Chapter 11: Identifying and preventing fraud

I | What is Fraud?

 Fraud, within a work context, is the deliberate use of deception, lies, or cheating to
unfairly gain money, property, or advantages that rightfully belong to the company or
another party. It represents a fundamental breach of trust aimed at deceitful acquisition.

 The two primary categories are Asset Misappropriation (theft or misuse of company
resources) and Financial Statement Manipulation (falsifying corporate financial reports),
both leading to significant harm and misrepresentation.

1.1 | Asset Misappropriation

 What it is: The theft or misuse of an organisation's resources by employees.

 Why it matters: Directly depletes the company's physical or monetary assets, causing
tangible financial loss.

 Typical indicators / red flags: Not provided in the source notes.

 Illustrative examples:

1. Theft of cash or inventory: Directly taking money (from registers, safes, deposits)
or company products/supplies.

2. Payroll fraud: Creating "ghost employees" to collect fake salaries or falsely

claiming unworked hours/overtime.

3. Teeming & lading: Stealing an incoming payment from Customer A and using a
later payment from Customer B to cover Customer A's account, delaying detection.

4. Shipping to "phantom" customers: Creating fake sales invoices for non-existent

customers to hide stolen goods or inflate sales figures.

5. Collusion with real customers: An employee providing unauthorized benefits

(discounts, lower prices) to a customer in exchange for a secret payment (kickback).

6. Bogus purchases: Submitting fake invoices for goods/services not received,

sometimes in collusion with an outside supplier.

7. Misuse/disposal of assets: Using company equipment (vehicles, tools) for personal

use or selling assets and keeping the proceeds.

1.2 | Financial Statement Manipulation

 What it is: Intentionally falsifying information presented in a company's formal financial

reports (e.g., income statement, balance sheet).

 Why it matters: Misleads stakeholders (management, investors, creditors) about the

company's true financial health and performance, potentially leading to poor decisions based
on inaccurate data.

 Typical indicators / red flags: Not provided in the source notes.

 Illustrative examples:

1. Overvaluing inventory: Reporting inventory at a higher value than its actual cost or
market price to inflate assets and profits.

FAU, FFM, FBT Kim Mara | 1

.
 2. Ignoring bad debt write-offs: Failing to recognize uncollectible customer debts as
an expense, thus overstating assets (accounts receivable) and profits.

3. Fictitious sales: Recording revenue from sales that never happened to make the
company look more successful.

4. Window dressing: Timing transactions or making cosmetic accounting adjustments

near the end of a reporting period to present a temporarily improved financial
picture.

5. Understating expenses: Deliberately not recording incurred expenses in the correct

period, pushing them to a future period to make current profits appear higher.

Q1: What is the term given to a method of fraud in the accounts receivable area, by
which cash or cheque receipts are stolen, and the theft concealed by setting subsequent
receipts against the outstanding debt?

O Collusion
O Misrepresentation
O Teeming and lading

Q2: Which of the following activities create vulnerability to fraud?

(1) Calculating payslips

(2) Preparing delivery notes
(3) Paying supplier invoices
(4) Meeting budgets and performance targets

O (3) only
O (1) and (3) only
O (1) and (2) only
O (1), (2), (3) and (4)

Q3: X plc has a bad debt policy whereby aged receivables who are obviously not going to
pay, are written off. The financial accountant does not enforce this policy.

This might be fraudulent insofar as it creates which of the following effects?

O It removes funds from the business

O It results in the understatement of profits and net assets
O It results in the overstatement of profits and net assets
O It results in the intentional overstatement of profits and net assets

FAU, FFM, FBT Kim Mara | 2

.
II | The Fraud Triangle: Preconditions for Fraud

 Fraud rarely occurs spontaneously; it typically requires a convergence of specific conditions.

The "Fraud Triangle" model posits three key preconditions: Dishonesty (an individual's
willingness or rationalisation to act unethically), Motivation (a pressure or incentive driving
the need), and Opportunity (a perceived chance to commit the act and avoid detection, often
due to weak controls).

 The simultaneous presence of these three elements significantly increases the likelihood of
fraud occurring.

2.1 | Dishonesty (Attitude / Rationalisation)

 What it is: The individual's internal willingness, justification, or predisposition that makes
committing fraud seem acceptable or necessary under the circumstances.

 Why it matters: This element represents the overcoming of personal ethical barriers
required to initiate a fraudulent act.

