Unmasking “Capability” - the fourth element in the Fraud Diamond Theory - as
a cause of frauds leading to corporate failure.
Takamirira Taruberekera
Department of Auditing
University of Pretoria
Abstract
Capability abuse is seen as a leading cause of corporate failure both in South Africa
and globally. The purpose of this paper is to broaden the understanding of
“Capability”, the fourth element in the Fraud Diamond construct as proposed by
Wolfe & Hermanson (2004:1-4). To accomplish this, the paper addresses two areas.
First, the literature on the components of capability is reviewed, noting specifically
from a more theoretical perspective, those factors that facilitate or promote the idea
of committing fraud, and their associated red flags. The processes and outcomes of
six fraud cases - three in South Africa and three from other jurisdictions - are then
analysed to confirm the theoretical observations and determine more specifically
how components of capability were abused by the perpetrators of these frauds..
The second area of focus addressed in this paper is ways of managing the risk of
abuse of capability. The article concludes that management’s abuse of its privileged
capabilities has a significant role to play in corporate failures, and therefore efforts
to manage capability must be independently and consciously taken to mitigate
corporate failures.
Key words
Capability; Capability abuse; fraud; fraud risk; corporate failure; fraud diamond;
causes of fraud.
1
1 INTRODUCTION
Until the early 19th century, most organisations were relatively small and were owned
and operated as sole proprietorships or partnerships, with limited accountability to
outside parties (Crous, Lamprecht, Eilifsen, Messier, Glover & Prawitt, 2012:6).
Nevertheless, during the industrial revolution businesses were growing from these
owner-managed entities into increasingly large corporations in which the owners
(shareholders) and management (executive directors) were separate and unrelated
parties (Crous et al., 2012:6). It has now become common practice that shareholders
(principals) appoint directors (agents) to manage their investments in companies
(Crous et al., 2012:6). The dynamics of this relationship are now commonly studied
as the principal-agent-theory. (Von Wielligh, Prinsloo, Penning, Butler, Nathan, Kunz,
Motholo, O’Reilly & Scholtz, 2014:5).
It is a commonly held assumption that principals take great care when appointing
agents, to ensure they are trust-worthy, loyal and honest, as well as capable of
managing their investments; however, this relationship is often characterised by
information asymmetry (where an agent knows more about the business than the
principle does), and the emergence of conflicts of interest (arising from conflicting
goals and objectives) (Crous et al., 2012:6; Von Wielligh et al., 2014:13). Thus,
managers may not always act in the best interest of the owners: funds may be spent
on projects accruing excessive benefits to managers in their personal capacities; or
reported performance may have been manipulated to earn managers higher bonuses
(Crous et al., 2012:6). Efforts to address the information asymmetry and to manage
the relationship between principals and agents has led to several interventions, such
as the development of accounting standards and professional and regulatory bodies’
development of formal guidance and principles, the appointment of independent
auditors, and governments’ enactment of legislation and, regulations to protect the
public interest (Crous et al., 2012:7-9; Von Wielligh et al., 2014:8-15). However,
despite the variety and intensity of the interventions implemented over the years to
manage the principal-agent relationship, the historic record still shows that fraudulent
behaviour by agents remains a significant risk to companies, often leading to severe
financial loss and/or their eventual bankruptcy (Association of Certified Fraud
Examiners (ACFE) 2014:14; 2018:33-37).
The Association of Certified Fraud Examiners (ACFE) has noted a significant
correlation between authority and the value of company losses in each of their biannual fraud surveys, dating back to 1996 (ACFE 2018:33). The 2016-17 ACFE study
indicates that despite the fact that owners/executives were responsible for only 19%
of the total number of fraud events reported in this study, their schemes contributed to
a median loss which was nearly six times larger than the median loss arising from
fraudulent actions of lower-level employees (ACFE 2018:33). This is ascribed to the
fact that high-level employees have greater access to their organisation’s assets, and
possess greater technical ability to commit and conceal fraud; the latter includes the
authority and ability to override normal controls, and thus to conceal their crimes more
effectively than lower-level employees can (ACFE 2018:33). These are all factors
associated with ‘capability’, the fourth element of the Fraud Diamond Theory (Wolfe &
Hermanson, 2004:2-3).
