Managing Fraud Risk

KPMG Integrity Survey points the way to risk management


Most of us believe we know fraud when we see it, but few of us feel comfortable actually defining the term “fraud.”

First and foremost, fraud is a legal concept. Only a court of law can determine if and when it has occurred. By definition, fraud always involves an intentional deception.

Fraud typically comes in the forms of fraudulent financial reporting, asset misappropriation and misconduct. In particular, fraudulent financial reporting is the misrepresentation of financial information that is required for management and/or external reporting. Asset misappropriation is the embezzlement or misuse of company assets for personal gain, while corruption includes activities that involve illegal or unethical conduct or violate law (involving criminal or civil penalties), government regulations or company policies.

Three Conditions of Fraud

There are typically three conditions present when a fraud occurs. These conditions comprise what is known as the fraud triangle. Understanding the concepts included in the fraud triangle is imperative to understanding how to manage fraud risk effectively.

The first condition typically present is opportunity, which may include poor or insufficient internal controls, the absence of proactive fraud detection measures, or a faulty tone at the top from executive management.

The second condition often present is incentive or pressure to commit fraud. In cases of fraudulent financial reporting, the pressure or incentive may be to meet budget targets, consensus-earnings expectations or debt covenants. For asset misappropriation, the pressure or incentive may be to support a drug or gambling habit, meet burdensome financial obligations or support a lifestyle not commensurate with income.

The third condition is rationalization, a concept that is often more difficult to understand. Simply put, most individuals cannot perpetrate wrongdoing unless they can justify it to themselves or others. Typically, perpetrators of financial fraud may say such things as, “We were going to make up for it next quarter,” “We are helping the company,” “We are protecting jobs” or “No one gets hurt.” With respect to asset misappropriation, you may expect to hear such statements as “I was only borrowing the money,” “I was doing it for a good cause” or “No one would miss it.”

How Broad a Problem Is Fraud?

How broad a problem is fraud? To find out, KPMG LLP conducted a blind survey of prescreened working adults who fell into demographic categories spanning all levels of job responsibility, 16 job functions, 11 industry sectors, and four thresholds of organizational size. The survey, now released as KPMG's 2005-2006 Integrity Survey, asked respondents whether they had personally seen or had firsthand knowledge of misconduct within their organizations over the past 12-month period. Seventy-four percent answered yes, compared with 76% in 2000.

These results demonstrate that fraud and misconduct remain prevalent and are not demonstrably declining. Around three-quarters of respondents were aware of fraud in their organizations, which makes one wonder: What are companies doing about it?

How Are Companies Responding to Fraud Risk?

In response to changes in the regulatory environment and recent events in the marketplace, companies are revisiting existing internal control policies and procedures as they relate to fraud and misconduct.

While many organizations intend to “do the right thing,” often their efforts in this area have been reactive and focused upon meeting deadlines and minimum requirements. Also, many of the new guidelines and frameworks are not very prescriptive and fail to provide clear guidance. Some organizations, though, have embraced the new requirements and frameworks and are transforming the way they approach fraud.

This content continues onto the next page...