Fraud Risk Flags by Factors
The fraud risk factors consists of three components that contribute to increasing the risk of fraud: opportunity, incentive, and rationalization. These factors are used to explain the reason behind a fraud. Auditors often refer to the fraud triangle when they review the risk of fraud in an organization. Donald Ray Cressey who is an American penologist, sociologist, and criminologist who made innovative contributions to the study of organized crime, prisons, criminology, the sociology of criminal law, white-collar crime, developed the fraud triangle. The fraud triangle is a model for explaining the factors that cause someone to commit occupational fraud.
The fraud triangle stems from Cressey’s hypothesis stated in his book, Other People’s Money that: “Trusted persons become trust violators when they conceive of themselves as having a financial problem which is non-sharable, are aware this problem can be secretly resolved by violation of the position of financial trust, and are able to apply to their own conduct in that situation verbalizations which enable them to adjust their conceptions of themselves as trusted persons with their conceptions of themselves as users of the entrusted funds or property.”
Perfect place syndrome and the 10-80-10 rule; fraud prevention expert state that every business is susceptible to fraud based on the 10-10-80 rule under the convenient circumstances. These percentages are a basic percentage distribution that shows how employees behave in any organization. This theory is based on the assumption that 10 percent of people are always ethical, 80 percent can act unethically depending on the situation or the pressure(s) being applied, and the rest 10 percent have no (or a severely broken) moral judgement and will seize opportunities to commit fraud.
The fraud risk factors identified are examples of such factors that may be faced by auditors in a broad range of situations. Although the risk factors cover a broad range of situations, they are only examples and, accordingly, the auditor may identify additional or different risk factors. Examples showing the Fraud Risk Factors in the AU-C 240 are as follows;
Risk factors arising from fraudulent financial reporting
Incentives and Pressures
- Financial stability or profitability is threatened by economic, industry, or entity operating conditions, such as high degree of competition, operating losses, rapid growth, or new accounting, statutory, or regulatory requirements
- Excessive pressure exists for management to meet the requirements or expectations of third parties due to profitability, needing to obtain additional debt, or achieving financial targets
- Information available indicates that the personal financial situation of management or those charged with governance is threatened by the entity’s financial performance such as significant financial interests (an compensations) in the entity, personal guarantees of debts of the entity
Opportunities
- Related party transactions that are also significant unusual transactions
- Significant transactions with related parties whose financial statements are not audited or are audited by another firm
- A strong financial presence or ability to dominate a certain industry sector that allows the entity to dictate terms or conditions to suppliers or customers that may result in inappropriate or non-arm’s-length transactions
- Assets, liabilities, revenues, or expenses based on significant estimates that involve subjective judgments or uncertainties that are difficult to corroborate
- Significant or highly complex transactions or significant unusual transactions, especially those close to period end that pose difficult “substance over form” questions
- Significant operations located or conducted across jurisdictional borders where differing business environments and regulations exist
- Significant bank accounts or subsidiary or branch operations in tax-haven jurisdictions for which there appears to be no clear business justification and contractual arrangements lacking a business purpose
- The organizational structure is complex or unstable, as evidenced by the following:
- Difficulty in determining the organization or individuals that have controlling interest in the entity
- Overly complex organizational structure involving unusual legal entities or managerial lines of authority
- High turnover of senior management, legal counsel, or those charged with governance
- The monitoring of management is not effective as a result of the following:
- Domination of management by a single person or small group without compensating controls.
- Oversight by those charged with governance over the financial reporting process and internal control is not effective.
- The exertion of dominant influence by or over a related party
- Internal control components are deficient as a result of the following:
- High turnover rates or employment of staff in accounting, IT, or the internal audit function who are not effective
- Accounting and information systems that are not effective, including situations involving significant deficiencies or material weaknesses in internal control
- Weak controls over budget preparation and development and compliance with law or regulation.
Attitudes and Rationalizations
- The practice by management of committing to analysts, creditors, and other third parties to achieve aggressive or unrealistic forecasts.
- Low morale among senior management.
- The owner-manager makes no distinction between personal and business transactions.
- Dispute between shareholders in a closely held entity.
- Recurring attempts by management to justify marginal or inappropriate accounting on the basis of materiality.
- A strained relationship between management and the current or predecessor auditor
Risk factors arising from misappropriation of assets
Risk factors relating to misstatements arising from misappropriation of assets as in risk factors arising from fraudulent financial reporting are also classified into three categories when fraud exists; incentives and pressures, opportunities, and attitudes and rationalization.
- Personal financial obligations may create pressure on management or employees with access to cash or other assets susceptible to theft to misappropriate those assets.
- Adverse relationships between the entity and employees with access to cash or other assets susceptible to theft may motivate those employees to misappropriate those assets.
- Certain characteristics or circumstances may increase the susceptibility of assets to misappropriation; large amounts of cash on hand or processed, inventory items that are small in size, of high value, or in high demand, or easily convertible assets, such as bearer bonds, diamonds, or computer chips
- Inadequate internal control over assets may increase the susceptibility of misappropriation of those assets; inadequate segregation of duties, inadequate oversight, lack of timely and appropriate documentation, or inadequate management understanding of IT
- Attitudes and Rationalizations such as disregard for the need for monitoring and internal control or by failing to take appropriate remedial action on known deficiencies in internal control, behavior indicating displeasure, tolerance of petty theft