Don’t Overlook the Human Side of Controlling Fraud, Waste and Abuse

How many times as forensic accountants and fraud examiners have we reviewed the corrective action reports of client organizations  that use words like “mistakes”, “misunderstandings”,  and “improprieties” when trying to describe what went wrong and allowed a scenario involving fraud, waste or abuse to unfold right under management’s nose?   If you’re like me, too many times to recount.   Record keeping and data management procedures don’t commit improprieties and surely can’t do anything improper; its real people who make the mistakes and real people committing the improprieties.  Because as fraud examiners (FA) we focus primarily on the perpetrator and the specific facts surrounding his or her actions, FA’s view control systems as mechanisms to discourage or prevent certain types of human behavior.  This contrasts with the focus of financial and internal auditors who, under the influence of legislation like Sarbanes-Oxley, have recently  been less concerned with controls over  the actions of individual corporate players (soft controls) and more concerned with the testing of quantitatively expressible hard controls (like system edits).

Looking at the massive frauds of recent years, in every case, computers and support systems were used as tools to carry out actions stemming from the decisions of specific human players, in most cases in positions of great authority, to willfully distort financial data and outside reporting or to loot assets.  This is because a computer will always do exactly what its told to do and a human may not for any one of a hundred different reasons (she’s incompetent; he’s a fraudster and for any reason in between).  So, simply put,  every risk is not reachable just by the numbers.

In working our cases, we have to keep in mind that our client organizations can have the best designed control systems in the world, but if the person in charge of carrying out some aspect of that control system doesn’t know, or even care, what to do, then the whole process fails.  Both the design complexity of a control and the judgment required to prudently operate it are of equal importance.  Individual employee capabilities for action should never be overlooked in assessing a fraud scenario, with employees with the greatest capability always posing the greatest risk no matter where they are placed in the organization and no matter the complexity of the systems they have under their control.  For its human uniqueness that makes every individual instance of fraud, waste, or abuse, no matter the dollar size, different to some greater or less degree than any other instance.

Fraud examination involves the study of human character; so many pressures can result in an employee’s mistake in judgment and a critical mistake in judgment, if it represents a decision to commit fraud, can have a devastating effect on any company.   So take a holistic approach to client controls (hard and soft) in working your case and developing the most descriptive fraud scenarios; don’t lose sight of the fact that  the most significant scenarios often involve senior levels of management  working individually or in collusion.  This general approach will best serve the interests of your client attorney and of our profession as a whole.

Comments are closed.