- Who We Are
- What We Do
- Our Actions
- What We've Done
by Sylvester Shamy
Chairman of the Institute of Internal Auditors NZ
and 2016 NZ Internal Auditor of the Year
I remember a moment of bemusement as an undergraduate at university when, during a lecture on auditing, our Professor asserted that fraud in its purest form is almost impossible to prevent and that once perpetrated is very difficult to identify. It followed, then, that audit’s role was less to prevent or detect but instead help the organisation to respond, including as much as possible, reducing its risk of recurrence.
As I sit here now recalling that “truism” I still require a digestive moment to process the depth of that message and its implication.
Fresh out of university and into professional practice I was educated on the realities of fraud sophistication, and therefore why, as a consequence, audit could never be expected to identify and highlight all instances of fraud. This caveat was enshrined in our engagement contracts with audit clients.
Admittedly, this was before the wide use of computer-assisted audit techniques (CAATs), data mining, information intelligence and their technology-enabled cousins. The audit profession was also, at that time, largely backwards glancing—“the rear-view mirror, not the windscreen” as someone once explained to me.
Thankfully, times have changed. But fraud, its preconditions and the motivations of its perpetrators, has not. Auditors are now better equipped than ever to combat this, and we have modern auditing techniques to assist us in this endeavour.
By its very definition—illegal acts that are characterized by deceit, concealment or violation of trust—fraud is broad in practice. There is a myriad of frauds that can, and are, committed against individuals on a daily basis. Phishing schemes, online lotteries, targeted emails, identity impersonation, credit card theft; the list goes on and on.
My focus in this article is on corporate fraud, which can be less sophisticated than fraud targeting individuals, but with potentially greater consequences both in financial and emotional terms. This article examines its preconditions. In the next issue of Transparency Times, I will discuss the many ways in which internal audit can help organisations prevent and detect corporate fraud.
The Fraud Triangle
The fraud triangle is a framework designed to explain the reasoning behind an individual’s decision to commit workplace fraud. The three stages, categorised by the effect on the individual, can be summarised as pressure, opportunity and rationalisation, illustrated in the diagram above.
The theory is that a combination of demand side (pressure and rationalisation) and supply side (opportunity) dimensions are needed for fraud to be perpetrated. To elaborate:
If there’s one thing internal audit can admit defeat on, it’s changing human nature, or at the very least being able to positively influence those with a predisposition to commit crime. Audit can and should however, influence the third dimension:
A way to prevent fraud is for recruitment, procurement, contract management and financial processes to be designed and stress-tested from an end-to-end perspective, as opposed to siloed design and evaluation.
Base minimum anti-fraud mechanisms should be incorporated into key processes, including:
Fraud may be impossible to completely prevent. Internal auditors are a wonderful cadre of professionals, but we still lack the requisite mind-reading and mind-bending powers that would enable us to mitigate fraud’s “Pressure” and “Rationalisation” preconditions. However, with proactive organisational support we can reduce the “Opportunity”.