Fraud Evasion Triangle: Why Can Fraud Not Be Detected?

There is a controversial issue whether whose responsibility it is to detect fraudulent activities in the firms. For instance, the Chairman of the Public Company Accounting Oversight Board in USA cast the burden of detecting the fraud on external auditors (CFO, 2004). External auditors put in their auditor’s report that the management of the company is responsible for the preparation of the financial statements that are free from material misstatements, whether due to fraud or error. Auditor’s responsibility is to obtain a reasonable assurance and it is not a guarantee to detect fraud or error even if they are material. Shareholders rely not only on the management they give power but also to external auditors and oversight boards. However, Global Economic Crime and Fraud Survey (PwC, 2018, p. 2) shows that fraud and economic crime are on the rise across all geographic territories despite increased spending on struggling fraud. Dyck et al. (2010) explain that the traditional corporate governance actors such as SEC and auditors are not reliable for fraud detection. Cressey (1973, p. 30) formulated the fraud triangle and identified three basic motives which lead to fraudulent behavior: incentive (or pressure to perform), opportunity, and rationalization. The survey (PwC, 2018, p. 24) points out the extent of each factor accounts for such a behavior: 59% of fraudulent activities derive from opportunity, 21% from incentive, and 11% from rationalization.

Corporate loss per fraud case is calculated as USD 130.000, while 22% of the cases caused losses over USD 1 million (ACFE, 2018). Corporate accounting scandals negatively influence economy, shareholders, suppliers, employee morale, and the society. The scandals of firms whose stocks are publicly traded in the markets are heard by the public thanks to media. However, the fiascos of the small and medium sized firms which constitute a greater part of the economy are rarely known to general public. Practitioners and academicians try to develop indicators and prediction models to isolate fraudulent activities. However, the fraud is driven by human actions, and the fight should use human counter-actions rather than technological deterministic tools. Salem (2012) reveals the detected frauds have declined after the use of more advanced technological methods. This paper explains the reasons of the difficulties for detecting fraud and forms an explanatory framework demonstrating the factors that stand against the combat with fraud.

This paper seeks to answer the question of why it is difficult to detect corporate fraud by constructing an explanatory framework. Fraud triangle supporters and most of the academicians look for factors that motivate fraudsters. However, this approach doesn’t answer what prevents the fraud to be detected. This study analyzes the three actors, management, internal auditors and external auditors, who are supposed to find fraud. The actors are in reality obstacles to detect fraud in this current business environment. For instance, a survey (DeZoort & Harrison, 2018) conducted with 878 auditors revealed that auditors do not have clear guidance to detect fraud and are not informed about the procedures to follow in order to detect fraud. The explanatory framework is presented in the section 2 in which the reasons that prevent fraud detection are explained for each actor. Section 3 presents new approaches for each of the actor described in the fraud evasion triangle described in the previous section. The last section gives the conclusion of this paper.

Unlike The research is performed through a survey with open-ended questions with certified public accountants, independent auditors and finance officers who explained different types of frauds they witnessed. The literature review revealed that academicians mostly research from a different point of view, hence not taking into consideration all of the main variables. The frauds can be divided into different groups: immaterial and material losses, and also as committed by low-ranked employees versus top management. Low-ranked employees may commit fraud with immaterial amounts that cannot affect the sustainability of the business. If the commitment of the immaterial amounts of fraud exists in a company, most of the employees tend to commit it as this attitude turns to be the inner culture. Schuchter and Levi (2016) interviewed fraudsters who argued that all fraud triangle elements are heavily influenced by the corporate culture. If low-ranked employees feel that the top management commits fraud, they have tendency to do so as well. On the other hand, top management may commit both immaterial and material fraud.

The explanatory framework of fraud evasion triangle (Figure 1) doesn’t drive from the fraud triangle. Fraud evasion triangle is only similar in shape and explains the three different aspects which obstruct the detection of fraud. The identification of these three aspects may facilitate the combat with fraud by establishing a mechanism against these aspects. Unless these aspects are known, the global fraud would increase as the reports measures.