 Typical indicators / contributing factors:

o Personal character traits (e.g., low integrity, disregard for rules, need to 'win').

o Workplace culture that normalises or tolerates minor unethical acts (e.g., small
kickbacks, bending rules).

o Ability to rationalise the act (e.g., "I'm just borrowing it," "They owe me,"
"Everyone does it").

2.2 | Motivation (Pressure / Incentive)

 What it is: The pressure or compelling reason that pushes an individual towards committing
fraud – the problem they seek to solve or the gain they aim to achieve.

 Why it matters: This provides the driving force or 'need' that makes the risk of fraud seem
worthwhile to the individual.

 Typical indicators / contributing factors:

o Personal financial difficulties (e.g., debt, medical bills, addiction).

o Lifestyle pressures (e.g., maintaining a certain image, "keeping up with the

Joneses").

o Perceived inequality or feeling underpaid/undervalued.

o Performance pressures or unrealistic targets set by the company.

o Greed or a calculation that the potential fraudulent gain outweighs the perceived risk
of detection and punishment.

2.3 | Opportunity

 What it is: The perception by the individual that they can commit the fraud and avoid
detection due to weaknesses in the system.

 Why it matters: This element is created by failures or gaps in internal controls, allowing the
fraudulent act to be executed and potentially concealed. This is the element most directly
influenced by the organisation.

FAU, FFM, FBT Kim Mara | 3

.
  Typical indicators / contributing factors (Examples of Weak Controls):

1. Lack of Segregation of Duties: One person controls multiple conflicting parts of a

process (e.g., authorisation, custody of assets, record-keeping).

2. Poor Supervision or Inadequate Audits: Insufficient management oversight or

predictable/ineffective internal/external audit procedures.

3. Lack of Transparency: Complex, unclear, or hidden financial processes make it

hard for others to detect irregularities.

4. Inadequate physical controls over assets.

5. Insufficient system access controls or monitoring.

Q4: Which word correctly completes this statement?

Dishonesty is a ▢▼ to act in ways which contravene accepted ethical, social,

organisational or legal norms for fair and honest dealing.

Pull down list

• Motivation
• Pre-disposition
• Stimulus

FAU, FFM, FBT Kim Mara | 4

.
III | Fraud Risk Assessment

 A Fraud Risk Assessment is a structured, systematic process undertaken by a company to

proactively identify where and why fraudulent activities might occur within its operations. It
involves examining external pressures, internal vulnerabilities (related to people, systems,
and culture), and specific high-risk business activities.

 The primary goal is to understand these potential weaknesses thoroughly so that effective
controls and security measures can be designed and implemented to prevent or detect fraud.

3.1 | External Factors (Pressures from Outside)

 What it is: Conditions originating outside the company (economic, industry, regulatory,
societal) that can create pressure or justification for individuals inside to commit fraud.

 Why it matters: These factors often heighten the 'Motivation' element of the Fraud Triangle
for employees or the company itself.

 Typical indicators / Examples:

o Economic downturn: Increased pressure on employees/company to meet targets or

personal financial hardship.

o New tax laws: Creates incentives to hide income/assets fraudulently.

o Tougher regulations: Pressure to falsify compliance data to avoid penalties.

3.2 | Internal Factors (Weak Spots Inside)

 What it is: Conditions, characteristics, or changes within the company related to its people,
systems, or culture that can increase fraud likelihood.

 Why it matters: These factors can impact any element of the Fraud Triangle (Motivation,
Opportunity, Dishonesty/Rationalisation).

 Typical indicators / Sub-types:

o People: Low employee morale, perceived unfair treatment, inadequate

compensation, known personal financial difficulties among staff.

o Systems: Poorly designed operational processes, lack of adherence to procedures,

technological loopholes, inadequate monitoring or controls.

o General Mood (Culture): Weak "tone at the top," a culture where rule-bending is
common, unethical behaviour is tolerated or goes unpunished.

3.3 | Specific Risk Areas (Company Hotspots for Fraud)

 What it is: Particular functions, departments, or processes within the business that, due to
their nature, are inherently more susceptible to certain fraud schemes.

 Why it matters: These represent potential 'Opportunity' hotspots, especially if specific

controls related to these activities are weak or missing.

 Illustrative examples:

1. Cash handling: Areas involving physical cash (registers, petty cash, donations) due
to ease of theft.

FAU, FFM, FBT Kim Mara | 5

.
 2. Purchasing & Payables: Processes for buying goods/services and paying bills (risk
of fake suppliers/invoices, kickbacks, false expense claims).

