profiling the fraudster - openthinking day

© 2012 Protiviti Member Firm (Middle East) Consultancy

CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to any third party.

Simon PadgettDirectorForensic Services

[email protected]

Dubai. September, 2012

…..its all about

people

Profiling the Fraudster

Open Thinking Day


CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to any third party.

E&Y Fraud Survey – Key Findings

In the last year :

2 in 3 had been defrauded

1 in 10 had more than 50 frauds

82% were committed by employees

Half of the employees had over 5 years service

A quarter had more than 10 years service

A third of the frauds were by management


CONFIDENTIAL: This document is for your company's internal use only and may not be copied nor distributed to any third party.2

The first face is one of systems or controls

The other face is the human element

The two faces of fraud:



COSO identifies 5 components, which when integrated

and operating in all business units, will help establish an

effective internal control framework:

1. Control Environment

2. Risk Assessment

3. Control activities

4. Information and Communication

5. Monitoring

COSO



Organizations first identify risks and prioritize them by

assessing the impact and likelihood of an inherent risk.

A key differentiator between Internal Controls and Anti Fraud

Controls is the Human Element inherent in the decision to

defraud. Failure to assess the Human Element can cause frauds

to happen in organizations that otherwise seem to have a robust

and comprehensive internal control framework.

So, why do people commit fraud?

Fraud Risk Assessment



One of the best theories on why people commit fraud was given by

Donald Cressey in his book “Other People’s Money”

Cressey stated that Fraud occurs when an individual :

•Has a non sharable financial problem.

•Perceives an opportunity to resolve the situation.

•Has the ability to rationalize his misdeeds even before committing

them.



In other words for an individual to commit fraud, he may be

under pressure from a financial problem which the

individual perceives cannot be solved through other

means. These problems often manifest themselves into

behavioral patterns or red flags, which if spotted in time,

could prevent a fraud from happening.

The ACFE 2010 Report to the Nations, states that the most

commonly cited behavioral red flags were perpetrators

living beyond their apparent means or experiencing

financial difficulties at the time of the fraud.

Pressure



Even if an individual has the motive, he cannot perpetrate the

fraud unless presented with an opportunity. Opportunities

could arise due to a number of factors within the organization

such as high turnover of management in key roles, lack of

segregation of duties or a complex organization structure.

Opportunity



Rationalisation

Rationalisation of the act is the last element in

understanding why people commit fraud. Most people

believe themselves as good and need to convince

themselves that their actions were justified.

Some of these justifications are:

• I was going to pay it back

• Everybody does it

• I am not hurting anyone

• I was helping my family

• This is nothing compared to what xyz did.



To sum up, when this individual under pressure is presented

with an opportunity and is able to rationalize his planned

actions, fraud occurs. This hypothesis is better known as the

Fraud Triangle.

FRAUD

The Fraud Triangle



To be able to effectively analyse and prioritize fraud risks, organizations

should evaluate the Human Element in the fraud risk. This can be achieved

by applying the principles of the Fraud Triangle to the traditional risk

assessment criteria of Impact and Likelihood.

Traditional Risk Assessment Criteria

Fraud Risk Assessment Criteria IMPACT OPPORTUNITY SITUATIONAL

PRESSURE ATTITUDE OR

PERSONAL

INTEGRITY

FRAUD RISK PRIORITY

IMPACT LIKELIHOOD INHERENT RISK

RATING

The Human Elements

Fraud Risk Assessment



For example in an organization where an individual

performs a number of key controls – if this

individual’s personal integrity and values are high,

the chances of fraud happening is significantly

lower than when the individual’s personal integrity

is low. Understanding the people who manage key

internal controls in an organization, their values

and attitude could go a long way in minimizing the

incidence of fraud and help build effective anti-

fraud deterrents within an organization.

Key Controls and Personal Integrity



It is important for organizations to consider the human element while managing

fraud risks. An Anti-Fraud Program that considers the human element may

include the following fundamental controls:

•Establish a Code of Ethics.

•Develop Fraud Policies.

