Head of Special Investigations Unit at Vhi Insurance
In this series of articles on Fraud risk I will provide an insight into methodology that I have used over the years to minimise the business risk and develop fraud models. These articles will not provide all of the answers, but will hopefully provide the thought process to enable you to develop appropriate plans for your organisation.
A fraud model ensures that an organisation has appropriate targeted activities that makes it more difficult for fraud to take place in the first place. But, just remember that you cannot afford to stand still as a determined fraudster will continually be looking to exploit any weaknesses and will seek new opportunities to gain financially, You also need to appreciate that there are two main types of criminals - an opportunist who will take advantage of a situation and an organised criminal who will plan in detail on how to overcome organisational protection,
I must give credit to the University of Portsmouth which provided the underlying thought processes to continually develop my approach to fraud risk. A fraud model can be developed across all industries as long as the principles are the key focus and adapted as necessary.
The traditional fraud triangle has 3 elements which explain why a person commits fraud:-
- Pressure - What is the motivation which could be a financial pressure such as bad debts caused by gambling
- Opportunity - The means that the individual can defraud the organisation, with the perception that they will not be identified
- Rationalization - The fraudster will justify their crime and will not see themselves as a criminal
My Fraud Triangle
There is nothing wrong with the traditional fraud triangle, but I tend to use a model based on the following elements. This ensures a focused proactive approach to minimise the incidents of fraud rather than explain why it happens in the first instance.
Risk - What is the fraud risk to the business and what activities are needed to reduce this risk. In addition, the risk of the potential fraudster needs to be increased so the fraud model activities act as a deterrent factor
Opportunity - Where do the opportunities (open doors) exist that could facilitate the fraudster and what activities are needed to remove these opportunities
Reward - This is the reason why fraud takes place, so a business needs to ensure that there are adequate controls to protect the rewards (goods, cash etc.)
I have used this example at various lectures and it puts the above fraud triangle into perspective. If you picture an opportunist burglar, walking in a rural area at 7pm just a week before Christmas so it is dark. One bungalow has security lights, house alarm (always used), dogs, warning signs to indicate dogs, locked gates, locked garage, locked car, locked windows etc. The blinds are closed so the burglar cannot see what goods are on display.
Then picture a neighbouring bungalow with no alarm, no security lights, no gate, windows unlocked (opportunity), blinds open and presents (rewards) on display (through the window) under the Christmas tree. This house is more likely to be burgled as the risk to the criminal is vastly reduced as there is easy entry, less likely to be detected and the rewards can be stolen very quickly.
The importance of this example is that only the homeowner and the family can control their own home so only they can provide the protection, but more importantly they cannot reduce the risk of crime for neighbouring properties. The same principles apply to a business. If you do not have a fraud model in place, but other companies in the same field, including competitors do, then you will be more likely to be a victim of fraud as you will be weakest link. Just remember that fraud and crime does not stop, but the criminal moves onto the softer and weaker target.
Objectives of a Fraud Model
When implementing a fraud model the following are essential considerations
- Deter instances of fraud
- Prevent fraud - use of robust systems to stop overpayments
- Detect fraud - Use of Data analysis
- Investigate instances of fraud
- Implement corrective actions when fraud occurs
Key principles to develop a fraud model (not exhaustive)
- What is the problem or risk facing your organisation? Saying that there is a risk of fraud is not good enough, as you need to understand how your organisation works and where the potential exposures are
- Understand who in the organisation is managing risk to ensure a joined up approach
- Implement a fraud policy across all business areas, including third party contracts
- Have clear robust working instructions which should be reviewed on a regular basis
- Have a process for staff and contractors to report instances/suspicions of fraud (hotline number) in compliance with the Protected Disclosure Act 2014
- Identify suitably qualified staff that can investigate suspicion of fraud. This may include criminal investigators or Forensic Accountants
- Ensure appropriate monitoring is conducted across the business. I.e. Internal Audit
- Create an anti-fraud culture with presentations and training as your staff are your eyes and ears to identify fraudulent activity
In the next article on Fraud Risk I will go into the main areas of the fraud model and activities and controls needed to reduce the risk to an organisation - organisational, situational and societal controls.