3. Payroll: Paying employees (risk of ghost employees, phantom overtime/unworked

hours).

4. Inventory or Assets: Managing physical goods or company property (risk of theft,

misuse for personal gain).

5. Revenue Recognition: Recording sales income (risk of fictitious sales, premature

revenue booking).

Q5: All of the following, with one exception, are internal factors which might increase
the risk profile of a business.

Which is the exception?

O Increased competition
O Corporate restructuring
O Upgraded management information system
O New personnel

Q6: Which of the following would most clearly present a personnel risk of fraud?

O Segregation of duties
O High staff morale
O Staff not taking their full holiday entitlements
O Consultative management style

Q7: Which of the following is NOT a key risk area for computer fraud?

O Hackers
O Lack of managerial understanding
O Inability to secure access to data
O Integration of data systems

FAU, FFM, FBT Kim Mara | 6

.
IV | Implications of Fraud for the Organisation

 Fraudulent activities inflict substantial damage on an organisation, extending beyond the

initial breach of trust. The consequences typically fall into two main categories: direct theft
of assets, which immediately reduces available funds, lowers profits, and can threaten the
company's survival, and the misrepresentation of the company's financial picture.

 Falsifying financial performance, whether by overstating profits (leading to excessive

payouts, poor investments, and lost trust) or understating them (causing bad publicity,
reputational harm, and legal issues), deceives stakeholders and can have devastating long-
term effects.

4.1 | Direct Theft of Assets

 What it is: The direct removal or stealing of the company's tangible or monetary assets (e.g.,
cash, inventory, equipment) by employees or associates.

 Consequences:

o Reduces Available Funds: Less cash on hand to meet operational needs, pay bills,
or fund payroll.

o Lowers Profit: The value of stolen assets directly decreases reported profits.

o Risk of Collapse: Significant or sustained theft can deplete resources entirely,

potentially forcing the company out of business.

4.2 | Misrepresenting the Financial Picture

 What it is: Deliberately altering the company's accounting books and financial reports to
present an inaccurate view of its financial health or performance.

 General Consequence: Deceives internal and external stakeholders (management, investors,

lenders), leading them to make decisions based on false information.

4.2.1 | Overstating Profits (Making the Company Look Better)

o What it means: Manipulating records to show higher revenues or lower expenses

than reality.

o Common tricks: Recording fictitious sales, inflating inventory values, delaying the
recording of incurred costs.

o Impacts:

 Paying out too much: Distributing excessive dividends based on non-

existent profits, leading to cash shortages.

 Bad investments: Management making poor strategic or investment

decisions based on inflated performance metrics.

 Broken Trust: Severe loss of confidence from investors, banks, and the
market once the manipulation is discovered, potentially leading to
withdrawn investment, credit denial, and lawsuits.

FAU, FFM, FBT Kim Mara | 7

.
4.2.2 | Understating Profits (Making the Company Look Worse / Hiding Something)

o What it means: Manipulating records to show lower revenues or higher expenses

than reality.

o Common tricks: Deliberately exaggerating expenses, improperly deferring earned

revenue to future periods.

o Impacts:

 Bad Publicity: Negative perception of company performance, potentially

deterring investors or causing stock price declines.

 Damaged Reputation: Undermines the company's image and perceived

stability among customers, suppliers, and partners.

 Legal Problems: Can lead to regulatory investigations, fines, lawsuits, and

criminal charges for misleading investors or evading taxes.

Q8: Which TWO of the following stakeholders will be most directly affected if a
business overstates its financial position?

□ Staff
□ Customers
□ Investors
□ Suppliers

Q9: All of the following, except one, are potential impacts on a business of removal of
significant funds or assets.

Which is the exception?

O Fall in returns to shareholders

O Reduction in profits
O Increase in working capital
O Reputational damage

FAU, FFM, FBT Kim Mara | 8

.
V | Internal Controls for Fraud Prevention and Detection

 Organisations utilise Internal Controls as built-in operational safeguards designed with two
primary goals regarding fraud: Prevention (making it difficult or impossible for fraud to
occur) and Detection (identifying fraud quickly after it happens to limit damage).

 Key approaches include Segregation of Duties (dividing sensitive tasks among multiple
people), employing a Proactive Internal Audit function (actively searching for weaknesses
and irregularities using risk-based methods and data analytics), and implementing Business
Area Specific Controls tailored to the unique risks inherent in different departments like
sales, procurement, or IT.

