraud still remains undetected. Claims have
proven that from 2002 to
2008, undetected fraud increased from 5% to 7% (Saksena,
2010). Based on this claim, it
is evident that fraud triangle theory has not improved auditors’
ability to assess a
company’s vulnerability to financial statement fraud. Therefore,
this study was important
because it will explain auditors’ perceptions of the effectiveness
of the fraud triangle
theory and clarify whether the fraud triangle theory should be
modified to include
motivation, integrity, and capability. If auditors are able to
detect fraud, it will improve
stakeholders; confidence in the financial statements they rely on
prior to investing in a
company.
The fraud triangle theory identifies opportunity, rationalization,
and pressure as
the underlying assumptions that auditors should consider when
assessing the likelihood
20. of fraud in an organization (Kranacher et al., 2011). Although
auditors rely on the fraud
triangle, some scholars believe that the theory is not sufficient
to determine the extent of
fraud in an organization (Dorminey et al., 2010; Kassem &
Higson, 2012; Kranacher et
al., 2011). The fraud triangle has deficiencies; therefore, it
should not be relied upon for
detecting financial statement fraud (Buchholz, 2012). One
deficiency is rationalization.
Rationalization is a deficiency because it cannot be observed,
meaning that an auditor
cannot observe how a person rationalizes their actions. The
fraud triangle lacks objective
11
criteria for identifying pressure and rationalization; therefore, it
is not effective in
determining fraud (Dorminey et al., 2010).
Kassem and Higson (2012) explained that because the fraud
triangle is ineffective
in detecting fraud, a new fraud triangle should be implemented.
21. To further study the fraud
triangle theory and its effectiveness, Kranacher, Riley, and
Wells (2011) wrote that to
improve auditor’s ability to detect the likelihood of fraud in a
company, the fraud triangle
should be expanded to include motivation. Kassem and Higson
(2012) suggested that the
fraud triangle is ineffective in detecting fraud and that a new
fraud triangle should be
implemented that includes motivation, integrity, and capability.
Statement of the Problem
SAS No. 99 was implemented on December 15, 2002 because of
scandals that
occurred at major corporations such as Enron and WorldCom
(Labaton, 2006). The
underlying principle of SAS No. 99 is the fraud triangle theory,
which is a framework
that assists auditors in analyzing a company’s vulnerability to
fraud. However, eleven
years after the implementation of SAS No. 99, much financial
statement fraud is still
undetected. Saksena (2010) claimed that from 2002 to 2008,
undetected fraud increased
22. from 5% to 7%, which results in billions of dollars in losses.
Based on this claim, it may
be that the fraud triangle theory has not improved auditor’s
ability to detect a company’s
vulnerability to financial statement fraud.
Buchholz (2012) explained that the fraud triangle has
importance for detecting
fraud in a financial statement audit, but that it also has
deficiencies and should not be
solely relied upon. Kassem and Higson (2012) suggested that
the fraud triangle is
ineffective for detecting fraud and that a new triangle should be
implemented that
12
includes motivation, integrity, and capability as additional
factors. The specific problem
that was the focus of this study, was the deficiencies in the
fraud triangle theory from
the perspective of U.S. auditors and what they believed should
be included for auditors to
better detect fraud. If this problem is not fixed financial
statement fraud will continue to
23. go undetected, which cost investors and creditors billions of
dollars of lost revenue.
Lastly, the economy will suffer if corporations do not have
access to cash to expand and
grow their business.
Purpose of the Study
The purpose of this qualitative phenomenological study was to
understand and
describe U.S. auditors’ perceptions of the effectiveness of fraud
triangle theory and to
explore whether the addition of new elements, such as
motivation, integrity, and
capability, would offer additional explanatory value to
understanding why fraud occurs.
Findings from the research questions may help auditors in
performing their duties to
detect whether financial statement fraud exists in an
organization.
The phenomenological study included face-to-face interviews.
The sample for this
study consisted of auditors who will be recruited from the
Georgia Society of CPAs,
Linked-in Group “Trendlines,” or from personal contacts. Data
24. was collected through in-
depth interviews with auditors who met the inclusion criteria for
the study. To ensure that
the questions were appropriate for this phenomenological study,
a colleague who is a
college professor and dissertation consultant was utilized. After
the questions were been
selected, interviews were conducted until data saturation
occurs; however, the minimum
number of interviews is six senior level auditors. Senior level
auditors are individuals
who have worked in auditing firms for a minimum of five years.
13
Theoretical Framework
The purpose of this phenomenological study was to understand
and describe U.S.
auditors’ perceptions of the effectiveness of the fraud tr iangle
in determining whether
fraud could exist in financial statements and to determine if
motivation, integrity, and
capability should be included in the fraud triangle. To
25. determine if financial statement
fraud has occurred, auditors must rely on the fraud triangle
theory, which is the
underlying principle of SAS No. 99 (Kranacher, Riley, & Wells,
2011). SAS No. 99
requires auditors to obtain reasonable assurance of whether the
financial statements
contain material misstatements (Casabona & Grego, 2003).
Cressey developed the fraud
triangle theory in 1953, and the theory has influenced the
development of accounting
fraud theory (Kranacher et al., 2011). The fraud triangle
identifies opportunity,
rationalization, and pressure as the underlying assumptions that
auditors should consider
when assessing the likelihood of fraud in an organization
(Kranacher et al., 2011).
Although auditors rely on the fraud triangle, some scholars
believe that the fraud
triangle is not sufficient to determine fraud in an organization
(Dorminey et al., 2010;
Kassem & Higson 2012; Kranacher et al., 2011) Buchholz
(2012) explained that the
fraud triangle has importance for detecting fraud in a financial
26. statement audit but that it
also has deficiencies and should not be solely relied upon. One
deficiency is
rationalization. Rationalization is a deficiency because it cannot
be observed, meaning
that an auditor cannot observe how a person rationalizes their
actions. The fraud triangle
lacks objective criteria for identifying pressure and
rationalization; therefore, the theory is
not effective in determining fraud (Dorminey et al., 2010). In
addition, Kassem and
14
Higson (2012) explained that because the fraud triangle is
ineffective in detecting fraud a
new fraud triangle should be implemented.
Currently, there is a contradiction in the literate on fraud
theory. Scholars such as
Dorminey et al. (2010), Kassem and Higson (2012), and
Kranacher et al. (2011) believe
that the fraud triangle is not sufficient to determine fraud in an
organization, whereas
27. Cressey (1953) believed fraud triangle theory to be effective in
detecting a company’s
vulnerability to financial statement fraud. Because of this
contradiction, further studies
are needed to understand auditors’ perceptions of the utility of
fraud triangle theory and if
motivation, integrity, and capability should be included in the
fraud theory.
To further study the fraud triangle theory and its effectiveness,
Kranacher, Riley,
and Wells (2011) wrote that to improve auditor’s ability to
detect the likelihood of fraud
in a company, the fraud triangle should be expanded to include
motivation. Kassem and
Higson (2012) suggested that the fraud triangle is ineffective in
detecting fraud and that a
new fraud triangle should be implemented that includes
motivation, integrity, and
capability.
To determine if financial statement fraud has occurred, auditors
must rely on the
fraud triangle theory, which is the underlying principle of SAS
No. 99. This
phenomenological study is a study of auditors’ perceptions of
28. the effectiveness of the
fraud triangle theory and if motivation, integrity, and capability
should be included in the
fraud triangle. Expanding research on auditors’ perceptions of
the fraud triangle theory is
important because it will benefit the auditing profession and the
approach that auditors
will use to determine if fraud exists in financial statements.
15
Research Questions
The purpose of this phenomenological study was to understand
auditors’
perceptions of the fraud triangle theory and if motivation,
integrity, and capability should
be included in the fraud theory. To accomplish this purpose, the
following research
questions were developed.
Q1. How do auditors perceive and describe their experiences
with fraud and the
use of the fraud triangle theory?
29. Q2. Do you think motivation, integrity, and capability should be
included in the
fraud triangle theory? If so, why?
Q3. Do you think there are other elements that auditors should
be include in the
fraud theory? If so, why?
Nature of the Study
The purpose of this phenomenological study was to understand
auditors’
perceptions of the fraud triangle theory. To accomplish this, a
phenomenological
approach was utilized to understand auditors’ lived experiences
of utilizing the fraud
triangle theory. As identified by Moustakas (1994),
phenomenology derives its meaning
from human experiences by exploring the structures of human
consciousness in those
experiences.
