University of DaytoneCommons

Accounting Faculty Publications Department of Accounting

7-1-2007

Fraud: The Human FactorSridhar RamamoortiUniversity of Dayton, sramamoorti1@udayton.edu

William Olsen

Follow this and additional works at: https://ecommons.udayton.edu/acc_fac_pub

Part of the Accounting Commons

This Article is brought to you for free and open access by the Department of Accounting at eCommons. It has been accepted for inclusion inAccounting Faculty Publications by an authorized administrator of eCommons. For more information, please contact frice1@udayton.edu,mschlangen1@udayton.edu.

eCommons CitationRamamoorti, Sridhar and Olsen, William, "Fraud: The Human Factor" (2007). Accounting Faculty Publications. 80.https://ecommons.udayton.edu/acc_fac_pub/80

me HumcmBy Sri Ramamoorti and William Olsen

Eighty percent of respondents to aNational Association of CorporateDirectors (NACD) survey of publiccompany audit committees felt thatfailure resulting from poor risk man-agement couldn't happen to them.However, 50 percent thought it couldhappen to other companies.

This feeling of relative "invincibili-ty" is similar to the statisticallyimpossible "Lake Wobegon" effect —where "all the women are strong, allthe men are good-looking and all thechildren are above average." Couldthis Lake Wobegon effect — whichresults from the human tendency tooverestimate one's achievements andcapabilities in relation to others —extend to an organization's assess-ment of its vulnerability to fraud risk?

Fraud is a human endeavor,involving deception, purposefulintent, intensity of desire, risk ofapprehension, violation of trust,rationalization, etc. So, it is importantto understand the psychological fac-tors that might influence the behav-ior of fraud perpetrators. The ration-ale for drawing on behavioral science

www.fei.org

insights is evident from the intuitionthat one needs to "think like a crookto catch a crook."

Many business professionals,especially those in the finance arena,tend to discount behavioral explana-tions. But as the incidence of fraudcontinues to grow, placing the spot-light on behavioral factors may be animportant approach to not onlyfraud detection, but to deterrence aswell.

The 2006 Report to the Nationissued by the Association of CertifiedFraud Examiners (ACFE) noted thatU.S. organizations lose almost 5 per-cent of their revenue to fraud, andthat the Gross Domestic Product(GDP)-based annual fraud estimatefor the U.S. was a whopping $652 bil-lion. In light of such sobering statis-tics, it behooves each and everyorganization to understand the rootcauses of fraud and proactively man-age fraud risk.

Why FOCU5 on Fraud Risk?

Among the catastrophic risks afflict-ing orgaruzations of all sizes is the

Many discountbehavioral explanations

for fraud, but as theincidence of fraud

continues to grow,placing the spotlight onbehavioral factors may

be an important approach notonly to detection, butto deterrence as well.

july/augu5t 2007 I financial executive

DP

IX,

53

Behaviorally OrientedSolutions for Fraud Risk Factors

Among behavioral approaches and solutions tothe fraud risk factors are:

• Sound tone at the top, with management "walk-ing the talk";

• Align incentive structures within the organizationin a way that does not encourage fraud perpetra-tion;

• An active board and audit committee overseeingmanagement performance and activities (as wellas the work by external and internal auditors);

• Nurture a culture of integrity and ethics, support-ed by an organizational code of conduct;

• Periodic ethics audits and enforcement of notedviolations of the code;

• Maintain an ethics and/or whistleblower hotline;

• Explicitly reward good behavior;• Routine background checks for new and experi-

enced hires, as well as for making senior leader-ship appointments (human resources needs to leadthis effort);

• Swift, decisive action to respond to incidents offraud so that employees and others are aware ofthe organization's serious commitment to dealingwith fraud issues head-on;

• Fraud awareness training, perhaps delivered byinternal audit professionals or outside consultants,including description of ethics hotlines and guid-ance on what to do when fraud is encountered;and

• Control self-assessments that consist of process riskowners performing risk and control mapping (andincluding fraud risk considerations in such exercises).

people to do dishonestthings. The sociologyiind criminology litera-ture describes fraud per-petrators as "trust viola-tors," In other words,trust violators are peopleyou wouldn't normallysuspect of committingfraud.

