Several folks commented on recent tweets of local fraud and embezzlement, first at UNC-Charlotte and again at Charlotte's Mecklenburg County, specifically within the Department of Social Services. The Fraud Triangle teaches us that as long as there is Pressure / Incentive (I really need the money), Rationalization (e.g. other people do it, I'll pay it back...etc.) and Opportunity (I won't get caught because...) fraud can and will occur and recur.
My own experience is these three elements of the fraud triangle are closely related, and that Opportunity needs to be re-evaluated, especially as Incentive increases. Today's economic times are proving this need most everywhere we look, yet we still see only a few companies who are actively changing and increasing how they monitor for potential fraud, despite the availability of very effective, modern tools for fraud detection. Like CCM-T tools from Oversight and Approva.
A specific example: During my Big 4 Accounting Firm days, I led a team that audited the procedures used to produce scratch-off lottery tickets. When we started, the largest prize awarded was $5,000 or $10,000. While internal controls were always very good (i.e. Opportunity = Low), there were still a number of people at the Ticket Printer and at the Big 4 Firm who had access to information that might help locate a batch of 250 tickets that would likely contain a $5,000 or $10,000 winner.
The likelihood that a person would risk their career to steal $5,000 or $10,000 (two to six months net pay) was pretty low. But when the Ticket Printer and State Lotteries began printing tickets with $100,000 and eventually $1,000,000 tickets. That represented at least a year or even 20 years or more in net pay. What a powerful Incentive!
This change in Incentive was a trigger that we saw to re-evaluate internal controls, because now the temptation needed a corresponding decrease in opportunity. In addition to our agreed-upon procedures to evaluate controls over ticket production, we began a continual security review which included review of other controls that would identify who may be accessing information that might allow a large ticket winner to be located. We publicized the continual security review within the company (and the Big 4 team!), so that the decreased Opportunity was understood by anyone who may have been tempted.
As staffs are cut and monitoring controls become less frequent, what is your organization doing to reduce the Opportunity for Fraud. For a couple of high-profile cases in Charlotte, it's clear that more needs to be done.
Joe Oringel
Visual Risk IQ
Charlotte NC, USA
Subscribe to:
Post Comments (Atom)
1 comment:
I am depressed and amazed at the lack of oversight present in systems / process today. With staff pressures / budget cuts / outsourcing /etc. it seems to be getting much worse even as people become more motivated... If folks are not sure that there are controls or detection methods - sooner or later they will 'test the fence'. When they test - if they find the fence is only imagined - the whole herd will bust right out of it!
Post a Comment