This phenomenological study on auditors’ experiences with
fraud included a
transcription of interviews and analysis (Van Manen, 1997). An
issue that is of major
debate in phenomenological research is how many participants
30. should be included in a
phenomenological study. In a phenomenological study, the
number of participants is not
as important as who has had a particular experience (Giorgi,
2009). A researcher should
16
use at least three participants because of the challenges
associated with using one or two
participants (Giorgi, 2009). It is important to have a “sufficient
number of variations
independent of the individual whose description is being
analyzed” (Giorgi, 2008, p. 36).
A researcher should recognize that data saturation occurs when
an increase in the
number of participants leads to diminished returns and lack of
new data (Giorgi, 2008).
Finally, a phenomenological study focuses on depth strategies
and should not be
confused with research based upon sampling strategies, which
includes a large number of
participants. An acceptable sample size for phenomenological
research is generally 2 to
31. 10 participants (Boyd, 2001; Giorgi, 2009).
For this phenomenological study, six certified public
accountants who worked for
various accounting firms were interviewed. The certified public
accountants was selected
and recruited at the Georgia Society of CPAs meetings, by the
Linked-in group
“Trendline,” or through relationships built with CPAs over the
last ten years. Data for this
study was gathered through face-to-face semi-structured
interviews, which is an
appropriate method when conducting a phenomenology study.
Semi-structured
interviews were selected for this study because structured
questions allow the scholars to
ask specific questions and unstructured interviews allow
participants to speak freely (Van
Manen, 1997). Speaking freely provides more richness and
breath, which provides more
richness to the data compared to structured interviews (Van
Manen, 1997).
Significance of the Study
Currently, no study was conducted to understand auditors'
32. experiences with fraud
and their perceptions of the of the fraud triangle theory, and if
auditors believe that
motivation, integrity, and capability should be added to the
fraud theory. Conducting this
17
study will benefit auditors because it will identify what auditors
should look for when
assessing the likelihood of financial statement fraud. This study
will also benefit
stakeholders such as investors and creditors because their
confidence in the reliability of
financial statements will increase if auditors are able to improve
their auditing procedures
to detect financial statement fraud.
If this study was not conducted, auditors may not detect whether
fraud exists,
which could cost investors, creditors, and accounting firms
billions of dollars. In addition,
legal action can be brought against auditors if fraudulent
financial statements are
33. undetected during an audit (AICPA, 2002). The discoveries
from this phenomenological
study will have a significant impact on how auditors assess the
likelihood of fraud during
a financial statement audit.
Definition of Key Terms
Understanding the key terms is important to this study;
therefore, a list of words
and definitions that are common to this study are included in
this section.
Analytical Procedures. Analytical Procedures is a diagnostic
sequential and
iterative process involving hypothesis generation, information
search, hypothesis
evaluation, and a final judgment (Koonce, 1993).
Audit evidence. Auditors conduct audits to obtain reasonable
assurance on
whether the financial statements are free of material
misstatements (Kranacher et al.,
2011).
Auditing. Auditing is an examination by auditors to determine if
financial
statements fairly present the company’s result and financial
34. position (Kranacher et al.,
2011).
18
Brainstorming. Brainstorming is a discussion by an audit team
to discuss the
probability that material misstatements could exist in a
company’s financial statements
(Alon & Dwyer, 2010).
Cressey’s Fraud Triangle. Cressey’s Fraud Triangle Is a theory
that identifies
the three conditions that is generally present when fraud occurs.
The three conditions are
perceived opportunity, perceived pressure, and rationalization
(Kranacher et al., 2011).
Financial Statement Fraud. Financial Statement Fraud is an
intentional
misrepresentation of financial or nonfinancial information to
mislead others who are
relying on it to make economic decisions (Kranacher et al.,
2011).
Fraud. Fraud is “an intentional deception, whether by omission
35. or co-omission,
that causes the victim to suffer an economic loss and/or the
perpetrator to realize a gain”
(Kranacher, Wiley, & Wells, 2011, p. 5).
Professional Skepticism. Professional Skepticism is an auditor’s
judgment and
decision that reflects a heightened assessment of the risk that an
assertion is incorrect or
conditional based on the information available to the auditors
(Nelson, 2009).
Risk assessment. In the literature, this refers to an
understanding that auditors
conduct audits to obtain reasonable assurance on whether
financial statements are free of
material misstatements (Kranacher et al., 2011).
Statement on Auditing Standards 99 (SAS No. 99). Statement on
Auditing
Standards 99 (SAS No. 99) is an auditing standard that states
that an audit should be
planned and performed to obtain reasonable assurance that
financial statements are free
of material misstatements, whether caused by error or fraud
(Kranacher et al., 2011).
36. 19
Summary
SAS No. 99 was implemented December 15, 2002 because of
scandals that
occurred at major corporations such as Enron and WorldCom.
The underlying principle
of SAS No. 99 is the fraud triangle theory, which is meant to
assist auditors in detecting a
company’s vulnerability to financial statement fraud. SAS No.
99 requires auditors to
obtain reasonable assurance on whether the financial statements
contain material
misstatements (Casabona & Grego, 2003). To obtain reasonable
assurance, auditors rely
on the elements of the fraud triangle theory; the three elements
are perceived opportunity,
perceived pressure, and rationalization (Kranacher et al., 2011).
Although the fraud
triangle theory is relied upon to detect fraud, many scholars
believe that the theory is
inadequate. University Professors Kassem and Higson (2012)
suggested that the fraud
37. triangle is ineffective in detecting fraud and that a new fraud
triangle should be
implemented that includes motivation. The problem is the
likelihood that auditors’
reliance on the fraud triangle will not detect fraud in an
organization, which could cost
investors and creditors billions of dollars. Currently, no study
was conducted to
determine auditors’ perceptions of the fraud triangle theory,
however. This study was
significant because it will explain auditors’ perceptions of the
fraud triangle theory,
which is important when conducting a financial statement audit.
Following is Chapter 2, which is a literature review. The
purpose of this literature
review was to establish a framework for the effectiveness of the
fraud triangle theory and
to determine if it should be modified to include additional
elements. Specifically, this
literature review discussed the fraud triangle theory, the
underlying principles of SAS
20
38. No.99, analytical procedures, professional skepticism,
brainstorming, risk assessment,
and audit evidence.
21
Chapter 2: Literature Review
The purpose of this phenomenological study is to understand
auditors’
perceptions of the effectiveness of the fraud triangle theory and
to determine if
motivation, integrity, and capability should be included in the
theory. This literature
begins with the identification of fraud triangle theory, which
emphasizes opportunity,
pressure, and rationalization, the underlying principles of SAS
No. 99. This is followed
by a discussion of the various viewpoints of scholars who
conducted extensive research
on the fraud triangle theory. Lastly, analytical procedures,
professional skepticism,
39. brainstorming, risk assessment, and audit evidence, which are
necessary to understand
SAS No. 99 and its affects the fraud triangle theory, are
explained.
Documentation
Research on SAS No.99 and the fraud triangle theory was
conduct utilizing online
resources and key words. The key word search for this study
was: the fraud triangle
theory, SAS No.99, brainstorming, Risk Assessment, Analytical
Procedures, Professional
Skepticism, Statement on Auditing Standards, internal control,
and Professional
Skepticism. To search for the keywords, online libraries were
utilized; the online libraries
included EBSCOhost and ProQuest databases. EBSCOhost
Business Source is a database
that provides full texts of more than 3,000 journals, including
more than 1,500 peer-
reviewed business publications, and full texts of over 10,000
market reports, SWOT
analyses, country and company reports, etc. The ProQuest
database contains full-text,
40. scholarly, peer-reviewed journals, trade publications,
magazines, and newspapers in the
areas of business, psychology, and education. In addition to
online libraries, professional
accounting websites such as the American Institute of CPAs and
the Fraud Examiner
22
Website were utilized. The information gathered from the online
libraries and
professional websites includes scholarly and peer-reviewed
documents, professional
journals, periodicals, textbooks, and the American Institute of
CPAs.
Fraud Triangle
Fraud is an intentional misstatement attained by manipulation or
falsification of
accounting data, misrepresentation or omission of accounting
transactions, and
intentional misapplication of accounting principles (Kranacher
et al., 2011). SAS No. 99
explains that auditors have a responsibility to detect fraud in an
organization and should
41. rely on the fraud triangle to do so (Kranacher et al., 2011).
Donald Cressey developed the
fraud triangle theory in 1953. Cressey identified three
conditions that are generally
present when fraud occurs in an organization. The three
conditions are perceived
opportunity, perceived pressure, and rationalization (Kranacher
et al., 2011; Romney,
Albrecht, & Cherrington, 1980).
