Profiling the Fraudster - OpenThinking Day

Profiling the Fraudster
…..its all about
people

Open Thinking Day
Simon Padgett
Director
Forensic Services

simon.padgett@protivitiglobal.ae

Dubai. September, 2012
© 2012 Protiviti Member Firm (Middle East) Consultancy
CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to any third party.

E&Y Fraud Survey – Key Findings

In the last year :

 2 in 3 had been defrauded

 1 in 10 had more than 50 frauds

 82% were committed by employees

 Half of the employees had over 5 years service

 A quarter had more than 10 years service

 A third of the frauds were by management


The two faces of fraud:

 The first face is one of systems or controls

 The other face is the human element

2 © 2012 Protiviti Member Firm (Middle East) Consultancy

COSO
COSO identifies 5 components, which when integrated
and operating in all business units, will help establish an
effective internal control framework:

1. Control Environment

2. Risk Assessment

3. Control activities

4. Information and Communication

5. Monitoring


Fraud Risk Assessment

Organizations first identify risks and prioritize them by
assessing the impact and likelihood of an inherent risk.

A key differentiator between Internal Controls and Anti Fraud
Controls is the Human Element inherent in the decision to
defraud. Failure to assess the Human Element can cause frauds
to happen in organizations that otherwise seem to have a robust
and comprehensive internal control framework.

So, why do people commit fraud?


One of the best theories on why people commit fraud was given by
Donald Cressey in his book “Other People’s Money”

Cressey stated that Fraud occurs when an individual :

•Has a non sharable financial problem.

•Perceives an opportunity to resolve the situation.

•Has the ability to rationalize his misdeeds even before committing
them.


Pressure

In other words for an individual to commit fraud, he may be
under pressure from a financial problem which the
individual perceives cannot be solved through other
means. These problems often manifest themselves into
behavioral patterns or red flags, which if spotted in time,
could prevent a fraud from happening.

The ACFE 2010 Report to the Nations, states that the most
commonly cited behavioral red flags were perpetrators
living beyond their apparent means or experiencing
financial difficulties at the time of the fraud.


Opportunity

Even if an individual has the motive, he cannot perpetrate the
fraud unless presented with an opportunity. Opportunities
could arise due to a number of factors within the organization
such as high turnover of management in key roles, lack of
segregation of duties or a complex organization structure.

7 CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to any third party.

Rationalisation

Rationalisation of the act is the last element in
understanding why people commit fraud. Most people
believe themselves as good and need to convince
themselves that their actions were justified.
Some of these justifications are:
• I was going to pay it back
• Everybody does it
• I am not hurting anyone
• I was helping my family
• This is nothing compared to what xyz did.

The Fraud Triangle
To sum up, when this individual under pressure is presented
with an opportunity and is able to rationalize his planned
actions, fraud occurs. This hypothesis is better known as the
Fraud Triangle.

FRAUD


Fraud Risk Assessment
To be able to effectively analyse and prioritize fraud risks, organizations
should evaluate the Human Element in the fraud risk. This can be achieved
by applying the principles of the Fraud Triangle to the traditional risk
assessment criteria of Impact and Likelihood.

LIKELIHOOD INHERENT RISK
IMPACT
Traditional Risk Assessment Criteria RATING

IMPACT OPPORTUNITY SITUATIONAL ATTITUDE OR FRAUD RISK
Fraud Risk Assessment Criteria PRESSURE PERSONAL PRIORITY
INTEGRITY

The Human Elements


Key Controls and Personal Integrity
For example in an organization where an individual
performs a number of key controls – if this
individual’s personal integrity and values are high,
the chances of fraud happening is significantly
lower than when the individual’s personal integrity
is low. Understanding the people who manage key
internal controls in an organization, their values
and attitude could go a long way in minimizing the
incidence of fraud and help build effective anti-
fraud deterrents within an organization.


Anti-Fraud Program
It is important for organizations to consider the human element while managing
fraud risks. An Anti-Fraud Program that considers the human element may
include the following fundamental controls:

•Establish a Code of Ethics.
•Develop Fraud Policies.
•Invest in a communication and training program on fraud and
corporate fraud policies for all employees.
•Ensure proper segregation of duties for key activities and functions.
•Set up appropriate recruitment procedures to select the right
candidates.
•Set up policies for rotation of staff duties and forced vacations.
•Know your key fraud risks and controls. Monitor them regularly.
•Set up a whistle blower hotline.
•Sound recruitment policies and psychometric testing.
•Develop a Fraud Risk Assessment process.


