As an experienced forensic accountant, I’ve been retained to investigate allegations of employee embezzlement and quantify potential losses to the company. Sadly, the misappropriation of assets by employees is a fact of life. Future and newly-minted CPAs should be aware of the “fraud triangle,” a visualization of the three factors typically found to exist within or around the perpetrator when a fraud was committed:
Incentive/pressure: The motive for committing the fraud, like the need to pay insurmountable medicalbills.
Rationalization: Relates to the perpetrator’s defending or justifying the act, like “the company doesn’t pay me enough anyway.”
Opportunity: Relates to the “opening” that the perpetrator sees, like a weakness in internal control. Of the three factors, opportunity is the one factor that a company can manage. Therefore, be cognizant of the realities of the fraud triangle in your company.
The opportunity to steal from the company in the normal course of business arises from internal control-related issues. For example, there could be a lack of proper segregation of duties, an absence of a direct interface between one accounting system and another such that manual intervention is required (thereby creating the opportunity to manipulate data), or a toxic combination of both.
Assume an employee who handles cash receipts is also authorized to prepare and post the journal entry recording revenue. The opportunity to steal cash and book a correspondingly lower debit to the cash account is present. In a different scenario, assume there is no direct interface between the company’s accounts payable system and its bank’s cash payment system (assume the company pays vendors by wire transfers); therefore, a manual upload of disbursement information to the bank— including vendor bank accounts—is necessary for payment processing. However, the opportunity to replace a valid vendor’s bank account number with someone else’s bank account number is present.
If you’re in a position to do so, take a look at whether there is a lack of proper segregation of duties in processes and evaluate the risk. In addition, take note of whether there is no direct interface between two significant systems—meaning someone needs to manually transfer sensitive information from one to the other, creating the risk of error. Having your antenna up for these scenarios may keep the fraud triangle from taking shape under your purview.