Perceived pressure. Perceived pressure is considered a non-
observable event and
non-sharable problem. Perceived pressure is considered a non-
observable event because
it is difficult for an auditor to observe if an employee is under
pressure. Perceived
pressure is categorized as a non-sharable problem because a
fraudster may not want to
share his or her financial problems, such as gambling
addictions, alcohol addiction, or
work related pressures with family and friends (Dorminey et al.,
2010). The four major
categories of pressure are financial pressure, vice pressure, and
work related pressures.
42. Each of these four types of pressure will be discussed in detail.
Financial pressure can occur for various reasons. Fist, financial
pressure can occur
if an individual lives beyond their monetary means (Dorminey
et al., 2010; Kassem &
23
Higson, 2012; Kranacher, et al.). Living beyond one’s means
can ensue if the individual
purchases items such as a home and or a vehicle and their
monthly income are less than
their monthly expenses. As a result, the individual is under
financial pressure and may
resort to fraud to meet their monthl y expenses. As a previously
stated, individuals under
financial pressure generally do not want to share their problems
with family or friends;
for these reasons, financial pressure is often classified as a non-
sharable event (Dorminey
et al., 2010; Kassem & Higson, 2012; Kranacher et al., 2011).
Also, when financial
pressure stems from an individual living beyond their means, it
is categorized as an
43. unobservable event because auditors cannot observe if an
individual is living beyond
their means (Dorminey et al., 2010; Kassem & Higson, 2012;
Kranacher et al., 2011).
Vices such as gambling or drug addiction can also cause
individuals to have
financial pressure (Dorminey et al., 2010; Kassem & Higson,
2012; Kranacher, et al.,
2011). Indeed, vices such as drug addiction or gambling are the
worst types of financial
pressures, ones that often spiral out of control (Kassem &
Higson, 2011). Because of
addiction, it is very easy for an individual to excuse stealing
from their organization.
Again, this type of financial pressure is a non-sharable event
that a fraudster would not
want to share with family members because of the fear of being
judged or pressured into
seeking medical attention (Kassem & Higson, 2011). In
addition, this type of event is
considered a non-observable event because an auditor may not
be able to observe
whether an individual has a gambling problem or any other type
of addiction. However,
44. an auditor may be able to observe if an individual has an
alcoholic addiction if the
individual comes to work intoxicated during the audit.
24
In addition, work related pressure can cause and individual to
commit financial
statement fraud. Although not as common as financial pressures
such as living beyond
one’s means or vices, which include gambling or drug/alcohol
addictions, work related
pressures do occur in companies. Work related pressure happens
when employees are
disgruntled with their employers so they commit fraud as a form
or retaliation.
Employees may become disgruntled because they are passed up
for a promotion, did not
receive a raise, or have job dissatisfaction (Kassem & Higson,
2011). This type of
pressure is categorized as a non-observable event because an
auditor may not know that
an employee was overlooked for a promotion.
45. Lastly, management could be under pressure or have an
incentive to misstate
financial information because of factors outside their control
(Ramos, 2009). Factors
outside of management control are economic and industry
circumstances. To illustrate, if
a company is experiencing financial difficulties because the
economy is in a recession,
the fraudster may feel compelled to commit fraud. The fraudster
could be compelled to
commit fraud so that the company does not incur an operating
loss, which could lead to
corporate bankruptcy or a hostile takeover by stakeholders and
regulatory agencies
(Ramos, 2009).
In addition, management could be under extreme pressure to
meet or exceed the
expectations of current or future stakeholders. Current
stakeholders include investors who
expect the stock value to appreciate or creditors who expect the
company to be profitable
so that interest and loans can be repaid. Therefore, if
management is seeking debt
46. financing from a bank, management may feel pressured to
prepare fraudulent financial
statements (Ramos, 2009). Debt financing includes loans such
as bonds payables, notes
25
payable, or accounts payable that must be repaid. In addition,
management may feel
pressured to prepare fraudulent financial statements to meet
stock market demands
(Ramos, 2009). This pressure stems from the fact that
stockholders analyze a company’s
financial statements prior to investing in a company. Thus, if a
company does not appear
profitable, investors will not invest in the company or current
shareholders will sell their
stock in the company.
To conclude, management could have a personal incentive to
prepare fraudulent
financial statements because most corporations determine
management quarterly and
annual bonuses based on the company’s financial statements.
Lastly, bonuses that are
47. connected to a company’s financial performance are an
incentive for management to
engage in financial statement fraud ("Section 404(b) of
Sarbanes-Oxley Act of 2002").
Perceived Opportunity. Perceived opportunity is considered an
observable event
because opportunity relates to an organization’s internal control
structure, which can be
observed by auditors (Dorminey et al., 2010). A fraudster’s
opportunity could be the
result of poor training, poor supervision, poor policies and
procedures, or lack of anti-
fraud programs (Dorminey et al., 2010). For example, if an
auditor audits a company’s
cash disbursements and observes that multiple people can
disburse cash without
preparing proper documentation of who dispersed the cash, who
received the cash, and
the amount of the cash, the company is lacking good internal
controls over the cash
disbursements. Because the company lacks good internal
control, the employee has the
opportunity to commit fraud. Alexander (2012) states that the
laxer a company’s internal
48. control systems are, the better the opportunity for fraud to
occur. However, Alexander
(2012) also states that a secure internal control system does not
prevent fraud, but it will
26
reduce the likelihood of fraud or make it more difficult for a
fraudster to commit fraud.
This is an example of how the fraud triangle is ineffective in
detecting fraud, and it
supports Dorminey et al.’s (2010) suggestion that a new fraud
model be implemented.
Rationalization. Rationalization occurs when the fraudster
justifies his or her
behavior before or after committing the act (Dorminey et al.,
2010). This is considered a
non-observable event because an auditor cannot observe what a
fraudster is thinking. To
illustrate, the fraudster may rationalize stealing cash by saying,
“I will pay the cash
back.” Because pressure and rationalization cannot be observed,
the fraud triangle is
49. considered inadequate for deterring, preventing, and detecting
fraud (Dorminey et al.,
2010).
Fraud Triangle is Ineffective. The current literature states the
fraud triangle is
ineffective in detecting the likelihood of fraud in an
organization (Dorminey et al., 2010;
Kassem & Higson, 2012; Kranacher, et al., 2011; Alexander,
2012). Since the fraud
triangle is ineffective in detecting fraud, Kassem and Higson
(2012) designed a new
model for use in detecting fraud in an organization. They noted
that the new model
should be an extension of Cressey’s fraud triangle to include the
fraudster’s motivation,
integrity, and capabilities because these are observable events.
Integrity can be observed
by reviewing an individual’s decisions and decision-making
process, which help assess
the likelihood that an individual could commit fraud (Kassem &
Higson, 2011). To
illustrate, if an individual does not follow the company’s credit
policy when extending
credit to customers, that individual lacks integrity. Motivation
50. is also an event that can be
observed by examining an individual’s non-shareable financial
problems. The observable
non-sharable financial problems described by Kassem and
Higson (2012) include living
27
beyond one’s means, an overwhelming desire for personal gain,
high personal debt, a
close association with customers, and excessive gambling
habits. Lastly, Kassem and
Higson (2012) argued that fraud could not occur without the
person having the
capabilities to commit fraud. They suggested four observable
traits that give the fraudster
the capabilities: an authoritative position or function within the
organization, the capacity
to understand and exploit accounting systems, internal control
weaknesses, and the
capability to deal with the stress of being caught.
The Pathway that Leads to Fraud. In addition to the Kaseem and
Higson (2012)
51. model, Murphy and Dacin (2011) identified the pathway that
leads to fraud. The
psychological pathways focus on individuals who believe that
committing fraud is
wrong; the three components of the pathway that lead to fraud
are awareness, intuition
coupled with rationalization, and reasoning. The pathway that
leads to fraud is helpful
because it explains that individuals may commit fraud without
realizing it and rationalize
their acts to avoid the negative affect of their unethical behavior
(Murphy & Dacin,
2012). The pathway also states that awareness includes the
overpowering situations or
contexts in which the individual makes a decision to commit or
not commit the act; the
fraudster is aware of the fraudulent situation and decides
whether to commit fraud
(Murphy & Dacin, 2011). In other words, the individual may
commit the act and then
rationalize why it is okay to commit the act.
