top of page
  • Writer's pictureElayna Allan

Introduction to Fraud

Updated: Jul 25, 2023

What do we mean by Fraud? All organizations are subject to risks of fraud. Organizations are focused on risks related to frauds now more than ever, mainly because in the last two decades frauds have led to the downfall of entire organizations, huge investment losses, significant legal costs, imprisonment of key individuals, and loss of confidence in capital markets. The IIA’s IPPF defines fraud as: … any illegal act characterized by deceit, concealment, or violation of trust. These acts are not dependent upon the threat of violence or physical force. Frauds are perpetrated by parties and organizations to obtain money, property, or services; to avoid payment or loss of services; or to secure personal or business advantage. According to the IIA “1210.A2”, “Fraud encompasses an array of irregularities and illegal acts characterized by intentional deception. It can be perpetrated for the benefit of or to the detriment of the organization and by person outside as well as inside the organization”. According to the ACFE,” All multifarious means which human ingenuity can devise, and which are resorted to by one individual to get an advantage over another by false suggestions or suppression of the truth”. What does Fraud Involve? According to ISA 240 fraud may involve: · Manipulation, falsification or alteration of records or documents. · Misappropriation of assets. · Omission of the effects of transactions from records or documents · Recording of transactions without substance. · Misapplication of accounting policies Why do people commit Fraud? Occurrence of the fraud depends on various factors. Fraud Triangle is a common model that brings together a number of these aspects. This model argues that fraud may potentially result from a combination of three factors: motivation, opportunity, and rationalization.

Motivation In simple terms, motivation is typically based on either greed or need. Many people, due to the nature of their job, are exposed to opportunities to commit fraud. Personality and temper, including how frightened people are about the consequences of taking risks, play a role. Some people with good objective principles can fall into bad company and develop tastes for the fast life, which persuades them to fraud.


Fraud is more likely in companies where there is a weak internal control system, poor security over company property, little fear of exposure and likelihood of detection, or unclear policies about acceptable behaviour. Research has shown that some employees are totally honest, some are totally dishonest, but that many are swayed by opportunities.


Many people obey the law because they believe in it and/or they are afraid of being shamed or rejected by people they care about if they are caught. However, some people may be able to rationalize fraudulent actions as:

  • Necessary – especially when done for the business

  • Harmless – because the victim is large enough the impact is immaterial.

  • Justified – because ‘the victim deserved it’ or because I was mistreated.’

Responsibility in relation to Prevention and Detection of Fraud

Management Responsibility for Fraud

According to ISA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements:

“The primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and management. It is important that management, with the oversight of those charged with governance, place a strong emphasis on fraud prevention, which may reduce opportunities for fraud to take place, and fraud deterrence, which could persuade individuals not to commit fraud because of the likelihood of detection and punishment.

This involves a commitment to creating a culture of honesty and ethical behavior which can be reinforced by an active oversight by those charged with governance. In exercising oversight responsibility, those charged with governance consider the potential for override of controls or other inappropriate influence over the financial reporting process, such as efforts by management to manage earnings to influence the perceptions of analysts as to the entity’s performance and profitability.”

External Auditor’s Responsibility for Fraud

According to ISA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements:

“An auditor conducting an audit in accordance with ISAs is responsible for obtaining reasonable assurance that the financial statements taken are free from material misstatement, whether caused by fraud or error... (O)wing to the inherent limitations of an audit, there is an unavoidable risk that some material misstatements of the financial statements will not be detected, even though the audit is properly planned and performed in accordance with the ISAs”

Although primary responsibility for fraud prevention and detection does not sit with the auditor, ISA 240 does call for auditors to include methods for identifying potential cases of fraud when planning and conducting the audit. It requires auditors to:

  • Discuss the risk of fraud with management and those charged with governance

  • Discuss with the audit team the susceptibility of the accounts to material misstatements due to fraud

  • Consider whether one or more fraud risk factors are present

  • Perform audit procedures to address the risk of management override

  • Test journal entries and review accounting estimates for bias

  • Understand the business rationale for transactions outside the normal course of business

  • Obtain representations from management

  • Bear in mind the implications for money laundering reporting (taking care not to tip off the client).

Common Fraud Indicators

The risk of fraud can never be eliminated. However, some of the most common indicators can provide early warning that something is not quite right and increase the likelihood that the fraud will be discovered. These indicators can be divided into business risk, financial risk, environmental risk and IT and data risk.

Business risk

  • Absence of an anti-fraud policy and culture

  • Failure of management to implement a sound system of internal control and/or to always demonstrate commitment to it

  • Lack of financial management expertise and professionalism in key accounting principles, review of judgements made in management reports and the review of significant cost estimates

  • A history of legal or regulatory violations within the organization

  • Relation between the management and internal or external auditors is strained

  • Lack of clear management control of responsibility, authorities, delegation, etc.

  • Bonuses are linked to ambitious financial results

  • Inadequate recruitment processes and absence of screening

  • Unusually close relationships – internal and external

  • Unhappy employees who have access to desirable assets

  • Personal financial pressures on key staff

  • Employees not taking annual leave requirements

  • Lack of job segregation and independent checking of key transactions

  • Lack of identification of the assets

  • Poor management accountability and reporting systems

  • Poor access controls to physical assets and IT security systems

  • Poor documentary support for specific transactions such as rebates and credit notes

  • Large cash transactions

  • Susceptibility of assets to misappropriation.

Financial risk

  • Management compensation is highly dependent on meeting aggressive performance targets

  • Significant pressures on management to obtain additional finance.

  • Use of tax havens without clear justification

  • Complex transactions

  • Use of complex financial products

  • Complex legal ownership and/or organizational structure

  • Rapid changes in profitability

  • Existence of personal or corporate guarantees.

Environmental risk

  • The introduction of new accounting or other regulatory requirements, including health and safety or environmental legislation, could significantly alter reported results

  • Highly competitive market conditions and decreasing profitability levels within the organization

  • The organization operating in a declining business sector and facing going-concern issues

  • Frequent technological changes may increase the potential for product obsolescence

  • Significant changes in customer demands.

IT and data risk

  • Unauthorized access to systems by employees or external attackers

  • Quick changes in information technology

  • Users not adopting good computer security practices, e.g., sharing or displaying passwords

  • Unauthorized electronic transfer of funds or other assets

  • Manipulation of programs or computer records to disguise the details of a transaction

  • Compromised business information

  • Breaches in data security and privacy

  • Sensitive data being stolen, leaked or lost.

473 views0 comments

Recent Posts

See All


bottom of page