2
2 RESEARCH PURPOSE AND METHODOLOGY
It is true that fraud has devastated big and apparently robust companies in South Africa
and the rest of the world: examples include Enron, Global Crossings, WorldCom,
Sunbeam, Fidentia, Regal, and African Bank (James, Bierstaker, & Pacini, 2006: 521;
S v Brown, 2014; Myburgh, 2002:1-3; Fin24 2014 & 2015) and most recently, Steinhof
(Fin24 2018). Recognising from the introduction that most corporate failures happen
at the hands of those charged with its stewardship, this paper aims to broaden the
debate on capability as a significant cause of fraud that has led to notable corporate
failures both in South Africa and globally.
The purpose of this study is to broaden the understanding of “capability” – one of the
elements of the fraud diamond construct - as proposed by Wolfe & Hermanson
(2004:1-4). The study unpacks capability to shed more light on two research
questions. First: What are the distinct components of capability and the circumstances
that promote or cultivate capability to commit fraud? Secondly: What strategies could
organisations employ to manage the risk of fraud with specific emphasis on the
element of capability? Answers to the first question aid in understanding the concept
of capability and forms a basis for identifying signals (red flags) of the presence of this
element in an organisation, while answering the second question assists in managing
the risk associated with capability. It is hoped that knowledge of these factors will
assist forensic investigators and organisations to manage more effectively their
investigations of and strategies against fraud involving top management.
The study employs a non-empirical, qualitative review of published academic literature
and other relevant documents, including local and international court cases decided
between 2001 and 2018, in order to build on the theoretical argument that capability
is a fourth common cause of fraud that explains that corporate failures happen while
in the care of those (mostly in senior management positions) charged with its
stewardship.
While the purpose of this study was to shed more light on “capability” as a significant
cause of fraud leading to corporate failures, there are nevertheless other, usually
external factors, also implicated in some failures, over which organisations may have
more or less control. Thus, as this study has limited its analysis to only six corporate
failures with a focus on “capability” as the determining factor, a broader analysis would
be necessary to determine the relevance of other elements of the fraud diamond as
causes of fraud leading to corporate failures.
As mentioned earlier, this study acknowledges the findings of previous research that
the root cause of fraud is empirically rooted in the so-called fraud diamond.
Specifically, it is the fourth element, “capability”, which is linked to corporate failure.
This is discussed next.
3
3 DEVELOPMENT OF THE FRAUD DIAMOND THEORY
3.1 Fraud Triangle (Cressey’s Theory)
In his quest to understand why people violate trust by committing fraud, Cressey
(1953:973) interviewed 250 criminals in 5 months of research, and noted that their
behaviour met two criteria: first, people accepted responsibilities of trust in good faith,
and second, circumstances persuaded them to violate that trust (Kassem & Higson,
2012:192). Cressey’s study resulted in the formulation of the “fraud triangle” theory,
recognising the interconnectedness of the three factors that push people to commit
fraud, namely pressure, opportunity and rationalisation (Cressey, 1953:973-979,
1973:24). Cressey’s theory remains relevant and is widely regarded in anti-fraud
literature such as Biegelman and Bartow (2012:23); ACFE, (2014:14) Abdullahi, and
Mansor (2015a:312); Albrecht (2003:141), Albrecht, Albrecht and Albrecht (2004:110).
Abdullahi and Mansor (2015a:312-313) explain the elements of the fraud triangle,
pointing out that pressure refers to the factors that lead to unethical behaviour, and
can be both financial and non-financial; opportunity refers to the circumstances which
makes the commission of fraud more attractive, particularly where there is little or no
chance of the fraudster being caught; and rationalisation, the mental processes the
fraudster engages to justify the commission of fraud.