Intuition coupled with rationalization happens when the
fraudster is aware that the
conduct in question is fraudulent (Murphy & Dacin, 2011).
52. During this phase, an
individual makes a decision to commit the act or refrain from
committing the act based
28
on his or her feelings. If the individual decides to commit the
crime, the fraudster
immediately rationalizes why it is okay.
The third pathway to fraud is reasoning, which occurs when an
individual is
aware that the act is fraudulent (Murphy & Dacin, 2011).
During this phase, the fraudster
analyzes the situation and applies reasoning to why he or she
should or should not
commit the fraud. In addition, the fraudster may analyze the
situation. For example, the
fraudster may analyze the situation by performing a cost benefit
analysis to determine if
the benefit of the fraud outweighs the cost.
The M.I.C.E. Theory. Another point of view that differs from
the traditional
fraud triangle and the pathway that leads to fraud is the
53. M.I.C.E. theory (Kranacher,
2011). The fraud triangle does not explain the motivation of the
fraudsters, so to fully
understand motivation it should be expanded to include
M.I.C.E. theory (Dorminey et al.,
2012). M.I.C.E is an acronym that identifies what might
motivate the fraudster to commit
fraud:
M - Money. This means that an individual may commit fraud for
money.
I - Ideological. This means that an individual may commit fraud
because he or she
believes it for a greater cause (Dorminey et al., 2012). The
fraudster may not
personally benefit, but others will benefit. To illustrate,
individuals may commit
fraud by stealing cash and may give the cash to underprivileged
citizens. In this
this case, the fraudster committed fraud to benefit a greater
cause.
C – Coercion. This occurs when an individual is unwillingly
pressured into a
fraud scheme (Dorminey et al., 2012). To illustrate, an
accounting manager may
54. be forced by his or her manager to write checks to a supplier
who does not exist.
29
E – Ego. In these situations, individuals will commit fraud to
maintain an image
or lavish lifestyle (Dorminey et al., 2012). For example, an
individual may
purchase an expensive automatable on company credit to
maintain his or her
image.
Krancher states that money and ego are the main reasons
fraudsters are motivated to
commit fraud (Dorminey et al., 2012).
The fraud triangle lacks the ability to detect pressure and
rationalization, so
Dorminey et al. (2010) referred to a new fraud triangle
consisting of the act, the
concealment, and the conversion (Dorminey et al., 2010). The
new fraud triangle should
focus on establishing whether the act committed constitutes
fraud, which can be
55. determined by gathering evidence of the intent to deceive and
by proving that the victim
incurred economic damages (Dorminey et al., 2010). Because
the fraud triangle was
unable to detect fraud, the fraud scale and the fraud diamond
were introduced. The fraud
scale and fraud diamond include additional variables that are
not included in Cressey’s
Fraud triangle (Kranacher et al., 2011; Wolfe & Hermanson,
2004).
The Fraud Scale. The fraud scale is applicable to financial
statement fraud,
where sources of pressure are observable. The only difference
between the fraud triangle
and the fraud diamond is an individual’s capabilities.
Capabilities refer to an individual’s
traits and abilities to commit the crime (Wolfe & Hermanson,
2004). Capabilities may
overlap with opportunity, but the two are different because
opportunity focuses on
weaknesses in internal control while capabilities focus on
whether the employee is
capable of committing the act (Wolfe & Hermanson, 2004). To
illustrate, if a company
56. has cash transactions and there is a weakness in the internal
control system, the
30
opportunity for fraud exists and a capable person may steal the
cash. In this example, the
employee’s capabilities coupled with a weak internal control
system could lead the
employee to commit fraud. Wolfe and Hermanson (2004)
identified five traits that make
an individual capable of committing fraud, as follows:
1. The person(s) must be smart enough to understand internal
control weaknesses
and use this knowledge to exploit the system.
2. The right person must have the ego and confidence to believe
that he or she will
not be discovered or the confidence to believe that, if
discovered, he or she will be
able to talk their way out of trouble.
3. The right person must be able to coerce others to commit or
conceal fraud.
57. 4. The right person can lie effectively and consistently.
5. The right person can deal with stress.
Wolfe and Hermanson (2004) believed that auditors must
understand the
fraudster’s capabilities when assessing the likelihood of fraud
in an organization and that
without such assessment fraud may go undetected. Based on the
research of Wolfe and
Hamason (2004), the fraud triangle should include capabilities
when determining the
likelihood of fraud in an organization.
Dorminey et al. (2010) disagreed that the fraud triangle is
effective in determining
fraud, but Hogan, Rezaee, Riley, and Velury (2008) stated that
there is a significant
amount of literature that supports the fraud triangle. The
authors explained that red flags
and analytical procedures should be used with the fraud triangle
to detect fraud in an
organization (Mcfarland, 2009). They stated that auditors
should use a checklist as a
starting point to detect fraud but that it should be used with
caution because a checklist is
58. 31
not indicative of fraud. Some researchers support the use of
checklists as decision tools
(Hogan, Rezaee, Riley, & Velury, 2008) and some suggest that
the use of checklists
limits the auditors’ ability to increase their thinking beyond the
checklist (Pincus, 1989).
For example, Pincus's (1989) findings suggest that the use of a
checklist was
dysfunctional for fraud findings because red flags may be low
in frequency and minor in
amount in the early stages of fraudulent financial reporting.
Wilks and Zimbelman (2004)
agreed with Picus (1989), stating that the checklist inhibits
strategic reasons due of the
following:
1. Long checklists tend to be inaccurate in assessing fraud risk;
2. Auditors are insensitive to new evidence;
3. Auditors overweigh clues about management that are likely to
be wrong; and
4. Auditors use procedures that are based on prior audits, which
59. make audits
predictable and less effective.
Given the findings of Pincus (1989) and Wilks and Zimbelmam
(2004), Hogan’s (2008)
recommendation of the use of a checklist in financial statement
audits is a controversial
topic.
Hurley and Boyd (2007) suggested another element for fraud,
which is the
perception of impunity. Impunity is the fraudster’s belief that
he or she can commit fraud
without the fraud being detected and that he or she is excused
from punishment. The
attitude of impunity leads to another element of fraud, which is
manipulation (Giroux,
2008; Hurley & Boyd, 2007). Manipulation is the fraudster’s
belief that if the fraud is
detected he or she will be able to convince others that he or she
is innocent (Giroux,
2008).
32
60. Buchholz (2012) conducted research deconstructing the
underlying principles of
the fraud triangle, which are opportunity, rationalization, and
pressure. Upon
deconstruction, the author identified the pitfalls that auditors
encounter when assessing
fraud in an organization. The author concluded by stating that
practitioners should not
rely solely on the Cressey’s Fraud triangle as the basis for
assessing and detecting
potential fraud in the audit of financial statements. The results
of Buchholz’s (2012)
research are consistent with the results of the studies of
Dorminey et al. (2010), Kassem
and Higson (2012), and Kranacher et al. (2011), who also stated
that the fraud triangle is
ineffective in determining the likelihood of fraud in an
organization.
Donald Cressey - Trust Violators. Donald Cressey, a
criminologist, was
interested in why people commit fraud, so he conducted a five-
month study in which he
interviewed over 250 criminals who had committed financial
fraud (Cressey, 1973). The
61. participants selected for the study was criminals who met the
following two criteria
(Cressey, 1973):
1. The fraudster had a job position of trust and good faith; and
2. The individual violated the trust.
Cressey defined a trust violator as follows:
Trusted persons become trust violators when they conceive of
themselves as
having a financial problem which is non-shareable, are aware
this problem can be
secretly resolved by violation of the position of financial trust,
and are able to
apply to their own conduct in that situation verbalizations which
enable them to
adjust their conceptions of themselves as trusted persons with
their conceptions of
themselves as users of the entrusted funds or property. (Cressey,
1973, p. 30).
33
Most trust violators have a non-shareable problem (Cressey,
62. 1973). A non-sharable
problem means that the fraudsters believe they cannot share
their problem(s) with family
or friends because they would lose respect of family and friends
or their prestige in the
community (Cressey, 1973). To illustrate, if a fraudster has the
image of being a great
leader, financially successful, and well respected in the
community, the fraudster may not
want to share his or her financial problems with family or
friends in fear of losing his or
her image of a successful person. To avoid losing this image,
the fraudster will not share
his or her financial problems and will resort to illegal activity
to resolve them (Clinard,
1954).
A trust violator is an individual with three characteristics: non-
sharable problems,
technical knowledge/skills, and verbalization (Cressey, 1973).
