THE FRAUD DIAMOND vs. FRAUD TRIANGLE ANALYTICS: EVALUATING
“CAPABILITY” AS A MODIFICATION FOR AUDITING UNSTRUCTURED
ENTERPRISE DATA
Joseph B. Gilmore, CPA; CFE; MBA
Frostburg State University
336 Framptom Hall
Frostburg, MD 21532
301-687-4063
jgilmore@frostburg.edu
Dr. Richard Johnson, CPA
Frostburg State University
334 Framptom Hall
Frostburg, MD 21532
301-687-4452
TABLE OF CONTENTS
1.
ABSTRACT
2.
INTRODUCTION
3.
ANALYZING STRUCTURED ENTERPRISE DATA
4.
DR. DONALD CRESSEY’S “FRAUD TRIANGLE”: A BRIEF HISTORY
5.
ANALYZING UNSTRUCTURED ENTERPRISE DATA: USING FRAUD
TRIANGLE ANALYTICS (FTA)TO MINE ELECTRONIC COMMUNICATIONS
6.
A DISCUSSION OF “CAPABILITY” AND ITS IMPACT ON THE FRAUD
TRIANGLE
7.
“CAPABILITY’’’s IMPACT ON THE DESIGN AND EFFECTIVENESS OF FRAUD
TRIANGLE ANALYTICS (FTA)
8.
CONCLUSIONS
9.
REFERENCES
ABSTRACT
Current economic and employment (unemployment?) conditions have contributed to an environment that is very conducive to fraudulent activity. Many companies are being asked to do “more with less”---less marketing, less”---less R&D, less”---less internal auditing staff and so on. These circumstances also contribute to an employee’s ability to rationalize his/her behavior---even if that employee realizes that the behavior he/she is about to engage in is unethical, illegal or fraudulent. Motivation/Pressure plus Opportunity plus Rationalization = Dr. Donald Cressey’s “Fraud Triangle”. “Fraud Triangle Analytics” (FTA) involves data-mining key employee’s electronic communications in an effort to reveal key words and phrases that may identify planned or ongoing fraudulent activity. FTA presents a new approach to proactive, rather than “after the fact” (forensic) auditing for fraudulent behavior. This paper briefly discusses the history of the “Fraud Triangle” (and its three components which include Rationalization, Opportunity and Pressure/Incentive), and also discusses auditing of both structured and unstructured enterprise data.
After introducing the Fraud Triangle, the paper considers the additional element “Capability” and the formation of the “Fraud Diamond”. The new element, “Capability” (also known as “Criminal mindset” and “Ego/entitlement”), expands the traditional fraud model by including a psychological element to the analysis. Personal traits, character, learned behavior, confidence in one’s ability to commit fraud undetected or to talk one’s way out of trouble, sociopathic tendencies and other aberrant personality traits all contribute to a fraudster’s willingness to behave unethically. A criminal mindset combined with arrogance can minimize and even replace the requirements for Pressure, Opportunity and Rationalization.
Although Opportunity reveals the path for fraud, and Rationalization and/or Pressure may lead a person to approach that same path, only a certain state of mind will allow or even encourage a fraudster to actually walk down that path. This paper will investigate the impact on Fraud Triangle Analytics caused by adding “Capability” to Cressey’s model and the resultant design changes that should be considered when modifying FTA to include the new element of fraud.
INTRODUCTION
Current economic and employment (unemployment?) conditions have contributed to an environment that is very conducive to fraudulent activity, whether it be asset misappropriation (embezzlement), corruption (using one’s position to benefit one’s self in violation of one’s fiduciary duty to his/her employer), or fraudulent financial reporting. Financial pressures on individuals and/or pressure for a firm to hit specific numerical targets, in conjunction with cutbacks that have weakened internal control, have created both motivation and opportunity to engage in unethical behavior. When combined with increased workloads and lower bonuses and/or compensation, some employees may consider unethical behavior.
Many companies are being asked to do “more with less”---less marketing, less R&D, less internal auditing staff and so on. These circumstances also contribute to an employee’s ability to rationalize his/her behavior---even if that employee realizes that the behavior he/she is about to engage in is unethical, illegal or fraudulent. Motivation/Pressure plus Opportunity plus Rationalization = Dr. Donald Cressey’s “Fraud Triangle”, which describes the conditions that, if they exist, encourage and enable fraud. (1) Albrecht, et al, (2)made an interesting comparison to the “fire triangle” where fire exists if you have fuel, oxygen & heat. In both triangles, where all three conditions exist simultaneously, the outcome is nearly inevitable.