Although Cressey’s theory is still widely recognised and applied, a forth element
“capability”, is now strongly identified by authors to explain the impetus that triggers
the commission of particularly the more dramatic and devastating frauds (Wolfe &
Hermanson, 2004:1-4; Bressler & Bressler, 2007:23-26; Kassem & Higson, 2012: 191195). Justifying the need to add a fourth cause of fraud to Cressey’s triangle, Bressler
and Bressler (2007: 23-36) argue that the mere presence of the three elements
suggested in Cressey’s theory cannot lead to the commission of fraud: capability is
required to give ideas and opportunities real-world form, and to execute and conceal
the fraudulent act. Similarly, Kassem and Higson (2012:191-195) argue that fraud
cannot merely happen: it requires the impetus of a fraudster with the requisite skills
and capacity. Other authors agree that personal traits and skills determine when and
how fraud is perpetrated in a given environment (Baz, Samsudin, Che-Ahmad &
Popoola, 2016:68-71; Khan & Varma, 2016: 83-92). Wolfe and Hermanson (2004:12), explain that the eventual fraudulent act only occurs when the “right person with the
right capability” (personal traits and abilities) is in place.
3. 2 The Fraud Diamond
Wolfe and Hermanson’s (2004:1-4) Fraud Diamond Theory proposes that a fraudster
requires a thought process which recognises an incentive (motive) to satisfy a
personal need; an opportunity (which could be a maliciously exploitable weakness in
the operational cycle); rationalisation (justification to himself for the fraudulent act),
and lastly, capability, his personal command of the traits and abilities to instigate and
sustain the act of fraud. These observations are also supported by Kassem and
Higson (2012:191-195). These four elements have become known as The Fraud
Diamond. (See Figure 1.)
4
Figure 1: The Fraud Diamond
Source: Wolfe & Hermanson (2004:2)
It is now widely agreed that capability triggers fraud: morality aside, fraud is a
“business opportunity” that requires the would-be fraudster to consciously and
explicitly consider whether his abilities and traits are sufficient for the task.
The components of capability abuse - the factors that present the fraud as an
opportunity to the fraudster, and the red flags that should be looked for by those
charged with oversight and policing are discussed next. This is followed by an analysis
of court cases to substantiate and perhaps broaden the theoretical observations with
examples from practice.
4 COMPONENTS OF CAPABILITY
Wolfe and Hermanson (2004:2) describe capability as the personal traits and abilities
a person requires to commit fraud, having already rationalised the act to him-self, and
identified an opportunity. The National Association of State Auditors, Comptrollers and
Treasurers (NASACT) and the Oregon State Controller’s Division (2018: online)
provide examples of the following personal traits associated with fraud: greed,
weakness of character, excessive pride, and dishonesty; with an example of a
facilitating ability being a knowledge of the entity’s processes and controls. The
International Accounting Education Standards Board (2011:14), defines capabilities
as “content knowledge; technical and functional skills; behavioural skills; intellectual
abilities (including professional judgment); and professional values, ethics, and
attitudes”.
Wolfe and Hermanson (2004:2-3) expanded their understanding of the components of
capability as: perpetrator’s position or function within the organisation; possession of
a brain that is experienced and crafty in the person’s area of dominance or expertise;
arrogance; cohesive power; effectiveness as a liar, and lastly, being able to manage
stress. Each of these components is discussed in more detail below.
5
4.1.1 Position / function
Wolfe and Hermanson (2004:3) argue that fraud perpetrators usually abuse the
position they occupy, particularly when it is in a specialist field or is in a relatively
isolated part of the organogram. In this position or function they have direct access to
the financial and other systems and are thus more easily tempted to commit fraud for
personal gain through manipulation and abuse of their positions of power. This is
supported by Kassem and Higson (2012:194) and Rudewicz (2011:2), who recognise
that positions of authority or specialist functions within an organization can be
manipulated to deliver personal benefits. Wolfe and Hermanson, (2004:4) add that, as
the person increases his knowledge of the functions over which he presides, the
temptation to abuse this position of authority increases as well. This contention is
supported by Abdullahi and Mansor (2015b:42), who identify that it is the position and
role occupied by the employee that may tempt him to breach the trust the organization
has placed in him.
The position of an individual within the organisation, therefore, contributes directly to
the occurrence of fraud: as the person increases in knowledge of the functions he
presides over, and as his access to assets increases, according to Kovacich
(2007:36), so does the likelihood that this person will be convinced to commit fraud.