5.1 | Segregation of Duties (SoD)

 What it is: A fundamental prevention control principle where key, incompatible duties
within a process are assigned to different individuals.

 Why it matters: Makes it significantly harder for one person to commit and conceal fraud
unilaterally, as they lack control over the entire transaction lifecycle. Fraud typically requires
collusion between individuals, which increases risk and complexity for the fraudsters.

 Problem Addressed: The high risk of fraud and ease of concealment when a single
individual controls conflicting steps (e.g., authorising payments and recording them).

5.2 | Proactive Internal Audit

 What it is: An independent, internal function tasked with deliberately and regularly
searching for control weaknesses, operational inefficiencies, errors, and indicators of fraud.

 Why it matters: Acts as a key detection mechanism, aiming to identify issues internally
before they escalate or are discovered by external parties (regulators, external auditors),
allowing for timely correction.

 How it works / Key features:

o Uses risk-based planning to focus on high-priority areas.

o Conducts unannounced tests (surprise audits) to prevent concealment.

o Employs data analytics to identify suspicious patterns in large datasets.

o Provides rapid feedback to management on findings for prompt action.

 Problem Addressed: The risk that fraud or significant errors remain hidden because they
are intentionally concealed or not obvious without active investigation.

5.3 | Business Area Specific Controls

 What it is: Controls specifically designed and implemented to address the unique risks
inherent in particular business functions or departments.

 Why it matters: Acknowledges that a one-size-fits-all approach to controls is ineffective;

different activities require tailored safeguards.

 Problem Addressed: Generic controls failing to mitigate specific vulnerabilities present in

distinct operational areas (e.g., physical cash vs. digital data).

FAU, FFM, FBT Kim Mara | 9

.
  Illustrative examples:

1. Sales & Cash Handling: Using till counts (cash register logs) and reviewing
security camera footage against logs to prevent/detect skimming.

2. Procurement (Buying Goods): Requiring competitive quotes for significant

purchases and documenting supplier selection rationale to prevent kickbacks.

3. Inventory / Warehousing: Implementing electronic scanning for tracking items and

performing regular cycle counts to detect theft or phantom stock.

4. IT Systems: Requiring dual management approval for new user accounts and using
software to monitor system logs for unauthorized data access attempts.

Q10: Which of the following internal controls might be least effective in preventing
fraud, if staff are in collusion with customers?

O Physical security
O Requiring signatures to confirm receipt of goods or services
O Sequential numbering of transaction documents
O Authorisation policies

Q11: Which of the following would NOT form part of a fraud response plan?

O Suspending staff suspected of fraudulent activity

O Investigating the activities and contacts of a suspected fraudster
O Fraud awareness training and recruitment controls

Q12: Only allowing purchasing staff to choose suppliers from an approved list is an
example of what sort of fraud prevention measure?

O Segregation of duties
O Appropriate documentation
O Limitation control
O Check control

Q13: Which of the following statements about fraud prevention is NOT true?

O Cash sales are an area of high risk of fraud.

O Performance-based rewards for managers reduce the risk of fraud.
O Emphasis on the autonomy of operational management may weaken controls.
O Fraud awareness and ethics education can reduce the risk of fraud

FAU, FFM, FBT Kim Mara | 10

.
VI | Responsibility for Detecting and Preventing Fraud

6.1 | Directors (Board Members / Senior Executives)

 Who They Are: The highest level of leadership responsible for steering the company.

 Responsibilities ('What They Must Do'):

1. Promote Honesty (Set the Tone at the Top): Demonstrate ethical leadership and
establish a clear expectation of integrity throughout the organisation, creating an
ethical culture.

2. Protect Company Property (Safeguard Assets): Ensure that adequate internal

controls (systems, rules, processes) are implemented and maintained to protect all
company assets from loss, damage, or theft.

3. Oversee Fraud Prevention and Detection Systems: Ensure specific measures are
in place to prevent fraud (like effective Segregation of Duties) and detect it promptly
if it occurs (like ensuring regular internal/external audits).

4. Ensure Reliable Financial Information: Establish policies and procedures to

guarantee that the company's financial reporting process is robust and produces
truthful, accurate financial statements that reflect actual performance and position.

6.2 | External Auditors

 Who They Are: Independent professionals or firms engaged by the company to provide an
objective assessment of its financial statements.

 Main Job: To examine the company's formal financial reports and provide assurance to
stakeholders.