The Association of Certified Fraud Examiners (ACFE)(3) estimates that 5% of business revenues are lost to fraud, and that fraudulent behavior lasts a median of 18 months before being discovered. Applying this percentage to the global economy, fraud costs about 2.9 trillion dollars per year! Furthermore, most discoveries occur more by luck than design. Fully 48.5% of fraudulent activity is discovered by either employee tips or by accident.
“Fraud Triangle Analytics” (FTA) presents a new approach to proactive (rather than forensic) auditing for fraudulent behavior. FTA involves mining electronic communications for “key words”. These key words, when appearing in emails, text messages etc. may indicate that the sender (and possibly the recipient) are engaging in some method of fraudulent behavior. Depending upon the key words & their frequency, that auditor is able to develop an “O-score” (for key words related to “Opportunity”); a “P-score” (for key words related to
“Pressure/Incentive”) and an “R-Score” (for key words related to “Rationalization”). These three scores are squared and then summed. The square root of the sum is known as the “Fraud Score” for an individual and the higher the score, the more likely that this individual is engaging in fraudulent acts. “Key word” lists are part of the proprietary software that firms employ to analyze electronic communications.
ANALYZING STRUCTURED ENTERPRISE DATA
Torpey, Walden and Sherrod (4) report that “Eighty percent of ‘enterprise data’ (for example, company documents, presentations, Web, e-mail, etc) is unstructured in nature…”. However, auditing software, such as ACL or spreadsheet analysis, focuses almost exclusively on analyzing structured data (journal entries, spreadsheets, schedules etc.)
Evaluating, analyzing and questioning works fairly well for discovering fraud, especially if the auditor’s suspicions have already been raised regarding a specific transaction or potential violator. Unfortunately, auditing an enterprise’s structured data almost always entails a reactive approach, rather than a proactive approach. Per Crumbley, et al, (5) many standards and articles have been published detailing what an auditor should be aware of and look for regarding the existence of fraud.
But should the auditing process concentrate primarily on databases, transactions, accounting systems, reporting and presentation criteria, and representational faithfulness? This is an entirely reactive “after the fact” approach. This approach ignores the value of proactive methods for preventing fraud.
Fraud Triangle Analytics (FTA)is a process where auditors attempt to discover plans for fraud---before the fraud actually takes place (or at least discover and halt the activity very early)---rather than finally uncover the fraud a year or two (or even longer) after it begins.
DR. DONALD CRESSEY’S “FRAUD TRIANGLE”: A BRIEF HISTORY
Before continuing, a brief review of Cressey’s “Fraud Triangle” may be helpful.Opportunity
Fraud Triangle
Pressure/Incentive Rationalization
Cressey’s research on white-collar criminals convinced him that if all three factors were present, then fraudulent behavior was nearly inevitable. (1) Fraud could also occur if only two or even one factor existed, but was not as likely to occur.
The Fraud Triangle has been modified and enhanced over the ensuing four decades. Cressey’s research was concentrated on individuals, and he identified an “…unshareable
financial pressure”. This component has been expanded to include management’s incentives to commit fraud (“Hit the numbers!”).
Albrecht, et al, (6) introduced their “Fraud Scale” and stated that identifying perpetrators of fraud was difficult and that substituting “Integrity” for “Rationalization” was helpful when trying to anticipate fraud. Rezaee and Riley (7) expanded on the topic of deterrence, agreeing that “Integrity” was critical for reliance upon personal decision making and responsibility.
Earlier, Rezaee (8) postulated the “3-C” model for explaining how the Fraud Triangle can be used to predict a corporation’s unethical behavior. “Conditions”---a business downturn
increases the likelihood of fraud. “Corporate structure”---irresponsible or ineffective corporate governance also increases the likelihood of fraud. “Choice”---between legal/ethical and
Wolfe and Hermanson (9) proposed the “Fraud Diamond” where a fourth side was added. This new factor is “Capability” and addresses the reality that some people won’t commit fraud even if all three original factors are strongly present. An individual’s personal traits are the deciding factor. They play a major role in whether or not the person will actually go ahead and commit a fraudulent act.
