By David Sawyer, CPA, CFE, licensed private investigator and partner with CPAmerica’s Atlanta affiliate Frazier & Deeter, LLC
Among investigators and criminal profilers I work with, there is a common phrase that I hear over and over again: “To catch a crook, get inside the mind of a crook.”
Make it your mission to know their method of operation – or modus operandi. It is the “how” and “why” of what criminals do best.
As a fraud investigator, I need to know the motives, rationalizations and opportunities that are specific to the white-collar criminal, or fraudster.
These are the components, or legs, of what we fraud examiners call “The Fraud Triangle.” Looking back on the scores of cases I’ve worked through the years, I often see similarities between legs of the triangle and, believe it or not, gardening.
The Bad Seed – Motive
You may have a bad seed in your organization, and it has somehow been planted there. To complete our rhyme in most simplistic terms, “The motives of the seed are need or greed.”
There can be a laundry list of motives, such as need-based financial pressures resulting from economic conditions, lifestyle, habits, addictions or even medical problems. On the other hand, though, bad seeds may just be trying to keep up with the Joneses. They are just plain greedy or living beyond their means to maintain a certain image.
The Fertile Soil – Opportunity
The opportunity for fraud to thrive begins when the seed of motive is planted in the fertile ground of a weak, or nonexistent, system of internal controls. Most of the time, there is a lack of separation of incompatible functions. As a rule of thumb, I recommend that the four following functions, all conveniently beginning with the letter “A,” be kept separate:
- Access to Assets
- Approval and Authorization
- Accounting and Reconciliation
- Audit and Analysis
When two of these functions are performed by one person, look out. Your system of controls has been compromised, and your assets – tangible or intangible – may well be at risk.
Generally, internal controls come in three different varieties: Preventive, Detective and Deterrent.
Imagine that your most precious asset is in a room, which is entered by a single door. As a preventive measure, you place a lock on the door so that access to the room can be accessed by only those having a key or combination to the lock.
To employ a detective control measure, you might install a camera or swipe card system, so that you know exactly who entered the room, whether authorized or not.
Then, a deterrent measure might include a 150-pound Rottweiler, barking viciously on the other side of the door. All joking aside, deterrent measures are often driven by the culture, or tone at the top, of the organization – perhaps the posture on a zero tolerance policy toward white-collar crime.
Sunshine and Rain – Rationalization
We have laid the groundwork and plowed the rows for our garden. Then, there are the environmental factors that allow the seed to grow.
The sunshine may also be the culture or tone at the top in your organization. In their minds, the fraudsters have convinced themselves that what they are doing is justified. They have told themselves, “I’m underpaid,” or “I deserve a promotion,” or “I’ll pay it back. Someday.”
The Different Varieties – Fraud Schemes
To take our investigative approach a step further, we should know how the fraudulent act itself has been committed and possibly concealed. To deter, prevent and detect fraud, we must know how it lives, behaves, acts and is allowed to thrive. The first step is understanding how internal fraud – commonly known as occupational fraud – is categorized and committed.
Really, misappropriation is just a big word for theft. Asset theft or abuse is the most frequently reported category of fraud, likely because assets – mainly cash – are, at least to some degree, accessible to all levels of the organization.
Asset misappropriation schemes had reported median losses of $120,000 per scheme, according to the 2012 Report to the Nations on Occupational Fraud and Abuse, published biannually by the Association of Certified Fraud Examiners.
Financial Statement Fraud
When we hear the term “cooking the books,” financial statement fraud is what they are talking about. Fraudulent statements involve falsely inflating assets or revenue, or falsely understating expenses or liabilities.
The end game is to boost stakeholder value, borrowing power and likely the variable compensation for “C-suite” executives.
While occurring in only 8 percent of the cases reported, financial statement fraud carried a median loss of $1 million per reported case. The lower occurrence rate likely results from the fact that typically only upper level management has the access needed to record large (and false) entries and drive corporate accounting policy.
Corruption – which includes kickbacks, conflicts of interest, economic extortion and outright bribery – seems to crop up most often in the governmental/public sector.
These fraud schemes are somewhat of a hybrid animal because they involve participation from individuals inside and outside of the victim organization.
Pulling the Weeds – Taking Action
Now that we have some familiarity and orientation with what we are up against, we can begin pulling weeds.
These are just the first baby steps to cultivate further plowing. In addition to the categories, motive, opportunity and rationalization, we must become familiar with warning signs, red flags and symptoms of these schemes.
For now, though, we’ll save that for Gardening 202. Growing season is upon us – let’s hope we don’t have to eradicate the entire crop.