1. Edwin H. Sutherland
 First defined “white-collar crime” in 1939
– Criminal acts of corporations
– Individuals in corporate capacity

 Theory of differential association
– Crime is not genetic
– Learned from intimate personal groups
– These groups teach "definitions" (including skills, motivations, attitudes,
and rationalizations) either favourable or unfavourable to the violation of
the law. Criminal behaviour results when one is exposed to an excess of
definitions favourable to the violation of the law over unfavourable
definitions.


2. Harvey Cardwell

 Wrote a book in 1960 on the logic and language of auditing for fraud.
 Found there are primarily 3 principal factors that contribute to
employees beginning to steal:
– The want for money - (early or late in life and the temporary urgent need)
“Years of honest service” become meaningless when presented with time
pressure.
– Aggrieved – stealing after years of honest work apparently when hopes
have faded, when honesty & effort have failed to produce the expected
measure of success. Deterrents of prior years are weakened by extreme
frustration.
– The ability to steal – has been deterred by fear of detection but experience
brings increased ability & self-confidence


3. Gottfredson & Hirschi’s general theory of
crime - 1990

 Assume that individuals choose the behavior that they wish to
perform rationally. They will weigh the potential pleasure of
performing a behavior against the potential pain of the behavior.
When a behavior is judged to be more pleasurable than painful, an
individual is likely to perform the behavior.
 Central to this decision is low self-control.
 How much crime occurs will depend in part on how much crime
circumstances allow.


4. Richard C. Hollinger

Hollinger-Clark study (1983)

Surveyed 10,000 workers:

 1/3 had committed some form of fraud.
 Many stole because of job dissatisfaction.
 Employee perception of detection is important.
 Employee-thieves exhibit other deviances
– Sloppy work, sick leave abuses, etc.
 Increased security & controls may hurt, not deter.
 Management should be sensitive to employee’s attitudes.


5. Donald R. Cressey

 Other Peoples Money
 A criminologist who studied embezzlers
 Why people become “trust violators”
 Developed the Fraud Triangle in 1953
 Cressey’s three learning principles
1) Non-shareable financial problem.
2) Perception that occupational situation can resolve the problem.
3) Ability to Rationalize the act(s).


The Fraud Triangle:


Fraud Risk Model

“the auditor should not assume that all 3 conditions
must be evident before concluding that there are High Risk
identified risks.”

Medium
Risk
Incentive/
Attitude/
pressure
rationalization

“…the auditor cannot assume that
the inability to observe one or
two of these conditions means
Opportunity there is no risk…”


6. The triangle extended: the fraud diamond - Wolfe &
Hermanson - 2004
Pressure

opportunity
capability
Position/function
The Human brain
Confidence/ego
Cultural issues
Coercion skills
Effective lying
Immunity to stress rationalisation


The three parts of perceived
opportunity……

1. To commit fraud

2. To conceal fraud

3. To avoid punishment


pressure/rationalisation

capability

identify opportunity act
upon it;

caught not
do it punished

commit
will I be
No fraud
caught?

don’t
do it Yes
maybe

2 CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to any third party.

Iceberg Theory of Dishonesty

Overt Aspects
Structural
- Hierarchy
Considerations
- Financial resources
- Goals of the organisation
- Skills and abilities of
personnel
- Technological state
- Performances stds Waterline
- Efficiency measurements
Covert Aspects
- Attitudes
- Feelings (fear,
anger, etc) Behaviourial
- Values Considerations
- Norms
- Interaction
- Supportiveness
24 © 2012 Protiviti Member Firm (Middle East)- Satisfaction
Consultancy

Characteristics of a Fraudster
 College educated, white Male. ¾ of frauds are committed by
men. Higher median loss (US$85,000 for men, US$ 48,000 for
women).
 Intelligent. The challenge of “secure systems” overcomes
boredom.
 Egotistical. Feel worth more than their position.
 Inquisitive. Curious as to computer vulnerability.
 Risk takers. Not afraid to fail. Fails to consider consequences.
 Rule breakers. Likes shortcuts. Justifies infractions of laws.


