Fraud Author Tracy Coenen

The key to understanding employees who commit fraud is found in the fraud triangle, an old concept in criminology that still has wide acceptance in the fraud examination field. In order for fraud to occur, three things must be present, and each represents one side of the triangle. The three pieces of every fraud puzzle are opportunity, motivation, and rationalization.

Opportunity
First, there must be an opportunity. That includes an opportunity to steal something of value, as well as to conceal the theft. An employee generally won’t endeavor to take a company’s assets if several people are observing. Rather, the theft will occur away from watching eyes, when there is a chance to sneak off with the assets.

The primary type of opportunity in a company that allows a thief to run off with data and assets is typically a weakness in the system. Poor controls can lead to theft. While we can’t watch all employees all the time, and some frauds will occur just because we’re not watching, there are others that occur because a company has bad control procedures in place.

For example, a company may have a weakness in a system that allows someone to write a check to a phony vendor. Creating fictitious sales and supporting documentation, in a manner which fools the auditors, also demonstrates an opportunity for fraud.

There can be many different opportunities in companies, from lax security to lack of authorization controls to computer systems that don’t restrict access via passwords. If you sat down and thought about your company or a client’s company, you could probably come up with a lengthy list of fraud opportunities.

Effectively preventing fraud means that companies must have policies and procedures in place to take away the opportunities to commit fraud. This includes security of both the physical type (locked doors, security cameras, employee badges) and the digital type (passwords, Internet firewalls, encrypted data).

In addition to security, companies must have policies which define ethical behavior and outline consequences for violation of the policies. A company must also have management and executives who are committed to leading by example while enforcing the policies and procedures.