Study: Errors, irregularities, the fraud triangle and the role of internal control
Read the Topic Learning Resources beneath the black bar below. You should also watch the "Fraud Triangle" video included in there as well (approximately 10m). Note: I did not create my own custom videos for this topic, I wrote the text and referred to the "Fraud Triangle" video created by someone else as noted in the Topic Learning Resources.
Take the topic quiz, by clicking here or clicking the "Next" button at the bottom right of this page.
Score at least 4 out of 5 on the quiz before moving on. If you do not score at least 4 out of 5 on the quiz, restudy the material and try again. I will keep your highest score.
Many of you will someday either own, run or manage a business or other entity of some kind. Your entity will strive to obtain assets
Links to an external site.and use them effectively and efficiently to achieve its objectives. Sometimes competing internal and external forces will work against you and your entity's desired objectives. This topic focuses on helping you learn about two of those negative forces which are errors and irregularities.
What are errors?
Errors are simple mistakes. In the context of a business, errors are mistakes that can impact the business in either a negative or a positive manner. They represent actions or decisions that someone, or something, made that is contrary to what the standard procedure, or entity objectives, would have expected to be made. They are inadvertent, erroneous actions with no mal-intent of any kind.
For example, a cashier makes an error when s/he accidentally records the sale of 10 lbs of bananas as only 1 lb of bananas.
An airplane mechanic creates an error when, due to insufficient training, does not properly repair the airplane.
A computer programmer creates an error when s/he accidentally enters incorrect code because s/he was exhausted when s/he wrote it.
In all of these examples, the noted error has the ability to negatively impact the company's assets. Having said that, errors can also accidentally benefit the company. For example when a cashier accidentally short-changes a customer by refunding $10 when s/he should have refunded $20. This error will inadvertently result in the company having $10 more than it should have.
Whether or not the impact of the error is positive or negative, it is still an error, and in the larger, moral, perspective, I believe management has the responsibility to minimize both.
|
What are irregularities?
Irregularities can be office thefts, as noted in the diagram to
When the irregularity is committed for personal gain or to incur
Management can reduce the risk of fraud by implementing a |
 |
What is fraud
Links to an external site.?
For purposes of this class, we will refer to fraud
Links to an external site. as it relates to criminal law, which requires the intentional deception of another to benefit oneself or to cause damage to another. When employees steal, they do it on purpose to benefit themselves (because they will use it or sell it), or to damage the company (because the company will have lost some of its assets); therefore, employee theft is a type of fraud.
What is the fraud triangle and how does it increase the risk of fraud?
Per Donald R. Cressey
Links to an external site., a famous sociologist and criminologist, the risk of fraud increases when the full "fraud triangle" is present. Per Cressey, the fraud triangle includes the following three pieces:
|
• Pressure/Incentive - The perpetrator has some sort of motive or reason for committing the fraud. For example, the perpetrator might feel significant pressure due to personal financial concerns caused by gambling, uncontrolled spending or significant medical costs. • Rationalization - The perpetrator can somehow mentally justify (i.e. rationalize) his/her actions. For example, in order to rationalize his/her behavior, the perpetrator might say "I am only borrowing the money and will pay it back later". • Opportunity - The perpetrator has some means of accessing the resources needed to commit the fraud. For example, the perpetrator might be a "trusted" employee into which the sole proprietor
Links to an external site. has entrusted all accounting functions, such as receiving, recording, and reconciling customer payments. In this case, the employee would have the opportunity to steal customer payments AND cover the theft up in the accounting records. If you would like to watch a short video (2m:10s) on this topic you might choose to watch this one from Blair Cook. 24 Fraud Triangle
Links to an external site. |
|
The risk of fraud can be significantly reduced by eliminating, or significantly reducing the presence of, any one of the three factors of the fraud triangle. You can think of the fraud triangle like the fire triangle, for which you need heat, fuel and oxygen to start a fire. To put out a fire, all you need to do is remove any one of the three items. For example, oil rig fires have been put out in the past using dynamite, because the resulting explosion effectively creates an oxygen-less vacuum over the fire and the fire immediately goes out.
Company management can likewise snuff out fraud by removing any one of the three fraud triangle factors. Which of the three factors do you think management can most successfully reduce or eliminate, pressure, opportunity or rationalization?
Although management can take a variety of steps to reduce the pressure that employees feel to commit fraud, or reduce the rationalizations that employees tell themselves to justify committing fraud, the one fraud factor that is most under the influence of management is opportunity.
Let's look at some examples of how the three factors of the fraud triangle can be reduced.
Pressure/incentive can be reduced to some extent if the pressure is something under the control of management. For example, if an employee is being pressured by his boss to overstate revenues Links to an external site., management can help remove that pressure by providing appropriate training for handling such situations as well as providing an anonymous tip/hotline to provide employee's support when dealing with ethical dilemmas. The reality is that many of the pressures that employees face are out of the control of the company, such as pressure from a spouse or from relatives, and will be difficult for the company to reduce.
Rationalization can be reduced to some extent in a number of different ways. For example, the company could properly train its employees regarding their duties, their responsibilities and the company's code of conduct. Employees could also be required to read, agree to, and sign the code of conduct. The reality is that even if employees undergo significant ethics training and sign a code of conduct, there is no guarantee that the employees will have actually changed their internal ways of thinking and rationalizing their behavior.
Reducing opportunity is the most cost effective means to reduce fraud. For example, if employees feel the pressure to steal cash from the company and can rationalize their behavior to steal the cash, BUT simply don't have the opportunity to steal the cash, they won't be able to steal it and thus will not commit the fraud. Many of the methods to reduce fraud opportunities are quite straight-forward and cost effective, such as requiring passwords, dual signatures, and placing assets under lock and key. Therefore, management can significantly reduce fraud by reducing the opportunity to commit fraud. Management can reduce the opportunity to commit fraud by implementing a strong system of internal controls Links to an external site.. If you ever plan on running your own business, I encourage you to get help in setting up a strong system of internal controls.
The role of internal control?
As defined by the Committee of Sponsoring Organizations and as issued in May 2013, Internal Control
Links to an external site. is defined as:
"...as a process, effected by an entity’s board of directors, management and other personnel. This process is designed to provide reasonable assurance regarding the achievement of objectives in effectiveness and efficiency of operations, reliability of financial reporting, and compliance with applicable laws and regulations.
- Internal control is a process. It is a means to an end, not an end in itself.
- Internal control is not merely documented by policy manuals and forms. Rather, it is put in by people at every level of an organization.
- Internal control can provide only reasonable assurance, not absolute assurance, to an entity’s management and board.
- Internal control is geared to the achievement of objectives in one or more separate but overlapping categories."
A properly designed system of internal control can significantly reduce the opportunity for errors and irregularities (particularly fraud).
Internal control is comprised of the following 5 components, which are not essential for us to dig into here, but, if you have additional interest, you can read more about them in the executive summary of Internal Control - Integrated Framework Links to an external site. issued in May 2013:
- Control environment
- Risk assessment
- Control activities
- Information & Communication
- Monitoring activities
At this stage, all I am hoping that you realize is that management's responsibility is to help the company achieve its objectives. Errors and irregularities (particularly fraud) prevent management from helping the company achieve its objectives. In order to reduce errors, irregularities and fraud, management should implement a strong system of internal control. The next topic will discuss certain types of control activities such as preventive, detective and corrective control activities.
Good luck on the quiz.