Even the offender has different motives. He has to know for sure the method to perform the fraudulent act without being caught. The motives of fraudsters are not important for detecting the fraud as every employee may commit a crime for any reason. Whichever the importance of the motive, opportunity (PwC, 2018, p. 24), pressure to perform (Bonny et al., 2015) or rationalization (Shepherd & Button, 2019) has no consequences over the prevention of the fraud. Fraud triangle is not a reliable model for constructing barriers to fraud (Lokanan, 2015). The fraudster is a person who knows the business, questions the process and the organization, and takes enough time before acting. He is as clever as the person who can catch him. After committing fraud once, he can commit it again as his knowledge and experiences give him trust to re-act. It is one of the reasons; this fraudulent activity becomes a natural activity in the business so the analytical review procedures cannot detect it. The ranking of the employee is also irrelevant in the organization in terms of the fraud detection. Anyone in the firm can have his own arguments. The degree of corporate damage only differs depending on the ranking. The higher in the organization, the higher the monetary harm to the company will be.

The Internal auditing helps the organization by reviewing whether the business runs in accordance with established rules and regulations, the departments operate effectively, and the risk management is adequate. A global survey shows that internal audit contributes only 15% to the initial detection of fraud, and internal control weaknesses are responsible for half of the frauds (ACFE, 2018). The drawbacks for internal auditors to detect fraud can be summarized as follows:

Internal auditors are hired by the top management, mostly by the general manager or financial officer. It is not expected for internal auditors to check the activities of their superiors who hire them and decide on their salaries. Internal auditors can catch, if they can, only the fraudulent activities of subordinates whose monetary fraudulent action is often not material compared to the activities of the top management. Additionally, top management can direct the work of the internal auditors on irrelevant subjects in order to hide their malicious operations.

The role of an internal auditor does not specifically include the prevention of audit. He is responsible for the surveillance of the smooth running business. If the fraud exists before his arrival and it has become a natural part of the business activities, he will not have any suspicion to distort the system. He also most of the time checks the rules and regulations written by the departments. If the fraudster has written the rules and regulations, the internal auditor will note that the activities are in accordance with what has been written.

Internal auditors are often young people who come from the accounting or budget departments. They are neither experienced to discover all sort of fraudulent activities in a business nor trained for forensic audit.

Independent audit of financial statements is not designed to detect fraud. There are many reasons for not expecting external audit to prevent fraudulent activities.

The independent auditor has the objective to obtain reasonable assurance and express an opinion on the financial statements (ISA 200). The independent auditor doesn’t plan the audit to detect fraud. The audit plan is to check whether the balances of the financial statements are correct and properly stated. The auditor examines a very small part of the transactions that occurs during the year. For instance, if the year-end balance is confirmed by the third party (ISA505), the auditor does not bother about the agreement terms, prices on the invoices and even the goods or services which are fully obtained from the suppliers.

The employee turnover is high in auditing industry. Every year fresh graduates are hired by auditing companies. Young auditors perform most of the field work and they are trained at the job by their supervisors and client staff. Audited company staff mostly knows that each year new auditors come to ask the same questions. It is easy to manipulate young auditors. Auditor in charge of the preparation of the report usually has to keep up with deadlines so that he has limited time to supervise young auditors in the field and pay attention to details. More than young auditors, even experienced ones may also lack sectoral expertise. The complexity of their client’s organization does not help auditors either. Therefore, the auditors mostly try to repeat the work performed in the previous year and do not have time to think for other issues.

Independent audit relies on the management of the audited company to establish internal controls to have financial statements free from material misstatements, whether due to fraud or error (ISA 700). This reliance gives comfort to management to design its internal control environment. When the auditor finds some delicate issues, management can respond that they will take the necessary actions to improve the internal system. Thus, the issue is often interpreted as an isolated case by the auditor who continues his audit tasks.

Auditor is responsible for determining materiality (ISA 320). This means he has to concentrate on large amounts and balances in order to perform the audit effectively. This is known by the audited company staff who can easily hide fraudulent transactions in small amounts. The auditor performs his routine and predictable audit tests (Coenen, 2010). Auditors usually apply the standard audit programs year after year without changing anything even if a fraud is identified (Zimbelman, 1997; Hammersley, 2011). It is easy for the fraudster to introduce fictive invoices in small amounts each month.

The accounting concept of substance over form states that goods and services purchased by the company must be in accordance with the company’s operations, and the recording should not be performed just for the legal forms of the documents. This issue is very difficult for the external auditor who cannot decide on the substance. If management has purchased goods or services and affirmed that they are related to the business, the auditor cannot object unless it is too obvious that the transaction is not related to the business. For instance, there is an invoice on which it is clearly written that the service is related to the education of the children of the general manager.

Business is getting fast and complex. New business models, partnerships, mergers and acquisitions, technological driven models and new industries evolve while the audit process follows the same rules that are in existence since decades. Additionally, accounting estimates (ISA 540) are very difficult for auditors who do not have technical and business specific knowledge to audit.