54

risk of financial fraud. A single alle-gation of material fraud has suchdevastating financial consequences,including irreparable reputationaldamage, that few companies survivesuch a crisis unscathed. Fraud tendsto be frequently a hidden risk, partic-ularly because its perpetrators takeextreme care to conceal their activi-ties; hence, it also remains an unman-aged risk in organizations.

Nevertheless, it is rare that anycompany deliberately sets out to per-petrate a massive fraud. Instead,fraud is the unfortunate consequenceof a multitude of mostly behavioralfactors that drives otherwise honest

financial executive I july/august 2007

Behavioral RootCauses of FraudMuch has been writtenabout the root causes offraud and the "fraud tri-angle," with its threevertices of opportunity,pressure/incentive andrationalization, as re-ferred to in the ACFE2005 Fraud Examiner'sManual.

What often goesunrecognized is that allthree elements of thefraud triangle are funda-mentally behavioral con-structs. Personal incen-tives and perceived pres-sure drive humanbehavior, and the needto rationalize wrongdo-ing as being somehowdefensible is very muchpsychologically rooted.

To some extent, eventhe assessment of theopportunity to commitfraud — including the

likelihood of being caught — is asubjective, behavioral assessment.Accordingly, to understand the rootcauses of fraud, psychologicalanswers and explanations ratherthan logical ones should be sought.

The decision to deviate from thenorm and commit fraud is not takenlightly; it involves "rationalization," orthe ability to justify one's own ques-tionable actions to oneself and others.A tragic example is Enron Corp.'s CliffBaxter, who couldn't come to termspsychologically with what had hap-pened, and took the extraordinarystep of corrmiitting suicide.

While corporate governance

reform legislation such as the Sar-banes-Oxley Act of 2002 can helplimit the opportunity for fraud, suc-cumbing to perceived pressure andthe ability to rationalize fraudulentacts are outside the scope of law. Assuch, fraud deterrence and detectionshould focus on how to deal with theunderlying behavioral dynamics —the psychology of fraud perpetrators,as well as the psychology of thoseresponsible for governance, includ-ing auditors.

Psychology of Fraud PerpetratorsAn understanding of what motivatesthe fraudster, whether acting alone orin collusion with others within oroutside an organization, can go along way in identifying behavioralrisk factors that may indicate fraud.A simple means-motives-opportunityanalysis would show that motivesare the crux of the matter, becausefraud requires the establishment ofintent to deceive another.

So, it is crucial to know what it isthat a fraud perpetrator desires:money (bonus, stock-based compen-sation), status ("keeping up with theJoneses," fame or celebrity status),revenge, a catch-me-if-you-can game,parity with others (everybody else isdoing it, why can't I?), etc.

If opportunities do not exist, themotivated fraud perpetrator can cre-ate them by a careful analysis ofweaknesses in controls or by exploit-ing a generally lax environment.However, once fraud perpetratorstake the initial steps, they frequentlyfind themselves unable to turn backand escape the ruinous consequences.

Organizations must communicateto employees acceptable standards ofbehavior through a well-crafted codeof conduct that is endorsed by lead-ership and enforced when necessary.Organizations should also develop atrack record of acting swiftly anddecisively whenever wrongdoingcomes to light.

And, in every case, organizationsmust go to extreme lengths to protecta whistlebiower's identity and safety(from retaliation). Otherwise, poten-tial fraud perpetrators are likely to

www.fei.org

exploit the inertia or complacency inaddressing fraud risk adequately. AsACFE founder Joe Wells counsels,"Let them know you're watching."

Understanding FinancialStatement FraudThus, erstwhile honest and well-meaning executives who have earnedthe trust of others are often the oneswho end up perpetrating fraud.Fraud does not start with dishonesty;it starts with pressure: Pressure toachieve aggressive financial perform-ance goafs, or meet analyst expecta-tions, frequently leads those who areexpected to make the numbers tosimply "make up" the numbers. Likemany other organizational risks,fraud usually starts small before itsnowballs, becomes widespread,rampant and material. Not surpris-ingly, the gray areas of accountingripe for abuse are those that are com-plex, ambiguous and subjective.Complexity can help mask fraud.

