1 / 45

Assessing and Responding to "Dark Triad" Fraud Risk

Explore the need for fraud risk models and the importance of detecting and preventing "Dark Triad" fraud risk. Learn about the occurrence and typology of frauds, including financial reporting frauds, asset misappropriations, and external frauds.

juanitah
Télécharger la présentation

Assessing and Responding to "Dark Triad" Fraud Risk

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 2019 Williamsburg Advanced Fraud AcademyWHEN A TRIANGLE BECOMES A SINGULARITY:ASSESSING AND RESPONDING TO “DARK TRIAD” FRAUD RISK Barry Jay Epstein, Ph.D., CPA and Sridhar Ramamoorti, Ph.D., CPA, CFE

  2. The Need For and Importance of Fraud Risk Models Material losses being incurred every year, world-wide • ACFE estimates 5% of GNP lost annually ($4 trillion of gross world product of $80 trillion) • Given narrow net margins (from 2% to 5%) for many businesses, the up-side potential for profits is enormous Occurrence of fraud a leading indicator of business failure • Once affected, companies often“limp along” for a while, then fail Losses impact every stakeholder group in most instances • Owners always most affected • Creditors usually also affected • Employees at risk of losing jobs • Customers at risk of losing source of supply • Vendors losing customers

  3. The Need For and Importance of Fraud Risk Models Per ACFE’s 2018 “Report to the Nations” • There were almost 2,700 instances of “occupational fraud” identified • Losses from these identified instances totaled $7 billion • Losses from undetected fraud and abuse could be much greater Asset misappropriations (theft) were most common form • Average losses from thefts were $114,000 Losses from financial reporting frauds were much larger • Over $800,000 median loss Smaller businesses suffer disproportionately • Weak or missing internal controls largely responsible for this

  4. External Auditors Continue to be Blamed Efforts to “educate” users to limits of outside audits were doomed to failure • “Expectation Gap” efforts of late-1980s had no impact on exposure • In litigation, the courts, not professional standards, decide on auditors’ role and responsibilities • Our professional standards are only the “floor” for responsibilities • Therefore, improved auditing, including fraud detection, is the only practical way to reduce costs of fraud and abuse Failure to address fraud detection costs the profession enormous sums • Litigation losses, legal fees, insurance premiums • Reputational risk • Opportunity costs: would society enlarge our mandate if seen worthy?

  5. Fraud Detection as Our Raison d’Etre Fraud detection was once seen as a primary purpose for external audits • Early 20th Century focus for audits • Today, few audits find frauds, most (40%) found by whistleblowers Fraud detection faded as goal over past 75 years – why? • Difficult to accomplish, so profession sought to de-emphasize • Expansion of CPA services resulted in other, lucrative pursuits • Certain key tools, once standard in advanced courses, no longer taught • Fraud audits/forensic accounting seen as higher-price “super audit” Unfortunate unintended consequences • Downgraded perception of value of “normal” audits • Diminished value perception of entire range of typical CPA services

  6. Occurrence and Typology of Frauds The three major categories of fraud: • Financial reporting fraud (also known as management fraud) • Misappropriation of assets (also known as employee fraud) • External fraud (i.e., perpetrated against the entity by vendors or others)

  7. Financial Reporting Frauds Intentional misstatements of the financial statements • Occasionally done only for its own sake (management ego, etc.) • More often done to accomplish some bigger goal • May be done as corollary to other forms of fraud, e.g., theft from company Primary purpose is to mislead users of the financial statements • May be done by managers seeking higher bonuses • May be committed by executives holding stock options or stock • Could be done with outsider involvement, e.g., to harm company The least common form of occupational fraud and abuse • But . . . The most costly to the reporting entity, when it occurs

  8. Asset Misappropriations Thefts of company assets by employees • Defalcations, embezzlements, stealing • Often accompanied by financial reporting fraud to cover up thefts • Most common form of fraud, but modest cost per occurrence Can take a variety of forms • Diverting cash sales from customers (skimming) • Manipulation of cash paid on receivables (lapping) • Theft of petty cash, inventory, supplies • Creation of fictitious vendors, billing for phantom goods/services • Unauthorized sales of scrap, inventory, fixed assets, intangibles • Kickback schemes with vendors • Recording fictitious returns or allowance • Ghost employees created and paid

  9. External Frauds Simple frauds • Vendor (or customer) alters a check (refund check) • Vendors deliver substandard goods at full price for quality goods But can also take a variety of more complex forms • Bid rigging to overprice new construction or repair work • Various others, new ones being invented