The fraud evasion triangle described in the previous section identified the three actors that have their own drawbacks against detecting fraud. Once these actors are known, new approaches should be formulated against the behaviours and tasks of these actors.

The fight should include unconventional methods. Asare et al. (2015, p. 102) found that whistleblower is a fraud identifier technique (36%) that is almost twice powerful as the total of internal (12%) and external (8%) auditors’ fraud identification. Monetary incentives (Dyck et al., 2010) encourage employee whistleblowing.

In terms of the degree of the damage caused, some different approaches should be taken between managerial and non-managerial employees.

3.1.1.

ACFE (2018) survey shows that fraudsters with longer service in the firm stole twice as much. Thus, seniority increases fraud. It is logical as managers become crafty over time. The best methodology is to limit the period of work even if the managers are successful. For instance, a CEO can achieve yearly budgets and gain a good reputation in the eyes of the persons who hired him. However, the budget might have been distorted to be achieved easily. The best solution is to replace the CEO after a four- year period. He can be rotated to another position within the group. The new CEO will have the opportunity to check all the business and notice unhealthy relations built by his predecessor. The staff can communicate to the new CEO all the anomalies they could not tell before as they feared that they would lose their job.

3.1.2. Non-managerial Employees

It is difficult to struggle with low amount of crimes as the number of employees is high as compared to managerial ones. The best way is to struggle as a whole meaning that through a corporate culture. Ethical values should be adopted to abstain all employees from committing fraud. A strong ethical culture creates high employee moral so that employees stay away from cheating. To restore the corporate ecosystem, concrete measures should be implemented. Some measures can be to perform surprise controls on the employees, award the whistleblower, write rules and regulations, and increase transparency and communication.

3.1.3. Fraud Awareness

The fraudster resigns or is fired once his action is detected. Corporate management usually tries to solve the fraud inconspicuously to protect its reputation fearing to be heard publicly. Bonny et al. (2015) found only half of corporate crimes were subsequently reported to law enforcement. The fraudulent activities may decrease if all fraudsters know their actions will end up in court. The periodic announcements and releases of news about fraud fight will increase the awareness, and may be an important coercion to prohibit fraud.

3.2. Dependent Internal Auditors

Internal audit detects only 15% of frauds (ACFE, 2018). This cannot progress unless radical changes occur.

3.2.1. Direct Recruitment by Shareholders

The internal auditor should be hired by the shareholders, and should directly report to the shareholders. He should have the necessary qualities and skills: preferably an audit background, a

skeptical mind, accounting knowledge and a thinking mind-set to seize crafty perpetrators. He also needs to be rotated within the firm or replaced every four or five years.

3.2.2. Autonomous Internal Auditors

Internal auditor should be autonomous to plan his schedule. He should not be influenced by the top management about what to audit. He should have access to all the records and data within the company. Asare et al. (2015, pp. 102-3) pointed that e-mails were most convincing evidence by 40% as compared to accounting records which represented 36%. The internal auditor should have a different perspective and the authorization to review all the e-mails.

3.2.3. Training

Company should invest in the internal auditing department and the auditors should get the necessary trainings. The training should integrate forensic audit and other activities such as workshops and webinars on this subject.

3.2.4. Communication

Internal auditors should communicate with other internal auditors in other companies as bribery in the form of invoice kickbacks and bid riggings involve the counter party as well. Discussions with the counterpart can help the auditor gain experience and also understand anomalies if there are any.

3.3. External Audit does not Give Guarantee

The current business model for audit firms cannot be a solution for fraud detection. Fundamental changes are needed.

3.3.1. Specialized Fraud Auditors

In the independent audit firms, tax accounts are usually checked by tax specialists in the audit firm. A similar approach should be taken for fraud assessment. The financial statement auditor should continue their traditional audit. Specialized fraud auditors can perform different tests and conduct surprise procedures.

3.3.2. Appointment of the Auditor by a Centralized Authority

A review of studies about audit rotation implies that it is time to search for other solutions for auditor independence (Zubairu et al., 2019). Management has willingness to work with auditors they know. On the other hand, auditors have the expectation to renew audit engagements. This dependency can always smooth the auditor’s opinion. The appointment of the auditor directly by a body, for instance Public Oversight Accounting and Auditing Standards Board, will give real independency to the external auditor.