Kranacher, et al, (10) discussed their “MICE” concept for elaborating on motivation (pressure). “Money, Ideology, Coercion, and Ego/Entitlement” are the primary motivating factors for committing fraud. They also illustrated a conjoined triangle (yes---it looks like a diamond) for fraud factors. The original fraud triangle is retained. Now, however, it shares a side (“Opportunity”) with a new triangle. The two new sides on this attached triangle are “Criminal Mindset” and “Arrogance”. Essentially, the authors distinguish between those individuals whom they deem “Accidental Fraudsters” and those that they deem to be
“Predators”. This is an interesting theory in that it makes a distinction between those hapless souls who are caught up in fraud vs. those “career criminal” types who are always on the lookout for easy prey.
ANALYZING UNSTRUCTURED ENTERPRISE DATA: USING FRAUD TRIANGLE
ANALYTICS (FTA) TO MINE ELECTRONIC COMMUNICATIONS
The “unstructured data” that FTA is most concerned with includes emails and text (“instant”) messages---especially those communications that are saved on a firm’s central server. By accessing the server, auditors avoid the complicating factors and logistics attached to collecting electronic devices from all of those employees that are in sensitive and/or critical positions within a firm (i.e. those employees most likely to be investigated).
Although standard internal auditing procedures for structured data discovered almost 14% of occupational fraud (3), that is a woefully small percentage when one considers internal auditing’s primary focus. We can further criticize this lackluster performance when we point-out that all of these frauds are discovered after the perpetrators have been engaging in them for awhile!
Torpey, et al, (11) have attempted to link prior behavior with subsequent fraudulent acts. Their research indicates that certain language contained in email communications can signal information about the fraud factors that may be present for specific individuals within a
company. They refer to certain terms and phrases as “keywords”, and they have accumulated, organized and tested a proprietary library list exceeding 3,000 keywords. These keywords help auditors analyze the language in employee’s email communications.
Keyword examples for “Pressure” include “Meet the deadline”, “Make sales quota”, and “Under the gun”. For “Opportunity, “Override”, “Write-off” and “Recognize revenue” represent red flags. Finally, “I think it’s OK”, “Sounds reasonable”, and “I deserve…” are suspicious key words regarding the “Rationalization” element. Add 3,000 more keywords and then let the software analyze and report on the content of literally millions of emails. We all know how quick and simple it is to apply the “Search” function to a MSWord document. FTA software does much the same thing, only on a much grander scale!
Each keyword is associated with specific element in the fraud triangle. Each person whose emails are analyzed (unbeknownst to him or her---be aware of the jurisdiction that you are operating in and be careful not to break any laws or regulations related to privacy and/or warrantless searches) receives an individual score for each fraud triangle element.
FTA attempts to answer questions. Who is involved? What are they up to? When did they start? The researchers started with fraudulent situations where they already knew who the perpetrators were, the time line, and the outcome. Corruption/bribery and fraudulent financial reporting problems had already been discovered via standard auditing methods. The
discovery. For every executive involved, there was a sharp spike in the frequency of keywords in their emails prior to and during the fraudulent behavior! (11) They also submitted the emails from many more executives from the same company and for the same period. Emails from executives not entangled in the fraud did not spike regarding keywords.
There are some basic steps to implementing FTA. After conducting a basic fraud-risk
assessment, identify any major risks and key employees in those high-risk operations. With IT’s help, copy the key employee’s emails & submit them to the appropriate analysis search engine. Depending upon who you use, you may also have to submit a keyword library. You will be rewarded with a chronological keyword analysis, which you can then use to “zero-in” on specific individuals. Remember to follow any applicable laws and to also apply the rules of due process.
As discussed earlier, the software will develop three scores for each individual. The “O-score” evaluates the opportunity that an employ has to commit fraud. The “P-“O-score” relates to pressure or incentive that the employee may be experiencing. The “R-score” analyzes the employee’s propensity to rationalize his/her behavior. These three scores are squared and then summed. The final “Fraud Score” is the square root of the sum and a higher score indicates a stronger possibility that fraud exists.
A DISCUSSION OF “CAPABILITY AND ITS IMPACT ON THE FRAUD TRIANGLE
Until now, this paper has merely reviewed/repeated information from the paper that we submitted in 2012 (See “Fraud Triangle Analytics: An Auditing Technique For Unstructured Enterprise Data” SEDSI Proceedings 2012). The authors would like to add “Capability” to the Fraud Triangle and then discuss potential ramifications for FTA. This topic was mentioned in our 2012 paper’s “Suggestions for further research” section.