 Responsibilities ('What They Must Do'):

1. Express an Opinion on Financial Statements: Examine the Statement of Financial

Position, Statement of Profit or Loss, etc., and issue a formal opinion on whether
they are presented fairly and accurately in accordance with applicable accounting
standards.

2. Design Procedures to Detect Material Misstatements: Plan and perform audit

tests specifically aimed at identifying significant errors or fraud that could mislead
users of the financial statements. (Note: They provide reasonable, not absolute,
assurance).

3. Report Suspicious Findings: Communicate any findings indicative of potential

fraud or material error to the appropriate level of management and those charged
with governance (e.g., the board or audit committee). They may have further
reporting obligations to external authorities under certain legal/ethical circumstances
(e.g., if management is involved, or if required by law).

4. Issue a Qualified Opinion When Necessary: If material misstatements are

identified and management refuses to correct them, or if the auditor cannot obtain
sufficient evidence, they must modify their audit report (issue a qualified opinion) to
warn users about the unresolved issues or scope limitations, indicating the statements
may not be fully reliable.

FAU, FFM, FBT Kim Mara | 11

.
Q14: Which word or phrase correctly completes this statement?

In a limited company, or plc, it is the ultimate responsibility of ▢▼ to take reasonable

steps to prevent and detect fraud.

Pull down list

• The audit committee
• The board of directors
• The external auditor

FAU, FFM, FBT Kim Mara | 12

.
VII | Money Laundering

 Money laundering is the criminal process of disguising the illegal origins of funds ("dirty
money"), typically derived from activities like fraud, drug trafficking, or organized crime, to
make them appear legitimate.

 The core purpose is to obscure the link between the money and the underlying crime, thereby
avoiding detection by law enforcement, preventing asset seizure, and allowing criminals to
use the proceeds freely.

 This is generally achieved through a distinct three-stage process: Placement (introducing

illicit funds into the financial system), Layering (conducting complex transactions to hide
the source), and Integration (reintroducing the laundered funds into the legitimate
economy).

7.1 | Placement (Introducing "Dirty Money")

 What it is: The first stage where cash generated from criminal activity is physically placed
into the legitimate financial system.

 How it's done / Examples:

o Depositing cash into bank accounts (often broken down into smaller amounts to
avoid suspicion - known as 'structuring').

o Using cash to purchase monetary instruments (like money orders).

o Funneling cash through legitimate cash-intensive businesses (e.g., restaurants, car

washes, casinos) to co-mingle it with real revenue.

 Why it matters / Risks: This is often the point of highest vulnerability for detection, as
large or unusual cash transactions attract scrutiny from financial institutions and regulators.

7.2 | Layering (Obscuring the Trail)

 What it is: Separating the illicit proceeds from their source by creating complex layers of
financial transactions designed to disguise the audit trail 1 and provide anonymity.

 How it's done / Examples:

o Multiple transfers between various bank accounts.

o Moving funds electronically, often internationally to jurisdictions with weaker

oversight.

o Converting cash into different financial instruments (e.g., stocks, bonds).

o Buying and selling high-value assets (e.g., art, jewelry).

o Using shell companies, trusts, or intermediaries to obscure ownership.

 Why it matters / Purpose: To make it extremely difficult for investigators to trace the funds
back to their illegal origin.

FAU, FFM, FBT Kim Mara | 13

.
7.3 | Integration (Making Money Appear Legitimate)

 What it is: The final stage where the laundered money is returned to the criminal in a way
that makes it appear to be legitimate income or wealth.

 How it's done / Examples:

o Purchasing luxury assets (e.g., real estate, yachts, expensive cars).

o Investing in legitimate businesses (either existing ones or new ventures set up by the
criminal).

o Investing in financial markets (stocks, bonds).

o Setting up complex property or trust arrangements.

 Why it matters / Outcome: At this stage, the funds are fully assimilated into the legitimate
economy and become very difficult to distinguish from legally earned money, allowing the
criminal to use them without attracting attention.

Q15: Which word(s) completes the sentence?

▢▼ constitutes any financial transactions whose purpose is to conceal the origins of the
proceeds of criminal activity.

Pull down list

• Fraud
• Misrepresentation of results
• Money laundering
• Teeming and lading

Q16: The initial disposal of the proceeds of an illegal activity into apparently
legitimate business activity is known as what?

O Placement
O Layering
O Integration

FAU, FFM, FBT Kim Mara | 14

.