The fraud triangle: Identifying and preventing workplace fraud

The terms ‘fraud’ and ‘scams’ are often used interchangeably, but they actually represent two distinct forms of deception. Both can cause devastating losses to individuals and organisations. Beyond the financial damage, the emotional impact on victims can be profound and long-lasting. 

In the simplest of terms, the easiest way to distinguish between the two types of activity is that fraud typically involves activity that an individual has not authorised, whereas a scam involves tricking an individual into authorising certain activities.  

For example, if an individual were to gain access to an individual’s bank account and make payments without the account holder’s consent, this activity would be considered fraud. A scam, on the other hand, involves tricking an individual into authorising certain activities. Whether it be deceiving a person into believing they are engaging in a genuine transaction or gaining access to their personal accounts (whether it be an email or bank account, etc.), these types of activities would be considered scams. 

Scams will also often enable fraud, as personal details and identification details gathered from scams, can be used to perform account takeovers.  

BDO’s forensic services experts provide insight into how organisations can identify and protect themselves from workplace fraud.  

Common types of workplace fraud 

Fraudulent activity comes in various forms, each with its own method of deception. While the objective of some fraud activities is to defraud an organisation out of physical money, the landscape of workplace fraud has shifted. The target is just as likely to be physical or system access or data exfiltration as it is direct financial leeching. Data can be readily converted to dollars, making the end result just as lucrative as stealing money directly from an organisation.  

Some common occurrences of workplace fraud include:   

  • Data theft and obtaining sensitive information: Employees accessing and stealing sensitive company information and data for personal gain or to sell to competitors.  
  • Misdirection of firm fees: The falsification of invoices to clients so an invoice or fee is paid directly into an employee’s bank account.  
  • Credit card fraud and unauthorised purchases: Employees using company credit cards for personal expenses and then forging these expenses by submitting them as business-related.  
  • Financial manipulation fraud: The manipulation of financial data to deceive company shareholders and stakeholders, or to be used to receive a performance-based bonus.  

Whilst these are just some examples of workplace fraud, people often think something like this would never happen at their organisation – until it does. Often, fraud can be undetected in an organisation for a lengthy period of time, and its impact can have far-reaching effects on an organisation and its employees. 

The fraud triangle

The fraud triangle is a concept that helps understand workplace fraud and the factors that lead individuals to commit fraud. It consists of three elements: opportunity, pressure, and rationalisation. When these three elements converge, the likelihood of fraud increases. 

Opportunity 

Opportunity refers to the conditions that allow fraud to occur. These could include weak internal controls, poor organisational culture, or a lack of oversight. To combat this, organisations can implement controls such as a division of responsibilities within an organisation, ensuring that no one person has complete control over a process without adequate checks and balances in place.  

Creating open-plan, shared working spaces can also help organisations increase the likelihood of detecting fraudulent behaviour within a workplace.  

Pressure 

Pressure can stem from personal circumstances, such as financial difficulties, or workplace pressures, such as unrealistic performance targets. Organisations can put in place several controls to support employees and protect themselves from workplace fraud.  

A whistleblower program can help encourage employees to report suspicious activities without the fear of retaliation. Whistleblowers are a critical component in reporting fraud and misconduct in the workplace, as they often provide pivotal evidence for a successful prosecution. Promoting a whistleblowing culture encourages transparency and integrity, as well as protecting the value within the organisation. 

Support services such as providing resources or employee assistance programs to help employees manage their personal and professional pressures can also help mitigate situations where an employee may consider committing fraud in the first place.  

Rationalisation 

Rationalisation involves justifying fraudulent behaviour to oneself. A person committing fraud can often convince themselves that they are doing something for the ‘greater good’ or that ‘everyone else is doing it’, so why shouldn’t they? They convince themselves that their actions are justified because they deserve more than what they are getting. This could be due to feelings of being underpaid, overlooked for promotions, or not receiving due recognition. 

Fraud awareness and training programs can deter rationalisation by educating employees about the consequences of committing fraud. They also often support in helping employees identify common fraud types in the workplace and what to be aware of.  

Other strategies that can help mitigate rationalisation and fraudulent behaviour in a workplace are a robust code of conduct that clearly outlines expected behaviours from employees and a strong anti-fraud and ethical behaviour culture led from the top down.  

Building a strong anti-fraud culture 

Understanding the fraud triangle can help organisations to identify where controls are best placed to deter and prevent fraud. By addressing each area, organisations can create an environment that discourages fraudulent behaviour. 

A strong anti-fraud culture, which involves continuous education, clear communication of policies, and a commitment to ethical behaviour at all levels of the organisation is crucial in discouraging and preventing fraud. Encouraging open discussions about fraud and its impacts can also help reinforce the importance of maintaining integrity in the workplace. 

Acting in the event of suspected workplace fraud 

Ideally, organisations will implement strong educational programs, policies, processes, and controls for the prevention, detection, and response to fraud. Protocols can be established to guide staff in reporting suspicious activity. Once fraud is reported, forensics should be alerted before any electronic devices are touched to avoid accidental deletion or overwriting of evidence. 

Just like any crime, motive, means and opportunity must be identified. There is no foolproof or one-size-fits-all roadmap to identifying and unveiling fraud. Locking down high-risk physical areas, assets and data is recommended until forensic professionals or authorities can investigate and determine whether fraud occurred and if so, how and by whom it was perpetrated. 

Awareness, training and controls are the key to preventing workplace fraud. To learn more about how BDO can support your organisation in identifying, preventing and responding to workplace fraud visit our fraud and corruption risk management services page.