Non-shareable problems
are problems that a trust violator does not want to share with
family or friends. Non-
sharable problems lead to fraud, whereas shareable problems do
not lead to fraud
63. (Cressey, 1973). Shareable problems generally do not lead to
fraud because the individual
under pressure is willing to share their problems, which
indicates that the individual is
willing to seek help to resolve financial problems.
Another characteristic of a trust violator is that the trust
violator must have the
technical knowledge to carry out the fraud. The trust violator
believes that their non-
shareable financial problems could be resolved covertly, and no
one learns of these
financial problems because of their technical knowledge of the
company (Clinard, 1954;
Cressey, 1950). To gain this knowledge to perpetrate the fraud,
the fraudster must have
work experience in the company and must understand the work
environment (Cressey,
1950). To illustrate, if an individual works in the accounting
department and understands
34
the accounts payable system and the vendor system, he or she
64. could set-up fictitious
vendors and send payments to a bank account that he or she has
access to.
The final characteristic of a trust violator is rationalization,
which is how the trust
violators mentally justify their actions. Rationalization is
necessary for the trust violator
to perform the fraud because, without rationalization, the trust
violator will be reluctant to
perform the fraud. To illustrate, if individuals believe that
stealing from their company is
wrong, they may not steal unless they can rationalize the
stealing. Rationalization could
include such thoughts as, I am not paid enough money, so the
company owes me this
money, I will return the money on my next paycheck, or The
company will not miss the
money. Lastly, trust violators rationalize their actions to avoid
accepting the fact that
their actions are theft and constitute a crime.
The three characteristics of trust violators are known as the
fraud triangle theory.
Whenever all three of the characteristics are present, fraud can
occur, and if one of the
65. characteristics is missing, the trust violator will not commit
fraud (Cressey, 1973).
Although Cressey’s fraud triangle is embraced by many
scholars, some disagree with the
fraud triangle theory because pressure and rationalization
cannot be observed. To
illustrate, pressure is an emotion that an individual has, and
auditors cannot observe
pressure because it is a state of mind. In addition,
rationalization is how a person thinks
about a crime and justifies their actions prior to committing the
crime. Again,
rationalization is a state of mind and, therefore, unobservable
by auditors. Most trust
violators know their conduct is illegal and wrong, but they
convince themselves into
thinking that their actions are not illegal (Cressey, 1973).
Because pressure and
35
rationalization cannot be observed, the fraud triangle theory is
flawed and, therefore,
66. should not be relied upon (Cressey, 1973)
Pressure and rationalization cannot be observed; however,
opportunity can be
(Cressey, 1973). Opportuni ty can be observed because it relates
to a company’s internal
control structure, which can be observed by auditors. Internal
control is the policy and
procedures that companies have in place to safeguard their
assets and to reduce the
probability of a trust violator stealing from their company. The
probability of a trust
violator stealing from a company depends on whether the
company has a strong or weak
internal control structure. A weak internal control structure
generally occurs when a
company has poor training, poor supervision, or lack of anti -
fraud programs (Dorminey
et al., 2010).
The Public Accounting Oversight Board states that companies
must design
policies and procedures for internal control over financial
reporting to provide reasonable
assurance concerning the accuracy of a company’s financial
statements. To provide
67. reasonable assurance that the financial statements are prepared
accurately, the financial
statements must meet the following requirements:
1. Financial transactions provide accurate information on the
transactions and
disposition of assets;
2. Provide reasonable assurance that accounting transactions
such as revenues,
expenses, assets, liabilities, and capital are recorded as
necessary and in
accordance with generally accepted accounting principles;
3. Provide reasonable assurance that the company has
procedures in place to
prevent or identify any unauthorized purchases of assets, uses
of assets, or
36
disposal of assets that have a material impact on the company’s
financial
records (PCAOB, 2007).
Lastly, if managers fail to follow any of the three requirements
68. previously
mentioned when preparing financial statements, the financial
statements cannot be relied
upon. As a result, there is a weakness in the internal control
structure over financial
reporting that should be reviewed (PCAOB, 2007).
Following is an example of a transaction where there was a
weakness in a
company’s internal control structure. If a company has a policy
that requires all purchases
over 25,000 to be approved by senior management and a
manager makes a purchase for
30,000 without senior management approval, this is an
indication that there was a
weakness in the internal control structure and that the
transaction violates PCAOB, 2007,
which states that companies must have procedures in place to
prevent and identify any
unauthorized purchases of assets, uses of assets, or disposal of
assets that have a material
impact on the company’s financial records. Therefore, to
prevent unauthorized purchase
from occurring, every purchase should require the signature of
at least two mangers,
69. which helps prevent unauthorized purchases from occurring.
Brainstorming
SAS No. 99 requires auditors to obtain reasonable assurance
through
brainstorming that financial statements are free of material
misstatements. Brainstorming
in a financial statement audit involves the audit team discussing
the probability that
material misstatements due to fraud are present in the financial
statements (Alon &
Dwyer, 2010). SAS No. 99 specifically states that the audit
team should brainstorm
during the initial audit to assess the probability that material
misstatements due to fraud
37
could be present ("Section 404(b) of Sarbanes-Oxley Act of
2002 "). Brainstorming also
encourages auditors to share client data and experiences to gain
a better understanding of
the possibility that fraud could be present in the financial
70. statements (Alon & Dwyer,
2010). Brainstorming is defined as a “generation of ideas by one
or more individuals
given a specific task to brainstorm, listing all of the risks that
are relevant for a given
case” (Carpenter, Reimers, & Fretwell, 2011).
Although brainstorming is required by SAS No. 99, some critics
believe that
brainstorming is not effective. Brainstorming could waste time
if procedures are not in
place for conducting brainstorming sessions (Sandberg, 2006).
However, some
researchers believe that no matter how well the brainstorming
session is planned, group
brainstorming is not as effective as individual brainstorming.
For example, Paulus, Larey,
and Ortega (1995) conducted a study on brainstorming in groups
and individuals
brainstorming alone. The results of the study indicated that
brainstorming in groups was
50% less effective than an individuals’ performing alone
(Sandberg, 2006). Interactive
groups (brainstorming groups) provide fewer ideas than nominal
groups (Osborn, 1957;
71. Sandberg, 2006).
In recent years, most of the brainstorming literature has
concentrated on the
inferiority of interacting with groups in an effort to understand
why productivity losses
occurred in groups. Three characteristics that cause inferiority
of interacting in groups are
the following: production blocking, evaluation apprehension,
and free riding or social
loafing (Dennis & Valacich, 1993). Production blocking occurs
because only one
member can communicate at once (Dennis & Valacich, 1993).
For example, if a member
is communicating and other members are listening, the listening
members may forget
38
their ideas before they get the opportunity to speak. Evaluation
apprehension involves a
group member’s concern over the appraisal by other members in
the group (Dennis &
Valacich, 1993). To illustrate, if a group member has an idea
72. that he or she is not sure of,
the member may be afraid to share that idea because of
apprehension of what other group
members may think. Finally, free riding, or social loafing,
occurs when group members
are qualified to contribute to the brainstorming session but
choose not to contribute
(Dennis & Valacich, 1993). This may occur because individuals
are relying on others to
contribute or members are socializing about issues unrelated to
the problem.
As previously stated, research indicates that brainstorming in
groups was 50%
less effective than an individual who performed brainstorming
alone. In addition, groups
provided fewer ideas than did individuals brainstorming alone
(Osborn, 1957; Sandberg,
2006). However, other researchers believe that brainstorming
groups are effective and
can benefit auditors. Landis and Braswell (2008) noted that
brainstorming groups are
useful and can generate better ideas than individuals who
brainstorm alone. The
assumption is that brainstorming groups are given an ample
73. amount of time to
brainstorm. Landis and Braswell (2008) argued that if
brainstorming groups are allowed
enough time for a given topic, they are capable of generating as
many ideas as individuals
who brainstorm alone.
Landis and Braswell (2008) indicated that brainstorming
sessions are most
effective when they occur during the beginning of the audit
because they allow auditors
to plan and modify the audit as needed. However, SAS No. 99
requires brainstorming
sessions to occur throughout the audit to ensure any potential
areas of fraud are identified
and discussed. Brainstorming should be included throughout the
audit process and not
39
just during the initial phase of the audit because auditors may
become aware of
information that was not available during the initial audit
(Robert & Hahn, 2011).
74. Although there are contradictions in the literature on
brainstorming sessions, Landis and
Braswell (2008) stated that brainstorming sessions could be
particularly useful tools for
auditors to provide reasonable assurance that financial
statements do not have material
misstatements due to fraud or error.
