During the initial stages of internal audit, it is quite natural for a person to get stuck often as to what to do with the data received or what would be the appropriate question to ask the process owner. This mental block is associated with the inability to ask the question of ‘WHY’ or ‘WHAT IF’ which would in turn lead the auditor in to thinking multiple scenarios of what if the process owner/perpetrator had done a certain something that could be prejudicial to the interests of the company at a specific point in time when he/she had the opportunity to make use of the gap that perpetrator had identified in the controls that were placed by the company.
The ability to ask the right questions or think in a way the process owner/perpetrator might think is often associated with the mindset of the auditor. More the confidence of the auditor, easier it is to look at the process in a way the stake holder would have while assessing its gaps. This is the most effective to understand the process than to create flowcharts, process notes that is usually expected of an auditor in a procedural audit. As auditors gain experience, they develop an intuition factor, however it sometimes pushes them to make assumptions. This is one of the common and stupid mistakes even the best of the auditors do, make assumptions.
“Put yourself in the shoes of the person who is currently operating the control, and look for opportunities that may lie in utilizing the gaps to your benefit, think like a fraudster”
The perpetrator always finds ways to make things look like it never happened, but it is almost impossible to commit a fraud without leaving an audit trail. Some perpetrators are successful enough to cover it till their time in an organisation and leave before it will get uncovered and blow up in their face. Some of the fraudsters are smart enough to know who is auditing them, so they will remain friendly throughout the time with the auditor and make attempts to cloud their judgement. The auditor also may let few small observations slip off considering the goodwill of the fraudster he/she is dealing with. This is why it is important for an auditor to keep his ears open at all times and understand the behaviour of the people properly. This will also give insights as to what could probably be the motive for the fraudster to commit to certain crime/activity.
Even the famous Sherlock always looks at things from the perspective of the person who had committed the crime, as this opened up avenues for him to ask the right question at the right time to the right person. In the “The Sign of Three” Sherlock had to get out of his drug-laden mind palace before he could connect the clues he had gathered along the way and ask the right questions to the guests that had arrived at the wedding of Watson & Mary to solve the puzzle of who had been shadowing Major James Sholto (Watson’s old superior in the Army who comes out in the public just for his wedding) and attempting to murder.
In Internal Audit, you can be your own version of Sherlock Holmes, probably wouldn’t involve killing of some person, unless its a violent perpetrator you’re dealing with in which case you would be the one to die.
Next let us understand the fraud triangle, a simple yet elegant concept explaining the attributes of a fraudsters perceptions. Although there are exceptions to these perceptions, we are restricting to these in this article, & the exceptions however will be discussed in the upcoming articles.
A little History about the fraud triangle for the curious ones: Donald Cressey came up with the concept of fraud triangle which explains the three attributes to which every fraud can be attached to. He claimed that all the cases he studied conformed to the three-step process. While he identified the three elements that we now refer to as the Fraud Triangle, he never drew or referred to them as a triangle nor used the term “fraud triangle.” He also limited his discussion to embezzlement and not to fraud in general. However, if there’s one individual who should be called the father of the elements of the Fraud Triangle, it’s Donald Cressey.
SOME WORKOUT FOR YOUR MIND !
Now that you’ve understood the basics of how a fraudster would usually think and the attributes to which a fraud could be associated to, point out the red flags you find from the below and post it in the comments:
Adam is the internal auditing the procurement system of company C where Brian is incharge of the system. Darren is the vendor who has been constantly supplying the materials to the company C for a long period of time now without any other vendor having the opportunity to step in.
After some research & fieldwork A finds out that D is a relative of B and B has not allowed any competitive bids be received for certain items that the company procures or the bids received from B have always come at end. Point out the red flags you may have noted from the above information, and what are the possible ways in which Brian could have committed fraudulent activities in the comments below.
Thanks for Reading ! Until Next Time !
Really good read!!!!
Interest read. 🙂
Key red flags Adam & Brian case!
> Potential conflict of interest – Brian can use his position (opportunity) in the company to award the bid to his related party (be it friend, family etc)
> Favoritism to one party (vendor) and his long association to the company (possibility of kickbacks / bribe)
> Excessive dependency of single source vendor- Rate and material specifications could be manipulated which can be against the interest of the company
> Collusion of Brian with internal and external parties may also be a greater concern in case of his long association with the Company (which can be a financial loss) and he could be a parameter / probability to be apt for a fraudster profile