4.1.2 Brains
The fraudster is someone who understands and is capable of exploiting internal control
weaknesses (Wolfe & Hermanson, 2004:3). As Rudewicz (2011:2) notes, the fraudster
is smart enough to exploit his understanding of these internal control weaknesses, and
to abuse his unique position or function to the greatest personal advantage. Wolfe
and Hermanson (2004:3) explain that fraudsters are experienced and crafty specialists
in their areas of dominance. The belief that his fraud will be successful rests on the
fact that the manager/fraudster’s skills and influence are unique (Wolfe & Hermanson,
2004:3). Alternatively, the manager might want to demonstrate to his peers that he
has exceptional skills (despite the organisation having rejected his claims) thereby
triggering his desire “to show them” by deploying his skills to commit fraud (Wolfe &
Hermanson, 2004:3). Abdullahi and Mansor (2015b:42) acknowledge that intelligent,
experienced, creative people with a solid grasp of their entity’s controls and
vulnerabilities, commit many of today’s largest frauds. Considering it from a different
angle, Kassem and Higson (2012:194) conclude that the capacity to understand and
exploit accounting systems and internal control weaknesses for personal benefit is
frequently sufficient to justify the abuse of trust in the minds of uniquely skilled or
specialist managers.
4.1.3 Arrogance/Ego
This component refers to the high levels of confidence fraudsters demonstrate, and
which is usually a reflection of an over-inflated ego (Wolfe & Hermanson, 2004:3;
Allan, 2003:39; Duffield & Grabosky, 2001:33). Ego typically manifests in a desire to
always prove oneself more worthy, competent or deserving than one’s peers and/or
superiors (Allan, 2003;39-40; Duffield & Grabosky, 2001:22), and is pushed by the fear
of losing one’s reputation and the desire to be credited with improving the organisation
which a manager leads (Rubasundram, 2015:102-106; Khan & Varma, 2016:83-99).
6
Rudewicz, (2011:2) agrees and identifies key common personality types of egoistic
managers: being driven to succeed at all costs; self-absorbed; self-confident; often
narcissistic.
Wolfe and Hermanson, (2004:3) argue that a perpetrator may commit fraud because
he believes he can always talk himself out of the consequences of his fraudulent
actions. Kassem and Higson (2012:194) support this argument, noting that confidence
is demonstrated by a manager when he rationalises that he is unlikely to be detected,
and if caught, he believes he will easily talk his way out of trouble. Abdullahi and
Mansor (2015b:42) reached the same conclusions. Wolfe and Hermanson (2004:4)
argue further that confidence reduces the ability of a fraudster to estimate the potential
cost of the fraud, and thus affects his earlier resistance to the act: in other words, the
over-confidence compromises his ability to perform a logical, rational cost-benefit
analysis of his intention to engage in fraud that might otherwise have persuaded him
to remain “on the straight and narrow”.
4.1.4 Cohesive power
Fraudsters can coerce others to commit and/or conceal fraud (Wolfe & Hermanson,
2004:2-3; Rudewicz, 2011:2). This coercive power is derived from the manager’s
position of authority and is in large part the essence of his ability to ensure his
subordinates remain a cohesive unit carrying out his plan, and is a power that if not
mitigated, leads management to commit fraud either by themselves or through others
(Wolfe & Hermanson, 2004:3). Abdullahi, and Mansor, (2015b:43) further argue that
a person with a very persuasive character may recruit others to commit fraud or to
ignore the fraudulent acts of others. They further identify these personality types as
“bullies” who make unusual and significant demands on their subordinates; they
cultivate an environment of fear rather than mutual respect, thereby avoiding being
held personally subject to the organisation’s rules and procedures (Abdullahi &
Mansor, 2015b:43).
4.1.5 Effective liar
This component is essentially a mask of innocence behind which the fraudster hides
to avoid detection (Wolfe & Hermanson, 2004:2-3). A fraudster will continuously and
effectively lie to conceal a fraud and to prevent his being identified with it, if the fraud
is discovered (Wolfe & Hermanson, 2004:2-3). Rudewicz, (2011:3) concurs, arguing
that a successful fraudster (manager) is also able to lie effectively and consistently,
even to the point of being able to look the auditors, investors, and other oversight
bodies right in the eye while convincingly tell them lies. Abdullahi, and Mansor (2015b:
43), add that the fraudster usually also possesses exceptional memory skills enabling
him to keep track of the lies he builds up and to ensure that the overall narrative
remains consistent and convincing, and to his advantage.