  10. The Development of the "Cressey Fraud Risk Triangle" Model and its Variants Sutherland’s white collar crime foundational work • Criminology (1924) and subsequent works defined white collar crime • Argued that crime occurs when behaviors learned within different cultures and groups come into conflict • Developed “differential association theory” as explanation • Rejected outright the notion of personality-based causes for crime Sutherland’s work criticized because: • It tied white collar crime to social status of the perpetrator • It made white collar crime an amorphous concept that expanded unreasonably • It uses “situational” explanation exclusively, rejects or ignores “dispositional” explanations for white collar crime Embraced by Sutherland’s student, Donald Cressey, for his Fraud Triangle • Accordingly, dispositional explanations remained ignored until recently

  11. The Development of the "Cressey Fraud Risk Triangle" Model and its Variants Alternatives to Sutherland’s white collar crime assertions (alternative typologies) • Those based on the characteristics of the offender • Violator of fiduciary duties • Other • Those based on the type of offense • Corporate crime • Occupational crime • Governmental crime • State-corporate criminal collusion • Enterprise (corrupt organizations) crime • Those based on the culture or nature of the organization victimized

  12. The Development of the "Cressey Fraud Risk Triangle" Model and its Variants Other proposed criminological theories having academic support • Social structural explanations • Emphasis on abuses by those in power • Marxian perspectives • Focus on ills of capitalistic system, abuse of power • Presumes stress on profit makes it impossible to impose good behavior • Anomie (normlessness) • Technological and other advances result in deviant behaviors • Organizational theories • Those becoming employed have personal norms challenged

  13. The Development of the "Cressey Fraud Risk Triangle" Model and its Variants Other proposed criminological theories having academic support • Differential association and social learning theories • E.g., organizations may impose earnings per share growth as a value • Reinforcement of new norms (e.g., by bonus plans) disrupts values held • This explanation is fairly well supported by research • Control balance theory • Those having control surplus exhibit autonomous deviance • Those having control deficit exhibit repressive forms of deviance • Rational choice/deterrence theories • Crimes less likely if sanctions exist • Even the perception of possible sanctions can be effective • But studies also find contrary effects (e.g., greater desire for control even in the face of known threats of sanctions)

  14. The Cressey Fraud Risk Triangle Model Developed in the context of embezzlement risk • Cressey, who was Sutherland’s student, became co-author with Sutherland • As did Sutherland, Cressey rejected personality factors as causative • Other People's Money: A Study in the Social Psychology of Embezzlement, 1973 • Fraud Triangle has, explicitly or implicitly, become the authoritative explanation embraced by the audit literature (AU-C 240, ISA 240)

  15. Fraud Triangle and Other Models Cressey’s Fraud Triangle widely used, including in auditing standards • Asserts that the confluence of opportunity, motivation and ability to rationalize committing fraud will greatly increase likelihood of fraud actually occurring

  16. Fraud Triangle and Other Models Cressey’s Fraud Triangle Elements • Pressure or incentive Generally, a person has a financial problem, either personal or corporate, that can be functionally addressed through the fraud. Incentive may be non-remuneratory (e.g., for bragging rights) • Opportunity The fraud perpetrator can “solve” his financial problem in secret, using his position, with low risk of being caught • Ability to rationalize the act The perpetrator does not see himself as criminal, merely caught in web of circumstances beyond his control and addressing those circumstances as best he can, in an effort to avoid the pain of affective-cognitive dissonance

  17. Fraud Triangle and Other Models • Cressey’s Fraud Triangle – Rationalization by the Perpetrator • “I am just borrowing the money” for short period, and will return it • “I am entitled to this money” because others are paid more, etc. • “Management itself is dishonest, so what if I am also” BUT – what if the would-be fraudster has no need to rationalize behavior?

  18. The Fraud Diamond • An extension of the Cressey Fraud Triangle • Developed by academicians Wolfe and Hermanson • Adds “capability” factor to the original three elements

  19. The Fraud Pentagon • Another extension of the Cressey Fraud Triangle • Developed by Crowe Horwath, an international accounting firm • Adds “arrogance” factor to the fraud diamond model

  20. The “American Dream” Triangle Model • Another extension of the Cressey Fraud Triangle • Developed by an academician, S. Albrecht • Integrates Fraud Triangle with Agency Theory and Stewardship Theory

  21. A More Detailed Triangle Model

  22. Fully Detailed Version of Triangle Model

  23. Limitations of Traditional Triangle Model • Based on presumption of “normal” personalities • Based on single perpetrator situations

