Esther An

This article was first published in the April 2015 international edition of Accounting and Business magazine.

The typical organisation loses 5 per cent of its annual revenue to fraud. Applied to the estimated recent gross world product, this figure translates to a potential total fraud loss of more than US$3.7 trillion worldwide, according to the Association of Certified Fraud Examiners’ (ACFE) 2014 Report to the nations on occupational fraud and abuse. Put in context, fraud is material.

Profiling is a part of everyday life for all of us, as we use our experiences to determine how to get through the day’s activities and solve the problems that present themselves. For example, as we approach the winter months we know we need warmer clothing. How? Because last winter told us so. When we drive through an intersection or the traffic lights turn red, we know what to do or how to react to the event because we have done it so many times before. 

More to the point, we can identify the cold of winter and the challenges we face while driving because we have seen the patterns on numerous occasions before, and our brains have analysed the information at that time, stored the patterns of data, and drawn on the stored memory to deal with the current event. 

Now consider your favourite sport and trying to work out who will win a match or competition. In the same way we recall previous events, we recall the history of sports teams and individuals. Footballers of a certain age may be at their peak, rugby players from a certain continent may win more games, and marathon runners from certain African countries are likely to run the fastest times. 

An everyday activity – but not in anti-fraud

Every day we profile individuals on the basis of our previous experience in precisely these ways. If this process works in dealing with the characteristics of day-to-day activities and the people we come into contact with, then why is it not more prevalent in the fight against fraud? 

Many forensic investigations do not have a formal process for either drawing from or contributing to fraud type and fraudster profiling. Yet fraud profiling could serve as an aid to fraud investigations. Valuable data and information on offenders and fraud situations and scenarios is not being used as much as it should or could be by investigators in the identification of fraud in the workplace.

Occupational fraud or white-collar crime has a relatively high rate of incidence but a relatively low rate of detection, rendering it one of the significant crime challenges of the 21st century. Organisations can manage this fraud risk more effectively by integrating and using previous knowledge about individual fraudsters, the situational environment, and the typical motivations of fraudsters. 

The typical offender

Empirical research on fraud types and fraud offenders yields common characteristics. For example, statistically, the average fraudster is male, married and a graduate, and has a professional relationship (usually as an employee) with the victim organisation. A fraudster is more likely to work in the accounting, finance or procurement department – those being the gatekeeper elements of the business process – rather than in the internal audit department. 

Currently, the typical fraudster is more likely to be working for a financial services organisation, according to the ACFE. Research has revealed many types of fraud offender and the circumstances in which fraud is committed. Much of this research tells us that the fraudster is an opportunistic offender with no criminal record who, out of greed, abuses a position of financial trust to commit a fraud either on their own or with few accomplices. 

One interesting research finding is that most fraud offenders employ complex methodologies to carry out and also to hide their crimes. This has implications for prevention strategies insomuch as the traditional barriers to fraud of internal accounting controls and employment screening are no longer sufficient on their own.

If profiling techniques are to be added to the fraud investigator’s toolbox, we must first ask – and, more importantly, answer – some questions. For example, how does profiling assist and add value to investigations? What key aspects of an offender profile should be included in the profiling, and are such details as marital status, age and race really necessary here, along with the fraudster’s background, skill and professional qualifications?

Also, would it be beneficial to include in such profiling the characteristics of the fraud scheme or scenario itself and the situation that lends itself to the fraud? Should the type of victim organisation be analysed, and should this be further categorised as to which departments and divisions are more prone to fraud attack? 

Many surveys tell us that 80–85% of fraud is committed by insiders. So if we knew from which departments the fraudsters emanate or, possibly more importantly, which vulnerable departments they try to be recruited into, this could be a focus for proactive fraud risk management and reactive investigation.

All too often we focus on the control environment, and quite often people are fundamental to that control environment or at least key elements of it. People are the weakest link. How strong is the actual control in a segregation of duties control if the employees in the process exhibit characteristics that place their honesty and integrity in doubt? Surely, if the human element of the control environment is not considered, then such controls are weak or even non-existent. Profiling of these employees is fundamental to an effective control environment. There is no doubt, however, that a full understanding of what fraud is, and which measures are best suited to combating fraud, is absolutely necessary before we can start to profile fraudsters and their actions.

Mitigation, not elimination

We have to face the fact that fraud cannot be entirely eliminated. Internal controls and security systems reduce the risk, but there are no guarantees, and the track record of prevention and detection is not that great. People can be ingenious and their behaviour unpredictable. Some are desperate; many are merely risk takers. Most are both. 

Some employees may have a lot more devious entrepreneurial spirit than is commonly assumed. If fraud is committed by trusted employees who know the system, then it is quite likely that they also know how to bypass these controls. That in turn means something more is required in the preventative and detective fight. 

Fraud profiling identifies the characteristics of the fraudster and their fraud. If you know what it looks like, you can identify or recognise it and catch it when it happens. And if you catch it when it happens, it will make the next person think twice about committing fraud and will leave investigators with key indicators of the behavioural or situational patterns or footprints for the future.

In many parts of the world, the likelihood of employee fraud increases in periods of economic slowdown or recession. Apart from the increase in financial need, there is increased psychological pressure on employees.

Employees tend not only to be under greater personal financial stress currently, but may also suffer from greater personal insecurity about their future in the organisation. 

When close colleagues are laid off, fear and insecurity prevail. This brings about a further dimension to the profiling scenario – including the economic environment as a constituent part of profiling fraudsters. Put simply, human beings in a deprived part of a city in a country going through economic slowdown might be more apt to commit fraud than those earning good tax-free salaries in a country that is booming or bypassing recession.

It’s like this

In summary, fraud happens. It happens in any organisation that has money or assets, irrespective of profitability. Quite often, fraud is a cause of an organisation not being profitable. 

The fraudster is internal: 80–85% of fraud is committed by persons inside the organisation, by our colleagues, who are more often than not at a senior level and to whom we report and on whom we rely to safeguard the assets of the business. 

We have to adopt the attitude that the fraudster is within our organisation, and so it is only prudent that we alter the paradigm and expect that fraud will happen and adopt a preventative strategy. In order for an organisation to be ahead of the curve, that strategy has to include the relatively new dimension of fraud profiling.

To identify anything, you have to know what it looks like. If you don’t know what it looks like, you may walk right past it without recognising it. There are an infinite number of characteristics of fraud offenders and fraud types or scenarios, and an infinite variety of industries, business structures, departments, accounting systems and so on. 

There is no guarantee that a prevention strategy will always work, nor is there a guarantee that a detection strategy will work all the time, but research indicates that most occupational fraud is neither sophisticated nor well concealed. All that is required is to identify what a fraud in the organisation would look like, and it will, more than likely, be found. Profiling is not intended to provide an absolute guarantee of fraud detection, merely an incremental improvement in the odds against your business becoming a victim of fraud.

So if we can profile the footprints that accompany the act of fraud (see box), then we have a pretty good coverage of all likely characteristics, providing us with the greatest chance of recognising the fraudster and the fraud activity.

The process of profiling has to be made simple and understandable, yet it should be rigorous and comprehensive. Its objective is the development of a set of detection controls that will identify the characteristics of a fraudster or patterns that fraud would present if it were to occur in your business.

Simon Padgett FCCA is director, consulting and deals – forensic services – PwC Canada, and author of Profiling the Fraudster: Removing the Mask to Prevent and Detect Fraud.