4.1.6 Effective stress management
Wolfe and Hermanson (2004:3), argue that managers who commit fraud have to be
able to manage continuous stress to avoid having their fraudulent acts detected (Wolfe
& Hermanson, 2004:4). Abdullahi and Mansor (2015b:43), posit that fraudsters end up
managing and hiding their frauds over a long period of time, which can be excessively
7
stressful. Kassem and Higson (2012:194), compare the ability of fraudsters to deal
with the stress created within themselves, to that required of someone remaining
composed in a burning house. Rudewicz (2011:2), points out that the “successful”
fraudster must be able to control their stress responses as well as emotion swings.
Wolfe and Hermanson (2004:4), observe that the components of capability are present
in all successful managers. However, for as long as they are not monitored by an
independent oversight body (with authority to enforce appropriate punishment when
necessary), this situation provides the potential fraudster with opportunity to indulge
his/her fraudulent desires. However, despite having the capability and all the traits
associated with it, not all managers necessarily abuse their capabilities and
opportunities. The factors that persuade management to abuse their capabilities are
discussed next.
4.2 Factors that cultivate capability abuse
A fraudster commits fraud because there are factors that trigger belief in the necessity
to use his/her capability to execute the fraudulent act (Khan & Varma, 2016:83). It is
important to note that the factors that trigger one person to commit fraud, may not
necessarily generate the same response in another (Kovacich, 2007:36). The factors
that typically result in the abuse of a manager’s unique set of capabilities are identified
and discussed in the next sections.
4.2.1 The desire to better/protect their organizations
Rubasundram (2015:102), claims that management’s capability abuse may be driven
by the desire to present their organizations in a better light. Ebbers, in his United States
court case, argued that he had to capitalise the expenses of WorldCom in order to
protect the strength of the company’s balance sheet (US v. Ebbers, 2006). Ebbers’
argument was echoed by African Bank CEO and chairman Kirkinis: the International
Accounting Standards regarding provision for bad debts was “not fair and correct” in
African Bank’s case, since their religious application was seen as detrimental to the
bank’s stated financial position. Implementing this rationalisation, he adjusted the
provision for bad debts to his “acceptable level”, in order to “save” the bank from
excessive losses (Myburgh Report, 2014). Loebbecke, Einning and Willingham
(1989:12), point out that poor profitability may also persuade management to abuse
their capability (authority) by adjusting the entity’s figures so as to present an
enhanced (fraudulent) financial picture, “for the good of the company”.
4.2.2 Management pressure to meet the requirements of third parties
American Institute of Certified Public Accountants (AICPA) (2002:1749 –1751) in its
Statement on Auditing Standards (SAS) No-99 notes that excessive pressure on
management to meet the requirements of third parties is one of the factors that can
lead to fraud through capability abuse. The perceived need to keep a promise, even
if the operating environment does not permit it, leads executives to abuse their
positions/functions and to coerce others to commit management fraud (Sawyer,
Dittenhoffer & Scheiner, 2003:1203). Boyle et al., (2012:65), explain that a CEO’s
equity incentives can create strong pressure for management to meet targets, even if
it is commercially impossible to do so. This could nevertheless be achieved through
8
the manipulation of the results, as was the case with Ebbers of WorldCom (US v.
Ebbers, 2006).
A study conducted by the USA’s Security Exchange Commission (SEC), titled
“Fraudulent Financial Reporting: 1998–2007”, examined 347 alleged accounting fraud
cases and found that financial statement fraud often involves the company’s top
executives. CEOs were implicated in 72% of the cases, and CFOs in 65% (Boyle,
Carpenter & Hermanson, 2012:62-63). In another study on frauds perpetrated by
CEOs, it was observed that the perpetrator, by virtue of his position, felt compelled to
make “adjustments” in an effort to meet the expectations of the market (Beasley,
Carcello & Hermanson, 1998:online). These findings show that CEOs are commonly
involved in cases of fraudulent financial reporting, and that they normally revert to this
type of fraud because of the need to meet the expectations of 3 rd parties, usually the
market.