3.3.3. Minimize the Audit Expectation Gap

The expectations of the users of the financial statements differ from what the independent auditors provide actually (Liggio, 1974) even if some research results (Beattie et al., 1998; Pourheydari & Abousaiedi, 2011; Saha et al., 2019) contradict. The increased communication between the independent auditors and the users of the reports will contribute to the realization of the aims of each group. When the users are aware of the primary responsibility and the audit methodology of the auditors, they can implement other solutions to prevent fraud.

It is difficult to struggle with low amount of crimes as the number of employees is high as compared to managerial ones. The best way is to struggle as a whole meaning that through a corporate culture. Ethical values should be adopted to abstain all employees from committing fraud. A strong ethical culture creates high employee moral so that employees stay away from cheating. To restore the corporate ecosystem, concrete measures should be implemented. Some measures can be to perform surprise controls on the employees, award the whistleblower, write rules and regulations, and increase transparency and communication.

The fraudster resigns or is fired once his action is detected. Corporate management usually tries to solve the fraud inconspicuously to protect its reputation fearing to be heard publicly. Bonny et al. (2015) found only half of corporate crimes were subsequently reported to law enforcement. The fraudulent activities may decrease if all fraudsters know their actions will end up in court. The periodic announcements and releases of news about fraud fight will increase the awareness, and may be an important coercion to prohibit fraud.

Internal audit detects only 15% of frauds (ACFE, 2018). This cannot progress unless radical changes occur.

The internal auditor should be hired by the shareholders, and should directly report to the shareholders. He should have the necessary qualities and skills: preferably an audit background, a skeptical mind, accounting knowledge and a thinking mind-set to seize crafty perpetrators. He also needs to be rotated within the firm or replaced every four or five years.

Internal auditor should be autonomous to plan his schedule. He should not be influenced by the top management about what to audit. He should have access to all the records and data within the company. Asare et al. (2015, pp. 102-3) pointed that e-mails were most convincing evidence by 40% as compared to accounting records which represented 36%. The internal auditor should have a different perspective and the authorization to review all the e-mails.

Company should invest in the internal auditing department and the auditors should get the necessary trainings. The training should integrate forensic audit and other activities such as workshops and webinars on this subject.

Internal auditors should communicate with other internal auditors in other companies as bribery in the form of invoice kickbacks and bid riggings involve the counter party as well. Discussions with the counterpart can help the auditor gain experience and also understand anomalies if there are any.

The current business model for audit firms cannot be a solution for fraud detection. Fundamental changes are needed.

In the independent audit firms, tax accounts are usually checked by tax specialists in the audit firm. A similar approach should be taken for fraud assessment. The financial statement auditor should continue their traditional audit. Specialized fraud auditors can perform different tests and conduct surprise procedures.

A review of studies about audit rotation implies that it is time to search for other solutions for auditor independence (Zubairu et al., 2019). Management has willingness to work with auditors they know. On the other hand, auditors have the expectation to renew audit engagements. This dependency can always smooth the auditor’s opinion. The appointment of the auditor directly by a body, for instance Public Oversight Accounting and Auditing Standards Board, will give real independency to the external auditor.

The expectations of the users of the financial statements differ from what the independent auditors provide actually (Liggio, 1974) even if some research results (Beattie et al., 1998; Pourheydari & Abousaiedi, 2011; Saha et al., 2019) contradict. The increased communication between the independent auditors and the users of the reports will contribute to the realization of the aims of each group. When the users are aware of the primary responsibility and the audit methodology of the auditors, they can implement other solutions to prevent fraud.

This paper constructed three pillars that prevent the detection of corporate fraud. As the motives of the fraud triangle suggest, certain employees will continue to commit fraud. The internal auditor who is hired by the management cannot plan independently to include the audit of the top management. He will be limited and even replaced if he tries to control the topics that top management does not desire. As the main objective is the efficiency of the business, the internal auditor works to ameliorate the internal system. It is improbable for him to find a fraud unless he searches a specific area. The responsibility of the external auditors on the audit of the financial statements does not include fraud. Audit process is not designed to detect fraud, and the auditor’s report states that company’s management is responsible for the internal control system so that the financial statements are free from material misstatement, whether due to fraud or error. The actors who are supposed to detect frauds cannot prevent fraudulent activities in today’s corporate design and auditing business. Corporate fraud will increase as the recent surveys point out unless some radical solutions are implemented as recommended in this paper. If all the stakeholders really desire to reverse the increasing global fraud, comprehensive radical changes should be implemented with regard to the parties described in the fraud evasion triangle. This paper identifies factors and offers concrete solutions for each factor that prevents the detection of fraud. Future research would be to discuss the practical implications of the recommendations put forward by this paper, and test them empirically.