“Capability” refers to one’s personal traits, abilities and character. In the presence of (to varying degrees) Opportunity, Pressure/Incentive, and Rationalization, we need to consider this additional factor regarding an individual’s mental attitude(s) about committing fraud. One’s sense of responsibility (fiduciary or otherwise) will have an impact on one’s behavior. A large ego may convince someone that he or she won’t get caught committing fraud or will be able to talk his/her way out of trouble. A sense of entitlement will make committing fraud easier to engage in. Unless the fraudster is a sociopath, there should be feelings of stress and guilt while engaged in fraudulent behavior. Some people are better equipped to deal with these emotions than others are. From a mental standpoint, these individuals will be more “capable” of
committing fraud.
We will change the “Fraud Triangle” to a “Fraud Diamond”. This modification illustrates the equal weight that we should assign to “Capability” when evaluating the potential for fraudulent behavior.
Fraud Diamond
Incentive/Pressure Opportunity
Capability
Kranacher, et al (10) examined “Capability” and postulated that there are basically two types of people who engage in fraud. The first category describes the “accidental fraudster”---usually a first-time offender who has a good reputation among his/her peers, community at their place of work. “The fraud triangle was created with the accidental fraudster in mind.” (10) Their work also identifies a second category of fraudster---the “pathological fraudster” (AKA “predator”). Predators actively seek-out positions and situations where they can take
advantage. They are serial offenders who are only looking for opportunities to commit fraud. Rationalization and pressure/incentive don’t really enter into the criteria mix when they are searching for targets and then actually committing the fraud. They possess the mental capability---a combination of criminal mindset plus arrogance---that allows them to commit fraud without experiencing the guilt and/or stress that a responsible person would endure. We can further modify the fraud diamond to differentiate between “accidental fraudsters” and “predators”. Both classifications share “Opportunity” but the other two fraud components vary by classification.
Accidental Fraudsters
Pressure/Incentive Rationalization
Opportunity--- --- Opportunity
Criminal Mindset Arrogance
“CAPABILITY’S” IMPACT ON THE DESIGN AND EFFECTIVENESS
OF FRAUD TRIANGLE ANALYTICS (FTA)
Your authors have discovered that attempting to add “Capability” to the FTA process presents some difficulties. Incentive/Pressure can be identified (and usually measured in dollars). Rationalization, by definition, involves going on the record with an explanation or a defense of one’s actions. Opportunity can be identified merely by evaluating a firm’s system of internal controls, searching for deficiencies and weaknesses.
Capability, however, involves delving into the individual’s mind and attempting to
determine a person’s thought processes, attitudes and character. This is a very subjective area and one where most auditors have limited experience. Your authors searched for information indicating that at least one entity providing FTA services had taken into consideration
“capability” when developing its software---to no avail. This is disappointing, to say the least. And based upon our failed attempts to uncover information supporting the incorporation of a “C-score” (for “Capability”) in the final “Fraud Score”, we may need to reach one of two conclusions.
#1) Currently, purveyors of FTA software are satisfied with the status quo and have decided that ignoring “Capability” doesn’t present problems regarding the effectiveness of FTA.
#2) One or more of the providers has/have considered “capability” and has/have improved their proprietary software to include a “C-score”. However, they have decided not to publish this information at the present time.
So what’s the next step? Maybe auditors need to acknowledge the importance of Human Resources in controlling for fraud risk. When a firm hires for a key position, HR should be conducting (or hiring specialists to conduct) background checks, reference checks, interviews with prior employers etc. etc. etc. All of these activities may provide information regarding a potential hire’s mental characteristics. In addition, there are quite a few psychological methods that allow trained personnel to administer a battery of tests and then evaluate the results. The goal here would be to try to identify those applicants whose mental character, attitude towards responsible and ethical behavior, and ego/arrogance may raise red flags regarding their ability to always act in a principled manner. In short, if a firm can identify which applicants and current employees exhibit some of the mental attitudes characterized by “predators”, the employer can develop a C-score for that person.
With a C-score in hand, an employer can make better decisions regarding who to hire. As far as current employees are concerned, the C-score could easily be factored into the overall
fraud score, improving a firm’s ability to identify potential problems either before they come to fruition or very shortly afterwards.
