Cressey’s Fraud Triangle – Part II: Perceived Opportunity

Cressey’s Fraud Triangle is were perceived pressure, perceived opportunity and rationalization meet – it is at these points that a fraud may occur is highly probable but not always absolute. In part 1 we took a look at perceived pressure and in part 2 we will look at the second leg of the fraud triangle; which is perceived opportunity.

We will use the same example, of Mr. Y, from part 1. Please do read part 1 to familiarize yourself with our case.

Let’s look at what exactly what is perceived opportunity is.  Perceived opportunity is the “what” that is within the organization that allows for a person to commit a fraud. Perceived opportunity can be summed up by the following:

A perceived opportunity
+
Ability to conceal the fraud
+
Avoidance of it being discovered
+
Avoidance of it being punished
=
Opportunity

 As we can see from the above diagram opportunity is achieved when the fraudster can ultimately conceal the fraud, by concealing the fraud the fraudster keeps the fraud from being discovered and therefore avoids being punished for committing the fraud. From our example of Mr. Y, he knew that the accounts payable clerks were overworked, the company had lax internal controls, the company did not enforce its policies very well and Mr. Y was a long time employee who was above any suspicion. All of these factors allowed for Mr. Y to take money from his employer.

Fraud Opportunities

There are many factors that can contribute to fraud opportunities. However we will take a look at six (6) of the most common and prevalent opportunities. These factors are: lack of controls that prevent or detect fraudulent behavior, the inability to judge quality of performance, failure to discipline fraud perpetrators, lack of access to information, apathy and lack of an audit trail.

Lack of controls that prevent or detect fraudulent behavior

The control environment is beyond the scope of this blog, however it needs to be discussed, just not in great detail. The Committee of Sponsoring Organizations or COSO (http://www.coso.org/IC-IntegratedFramework-summary.htm) has identified five elements of an organizations internal control framework; here we will look at the control environment.

The control environment is the “work atmosphere that an organization establishes for its employees.” The control environment contains elements of management’s role, example, communication, hiring practices, organizational structure and last but not least an “effective” internal audit department.

Management’s role and example are integral in establishing to proper work atmosphere for the organization and its workforce. In other words management example is the most critical element of the control environment. In many cases it is the dishonest actions of an organization’s management (i.e. WorldCom) that are ultimately learned and modeled by its employees. Case in point, “monkey see…monkey do,” if the organizations management is acting dishonest; then employees will assume it is ok to act in the same manner.

Management communications is the second critical element, by that, it is important for management to clearly communicate what is and is not appropriate behavior. Management can effectively do this by having codes of conduct, conducting training, supervisor/employee discussions and any other type of communication that will distinguish between what behaviors are acceptable and which behaviors will not be tolerated. To effectively deter fraud, communication has to be consistent. If the message is not consistent or change based on circumstances then employees can become confused or even worse develop the rationalizations that can lead to fraudulent behavior.

Appropriate hiring is the third critical element in creating the proper control environment. Most employers are convinced their employees are honest, however, Dr. W Steve Albrecht, in his book Fraud Examination, states that according to research 30% of people in the US are dishonest, 40% are situationally honest and the other 30% are always honest. So when dishonest individuals are hired, well then – no amount of internal controls will prevent them from defrauding their employer! Take for example my employer, before we appoint any agent to sell our products we ask background questions. A “yes” answer to any question will automatically trigger a back report and if there are any questionable actions on the background report the agent’s appointment is denied. It is imperative for employers to check the background of all of its applicants.

Clear organizational structure is the fourth critical element of the control environment. Simply put, when everyone in the organization knows and understands who has responsibility for each business function, then fraud is less likely to occur. When an organization has a clear organizational structure it is easier to track missing assets (i.e. money) and it is much more difficult to embezzle without being caught. Furthermore, keeping employees accountable for job performance is an example of a good control environment.

The final and fifth critical element of the control element is an effective internal audit department. Typically internal auditors will detect roughly 20-25 percent of employee fraud, however it is the mere presence of internal auditors that can act as a deterrent to fraudulent activity. Internal auditors can provide independent checks and cause would be-fraudsters to question if they can avoid being caught committing a fraudulent act. In addition it is important for an organization to employ a loss prevention program to ensure any fraud is investigated in a timely and appropriate manner.

* In a future post I will discuss control activities in more detail.

Inability to judge the quality of performance

The inability to judge the quality fo performance is rather self-explanatory. If you hire a mechanic to fix your transmission it can be difficult to know if the repair was done correctly or if you were overcharged for the repairs. As in professional contract it is easy to overcharge, perform unnecessary work, provide lousy service or even charge for work not performed.

 Failure to discipline fraud perpetrators

Fraudsters, who are not punished for past fraud behavior, are typically among the highest repeat offenders. The fraud offender who is not punished or is only terminated does not suffer any significant consequences and will often repeat their fraudulent behavior elsewhere. Fraudsters are often well-educated and command respect in their profession, ect, ect. If they are minimally punished or only terminated they can hide their termination reason or punishment.

However, if they are prosecuted, they will usually suffer embarrassment from their family and friends knowing their fraudulent deeds. Suffering humiliation can serve as an effective deterrent against fraudulent activity. When a corporation only terminates a fraud perpetrator they can send the wrong message that those caught committing fraud will only be terminated and not prosecuted; perceived opportunity can be removed if there is a high probability that fraudsters will be punished. 

Lack of access to information

Most of the management or financial statement frauds that are perpetrated are because the victims (investors, employees, ect,ect) didn’t have access to information that was in the possession of the fraud perpetrators. Management will often hide information from auditors or not permit the auditors to view requested information. Investments scams are also dependent on the ability of the perpetrators to withhold information from the victims. You can protect yourself by insisting on full disclosure and other information that can reveal the fraudulent nature of these perpetrators.

Ignorance, apathy and incapacity

In many cases senior citizens, immigrants uneducated individuals and those who live in poverty can be taken in scams because the fraudsters know that these individuals lack the capacity or understanding to detect their fraudulent acts. Thefts can happen in hospitals, nursing homes or even through home nursing aides. Many scams will prey upon the elderly and uneducated, such as pyramid schemes, internet fraud, telemarketing fraud and even the infamous Nigerian scams are all designed to persuade victims to unknowingly part with their money. Be informed, if it sounds to good to be true then it probably is a scam. There are also many home based “business opportunities” that are designed to target those who are struggling financially, however the payouts are non-existent or often misleading.

Lack of an audit trail

Organizations go to extreme lengths to create documents that will provide an audit trail so that transactions can be reconstructed and understood. The smart fraud perpetrator knows they must conceal these documents or manipulate them. The most popular document to manipulate is the income statement since many of the accounts are closed out at the end of the cycle or year-end and then the audit trail disappears, making the fraud much more difficult to detect.

As you can see the opportunity segment of the fraud triangle is extensive. I have only covered a portion of it here. I am happy to answer additional questions you may have about perceived opportunity. In part III we will look at the final leg of the fraud triangle – rationalization. Stay tuned!