Professional Skepticism in Fraud Detection
SAS 82 was created to help auditors to detect fraud in an
organization; however,
as a result of accounting scandals that occurred with Enron and
WorldCom, SAS No. 99
was implemented ("Section 404(b) of Sarbanes-Oxley Act of
2002 "). SAS No. 99 states
that auditors should plan and perform their audits to obtain
reasonable assurance that the
financial statements are free of material misstatements caused
by error or fraud (Patrick
& Michael, 2003). SAS No. 99 suggests that auditors should use
professional skepticism
when conducting a financial statement audit. Professional
skepticism means that the
auditor assumes neither that management is dishonest nor
75. assumes unquestioned honesty
(Nelson, 2009).
Professional skepticism relates to auditors’ decisions and
judgments that reflect a
valuation of risk that an assertion is conditional or incorrect
based on the information
available to the auditors (Nelson, 2009; Payne & Ramsay,
2005). Auditor traits,
knowledge, and sensitivities produce judgments that determine
an auditor’s professional
skepticism (Nelson, 2009). Also, given a judgment that reflects
some level of
professional skepticism, the judgment combined with auditor
knowledge, traits, and
incentives produce actions that reflect professional skepticism;
without such, financial
40
statement fraud could go undetected (Nelson, 2009). The
viewpoint of Nelson is shared
by Payne and Ramsay (2005), who held that professional
skepticism is important and
76. insisted that auditors should have ongoing training to ensure
that they have the right skills
and professional skepticism to detect fraud in an organization.
To achieve professional skepticism, auditors must consider the
following four
categories: skepticism scales, problem-solving ability,
ethics/moral reasoning, and
problem-solving ability (Nelson, 2009). Problem solving
focuses on raw intelligence and
assists auditors in identifying potential misstatements in
financial statements (Nelson,
2009). Ethics or moral reasoning holds that auditors with high
moral standards are more
sensitive to information about client competence and integrity
and that moral
development increases with time (Nelson, 2009). Nelson (2009)
stated that skepticism is
difficult to assess because scales varied by the researcher. To
illustrate, Wrightsman
(1974) believed that people are trustworthy and independent;
however, Shaub (1996)
found no significant relationship between scores on
independence and trustworthiness.
While Nelson (2009) and Payne and Ramsay (2005) argued that
77. professional
skepticism is indicated by auditor judgments and decisions,
Hurtt (2010) noted that
auditors’ judgment could result in the auditors becoming too
skeptical. Nelson (2009)
acknowledged the Hurtt scale, which states that auditors could
become too skeptical and
over audit or too lax and perform inefficient audits.
To illustrate, if an auditor becomes skeptical of the accounting
manager, that
auditor may perform additional procedures to ensure the
financial statements are not
fraudulent. However, if the auditor is not skeptical, he or she
may perform an inefficient
audit, which could potentially result in fraudulent financial
statements going undetected.
41
Because of the possibility of auditors being too skeptical or not
skeptical enough, Hurtt
(2010) designed a 30-item psychological scale. The purpose of
the psychological scale is
78. to measure the level of skepticism possessed by an individual
auditor to determine if an
auditor will over audit or perform an inefficient audit. The
psychological scale is based
on the following six characteristics: a questioning mind, a
suspension of judgment, a
search for knowledge, interpersonal understanding, self-esteem,
and autonomy (Hurtt,
2010). Following is a brief discussion of the six characteristics
to measure an auditor’s
level of skepticism.
The first characteristic requires an ongoing questioning mind on
whether the
information and evidence obtained suggests that a material
misstatement due to fraud has
occurred ("Section 404(b) of Sarbanes-Oxley Act of 2002"). A
questioning mind is not a
lack of belief, but it initiates inquiry and leads to the formation
of beliefs (Hurtt, 2010).
The second characteristic is a suspension of judgment, meaning
that auditors
should withhold judgment until there is evidence on which to
base the judgment (Hurtt,
2010). This means that auditors must evaluate all available
79. evidence before making a
judgment on an organization’s financial statements.
The third characteristic is the search for knowledge, which
differs from a
questioning mind because the search for knowledge is
determined by an auditor’s
curiosity and urge to develop knowledge whereas a questioning
mind is based on an
auditor’s inquiry to form a belief (Hurtt, 2010).
The fourth characteristic is interpersonal understanding, which
focuses on the
individuals who provide evidence to auditors (Hurtt, 2010). In
other words, individuals
who have committed fraud may provide misleading evidence to
the auditor. Therefore,
42
the auditor must understand the integrity and motivation of the
individuals who provide
evidence.
The fifth characteristic is self-esteem, which affects an
individual’s ability to rely
80. on his or her own judgment. Hurtt (2010) stated that individuals
with low self-esteem
lack the ability to rely on their own judgments. The sixth and
last characteristic is
autonomy, meaning that auditors should thoroughly examine
evidence before rendering
an opinion on a company’s financial statements (Hurtt, 2010).
Analytical Procedures
SAS No. 99 requires auditors to obtain information to identify
the risk of material
misstatements due to fraud (SAS No. 99). To identify the r isk of
material misstatements,
auditors must perform analytical procedures. Analytical
procedures are diagnostic,
sequential, and iterative processes involving hypothesis
generation, information search,
hypothesis evaluation, and a final judgment (Koonce, 1993).
Analytical procedures
should be performed during a financial statement audit to
determine if there are
transactions that appear to be unreasonably high or low (Hayes,
2011). For example, if
accounts receivables in prior years were three million and the
81. current account receivables
are seven million, this could be an indication that the
organization is overstating accounts
receivables and revenue. During this phase, the auditor should
perform analytical
procedures to determine if the high account balance is related to
controls that could have
been overridden (Hayes, 2011).
As previously stated, Casabona and Grego (2003) agreed with
Hayes (2011) that
analytical procedures may be an indication of material
misstatements in financial
reporting. However, Casabona and Grego (2003) believed that
the information might
43
only provide a broad indication about whether a material
misstatement is present in
financial statements. This occurs because data is gathered at a
high level when auditors
initially perform analytical procedures. Casabona and Grego
(2003) argued that because
82. analytical produces are performed at a high level during the
planning stage, auditors
should perform reviews that are more detailed and that focus on
revenue recognition.
Casabona and Grego (2003) asserted that auditors should focus
on revenue
recognition because it is a major focus of SAS No. 99. SAS No.
99 states that auditors
should perform analytical procedures relating revenue to
unusual or unexpected
relationships involving revenue accounts ("Section 404(b) of
Sarbanes-Oxley Act of
2002"). Patrick and Michael (2003) conducted a study on
analytical procedures and
agreed with Casabona and Grego (2003) that auditors should
focus on revenue
recognition when performing analytical procedures.
Revenue recognition is of major concern because the Committee
of Sponsoring
Organizations Report revealed that 50% of frauds involve
overstated revenues, either by
reporting revenues prematurely or by creating fictitious revenue
transactions (Hogan,
Rezaee, Riley, & Velury, 2008). As SAS No. 99 explains,
83. Improper revenue recognition is presumed to be a fraud risk for
all industries and
for all companies. Therefore, audit engagement teams should
consider how
fraudulent revenue recognition might occur and, based on such
assessment, tailor
the audit procedures to address the specific identified risk
related to revenue
recognition (SAS No. 99, as cited in Casabona & Grego, 2003).
Alexander (2012) agreed with Casabona and Grego (2003) and
noted that during
the audit planning stage and final reporting, the auditor should
focus on any material
44
transactions, such as revenue. Revenue recognition is a major
concern during an audit;
however, this area can be very challenging for auditors because
it is a relatively new area,
and revenue transactions can be very challenging as well.
Revenue recognition is a new
category of fraud risk, one which requires auditors to perform
84. additional procedures to
understand revenue recognition transactions, especially if these
are complex and unusual
(Patrick & Michael, 2003).
SAS No. 99 states that if analytical procedures identify
improper revenue
recognition, the auditors should plan their audit to identify such
risks (Patrick & Michael,
2003). If there is an identified risk of material misstatements
due to improper revenue
recognition, the auditor should perform analytical procedures
using disaggregated data to
determine if fraud actually exists (Casabona & Grego, 2003). To
illustrate, analytical
procedures on revenue are normally performed at a high level;
however, if material
misstatements exist, then revenue data should be disaggregated
on a month-by-month
basis or a product line basis. Such analytical procedures would
allow the audit team to
identify major changes in months or product line, which could
be an indication of fraud.