4.2.3 Ineffective monitoring of top management by shareholders and regulatory
authorities
AICPA (2002:1749 –1751), notes ineffective monitoring of management as one of the
factors that enables management to abuse their capability/authority. Executive
management should thus be monitored by the body tasked with representing the
shareholders, as any slack in monitoring systems is seen as increasingly fertile ground
for capability abuse (Gershon & Alhassan, 2004:8).
4.2.4 Lust for personal gain by those charged with governance
Kovacich (2007: 32), explains that capability, when driven by a lust for personal gain,
and peer recognition manifests itself in the forms of financial gain, and knowledge or
information control. Sawyer et al., (2003:1204), have identified that a manager’s need
to succeed can result in deception, while at its extreme, corporate leaders’ excessive
need to succeed may result in a complete betrayal of their stewardship responsibilities,
and the destruction of the resources entrusted to them by the stockholders. An
examination of corporate fraud cases in the USA and South Africa, shows that
executive managers (CEOs and CFOs) have become extremely rich through the
abuse of their privileged positions that enabled them to grant themselves unmerited
and illegal gratuities (US v Ebbers, 2006; S v Brown, 2013; Skilling v US, 2010).
As mentioned previously, Kovacich (2007: 66) argues that managers abuse their
capability in the commission of fraud mostly in pursuit of personal financial gains, and
to a lesser extent to obtain recognition from their peers. In line with Kovacich, Boyle,
et al., (2012:63), observe that CEOs’ preferred fraud methodology is in the accounting
field and is related to enhancing their equity incentive-linked bonuses, thereby
achieving significant personal financial advantages. Boyle, et al., (2012:63)
acknowledge that this financial objective can also contain overtones of abuse of
power, and unbridled narcissism.
4.2.5 Excessive pressure on management and operating personnel to meet financial
targets set by board of directors
AICPA (2002:1749 –1751) notes the presence of excessive pressure for management
to meet the requirements of the board of directors as a factor that cultivates capability
9
abuse. In support of this observation, Sawyer et al., (2003:1204) argue that
management (whether intrinsically competent or not) that has been pressured to meet
possibly unrealistic financial targets may resort to fraudulently manipulating the books
in order to survive in their positions for another day. Boyle, et al., (2012:65) have
identified that CFOs appear to engage in accounting fraud in response to pressure
exerted on them by their CEOs, rather than in pursuit of their own financial benefit.
4.2.6 Personal, political and religious beliefs
Roebuck (2016:66), argues that capability fraud is often triggered when a person’s
secular belief system is “flexible” enough to justify the commission of acts of fraud.
Religion can also be a cultivating factor that triggers the abusive use of an executive’s
capability, particularly if there is a perceived conflict between the religious beliefs of
the manager and the ethos of the business entity. Kovacich (2007: 67- 71), recognises
pressures from motivations that include political (including terrorism and revenge),
religious conviction, secular bodies (including peer and social groups), the desire for
personal gain and simple curiosity as factors leading to the abuse of capability and
fraud. The employees who have a strong belief in their ability to conceal a fraudulent
act for the long term are also more likely to commit fraud.
Lastly Kovacich (2007:36) has identified revenge as a factor that triggers capability
abuse. He argues that disaffected members of staff may seek revenge against the
organisation they work for either in financial terms or by causing reputational damage.
In the arena of conflict between personal (usually extremist) religious beliefs and an
entity’s business ethics, Sawyer et al., (2003:1204-1205), recognise that such conflict
of interests leads to the commission of fraud in support of terrorism, and/or response
to corruption, or nepotism.
4.2.7 Fear of losing personal reputation
Another factor giving rise to capability abuse could be the perpetrator’s fear of “losing
face” or having his reputation compromised (Kovacich, 2007:67). Ebbers, the former
CEO of WorldCom, felt he had to protect his reputation as “the Cowboy of Wall Street”,
and the most shrewd and successful CEO in the USA, and this persuaded him to
abuse his position of authority and to coerce his accounting staff to falsify records (US
v Ebbers, 2006). The fear of losing one’s reputation is linked to personal ego, the threat
to which is sufficient to push/persuade the manager to abuse their capability by
committing fraud (Rubasundram, 2015:102-106; Khan & Varma, 2016:83-99).
