The fraud triangle, authored by Dr. Cressey, has been adopted by the auditing profession as a tool to help detect and deter occupational fraud.
The model has many applications in the fraud audit. The primary purpose is in the planning stage to help identify where and why your organization would be vulnerable to someone committing a fraud risk scenario.
Here’s a closer look at the fraud triangle and how you can implement this model.
Fraud Triangle: The Basics
As you will be aware, the fraud triangle has three elements:
These three elements are fairly easy to grasp, and there are a lot of explanations on these online. This blog will focus on the practical application of the fraud triangle rather than defining these elements.
In other blog posts, we discuss the fraud risk universe. The classifications are:
- the primary category
- the secondary category
- the inherent scheme
- the fraud risk statement
The use of the fraud triangle in fraud auditing starts with the primary fraud category, then proceeds through these four classifications within the fraud risk universe until reaching the fraud risk statement.
To illustrate, if the primary fraud category is financial reporting, then the auditor needs to understand the internal and external fraud risk factors that would cause someone to misstate the financial statements. If the audit scope is asset misappropriation, then the auditor would focus on those factors that cause an individual to commit an asset misappropriation fraud risk statement. The key is to understand how the pressure, rationalization and opportunity vary by the primary fraud risk category. Depending on the scope of the audit or investigation, the fraud triangle can be applied all the way down to the specific fraud risk statement.
Understanding how the fraud triangle applies to the audit scope and objectives is the next step in using fraud triangle in the audit planning stage and the building of the fraud audit program. The first goal is simply to make the auditor more aware of those risk factors that may be occurring at the audit location. Stated another way, move the auditor from blank professional skepticism to educated professional skepticism. This is one of the primary purposes of the brain storming sessions.
The next step is to use this knowledge in building your fraud audit program and fraud testing procedures. In the ideal world, the audit would have unlimited time to perform their audit, however all projects have limited resources. The fraud triangle can help focus the auditor on high risk fraud scenarios. So, consideration of the fraud triangle is intended as one of the planning steps in building your fraud audit program.
A Worked Example Using Financial Reporting
Let’s start with a simple example of integrating the fraud triangle using the financial reporting.
We will assume the business in question is dependent on bank loans to sustain the company growth plan. Currently, the company has a loan agreement based on a percentage of current assets. Unfortunately, the company has borrowed all available funds. To continue growing, the company needs to borrow additional funds.
How does the fraud triangle apply? The audit should recognize the pressure facing management. Without additional loan funds, the company cannot continue to grow. Therefore, the audit plan should focus on overstating current assets. Since accounts receivable is a material asset, the brain storming would focus on those risk statements that could result overstating accounts receivable. In terms of the fraud triangle:
- Pressure: The pressure is sustaining growth.
- Rationalization: This is the idea that since the company is profitable the company can pay the additional loan costs and the bank is making more money.
- Opportunity: The opportunity is caused by management is able to record false revenue or understate the allowance for bad debt.
Next Steps: Fraud Risk Statement
When planning, the next step is to assess whether there are risk factors are stronger for false revenue or misstating the allowance for doubtful accounts. Assuming the risk factors suggest false revenue, then the fraud audit program would be designed for the following to fraud risk statements (using the five components of a fraud risk statement):
Controller causes false revenue to be recorded using a false customer resulting in the overstatement of accounts receivable and revenue.
Controller causes false revenue to be recorded using a real non complicit customer resulting in the overstatement of accounts receivable and revenue.
The Resulting Fraud Data Analytics
Now the auditor can perform fraud data analytics to search for false revenue and design fraud audit tests to uncover false revenue. Discussions should proceed than to identify the red flags of false revenue in either a false customer or a real customer.
A More Complex Worked Example: Corruption Scheme
Now let’s look at a corruption scheme that is also a violation of the foreign corruption act. A company subsidiary is operating in a high-risk country.
The subsidiary is highly dependent on government contracts. In this example, we have two issues: how will the fraud triangle apply to increasing revenue and management’s propensity to pay a bribe and concealment the payment in their financial records?
- Pressure: This is growing on local management to increase revenue.
- Rationalization: This will be “this is how business is conducted in this country”
- Opportunity: this is created by senior management’s ability to override controls.
Now let’s change the facts, a different subsidiary is in a low risk country, has no government business and the subsidiary is achieving their corporate goals. When we reflect on the difference between the facts situations, considering the pressures, rationalization, and opportunity it becomes clear how the fraud triangle can help focus your audit efforts and allocate resources to those high fraud risk areas.
In contrasting the two corruption examples, it becomes obvious how the fraud triangle is a powerful tool to allocating resources to the high-risk areas facing business today.
Moving Beyond the Triangle
While the fraud triangle can be useful for audit program planning, when you want to get to the bottom of fraud prevention and detection there are a range of efficient and cost-effective methods your team can use to improve their approach.
Contact us today to talk through your needs when it comes to planning your audit program. We can better empower your team to approach fraud.