In conclusion, the new requirements of SAS No. 99 and revenue
recognition
85. procedures will have a major effect on the planning of an audit
and will require additional
control testing on journal entries involving revenue. In addition,
the new requirements
will call for additional procedures to understand how
management can override controls.
Patrick and Michael (2003) concluded by stating that the new
requirements of SAS No.
99 will change the scope of the audit, as well as the time
requirements, and add to the
cost of implementing SAS No. 99. However, the backlash
against SAS No. 99 is the
increased cost that auditors charge corporations.
45
SAS No. 99 and Internal Control
SAS No. 99 requires that auditors rely on the fraud triangle
theory to detect a
company’s vulnerability to financial statement fraud (Kranacher
et al., 2011). The fraud
theory states that three conditions are present for an individual
86. to commit fraud: pressure,
rationalization, and opportunity (Kranacher et al., 2011;
Romney, Albrecht, &
Cherrington, 1980). Pressure relates to an individual’s financial
position, rationalization
relates to how an individual thinks about their act of crime, and
opportunity relates to a
company’s internal control system (Kranacher et al., 2011;
Romney, Albrecht, &
Cherrington, 1980). Opportunity is of importance when
understanding the fraud theory
because a company’s management team can control it. An
organization’s management
team can control opportunity because it relates to a company’s
internal control system,
which is designed, created, and enforced by management
(Murphy & Dacin, 2011; Wells,
2011), whereas rationalization and pressure are not designed,
created, or enforced by a
company. Internal controls are a system of procedures designed
by executive
management to meet the objectives of safeguarding assets
(Harrison et al., 2011). To
safeguard assets, a company must design policies that encourage
87. operational efficiency,
ensures that accounting transactions are accurately prepared,
and comply with the legal
requirements of the Sarbanes Oxley Act (Harrison et al., 2011)
If a company has a good system of internal controls, the
possibility for a fraudster
to commit fraud diminishes (Harrison et al., 2011). The
possibility will diminish even if
the fraudster is under financial pressure or can rationalize their
actions. This is true
because all three elements of the fraud triangle theory must be
present for a fraudster to
commit fraud (Harrison et al., 2011). Since internal control is
an important facet of fraud,
46
it is imperative that a discussion on internal controls is
addressed in this literature review.
The following discussion on internal controls will elaborate on
the three elements of a
good system of internal control. These three elements are the
control environment, risk
88. assessment, information and communication, control activities,
and monitoring (Murphy
& Dacin, 2011; Wells, 2011).
Control Environment
The control environment is the environment in which the
business operates. The
control environment is what determines the actions of the
employees when deciding
whether to do right or wrong. For example, if a company’s
leadership team encourages
employees to follow company’s procedures to record accounting
transactions and if there
are consequences for not following procedures, the company is
creating a positive control
environment. When management creates a positive control
environment and reprimands
employees who do not follow the company’s procedures, the
likelihood of employees
committing fraud diminishes for two reasons. First, the
employees know that accounting
transactions are reviewed by management. Second, employees
understand that there will
be consequences for failure to follow the company’s policies.
Also, if a company has a
89. good control environment, it will improve the auditor’s risk
assessment, which is an
easement of how a company safeguards their assets and follows
policies and procedures
(Murphy & Dacin, 2011; Wells, 2011).
Risk Assessment Process
The risk assessment process is a systematic process for
recognizing and assessing
events that occur within the company. The events can represent
risk and opportunists that
could affect a company’s financial statements. The events can
be caused by the external
47
environment or the internal environment. A good system of
internal controls does not
wait for risk or opportunism to occur; instead, a company
assesses the likelihood of the
events (Murphy & Dacin, 2011; Wells, 2011).
By assessing the likelihood of events, a company can prepare
for such events to
90. minimize the impact of negative risk on financial statements or
to maximize events that
could have a positive impact on the company’s financial
statements. Risk assessment is
necessary for a company to maximize stakeholder’s investment
and to succeed in an
unpredictable economy (Wells, 2011).
Information and Communication
It is vital that auditors gather the necessary information on a
company’s financial
statements to ensure that information was properly classified,
measured, recorded,
analyzed, and reported on the financial statement data in a
timely manner. In addition, it is
important that a company’s financial statements be properly
communicated because
information that is not communicated in a timely manner lacks
creditability and its
usefulness to stakeholders diminishes (Murphy & Dacin, 2011).
To illustrate, if financial
data is prepared three months late, it is not useful to a bank
because banks are interested in
a company’s current financial position. In addition, if an
organization is unable to produce
91. timely data, it loses it creditability because potential
stakeholders will question a
company’s ability to operate efficiently. For these reasons, it is
imperative that financial
information is communicated in a timely manner.
Control Activities
Control activities are designed by management to ensure that
financial data is
prepared truthfully and accurately and that the information is
reliable. If a company has
48
good control procedures in place, the likelihood for employees
to commit fraud decreases
(Harrison et al., 2011). The control activities that a company
has in place can vary by
organization; however, two types of controls can be found in an
organization. The two
types are preventive activities and detective activities.
Preventive activities are designed
to stop or deter fraud from occurring (Wells, 2012). To
illustrate, a bank understands that
92. it is possible for employees to steal money, so the bank has
preventive activities in place.
The preventive activities may include cameras to watch
employees, periodic counting of
cash in the drawer, and checking employee’s personal items
when leaving work. If a
company has good controls activities in place, fraud decreases
(Harrison et al., 2011).
The second type of control to decrease fraud is detective
activities. Detective
activities identify fraudulent activities that have already
occurred in an organization.
When management identifies fraudulent activities that have
already occurred, immediate
actions are taken to prevent the activity from occurring in the
future. To illustrate, if
management discovers that inventory is missing from the
stockroom, management will
immediately implement a new policy and procedures to prevent
further theft. The new
policy could include installing cameras in the storeroom or
counting supplies on a routine
or surprise basis. Control activities will deter employees from
stealing from their
93. organization if they know cameras or routine counts of
inventory will occur on a regular
basis (Harrison et al., 2011).
Monitoring
The last component that a company needs to have a good system
of internal
control is monitoring. Monitoring is a review conducted by
management to ensure that
the company’s internal control procedures are operating as
planned and to identify any
49
deficiencies that may exist. Monitoring a company’s internal
control can include separate
evaluations or ongoing evaluations (McNally, n.d.). Separate
evaluations are conducted
on a routine basis, but are not built into the organization’s
internal control structure,
whereas ongoing activities are built into a company’s internal
control structure.
Ongoing activities are conducted on a systematic basis and
include analyzing
94. data, reconciling accounts, and other transactions that can
verify the credibility and
reliability of the financial data. Ongoing activities and separate
activities can be
performed manually with the use of software or a combination
of both methods
(McNally, n.d.). However, using software to evaluate internal
controls procedures offers
benefits that can be achieved with manual evaluations of
internal control (McNally, n.d.).
The use of software allows management to immediately identify
and correct control
deficiencies. To illustrate, internal control software
immediately identifies transitions that
are not properly recorded or have an unusually high transaction
balance.
The Evolution of Statements of Auditing Standards
Financial statement fraud has been in existence since the stock
market crash of
1923. As a result of the stock market crash, the federal
government stepped in to provide
protection to investors and creditors who rely on financial
statements when making
95. investing decisions. To protect investors and creditors, public
companies are required to
have their financial statements audited by accounting firms. The
purpose of the audit is to
provide reasonable assurance on whether the financial
statements are free from material
misstatements. To ensure financial statements are free from
material misstatements,
auditors exercise due professional care during an audit. To
provide due professional care,
50
auditors must follow specific guidelines that are set forth by the
Statement of Auditing
Standards (SAS).
The Statement of Auditing Standards has evolved over time, and
so have the
responsibilities of auditors. The first auditing standard to
protect investors and creditors
was SAS No. 53. SAS No 53, which explains that the auditor’s
responsibility is to
identify and report irregularities (Mancino, 1997). Since the
96. issuance of SAS No. 53, the
subject of fraud has continued to draw the interest of ever -
growing constituencies, and
independent auditors have been the target of litigation and
criticism. Independent auditors
were the target of litigation and criticism because there was a
misconception regarding
the public view on the level of responsibilities that auditors
have in detecting financial
statement fraud and what auditors can do to detect fraud.
Because of these
misconceptions, the SEC developed SAS No. 82 (Dezoort &
Thomas, 1998; Mancino,
1997).
The most important difference between SAS No 53 and SAS No.