4.2.8 Complex or unstable organisational structures operated with little regard for
corporate governance
AICPA (2002:1749 –1751) recognises a complex or unstable organizational structure
as a cultivating factor for fraud. The Standard suggests that unstable organisational
structures promote opportunities for fraud, and entice people to commit fraud. If
executives realise that the organisation is likely to continue in a state of flux,
undergoing changes in technology, and human resources, and experiencing
fluctuations in market share price, management might be tempted to abuse their
capability to commit fraud. Adu-Gyamfi (2016:145) argues that poor risk management,
ineffectiveness of internal and external audit and a weak board of directors contributes
10
to the possibility that fraud will be committed by those prepared to abuse their
specialist capabilities.
This section discussed the factors that facilitate the abuse of capability.
Understanding the components and facilitating factors of capability abuse is an
important component of being able to manage this type of risk in organisations. This
knowledge is useful in identifying red flags indicating potential fraud (Institute of
Internal Auditors (IIA), 2009:8): these indicators are discussed next.
4.3 Factors that cultivate fraud and their associated red flags
One way to address the probability of fraud within organisations is to understand its
red flags (Gullkvist & Jokipii, 2012:45; IIA, 2009:8). Prompt identification of red flags
and immediate follow-up is important in detecting and limiting the impact of fraud: the
longer it takes to identify an opportunity for or the occurrence of fraud, the higher the
eventual loss becomes (ACFE 2018:13). Since management has the capability to
withhold evidence or conceal the traces of their fraud, either by collusion with
colleagues or by the abuse of the authority of their positions in the organisation (AICPA
2002:1749 –1751), it is even more important that oversight bodies (directors, internal
audit, and external audit amongst others) are alert to the possibilities associated with
fraud associated with capability abuse.
Singleton and Singleton (2010:95-112), define red flags as "…fingerprints of fraud".
They reflect the traces of the commission of fraud which have occurred or are likely to
occur. Albrecht, et al., (2012:137-144) define red flags as unique symptoms of fraud
and claim that they may range from accounting anomalies to behavioural
abnormalities. Although no red flag by itself may mean that an employee is actually
committing fraud, a combination of red flags indicates the need to further investigation
(IIA:2009:9).
Table 1 below provides a summary of red flags associated with the cultivating factors
discussed in the previous section.
Table 1: Factors cultivating fraud, and associated red flags
Factor
4.2.1
Desire to better or protect managers’ organizations
Associated red flags

4.2.2
Consistently late reporting of the corporate financial results (Sawyer, et al.
2003:1207)
 Consistent lies as a cover to protect the employer organisation (Gershon &
Alhassan, 2004:6)
 Autocratic leadership (Gershon & Alhassan, 2004:2)
Management pressure to meet the requirements of third parties
Associated red flags


senior managers fulfilling the duties of their subordinates (Sawyer, et al.,
2003:1207)
“Wheeler-dealer” attitude (shrewd or unscrupulous behaviour); unwillingness
to share duties; irritability and defensiveness; unusual closeness with a
vendor. (ACFE, 2016: 26, 2018:43-46, Singleton 2010:95)
11

4.2.3
lack of moral fibre; poor management attitude towards internal controls, and
a weak and compromised internal control environment. (Gullkvist & Jokipii
2012: 58)
aggressive company culture (Li 2010:39)
Ineffective monitoring of top management
Associated red flags








4.2.4
domination of management in operational decision-making by a single person
or small group, without effective compensating controls (AICPA, 2002:1751)
compromised/manipulative financial reporting system (AICPA, 2002:1751)
compromising or overriding of monitoring controls (AICPA, 2002:1751)
non-cooperation or late co-operation with regulators by the corporate
management team (Girgenti & Hedley, 2011:260)
inadequate separation of duties and independent checks; inadequate recordkeeping with respect to assets, and a lack of clear organizational
responsibilities (AICPA, 2002:1753)
non-cooperation or late co-operation with regulators (Girgenti & Hedley,
2011:260)
key manager(s) having questionable or criminal backgrounds; dishonest or
unethical management; presence of significant and unusual related-party
