On the Frontlines: Patterns in Fraud
Blogs Mohamed Tarek El Gabry Jun 07, 2023
I have been fortunate enough to have been involved in several fraud investigation assignments throughout my career as an internal auditor. While those fraud cases occurred in different companies and different industries, I have noticed one common factor among many of the cases.
This common factor is a lack of financial materiality in the scope of the fraud — which also typically means fewer controls and better fraud opportunities for those committing fraud. In each of these incidents, although the scope was relatively immaterial, the recurrence of the fraud made the loss noticeable and considerable.
This brings to my mind stories of people who dug tunnels using a spoon to escape from prison! Despite the smallness of the spoon, the repeated digging for a long period of time allowed the prisoners to finish the tunnel and eventually escape.
With this in mind, companies should be careful with immaterial areas that lack controls and are not adequately monitored, as huge, hidden tunnels may be dug there.
One example of a fraud I witnessed that seemed to lack financial materiality was the theft of industrial consumables, an indirect raw material used in various production processes. The consumables were not considered to have financial materiality compared to the direct production materials. The theft was not discovered for several years because of poor controls over issuance procedures from warehouses and because the stolen quantities fell within the allowed margin for waste — although the process for determining the margin of waste was flawed. When the value of the stolen quantities was estimated, it became considerable.
Given that the areas in which these types of frauds are committed are overlooked by all, the fraud is usually discovered late. It is often reported by an employee who is aware of the fraud from the beginning but has delayed reporting it due to fear of retaliation or because they are convinced that the management will not respond appropriately. Sometimes the reporting party has even been directly involved in the fraud but has gotten into a dispute with the other parties.
Through my participation in investigations, I have been able to identify other factors that contribute to these types of frauds occurring, including:
- Absence of controls due to lack of resources: Not all companies see controls as essential. Some companies consider controls a luxury, especially if the scope lacks significant materiality.
- Internal control and risk management maturity: Lack of sufficient maturity of the company's internal control and risk management may result in a failure to correctly assess the risk likelihood. Even if the resources are available, immaturity may lead to focusing on the risk impact only and ignoring its recurrence.
- Consistent pattern of review and audit: Just as prisoners may take advantage of the predictable pattern of prison guards to dig a tunnel when they’re not around, the absence of a surprise review on the different organizational areas — whether by the management or internal audit — may lead to enough of an opportunity to commit fraud.
The important question now is, how can we beat such fraud? Addressing the factors that provide an opportunity for this type of fraud will help in detecting and reducing it.
This can be done by:
- Conducting a good assessment of occurrence probability for all risks, even risks with a low impact.
- Setting reasonable cost controls for all risks with a high probability of occurrence and low impact. For example, instead of setting stock procedures for issuing printing paper to employees in workspaces, it is sufficient to monitor the consumption rate monthly and set the maximum limit for daily consumption.
- Conducting a surprise review. If the fraud perpetrator can always anticipate when you will be doing your audit and what audit requirements will be required, this may help him to conceal the fraud. For example, conducting a surprise periodic physical count for warehouses and cash custody is one of the controls that supports an inconsistent pattern of review.
As we know, the fraud triangle states that “individuals are motivated to commit fraud when three elements come together: (1) some kind of perceived pressure, (2) some perceived opportunity, and (3) some way to rationalize the fraud as not being inconsistent with one's values. From my point of view, opportunity is the most important factor in the fraud triangle — and the factor most susceptible to control. Therefore, companies must work to reduce opportunity in all their areas, without forgetting that opportunity may lead to fraud within areas deemed immaterial, which eventually can lead to significant losses.