The Fraud Prevention Garden
8.21.2013 David Sawyer, leader of Frazier & Deeter's Forensic Accounting practice, takes a look at the conditions that help fraud thrive, and how to "weed out" the bad seeds.
Among investigators and criminal profilers with whom I work, there is a common phrase that I hear over and over again: “To catch a crook, get inside the mind of a crook.” Make it your mission to know their method of operation – or modus operandi. It’s the how and why that will help you catch them. As a fraud investigator, I need to know the motives, rationalizations and opportunities that are specific to the white collar criminal. These are the components, or legs, of what we fraud examiners call “The Fraud Triangle.”
Looking back on the scores of cases I’ve worked through the years, I often see similarities between “legs of the triangle” and gardening.
Motive – the “Bad Seed”
You’ve got a bad seed in your organization, and they’ve somehow been planted there. To complete our rhyme in most simplistic terms,
“The motives of the seed are need or greed.”
Of course there can be a laundry list of motives, such as need-based financial pressures resulting from economic conditions, lifestyle, habits, addictions or even medical problems. On the other hand, though, our bad seed may just be trying to “keep up with the Joneses.” They’re just plain greedy, or living beyond their means, to maintain a certain image.
Opportunity – the “Fertile Soil”
The opportunity for fraud to thrive is when the seed of motive is planted in the fertile ground of a weak, or non-existent, system of internal controls. Most of the time, there is a lack of separation of incompatible functions. As a rule of thumb, I recommend that the four following functions, all conveniently beginning with the letter ‘A,’ be kept separate:
- Access to Assets
- Approval and Authorization
- Accounting and Reconciliation
- Audit and Analysis
When two of these functions are performed by one person, look out. Your system of controls has been compromised and your assets – tangible or intangible – may well be at risk.
Generally, internal controls come in three different varieties: Preventive, Detective and Deterrent. Imagine that your most precious asset is in a room, which is entered by a single door. As a preventive measure, you place a lock on the door, so that access to the room can be accessed by only those having a key or combination to the lock. To employ a detective control measure, you might install a camera or swipe card system, so that you know exactly who entered the room (whether authorized or not). Then, a deterrent measure might include a 150-pound Rottweiler, barking viciously on the other side of the door. All joking aside, deterrent measures are often driven by the culture, or ‘tone at the top,’ of the organization – perhaps the posture on a zero tolerance policy toward white collar crime.
Rationalization – “Sunshine and Rain”
We’ve laid the groundwork and plowed the rows for our garden. Then there are the environmental factors which allow our seed to grow. The sunshine may also be the culture, or “tone at the top” in your organization. In their mind, the fraudster has convinced themselves that what they are doing is justified. They have told themselves, ‘I’m underpaid,’ or ‘I deserve a promotion,’ or ‘I’ll pay it back…Someday.’
Enough about gardening for one blog. I hope you’ve read enough today to look around your company and think differently about the conditions that may exist for nurturing bad seeds.
About the blogger
David Sawyer is a partner with Frazier & Deeter, where he leads the Forensic Accounting practice. He is a CPA, Certified Fraud Examiner and licensed private investigator. He can be reached at david.sawyer@Frazierdeeter.com.