  24. Limitations of Traditional Triangle Model

  25. Ramamoorti (2008) Cited Limitations of Traditional Triangle Model and the Need to Include Other Factors • Noted the need to broaden the study of fraud, away from the classical economic models of how markets work and what drives capitalism, and more into the world of human behavior and the behavioral sciences • "Greed" as an explanation for fraud is insufficient • The A-B-C typology

  26. Other Theories:The “Big Five” Personality Traits • Intellect (openness to experience) • Conscientiousness (efficiency and organizational skills) • Extroversion (outgoing and energetic) • Agreeableness (compassion and friendliness) • Neuroticism

  27. The “Big Five” Personality Traits Per research by Alalehto, there are three types of white collar offenders: •• The positive extrovert, driven into economic crime by his manipulative and egocentric characteristics and desire for control •• The disagreeable business man who acts on suspicion and envy and uses deceitful tactics •• The neurotic, characterized by high levels of anxiety, low self-esteem, anger, and hostility, making them susceptible to persuasion

  28. Other Theories of Crime Based on Personality Traits • Neutralization theory •• Typically developed from juvenile delinquency situation •• Involves denial of injury, of victim, of responsibility, et al. • Differential association and social learning theories •• Consistent with Sutherland’s theory that criminal behavior is learned •• Involves peer and managerial influences and interactions • Social control and bonding theories •• Bonding theory reverses perspective: why crime does not occur •• Social control focus on socialization to instill self-control

  29. Other Theories of Crime Based on Personality Traits • General strain theory •• Blocked goals create individual frustration, result in innovations •• Largely consistent with Sutherland but does allow for some personality- based factors • Deterrence and rational thought theories •• Methodological individualism: persons’ own behavioral choices rule •• Coherent set of choices are evaluated by individuals •• See the work of Gary Becker •• Others, such as D. Ariely, hold that behavior is often irrational

  30. The Problem of “Dark Triad” Personalities Research shows a large fraction of executives are “dark triad” types • About 5% of general population are “dark triad” personalities • But 20% of executives fall into one of these three types • Not surprising, because certain traits are needed for career success The problem: normal fraud models assume normal personality types • Auditing processes, such as risk assessments, presume normality • If “dark triad” executives don’t need pressure or rationalization (two of the three elements in the fraud triangle), risk assessments may be ineffective • Can auditors be educated or given tools to diagnose “dark triad” types? There are tools (questionnaires, etc.) that can diagnose “dark triad” types • How to integrate these into normal audit interviews, etc.? • Ignoring these recent research findings is not an answer

  31. The Challenge: Separating “Dark Triad” Management Personnel From Others

  32. The Traits of “Dark Triad” Personalities Narcissism • Grandiosity • Pride • Egotism • Lack of empathy for others Psychopathy • Enduring anti-social behaviors • Impulsivity • Selfishness, callousness, remorselessness Machiavellianism • Manipulation and exploitation of others • Cynical disregard for morality • Focus on self-interest and deception

  33. The “Dark Triad” Personalities Overlap

  34. Are “Dark Triad” Personalities Real? Whether described in the DSM or not is irrelevant! • Copious literature describes the traits • Tests (questionnaires) exist to identify existence • “Trait creep” makes precise delineations difficult What matters is that existence in key positions creates audit risk • Because two of three Fraud Triangle vertices do not matter • Need (monetary or otherwise) is not required • Avoidance of affective-cognitive dissonance also irrelevant For “dark triad” types, mere opportunity is enough to create risk • To deal with this risk, auditors need to assess DT presence • Bottom line is that internal controls are only defense

  35. The Problem of “Dark Triad” Personalities

  36. Urgent Need to Improve Effectiveness of Audits by Explicitly Addressing Personality Issues in Audit Risk Assessment Process The challenge for auditors: how to identify these persons, whose motivations and constraints are not those of “normal” personality types, and who might exhibit different fraud perpetration profiles A secondary objective would be to better advise the client (board audit committee, etc.) of fraud risks that may not have been identified by management. This would be a natural extension of the already-extant auditing requirement to report material weaknesses in controls to those having responsibility for the financial reporting process

  37. Urgent Need to Improve Effectiveness of Audits by Explicitly Addressing Personality Issues in Audit Risk Assessment Process • In the presenters' view, the biggest challenge will be to develop unobtrusive or inconspicuous ways to analyze the personalities of at-risk individuals • A means for drawing operational inferences from the results of those exercises will also need to be developed. •• E.g., if a given CFO scores high on the narcissism scale, there will need to be a mechanism to combine this insight with other risk assessment data so that planned auditing procedures can be altered accordingly • Do identified personality-based risks imply need for expanded audit tests OR application of different procedures?

  38. Thank You for Your Kind Attention!

More Related