Characteristics of a Fraudster, continued

 Hard Workers. In early, out late, no vacations.
 Excessive overtime
 Immune from stress.
 Financial pressure. Medical fees, bad marriage,
gambling.
 Married.
 Management.
 Disgruntled. Feels abused, not promoted, underpaid.
 Big Spender. Living beyond means.


Characteristics of a Fraudster,
continued

 Sudden large purchases
 Close relationships with suppliers/customers.
 Don’t like people reviewing work
 Unable to relax
 Often display drastic behavioral changes
 Need turns to greed.


Changes in Behaviour
 Sudden large purchases. House, Car, Jewellery
 Brags about purchases
 Carry large amounts of cash
 Fending off creditors
 Borrows money from co-workers
 Moody, Irritable
 Defensive attitude to questioning
 Territorial over responsibilities


Changes in Behaviour, continued
 Workaholic
 Mentions financial/family problems
 Exhibits signs of addiction. Absenteeism, looks ill
 Decrease in productivity
 Spending excessive time with vendors/suppliers
 Nervous
 “Minor” infringements


Characteristics of a Victim
Organisation
 Most costly abuses in organizations of less than 100 employees.
 Where fraud is not perceived a risk
 Management ignore irregularities
 Morale is low
 High employee turnover
 Lack of training
 Rapid increase in revenues and profits
 Strong, egotistical leader
 Profit is the ultimate goal, to be reached no matter what
 Salary structure tied to profit


ACFE Report to the Nations
on Occupational Fraud

The latest report, for 2010, was compiled from 1,843 cases and
covered cases from 106 nations.


Victims of Occupational Fraud
The 2010 Report provides some information on the types of businesses
that were victims of occupational frauds. The highs and lows are as
follows:

% of cases Median
loss

High Banking 16.6% Mining US$ 1
and finance million

Low Mining 0.7% Education US$ 71k


Profiling by Fraudster Position in Organisation
 This is explained on the basis that more senior people in management levels and
executive positions have a greater opportunity to commit and hide larger frauds.
This is a common theme throughout the remainder of the profiles.
 The study also found that lower level employees committed more frauds in number
than management level, and about twice as many frauds as executives - probably
because there are many more lower level employees that executives.

Employee Management Owner/Executive

39.7% 37.1% 23.3%

$70,000 $150,000 $834,000

42.1% 41.0% 16.9%

$80,000 $200,000 $723,000


Profiling by Job Description in Organisation
The greatest number of cases are committed by people with the
accounting area of the business, as these employees will have
the knowledge of how to commit and hide the fraud and access
to the records to do so. The largest median losses were
incurred by frauds committed by people within the legal
department.

% of cases Median loss

Upper
Highs Accounting 22% $829,000
Management

Lows Internal Audit 0.2% Internal Audit $13,000


Profiling by Fraudster Gender
Over the past surveys, the rate of fraud between the
genders began to equalize in number. This was
superficially explained by the trend of women getting
closer to equality in the work place (in numbers and
positions)
Male Female

Percentage 2008 59.1 40.9

Median Loss 2008 250,000 110,000

Percentage 2010 66.7 33.3

Median Loss 2010 232,000 100,000


Profiling by Fraudster Age

Median losses increase with the age of employees.

Under
26 to 30 31 to 40 41 to 50 51 to 60 over 60
25

% 5.9% 10.7% 34.2% 32% 15.1% 2%


Profiling by Educational Standard

Smarter people - smarter frauds?

Some Tertiary
High School Tertiary Education Post Graduate
Education

Percentage 2008 54.7% 34.4% 10.9%

Median Loss 2008 $150,000 $210,000 $550,000

Percentage 2010 28.8% 17.1% 38% 14%

Median Loss 2010 $100,000 $136,000 $234,000 $300,000


Profiling the Fraudster - OpenThinking Day

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Profiling the Fraudster - OpenThinking Day

Similar to Profiling the Fraudster - OpenThinking Day (20)

More from Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP

More from Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP (20)

Recently uploaded

Recently uploaded (20)

Profiling the Fraudster - OpenThinking Day