• Invest in a communication and training program on fraud and

corporate fraud policies for all employees.

•Ensure proper segregation of duties for key activities and functions.

•Set up appropriate recruitment procedures to select the right

candidates.

•Set up policies for rotation of staff duties and forced vacations.

•Know your key fraud risks and controls. Monitor them regularly.

•Set up a whistle blower hotline.

•Sound recruitment policies and psychometric testing.

•Develop a Fraud Risk Assessment process.

Anti-Fraud Program



1. Edwin H. Sutherland

First defined “white-collar crime” in 1939

– Criminal acts of corporations

– Individuals in corporate capacity

Theory of differential association

– Crime is not genetic

– Learned from intimate personal groups

– These groups teach "definitions" (including skills, motivations, attitudes,

and rationalizations) either favourable or unfavourable to the violation of

the law. Criminal behaviour results when one is exposed to an excess of

definitions favourable to the violation of the law over unfavourable

definitions.



2. Harvey Cardwell

Wrote a book in 1960 on the logic and language of auditing for fraud.

Found there are primarily 3 principal factors that contribute to

employees beginning to steal:

– The want for money - (early or late in life and the temporary urgent need)

“Years of honest service” become meaningless when presented with time

pressure.

– Aggrieved – stealing after years of honest work apparently when hopes

have faded, when honesty & effort have failed to produce the expected

measure of success. Deterrents of prior years are weakened by extreme

frustration.

– The ability to steal – has been deterred by fear of detection but experience

brings increased ability & self-confidence



3. Gottfredson & Hirschi’s general theory of

crime - 1990

Assume that individuals choose the behavior that they wish to

perform rationally. They will weigh the potential pleasure of

performing a behavior against the potential pain of the behavior.

When a behavior is judged to be more pleasurable than painful, an

individual is likely to perform the behavior.

Central to this decision is low self-control.

How much crime occurs will depend in part on how much crime

circumstances allow.



4. Richard C. Hollinger

Hollinger-Clark study (1983)

Surveyed 10,000 workers:

1/3 had committed some form of fraud.

Many stole because of job dissatisfaction.

Employee perception of detection is important.

Employee-thieves exhibit other deviances

– Sloppy work, sick leave abuses, etc.

Increased security & controls may hurt, not deter.

Management should be sensitive to employee’s attitudes.



5. Donald R. Cressey

Other Peoples Money

A criminologist who studied embezzlers

Why people become “trust violators”

Developed the Fraud Triangle in 1953

Cressey’s three learning principles

1) Non-shareable financial problem.

2) Perception that occupational situation can resolve the problem.

3) Ability to Rationalize the act(s).



The Fraud Triangle:



Fraud Risk Model

Attitude/

rationalization

Opportunity

Incentive/

pressure

High Risk

Medium

Risk

“…the auditor cannot assume that the inability to observe one or two of these conditions means there is no risk…”

“the auditor should not assume that all 3 conditions must be evident before concluding that there are identified risks.”



6. The triangle extended: the fraud diamond - Wolfe &

Hermanson - 2004Pressure

capability

opportunity

rationalisation

Position/function

The Human brain

Confidence/ego

Cultural issues

Coercion skills

Effective lying

Immunity to stress



The three parts of perceived

opportunity……

1. To commit fraud

2. To conceal fraud

3. To avoid punishment



3

pressure/rationalisation

capability

identify opportunity act

upon it;

will I be

caught?No

commit

fraud

Yes

don’t

do it

maybe

caught not

punisheddo it



Iceberg Theory of Dishonesty

Overt Aspects

- Hierarchy

- Financial resources

- Goals of the organisation

- Skills and abilities of

personnel

- Technological state

- Performances stds

- Efficiency measurements

Covert Aspects

- Attitudes

- Feelings (fear,

anger, etc)

- Values

- Norms

- Interaction

- Supportiveness

- Satisfaction

Structural

Considerations

Behaviourial

Considerations

Waterline



Characteristics of a Fraudster

College educated, white Male. ¾ of frauds are committed by

men. Higher median loss (US$85,000 for men, US$ 48,000 for

women).

