If you open a newspaper, turn on a TV, or listen to a radio, most likely within a very short time you will come across a story about fraud perpetrated in an organization. In today's business environment, fraud remains one of the top risks facing organizations as well as individuals.
The continued focus and hype that surrounds emerging fraud events does serve a strategic purpose. As the old saying goes, "what gets identified gets addressed." The more internal auditors learn about the characteristics of fraud incidents, the psychology behind the individual acts, the characteristics of the people who commit those acts, and the missing controls that could prevent fraud, the closer they get to slowing or mitigating the occurrence of unwanted events.
Most people are aware of the fraud triangle and its related theories, but internal auditors must dig deeper to understand the various aspects of how and why fraud is committed. The application of professional skepticism may lead internal auditors to ask whether there are certain fallacies rooted within their current perception of fraud and its underlying causes.
FRAUD IS PERPETRATED BY FOES
The concepts of ethics and controls are deeply embedded within internal auditors' thought processes, thus the belief by many that those who commit malicious acts of fraud are not friends, but foes. Unfortunately, statistics show that the typical whitecollar criminal is someone of respectable status in the organization with no prior fraudulent experience. He or she may be a long-time and trusted employee or supervisor. These individuals are thought of as friends, mentors, or respected superiors.
How is it that the very people trusted in an organization become the perpetrators of fraud acts? The fraud triangle and its leg of opportunity show one of the reasons. Long-term, trusted employees often are the ones who recognize the opportunity that exists when controls are missing or lax. They have the ability to act on that opportunity without raising immediate speculation. Even if other employees notice the act, to insinuate that a professional of this stature is involved in a potential deceptive act is a difficult step to take. This may be why so many frauds go unreported or undetected for long periods.
This misconception reinforces the need for ongoing fraud awareness and monitoring processes at all levels of an organization. Theoretically, the stronger the awareness of fraud red flags, the higher probability there is someone who will speak up about an issue. But to speak up, professionals need to understand the symptoms and have the appropriate reporting avenues to communicate observations.
FRAUD RISK IS ASSESSED
Do organizations truly perform sufficient risk assessments focused on the potential for fraud? The belief that the risk of fraud is assessed adequately in the organization based on the fact that internal audit may look for fraud can prove to be a fallacy in many ways. Organizations must explicitly evaluate various threat areas to...