FRAUD IS A GLOBAL PROBLEM AFFECT-ing organizations of all types and sizes. According to the Association of Certified Fraud Examiners' (ACFE's) 2006 Report to the Nation on Occupational Fraud & Abuse, organizations lose 5 percent of annual revenues to fraud. Organizations continuously attempt to identify fraudsters' motives and methods so they can design anti-fraud programs to prevent, detect, and investigate fraudulent activities.
To varying degrees all organizations are at risk of being victims of fraud. Con stant fraud risk management is needed to identify vulnerabilities, proactively reduce the likelihood of fraud, and monitor the drivers of fraudulent activities. The best way to address fraud is to pre vent it because the costs and complexities involved increase significantly after fraudulent activities are committed.
To prevent fraud, internal auditors should understand why people commit it. The Fraud Triangle, a model developed by Donald Cressey, an expert on the sociology of crime, has been used for many years to assess the three drivers of fraud--need, opportunity, and justification.
NEED Financial pressures such as housing expenses, a child's tuition payments, or unexpected medical bills often lead individuals to commit fraud to remedy the situation. Other needs are derived from a lack of personal discipline or other weak nesses, such as a gambling habit, drug addiction, extramarital relationship, or the need to sustain a lavish lifestyle. In some cases, organizations' and investors' expectations for unreasonably high financial returns create pressures that lead employees to commit financial statement fraud. Other pressures are political and social, in which people feel they cannot appear to fail due to their status or reputation.
Auditors should search for conditions that point to significant changes in employee needs, which may be a precursor of fraudulent behavior. Internal control questionnaires, interviews with managers, surveys, and interaction with department staff may uncover warning signs.
OPPORTUNITY People often discover an opportunity to commit fraud when internal controls, such as approvals, access controls, and reviews, are lacking or weak. For example, an employee who notices that certain bank accounts are not reconciled timely may conclude that inappropriate transactions using those accounts will escape detection.
Similar conclusions may be drawn from poor intrusion-detection controls, a lack of oversight over...