TRIANGLES: RISK TRIANGLE vs FRAUD TRIANGLE

-

 

RISK TRIANGLE

Crichton's risk triangle of hazard, exposure, and vulnerability is commonly used to show the relationship that leads to risk. This plays a vital role in illustrating the link between threats to assets, their exposure to these threats, and vulnerabilities that could be exploited by threats.

A risk is the potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss or damage to the asset. Generally, a risk is any event, occurrence, or action that may prevent an organization from realizing its ambitions, plans, and goals. A risk arises from three conditions called risk factors, namely the existence of a threat (hazard), exposure of an asset to that threat and the vulnerability in the asset. A threat transforms into a hazard when presented with an opportunity to utilize an asset’s existing vulnerability. In this case, a hazard is a single event or series of events characterized by the magnitude and likelihood of occurrence.

Crichton’s risk triangle suggests that the broader the base of the triangle (exposure) the greater the risk to which an asset is exposed. A threat can only attack an asset if a vulnerability, a flaw, or weakness exists in that asset and could be exploited by an adversary to cause damage to an organization‟s interests. Vulnerability is a combination of the attractiveness of a facility as a target and the level of deterrence and (or) defense provided by the existing security controls. Therefore, vulnerability is the degree to which the exposed elements of an information system will suffer a loss, from the impact of a hazard. A threat-source does not present a risk when there is no vulnerability that can be exercised.  

 FRAUD TRIANGLE

The fraud triangle is widely used by anti-fraud professionals to explain conditions that could motivate individuals or companies to engage in fraud. The model can also be used to highlight economic or industry-wide conditions that can lead to a higher overall risk. To identify risk, anti-fraud professionals look for the presence of the following three factors:

1.   Motivation

2.   Opportunity

3.   Rationalization

Motive

Economic conditions such as a financial crisis can make pressure particularly acute, increasing the temptation for fraud. Motive refers to an employee’s mindset towards committing fraud. Examples of things that provide incentives for committing fraud include Bonuses based on financial metrics, investors and analyst expectations, and personal incentives amongst others.

 Opportunity

Opportunity refers to circumstances that allow fraud to occur. In the fraud triangle, it is the only component that a company exercises complete control over. Examples that provide opportunities for committing fraud include weak internal control, poor tone at the top, inadequate account policy etc.

Rationalization

When opportunities to commit fraud exist alongside motivation, the fraud triangle suggests that a third, necessary component for fraud is the ability for employees to justify fraud. Employees may have an easy time rationalizing fraud, for example, An individual may be spiteful towards their manager or employer and believe that committing fraud is a way of getting payback (“They treated me wrong”), A poor tone at the top may cause an individual to follow in the footsteps of top management. An individual may believe that they might lose everything (for example, losing a job) unless they commit fraud.

#Accounting #InternalControls #riskmanagement #fraud #fraudprevention #riskmitigation #risk

Popular posts from this blog

PAYABLE ON DEATH (POD)

-
Image
  WHO IS AFRAID OF PAYABLE ON DEATH (POD)? There are indications that a sizable percentage of the dormant bank accounts belong to individuals who died without leaving clear arrangements on how relatives and other beneficiaries could easily access the funds in their accounts. In a video, which has since gone viral, a young individual came up with what he described as a simple solution to the above scenario. He advises any depositor to simply approach his bankers and demand the Payable On Death (POD) form, which upon completion, would make it possible for his named beneficiary or beneficiaries to gain access to the fund in his account upon his death without going through the complexities of the probate route. Expectedly the video has generated interest and questions with many making enquiries on how to integrate the POD option into their banking transactions. WHAT IS A POD? Payable on Death (POD) is defined as an arrangement between a bank and a client that designates beneficiaries t...
Read more