By Simon Padgett

This article was first published in the April 2015 international edition of Accounting and Business magazine.

The ACFE in 2020 estimated that a typical organization loses 5 per cent of its annual revenue to fraud. Applied to the estimated recent gross world product, this figure translates to a potential total fraud loss of more than US$5 trillion worldwide, Put in context, fraud is material.

Profiling is a part of everyday life for all of us, as we use our experiences to determine how to get through the day’s activities and solve the problems that present themselves. For example, as we approach the winter months we know we need warmer clothing. How? Because last winter told us so. When we drive through an intersection or the traffic lights turn red, we know what to do or how to react to the event because we have done it so many times before.

More to the point, we can identify the cold of winter and the challenges we face while driving because we have seen the patterns on numerous occasions before, and our brains have analyzed the information at that time, stored the patterns of data, and drawn on the stored memory to deal with the current event. 

An everyday activity – but not in anti-fraud

Every day we profile individuals on the basis of our previous experience in precisely these ways. If this process works in dealing with the characteristics of day-to-day activities and the people we come into contact with, then why is it not more prevalent in the fight against fraud?

Many forensic investigations do not have a formal process for either drawing from or contributing to fraud type and fraudster profiling. Yet fraud profiling could serve as an aid to fraud investigations. Valuable data and information on offenders and fraud situations and scenarios is not being used as much as it should or could be by investigators in the identification of fraud in the workplace.

Occupational fraud or white-collar crime has a relatively high rate of incidence but a relatively low rate of detection, rendering it one of the significant crime challenges of the 21st century. Organizations can manage this fraud risk more effectively by integrating and using previous knowledge about individual fraudsters, the situational environment, and the typical motivations of fraudsters.

The typical offender

Empirical research on fraud types and fraud offenders yields common characteristics. For example, statistically, the average fraudster is male, married and a graduate, and has a professional relationship (usually as an employee) with the victim organization. The average fraudster is in approximGenderately the same gender ration as the gender ratio of the management team. A fraudster is more likely to work in the accounting, finance or procurement department – those being the gatekeeper elements of the business process – rather than in the internal audit department. 

Currently, the typical fraudster is more likely to be working for a financial services organization, according to the ACFE. Research has revealed many types of fraud offender and the circumstances in which fraud is committed. Much of this research tells us that the fraudster is an opportunistic offender with no criminal record who, out of greed, abuses a position of financial trust to commit a fraud either on their own or with few accomplices. 

One interesting research finding is that most fraud offenders employ complex methodologies to carry out and also to hide their crimes. This has implications for prevention strategies insomuch as the traditional barriers to fraud of internal accounting controls and employment screening are no longer sufficient on their own.

If profiling techniques are to be added to the fraud investigator’s toolbox, we must first ask – and, more importantly, answer – some questions. For example, how does profiling assist and add value to investigations? What key aspects of an offender profile should be included in the profiling, and are such details as marital status, age and race really necessary here, along with the fraudster’s background, skill and professional qualifications?

High risk DeptAlso, it would be beneficial to include in such profiling the characteristics of the fraud scheme or scenario itself and the situation that lends itself to the fraud? Should the type of victim organization be analyzed, and should this be further categorized as to which departments and divisions are more prone to fraud attack? 

Many surveys tell us that 80–85% of fraud is committed by insiders. So if we knew from which departments the fraudsters emanate or, possibly more importantly, which vulnerable departments they try to be recruited into, this could be a focus for proactive fraud risk management and reactive investigation.

All too often we focus on the control environment, and quite often people are fundamental to that control environment or at least key elements of it. People are the weakest link. How strong is the actual control in a segregation of duties control if the employees in the process exhibit characteristics that place their honesty and integrity in doubt? Surely, if the human element of the control environment is not considered, then such controls are weak or even non-existent. Profiling of these employees is fundamental to an effective control environment. There is no doubt, however, that a full understanding of what fraud is, and which measures are best suited to combating fraud, is absolutely necessary before we can start to profile fraudsters and their actions.

Mitigation, not elimination

We have to face the fact that fraud cannot be entirely eliminated. Internal controls and security systems reduce the risk, but there are no guarantees, and the track record of prevention and detection is not that great. People can be ingenious and their behavior unpredictable. Some are desperate; many are merely risk takers. Most are both.

Some employees may have a lot more devious entrepreneurial spirit than is commonly assumed. If fraud is committed by trusted employees who know the system, then it is quite likely that they also know how to bypass these controls. That in turn means something more is required in the preventative and detective fight.

Fraud profiling identifies the characteristics of the fraudster and their fraud. If you know what it looks like, you can identify or recognize it and catch it when it happens. And if you catch it when it happens, it will make the next person think twice about committing fraud and will leave investigators with key indicators of the behavioral or situational patterns or footprints for the future.

In many parts of the world, the likelihood of employee fraud increases in periods of economic slowdown or recession. Apart from the increase in financial need, there is increased psychological pressure on employees.

Employees tend not only to be under greater personal financial stress currently, but may also suffer from greater personal insecurity about their future in the organization.

When close colleagues are laid off, fear and insecurity prevail. This brings about a further dimension to the profiling scenario – including the economic environment as a constituent part of profiling fraudsters. Put simply, human beings in a deprived part of a city in a country going through economic slowdown might be more apt to commit Fraud Agefraud than those earning good tax-free salaries in a country that is booming or bypassing recession.

It’s like this

In summary, fraud happens. It happens in any organization that has money or assets, irrespective of profitability. Quite often, fraud is a cause of an organization not being profitable.

The fraudster is internal: 80–85% of fraud is committed by persons inside the organization, by our colleagues, who are more often than not at a senior level and to whom we report and on whom we rely to safeguard the assets of the business.

We have to adopt the attitude that the fraudster is within our organization, and so it is only prudent that we alter the paradigm and expect that fraud will happen and adopt a preventative strategy. In order for an organization to be ahead of the curve, that strategy has to include the relatively new dimension of fraud profiling.

(Graphs from the ACFE report to the nations 2020)