82 were changes
made to the auditor’s responsibility to detect fraud (Dezoort &
Thomas, 1998; Mancino,
1997). The first difference is SAS No. 82, which does not use
the term irregularities;
instead, it uses the term fraud and it emphasizes that auditors
have a responsibility to
detect fraud during the planning stage of the audit and during
the performance of the
97. audit (Dezoort & Thomas, 1998; Mancino, 1997). However,
SAS No. 53 used the term
errors, which are defined as unintentional misstatements or
omissions in financial
statements (Dezoort & Thomas, 1998; Mancino, 1997). Another
important difference
between SAS No. 53 and SAS No. 82 is that SAS No. 82
required auditors to assess and
document the risk or likelihood of misstatements in the
financial statements (Dezoort &
51
Thomas, 1998; Mancino, 1997). The purpose of this
documentation was to serve as proof
that auditors had done their due diligence in assessing and
detecting the possibility of
financial statement fraud, whereas SAS No. 53 did not require
auditors to assess or
document the risk or the likelihood of misstatements in the
financial statements (Dezoort
& Thomas, 1998; Mancino, 1997).
The purpose of the assessment and documentation of SAS No.
98. 82 is to protect
auditors in the event of a lawsuit from financial statement users.
Lastly, the accounting
standard board believed that the implementation of SAS No. 82
would force auditors to
increase their audits procedures in regards to testi ng and
reviewing financial statement
accounts (Dezoort & Thomas, 1998; Mancino, 1997). Testing
and reviewing accounts is
important because it reduces the time it takes auditors to detect
fraud. Without testing and
reviewing accounts, it could take auditors up to five years to
determine if fraud exists in
an account.
Due to the accounting scandals that occurred at major
corporations such as
Enron and WorldCom, a major change in the Statement of
Auditing Standards occurred
(Labaton, 2006). The new standard requires auditors to obtain
reasonable assurance
through brainstorming that financial statements are free of
material misstatements
(Labaton, 2006). The new standard is termed SAS No. 99 and it
is more detailed than
99. SAS No. 82 because it requires that auditors document activities
that occur during the
audit (Ramos, 2003). First, auditors must document when
brainstorming meetings
occurred and who attended them (Ramos, 2003). Second, SAS
No. 99 requires that
auditors document the steps they performed to gather
information to assess if fraud could
exist in the financial statements (Ramos, 2003). Third, auditors
must include a discussion
52
on revenue recognition and whether there is a possibility that
fraud could exist in the
financial statements (Ramos, 2003). If fraud does exist, auditors
must estimate the
amount of the possible misstatement.
Other important components of SAS No. 99 are the likelihood
that management
could override internal controls (Alexander, 2012; Dorminey et
al., 2010). Internal
controls are the policies and procedures companies have in
100. place to prevent fraud from
occurring (Dorminey et al., 2010). SAS No. 99 also focuses on
the analytical procedures
that auditors perform to determine if additional auditors would
be necessary to conduct
the audit (Ramos, 2003). Analytical procedures are a diagnostic
sequential and iterative
process involving hypothesis generation, information search,
hypothesis evaluation, and a
final judgment (Hayes, 2011). Lastly, management must discuss
any issues of fraud with
management. It is important that management communicate the
information to the right
individuals within the organization.
Auditors’ responsibility to detect errors refers to material
unintentional
transactions or the omission of transactions that are or are not
recorded in the financial
statements. Errors could occur in the following cases (Hayes,
2011):
1. Accounting data is incorrectly gathered or processed when
the transaction was
recorded. To illustrate, an accountant to could fail to gather
accounts payable data
101. and a payment to a creditor could be omitted from the financial
statements. This
type of error would cause net income or liabilities to be over
stated.
2. Miscalculations of accounting estimates because of oversight
or misinterpretation
of facts. To illustrate, if an accountant does not adequately
determine the amount
of the depreciation expense, it would affect the income
statement, which could be
53
overstated or understated. Income could be overstated if the
transaction was not
recorded or if the amount of the deprecation was too low.
Lastly, the income
statement could be overstated if the amount of the depreciation
expense was too
low.
3. Misrepresentation in applying generally accepted accounting
principles for the
classification or presentation of an asset, liability, equity,
102. revenue, or expense. To
illustrate, generally accepted accounting principles require that
a company record
any contingent liability in the financial statements if it is
probable that a loss will
be incurred and if the amount of the contingent loss can be
determined. If
management fails to record a contingency, the company has
misrepresented the
application of generally accepted accounting principles.
Unfortunately, there have been misconceptions from
stakeholders, such as investors and
creditors, in regards to these errors. Stakeholders believe that
auditors should be
responsible to detect all errors; however, in reality, it is not
possible to detect all errors
because auditors do not verify every transaction that occurs in a
company’s financial
statements. However, if the amount is material, then auditors
have a responsibility to
detect the error.
The term irregularities differ from the term errors because
errors are
103. unintentional, whereas irregularities are considered intentional
misstatements or
omissions in financial statements. Irregularities occur when
financial statements are
deliberately misstated and the misstatements are generally
initiated by management
(Bariyima & Akenbor, 2008). Financial statements irregularities
are also named
54
management fraud, defalcations, or asset misappropriations, and
they may involve the
following types of transactions:
1. Manipulation, falsification, or alteration of accounting
records or supporting
documents from which financial statements are prepared.
2. Misrepresentation or intentional omission of events,
transactions, or other
significant information.
3. Intentional misapplication of accounting principles relating
to amounts,
classification, manner of presentation, or disclosure. (Bariyima
104. & Akenbor,
2008)
To illustrate, if an accountant records a $1,000 transacti on for
$1,000,000, it should be
detected by the auditor because auditors have a responsibility to
verify all material
transactions and a $1,000,000 transaction is a material amount.
However, not all errors in
financial statement will be detected, even if the amount is
material, because of
management override of internal controls. Management override
of internal controls
occurs because management has access to accounting data and
computer passwords to
change or modify transactions without anyone’s approval
(Dorminey et al., 2010;
Kassem & Higson, 2012). To illustrate, because of
management’s ability to a enter a
transaction without the approval of another manager, a manager
could enter a $5,000,000
revenue transaction in the financial statements without the
approval of another manager
The three components of the fraud triangle theory are
rationalization, opportunity,
105. and pressure, and all three must be present for an individual to
commit fraud (Cressey,
1953). However, the opportunity for an individual to commit
fraud can be controlled,
managed, or monitored if a company has a good system of
internal control (Alexander,
55
2012; Harrison et al., 2011) A good system of internal control is
determined by an
organization, whereas rationalization and pressure cannot be
controlled by an
organization.
Rationalization is based on how an individual thinks, which
cannot be controlled
by an organization, and pressure is an emotion that individuals
have and that cannot be
controlled by a company (Dorminey et al., 2010; Kassem &
Higson, 2012; Kranacher, et
al., 2011). Therefore, corporations should focus their efforts on
opportunities to reduce
fraud; this can be accomplished by developing a good system of
106. internal control
(Alexander, 2012; Harrison et al., 2011). As previously stated,
all three components of
the fraud triangle theory must be present for an individual to
commit fraud. Thus, if a
company can eliminate one of the components of the fraud
triangle theory, the possibility
for an individual to commit fraud decreases dramatically
(Murphy & Dacin, 2011; Wells,
2011). The component that companies should focus on to reduce
fraud is opportunity,
because it relates to a company’s internal control structure,
which can be controlled by an
organization (Murphy & Dacin, 2011; Wells, 2011).
Risk Assessment
Management can mitigate fraud at their organization if they
focus their efforts on
internal control; this can be accomplished by performing a risk
assessment and designing
a risk model for their organization (Edward, 2010; Harris, 2011;
Wells, 2011). A
company’s risk assessment should include an understanding of
the company’s assets,
107. which includes employees, property, equipment, and company
software. Understanding a
company’s assets is the first and most critical step when an
assessing a company’s risk
because assets cannot be protected if they are not identified
(Edward, 2010).
56
Identifying assets allows management to categorize the assets
according to the
likelihood of fraud occurring. If a company can identify and
describes the responsibilities
of employees who work in the accounting department,
management could predict the
likelihood of fraud by assessing the company’s internal control
structure (Edward, 2010;
Harris, 2011; Wells, 2011). To illustrate, if an employee in the
accounting department is
responsible for handling cash, there is a possibility that the
employee could steal cash. In
this example, the risk assessment should be set high because
there is a possibility that the
employee could steal cash. However, the possibility does not