Even though it has been around for many years, the Fraud Triangle is still the best way to explain why fraud occurs and is also a great way to help prevent fraud.
When looking at the word ‘fraud’ within a professional and personal capacity, we instantly attach this to a number of negative connotations, at time brushing it off as just another word. However, the reality is that fraud occurs in every country, touches everyone and constantly surrounds us during our daily live – every second of every day, someone, somewhere is being exposed to some form of fraud.
The increasing business complexities, strict regulations, and the growing financial and political risks are only a number of reasons why fraud is on the rise. According to statistics, key organizations are said to lose approximately 5% of their revenue to fraudulent crimes every year 1. But the question is, can we do anything about it? Why are we losing sight of this? Is the cost of preventing fraud worth more than our reputation?
Before we look into this, let’s first understand the triggers that are associated with the occurrence of Fraud. A clear and basic framework designed by Donald R. Cressey addresses the reasoning behind an individuals’ decision to commit fraud. The three key elements of the triangle are:
- Rationalization: Justification of dishonest actions
- Pressure: Motivation or incentive to commit fraud
- Opportunity: The method by which fraud can be committed (i.e. ability to carry out the misappropriation of cash or organizational assets)
The common phrases used by most fraudsters to justify their white collar crime are “it doesn’t look like what it seems”, “I just did what they were doing, isn’t this acceptable” or “I didn’t even mean to do it”. Many employees feel that they are responsible for the growth of the company, they get tasked with ensuring the business continues to perform and as a result some expect monetary recognition. However, when this desire isn’t fulfilled, they look at other means to compensate the reward without ‘knowingly’ believing they have crossed the boundaries. This is just one simple example of how occupational fraud is rationalized by the perpetrator. Rationalization is something that is difficult to control, as every individual has different reasoning to behave when handling the surrounding circumstances.
Most of the times, employees face different kinds of pressure whether in their workplace or personal lives. The great desire to advance quickly, the desire to be seen as successful, to be recognized by their management for instance – all of these circumstances may impel individuals to commit fraud. Commonly, the typical fraud starts when an individual is involved in uncontrollable financial debts and feels unable to reveal his situation to others to seek for help. In addition to situation of personal or work related pressure fraud can also occur in what some of us perceive as minimum pressure – the need to want more; committing a crime and not getting caught creates an increased appetite to re-offend. This in turn, causes increased pilfering and results in a financial loss for the business including loss of reputation in some extreme cases.
In many cases, the fraud starts when the perpetrators recognize a way to exploit their authority and power within an organization and find a way to deceive other employees, management and others around them. Many fraudsters are under the impression that their thorough knowledge of internal controls and organization procedures would significantly minimize the risk of being caught.
These three critical elements must be simultaneously present for fraud to occur. Therefore, this triangle can be fragmented by removing one of these elements and thus minimizing its likelihood of occurrence.
It is very important to highlight that opportunity is key, as it is the only element within the control of organizations. Opportunities to commit fraud can be reduced through strong and comprehensive internal controls but unfortunately they can never be fully eliminated since internal control systems have inherent limitations and provide only reasonable and not absolute assurance.
This leads us to the question, what can an organization do to minimize fraud besides establishing an adequate internal control system? The answer can be summarized in one sentence: by creating a corporate culture which provides a healthy environment to prevent and detect fraud. When the right healthy culture is in place, the internal controls are rendered secondary.
The board can make a vivid change in the corporate culture by creating change to shape and tailor the control environment. The actions and the tone at the top can motivate everyone in the organization to adopt a positive attitude and behave in a way that prevents fraud or at least detects it at an early stage. Culture is an aspect of corporate governance that is often ignored until there is a crisis. This, combined with a lack of clarity as to who has primary responsibility for driving, developing and nurturing organisational culture leaves a significant opportunity.
In correlation to this, the executive management plays a vital role in preventing, detecting and deterring fraud by establishing sound internal control policies, designing a comprehensive set of internal controls and implementing fraud management tools like whistle blowing to encourage employees within the organisation to look out for and report potential fraudulent activities within the workplace – thus creating increased channels to expose the crime.
Alongside this, the role of the Human Resources department is key in aiding fraud prevention. Pre-employment background screening is crucial as it reveals the true identity of the employee and verifies the information provided in their resume. This process helps the organization to minimize the risk of hiring fraudsters and white collar criminals.
The UAE is being targeted by international criminals using increasingly sophisticated methods to defraud companies and investors, especially given the rapid growth in key sectors which creates additional opportunities for fraudsters. This is further evidenced with key authorities in the UAE, such as the Dubai Financial Services Authority issuing alerts to warn firms registered within their free zones of various scams and imposters 2.
Fraud prevention and detection is not only the responsibility of a single department or function. In fact, everyone in the organization is responsible to maintain and create a corporate culture that is free from unethical practices. Fraud is a serious offence which can cause not only financial loss, but can leave an even bigger negative impact on a company’s reputation. Therefore, fraud needs to be managed and should be discussed at board level, given that many times the perpetrator may be closer to the business than often thought.
1. Report to the Nations, Association of Certified Fraud Examiners, Access on 26 July via
2. Fraud alerts sounded by DFSA with scams on the rise in UAE, Accessed on 23 March via
MOHAMAD NASSAR CPA, CIA, CCSA is Partner at Grant Thornton UAE and leads Business Risk Services.