We also believe that C-scores could be very helpful in identifying which persons may be more likely to be predators, as opposed to the accidental fraudsters. Predators are generally methodical, look for weaknesses and are very focused regarding their plans to commit fraud. They are often repeat offenders and may have left an evidentiary trail regarding their prior illegal activities. Human resources personnel should be included in a firm’s anti-fraud activities. HR can help auditors predict which individuals may wander off of the straight and narrow path and, just as importantly, the HR department will be (or at least should be) familiar with labor law. Retrieving and evaluating emails, analyzing people based upon psychological tests, asking questions of family, friends, former employers and others requires a knowledge of labor law so that investigators, in their zeal to identify criminal behavior, don’t accidentally step over the line themselves.
CONCLUSIONS
As mentioned earlier, we were disappointed not to have discovered any evidence regarding the addition and implementation of “C-scores” in the “Fraud Score” assigned to key employees. Our conclusion (and we admit that we are using the term without satisfactory corroborating evidence---how does one prove a negative?) could be one of the two mutually exclusive statements below.
#1) Currently, purveyors of FTA software are satisfied with the status quo and have decided that ignoring “Capability” doesn’t present problems regarding the effectiveness of FTA.
#2) One or more of the providers has/have considered “capability” and has/have improved their proprietary software to include a “C-score”. However, they have decided not to publish this information at the present time.
Although our conclusion(s) regarding the “C-score” and its importance for FTA are not very helpful, the authors are still fans of FTA procedures that rely on “O”, “P”, and “R” scores. Fraud Triangle Analytics can save more than just dollars lost to embezzlement or the necessity to restate financial statements. Investigative and litigation expenses will be
minimized if fraud can be discovered and stopped in its earliest stages (preferably during the planning stage). Painstaking and time-consuming document-by-document evaluations are no longer necessary to try and pinpoint high-risk areas/individuals.
The big advantage for FTA is that the procedures can be applied proactively. No matter how strong of a case you can build after discovering fraud, it is always better to prevent the fraud from occurring in the first place.
FTA, when contracted out, currently costs about $1,500 per gigabyte of information analyzed. That price will decrease as more and more competitors enter the market and begin offering FTA services. FTA is still new---but more and more firms are discovering how efficient and effective it can be.
Per Torpey, et al, (12)FTA, though still in its infancy, is a powerful weapon against fraud. They mention seven observations:
1. The Fraud Triangle still works 2. Use FTA for high-risk operations 3. Know the regulations and laws
5. FTA works well for early assessment of fraud
6. FTA complements internal auditing tests of structured data
7. FTA can be customized to a company, for an industry, and for a certain region or country As companies try to cut costs without cutting internal control effectiveness, they will
discover that FTA is an efficient way to economically achieve their goals. Hopefully, we will see a C-score included as a fourth variable in the future.
REFERENCES
(1) Cressey, Dr. 1973 Other People’s Money-A Study in the Social Psychology of Embezzlement Paterson Smith Publishing Company NJ
(2) Albrecht, Wernz & Williams 1995 Fraud: Bringing Light to the Dark Side of Business (3) ACFE 2010 Report to the Nations on Occupational Fraud and Abuse Austin, TX (4) Torpey, D., Walden, V., and Sherrod, M. 2009 Exposing the Iceberg Part 1 Fraud
Magazine May/June
(5) Crumbley, Heitger & Smith 2003 Forensic and Investigative Accounting Chicago, IL CCH Publishing, Inc. AICPA SAS #82 Consideration of Fraud in a Financial Statement Audit (Superseded by SAS 99)
(6) Albrecht, Howe & Romney 1984 Deterring Fraud: The Internal Auditor’s Perspective IIA Research Foundation
(7) Razaee and Riley 2010 Financial Statement Fraud: Prevention and Detection Wiley & Sons (8) Razaee 2002 Financial Statement Fraud John Wiley and Sons
(9) Wolfe and Hermanson 2004 The Fraud Diamond: Considering the Four Elements of Fraud The CPA Journal December
(10) Kranacher, Riley and Wells 2010 Forensic Accounting and Fraud Examination Wiley & Sons
(11) Torpey, D., Walden, V., and Sherrod, M. 2009 Exposing the Iceberg Part 2 Fraud Magazine July/August
(12) Torpey, D., Walden, V., and Sherrod, M. 2010 Fraud Magazine May/June
(13) Dorminey, J.,Fleming, A., Kranacher, M., & Riley, R. 2010 Beyond the Fraud Triangle The CPA Journal July