Intelligent. The challenge of “secure systems” overcomes

boredom.

Egotistical. Feel worth more than their position.

Inquisitive. Curious as to computer vulnerability.

Risk takers. Not afraid to fail. Fails to consider consequences.

Rule breakers. Likes shortcuts. Justifies infractions of laws.



Characteristics of a Fraudster, continued

Hard Workers. In early, out late, no vacations.

Excessive overtime

Immune from stress.

Financial pressure. Medical fees, bad marriage,

gambling.

Married.

Management.

Disgruntled. Feels abused, not promoted, underpaid.

Big Spender. Living beyond means.



Characteristics of a Fraudster, continued

Sudden large purchases

Close relationships with suppliers/customers.

Don’t like people reviewing work

Unable to relax

Often display drastic behavioral changes

Need turns to greed.



Changes in Behaviour

Sudden large purchases. House, Car, Jewellery

Brags about purchases

Carry large amounts of cash

Fending off creditors

Borrows money from co-workers

Moody, Irritable

Defensive attitude to questioning

Territorial over responsibilities



Changes in Behaviour, continued

Workaholic

Mentions financial/family problems

Exhibits signs of addiction. Absenteeism, looks ill

Decrease in productivity

Spending excessive time with vendors/suppliers

Nervous

“Minor” infringements



Characteristics of a Victim Organisation

Most costly abuses in organizations of less than 100 employees.

Where fraud is not perceived a risk

Management ignore irregularities

Morale is low

High employee turnover

Lack of training

Rapid increase in revenues and profits

Strong, egotistical leader

Profit is the ultimate goal, to be reached no matter what

Salary structure tied to profit



ACFE Report to the Nations

on Occupational Fraud

The latest report, for 2010, was compiled from 1,843 cases and

covered cases from 106 nations.



Victims of Occupational Fraud

The 2010 Report provides some information on the types of businesses

that were victims of occupational frauds. The highs and lows are as

follows:

% of cases Median

loss

High Banking

and finance

16.6% Mining US$ 1

million

Low Mining 0.7% Education US$ 71k



Profiling by Fraudster Position in Organisation This is explained on the basis that more senior people in management levels and

executive positions have a greater opportunity to commit and hide larger frauds.

This is a common theme throughout the remainder of the profiles.

The study also found that lower level employees committed more frauds in number

than management level, and about twice as many frauds as executives - probably

because there are many more lower level employees that executives.

Employee Management Owner/Executive

39.7% 37.1% 23.3%

$70,000 $150,000 $834,000

42.1% 41.0% 16.9%

$80,000 $200,000 $723,000



Profiling by Job Description in Organisation

% of cases Median loss

Highs Accounting 22%Upper

Management$829,000

Lows Internal Audit 0.2% Internal Audit $13,000

The greatest number of cases are committed by people with the

accounting area of the business, as these employees will have

the knowledge of how to commit and hide the fraud and access

to the records to do so. The largest median losses were

incurred by frauds committed by people within the legal

department.



Profiling by Fraudster GenderOver the past surveys, the rate of fraud between the

genders began to equalize in number. This was

superficially explained by the trend of women getting

closer to equality in the work place (in numbers and

positions)Male Female

Percentage 2008 59.1 40.9

Median Loss 2008 250,000 110,000

Percentage 2010 66.7 33.3

Median Loss 2010 232,000 100,000



Profiling by Fraudster Age

Under

2526 to 30 31 to 40 41 to 50 51 to 60 over 60

% 5.9% 10.7% 34.2% 32% 15.1% 2%

Median losses increase with the age of employees.



Profiling by Educational Standard

High SchoolSome Tertiary

EducationTertiary Education Post Graduate

Percentage 2008 54.7% 34.4% 10.9%

Median Loss 2008 $150,000 $210,000 $550,000

Percentage 2010 28.8% 17.1% 38% 14%

Median Loss 2010 $100,000 $136,000 $234,000 $300,000

Smarter people - smarter frauds?