On the Frontlines: New Twists on an Old Problem

In another documented fraud dating back to ancient times, Hegestratos, a Greek ship owner, planned to commit insurance fraud, a practice remarkably like modern insurance scams. Around 300 B.C., Hegestratos took out a loan with the agreement that he would repay it upon successful delivery of his cargo. According to the contract terms, the loan would be forgiven if the ship sank, meaning the lender would bear the loss. Hegestratos planned to sink his ship on purpose, then escape with both the loan and the ship’s cargo. However, his scheme did not go as planned. He was caught in the act by his crew and drowned while trying to flee.

At the core of these centuries-old cases is that the fraud involved people, the fraudsters wanted financial and or material gain at the expense of others, there were weaknesses in the control environment that created an opportunity for fraud, and there were financial and material pressures.

Since ancient times, the fraud landscape has evolved dramatically. Contemporary and high-profile fraud cases, such as the ones involving COVID-19 relief funds, FTX Cryptocurrency Exchange, Wirecard, and Theranos, illustrate how fraud has become lucrative, costly, sophisticated, and far-reaching in today’s world. Moreover, fraudsters have adapted their tools of attack and channels for committing fraud, thereby making it difficult to prevent and detect fraud. They leverage both traditional tactics (e.g., check, forgery, embezzlement, investment, insurance, and romance frauds) and advanced technology tools and platforms, like the dark web, quantum computing, artificial intelligence, cryptocurrency exchanges and other online payment sites, deep fake technologies, phishing tools, social engineering software, and messaging apps that offer anonymity, just to mention a few. Technology has also increased the speed at which the fraud occurs. And meanwhile, the old methods still work. It just depends on the industry, size, and sophistication of the bad actors and the adoption of technology within the institution or industry.

However, just as the sophistication of fraudsters has grown, so have the opportunities and capabilities to detect and prevent fraud and to better understand its motivations. The Fraud Triangle has continued to evolve from the classical view of opportunity, pressure, and rationalization to include other considerations. Some practitioners have argued that capability should be another element: Fraud can only happen if potential or actual fraudsters have the skills and resources to commit the act. Opportunities for fraud have also expanded to include new technology-aided fraud. There is a need to re-examine how digital pressures and rationalizations affect fraudulent behavior. Fraud attack surface consideration is another modern view that seeks to enhance the application of the Fraud Triangle. In addition to considering the fraudster’s motives, this view encourages auditors and fraud fighters to consider a variety of components in concert to detect potential frauds or bad acts, including: possible actors, entry points into the control system, types of fraud, targets and assets at risk, methods of attack, and organizational impact.

Here are some suggestions on ways to become better auditors and fraud investigators:

1. Conduct regular fraud risk assessments that consider the evolving fraud landscape, risks, and vulnerabilities. Consider collaborating with IT (digital and cybersecurity) stakeholders when brainstorming and assessing possible risks. When performing fraud risk assessments, auditors and fraud investigators must not only continue to apply the Fraud Triangle concepts but also understand the attack surface and consider the following:
   • The profile of the attackers.
   • The motivation behind the actual or potential fraudsters.
   • The tools, processes, and technologies that can be exploited to enter the operating environment and commit and hide fraud.
   • The speed at which the fraud can happen.
   • The methods the actual or potential fraudster could use to commit the fraud.
2. Adapt the traditional motivation element of the Fraud Triangle to factor in other motivations for committing fraud such as greed, personal glory, arrogance, and power. According to J.A. Erven in her book, “Becoming the Everyday Ethicist,” it is not always about the money. To some, it is about fame; they want to be notorious. To others, there are political motivations; for example, state-sponsored fraudsters commit fraud for political scores.
3. Pay attention to the evolving tools fraudsters are adopting and deploying to commit fraud and hide it from detection.
4. Commit to continuous learning and professional development through available resources from professional organizations. The IIA and the Association of Certified Fraud Examiners offer many resources, including certifications, books, courses, webinars, and conferences, that share modern thinking on how to perform fraud risk assessments, audit for fraud, investigate fraud, and prevent and detect fraud.

As auditors and fraud investigators, we should always remember that despite technological advancements, the core elements of fraud remain unchanged. Apply the traditional ways of assessing fraud risk and preventing and detecting fraud, while considering the modern tools that fraudsters are using and the motivations behind them.