In order for organisations to prevent fraud, they first need to understand what drives people to committing fraud. Most employees do not accept a job with the intention of committing fraud. And, typically, fraudsters are fist-time offenders. Why then do seemingly good people behave badly?
Donald Cressey, an American criminologist, proposed that people commit fraud when there are three factors present. Together these factors form what is known as ‘The Fraud Triangle’. These factors are:
- Pressure
Pressure can also be understood as motivation. It is the reason why people need to steal money. The pressure can either arise from personal situations that create a demand for money, such as an addiction, a spouse losing their job, or a medical emergency. However, the pressure can also arise from the job itself: unrealistic performance targets or deadlines.
2. Opportunity
In order for fraudsters to steal something, there must be something to steal and there must be a way to steal it. An organisation should view anything with value as something worth stealing, which means that every organisation has something that is worth stealing. Opportunity arises when the circumstances are in place that allow fraud to occur.
3. Rationalisation
Rationalisation is about individuals convincing themselves and others that their behaviour is acceptable. There are two aspects to rationalisation: First, the fraudster must believe that the gain from the fraudulent activity outweighs the possibility of detection. And, secondly, the individual must be able to justify it. Justification is often linked to job dissatisfaction, perceived entitlement, or a desire to maintain one’s status.
Although the above factors can be difficult to identify, there are measures that can be put in place to guard against it, as set out below:
- Pressure
It is impossible for an organisation to remove all pressure or incentive, as sometime the pressure stems from an individual’s personal life. However, organisations can attempt to remove as much of the pressure from the work environment as possible.
One way of doing this is to set goals and performance indicators that are not linked to financial metrics. If employees’ bonuses or other incentives are based on financial indicators such a revenue or net income, there is a higher likelihood that employees will commit fraud to achieve those goals. Furthermore, organisations should effectively manage investor and stakeholder expectations so that employees do not feel pressurised to meet those expectations, no matter what the cost.
2. Opportunity
Of all three factors, opportunity is the easiest to control for. Organisations need to limit a fraudster’s opportunity by ensuring that there are proper, robust corporate controls in place to deter and detect fraud. Some of the most effective corporate controls include:
- Continuous and comprehensive board oversight
- Regular internal audits, supported by robust policies
- Proper balance of power and separation of responsibilities, and
- Good physical security and access restriction.
Corporate controls can of course be bypassed, and more easily so by employees who understand them well. However, if there are multiple controls in place that are often monitored and updated, it makes the opportunity for fraudsters that much smaller.
3. Rationalisation
As with pressure, rationalisation can be difficult to control for, as it is very personal to employees. However, ensuring that employees work in a healthy, ethical culture, can make it a lot more difficult for employees to be able to justify bad behaviour.
There are many ways of creating a healthy, ethical environment, however some of the most important elements include:
- The correct tone from the top and a commitment by the executive and upper management to behave ethically
- Publicising the organisation’s values and practising those values
- Treating employees on all levels equally and ensuring that punishment is fair
- Ensuring that employees are valued and feel appreciated.
It is crucial to understand that anyone can commit fraud if the circumstances are right. It is thus up to organisations to ensure that the necessary controls are in place to ensure that those circumstances do not arise.