Open The Fraud Triangle

Fraud surveys suggest roughly 80 percent of all frauds during last 80 years were discovered by accident. In early days the primary objective of Internal Audit was to discover fraud but the objective changed gradually while above sort of misinterpreted statistics made way for a widespread complacency in this regard.

Fraud universe is all frauds that exist during a given point in time. This fraud universe is basically composed of three categories of fraud. Category 1 includes fraud which has been or is being prosecuted and its details are available in public domain. Category 2 includes all fraud which has been discovered but not prosecuted. And Category 3 includes fraud which has not been discovered. Now, the question is what proportion of fraud is in each category?

The fraud trend researchers, who examined the fraud universe and came up with the 80 /20 statistics, had not categorized the frauds as above. But obviously, if there are three categories to fraud, and no one can argue with that, then we have a situation similar to dead fish in a lake. The dead fish float to the top while live healthy fish continue swimming deep down inside the water surface.

Let's talk about fraud discovered but not prosecuted. The question here is why does anyone ever discover fraud but not prosecute? One reason mentioned quite often is to avoid the embarrassment, the trouble and the legal costs, etc. But it is something much more meaningful which deters prosecution. In many instances victims find themselves in situations where they are certain that fraud has occurred, but the evidence is not sufficient to assure conviction in a court of law. The clever fraud perpetrators leave little evidence of their crimes.

Fraud detection usually begins with the discovery of innocuous bits of evidence which only gives hints or red flag to suggest fraud has occurred. It is the reactive auditor's job to search for the necessary additional evidence which will enable prosecution. Contrary to general impressions fraud is rarely found substantially documented and evidenced by the auditors.

Fraud only becomes fraud when a court of law determines that a defendant is guilty of fraud. Up until then he or she is presumed innocent. Accordingly, all cases in this category are to be kept confidential. Thus, the fraud trend researchers, who have determined the 80/20 percentages, might not have an opportunity to examine the frauds in Category 2.

Category 3 is obvious. Anyone perpetrating a fraud is not likely to tell you about it. Researchers cannot examine those cases to categorize them in any way. And they could never be included in the 80/20 percentages. One of the secrets to getting fraud from Category 3 to Category 2, and from Category 2 to Category 1, are trained people who know how to find and accumulate evidence. Most auditors don't know how to accumulate evidence. But key to increase the trend towards the upper categories is training in fraud detection and discovery and in accumulating the evidence one needs to convince a judge or jury.

What percentage of fraud do you think is in Category 2? Is it 10 percent, 20 percent, 50 percent or 75 percent? How much percentage for the fraud in Category 1? 50 percent of the universe? Now, many would agree to believe that it is around 10-20 %. In other words, around 80-90 percent of the perpetrators are smart enough not to leave evidence around. They plan their crime, they don't leave evidence around, and they don't get foolishly detected.

How does Internal Audit detect fraud then? Internal Auditors need proactive fraud auditing. Detecting fraud is much like fishing. When fishing, a fisherman must first decide what type of fish he or she wishes to catch. Each different type of fish requires different search methods, bait or recognition criteria. What works for one type of fish, or fraud, is not likely to work for another type. What works for saltwater fish will not work for freshwater fish. What works to catch trout will not work when fishing for bass.

Just as in fishing, there are different types of fraud, each of which requires a different detection method. Just to mention a few, there is duplicate payment fraud, multiple payment fraud, defective delivery fraud, defective pricing fraud, contract rigging fraud, shell fraud, defective shipment fraud and unbalanced bidding fraud.