Among reasons managers cookthe books are;

1. to meet analyst expectationsand forecasts about earnings;

2. to smooth earnings and incometo reduce volatility (to mask financialdistress and negative cash flows);

3. to benefit from compensation orbonuses tied to earnings or to staywithin debt covenants imposed bylenders; and

4. to avoid sanctions by deliber-ately deflating current earnings or towin subsidies or import relief as aprotectionist advantage.

In such contexts, the award ofexecutive stock options provides fur-ther incentives to manipulate earn-ings, including enlisting the supportand cooperation of junior, economi-cally dependent and vulnerable staffand employees.

In all circumstances, tone from thetop is critical, and there is no excusefor senior executives or otheremployees to be active participants ina corrupt organizational culture.

Approaches to Deterring andMitigating Financial Fraud RiskFrom an organizational perspective.

the goal is to create an environmentthat endorses a "good ethics is goodbusiness" philosophy, encouragesdoing the right thing at every turnand makes perpetrating fraud anunattractive option to most people inthe organization.

It is true that economics and ethicsdo not mix very well — there arenumerous examples of how incen-tives have trumped personal ethicsand values. Nevertheless, culturalassimilation into a system of highintegrity and values represents aform of programming of the humanmind that cannot be easily compro-mised. A culture of ethics has signifi-cant potential in reducing integrityrisks. Rewarding people for doingthe right thing sends the right signalto others in the organization, whileshooting the messenger in the case ofa whistleblower allegation sends thewrong signal.

To discharge their monitoring andoversight function effectively, auditcommittees need a primer on the psy-chology of the fraud perpetrator(s), aswell as insight about their own andthe auditors' cognitive weaknesses.

The audit committee, with assis-tance from the internal and externalauditors, as well as other risk man-agement specialists and the board, isresponsible for monitoring thebehavior of management, especiallywith respect to financial reporting.However, in the current corporategovernance climate, this mandatesometimes extends beyond financialreporting matters.

One important behavioral insightis recognizing that high-level fraud isfrequently a team sport that ofteninvolves collusion. Internal controlsystems that presume proper segrega-tion of duties are not effective againstcollusion and management overrideof controls. In fact, a COSO FraudStudy published in 1999 found that in83 percent of the frauds examined,the CEO and the CFO had colluded.

Still another problematic area isthe well-known "groupthink" bias atthe board level. Groupthink discountscontrarian opinions or tends to swaythe group into making a "feel good"

decision. When there is an active ten-dency to ignore bad news due toeither indifference or sheer laziness,board members may miss importantsignals of potential fraud.

External and internal auditorsneed to learn that "absence of evi-dence is not evidence of absence."Just because no red flags or fraudindicia are observed does not meanthat fraud does not exist. The trustedrelationships that subsist betweenexternal auditors and their clientssometimes make auditors let theirguard down.

When encountering fraud scenar-ios, human tendencies such as theconfirmation bias (seeking confirma-tion of one's beliefs) and selectiveperception (seeing only what onewants to see) limit auditors' ability toexercise an appropriate level of pro-fessional skepticism.

Interestingly, the significance ofbehavioral science insights increaseseven more when we move into thedomain of fraud investigahon. But thatis clearly the subject of another article.

DR. SRIDHAR RAMAMOORTI is a Partnerin the National Corporate GovernanceGroup of Grant Thornton LLP in Chicagowho leads the firm's thought leadershipefforts relating to governance and account-ability. WILLIAM OLSEN IS a Principal in

the Economic Advisory Services practice ofGrant Thornton LLP and has experienceconducting fraud itwestigations.

TAKEAWAYS» Fraud is a human endeavor thatinvolves deception, purposeful intent,intensity of desire, risk of apprehension,violation of trust, rationalization, etc.

» The Association of Certified FraudExaminers found that U.S. organizationslose almost 5 percent of their revenue tofraud and that the GDP-based annualfraud estimate for the U.S. was $652 bil-lion in 2006.

» An understanding of what motivatesfraudsters can go a long way in identify-ing behaviorial risk factors.

» Organizations need to create environ-ments that endorse ethics and doing theright thing at every turn, making perpe-trating fraud an unattractive option.

www.fei.org july/august 2007 I financial executive 55