transactions; illegal acts within the operations of the business, and failure to
record transactions accurately and on time (Gullkvist & Jokipii, 2012:58)
corporate executives’ failure to declare their interests in third party
transactions (Gershon & Alhassan, 2004:3)
Lust for personal gain by those charged with governance
Associated red flags

4.2.5
non-compliance with corporate procedures and directives (Sawyer, et al.,
2003:1207)
 pressure from personal financial obligations (AICPA, 2002:1752)
 changes in behaviour or lifestyle of the management (key managers living
beyond their means) (AICPA, 2002:1752; Gullkvist & Jokipii, 2012:58)
 complex web of partnerships which do not fit well in the normal business
operations (Gershon & Alhassan, 2004:4)
blatant disregard for the need for monitoring and risk management (AICPA,
2002:1753)
Excessive pressure on management and/or operating personnel to meet
financial targets set by board of directors
Associated red flags

4.2.6
management becomes dishonest or unethical; management extends their
efforts to boost revenue by embracing significant and unusual related-party
transactions which may not be relevant to the core operations of the
corporate, and fail to record transactions accurately and on time (Gullkvist &
Jokipii, 2012:58)
 corporate culture of intimidation (Gullkvist & Jokipii, 2012:58)
 resignation of external auditors and increased cases of whistleblowing
(Gershon & Alhassan, 2004:4)
Personal, political and religious beliefs
Associated red flags

key manager(s) have questionable or criminal background (Gullkvist & Jokipii,
2012:58)
12


4.2.7
extreme fundamentalism in religious beliefs (Gullkvist & Jokipii, 2012:58)
presence of significant and unusual related-party transactions (Gullkvist &
Jokipii, 2012:58)
 need to cover up an illegal act; not recording transactions accurately (Gullkvist
& Jokipii, 2012:58)
 bank accounts or operations are registered in tax-havens (Gullkvist & Jokipii,
2012:58).
 questionable trans-border money transfers (Gullkvist & Jokipii, 2012:58)
Individual’s fear of compromising reputation
Associated red flags


4.2.8
aggressiveness of the potential fraudster (Li, 2010:37)
key manager(s) becoming dishonest or unethical and aggressive on a
personal level (Gullkvist & Jokipii, 2012:58)
Complex or unstable organisational structure
Associated red flags



inconsistency in the application of accounting principles by managers
(Girgenti & Hedley, 2011:33)
significant related-party transactions not relevant to the ordinary course of
business (Li, 2010:37)
significant operations located or conducted across international borders (Li,
2010:37)
4.4 Analysis of Fraud Cases: Case studies
Sections 4.1 to 4.3 above discussed the importance of capability as a possible cause
of fraud and explained the components of capability as well as the cultivating factors
leading to its abuse. Some red flags associated with each cultivating factor was also
identified and presented. The discussion of prominent cases of fraud (economic crime)
which follow below, aims to substantiate the theoretical observations from the literature
discussed in these sections. The South African cases reviewed are Fidentia, Regal
Treasury Private Bank and African Bank.
The review of these cases aims to determine the impact of capability abuse as a
component of those crimes. Each analysis identifies the nature of the crime, the
position of the perpetrator in the organisation, and the aspects of the perpetrator’s
unique capabilities that enabled or enticed the perpetrator to commit fraud.
4.4.1. South African corporate fraud cases
4.4.1.1 Fidentia (Joseph Arthur Walter Brown),
Summary of the fraud case: Brown, as the head of Fidentia Asset Management,
misrepresented material facts to shareholders by asserting that the assets were intact
and that the records showed the true state of affairs (S v Brown, 2013). In fact, he was
fraudulently misrepresenting the facts to institutional investors to get large sums of
capital, purportedly in return for favourable investment returns and safeguards for the
acquired capital amounts; in fact he, through Fidentia, invested the funds recklessly
and also misappropriated large amounts for himself, close associates and other
companies, for their personal benefit (S v Brown, 2014; Financial Services Board
13
Inspection Report, 2004:24). Institutional investors and shareholders lost large
amounts of money. Brown abused his position of influence over the preparation and
presentation of Fidentia’s financial statements by misrepresenting material facts to
shareholders and investors, and by running Fidentia with “brute force” (S v Brown,
2013:3).
4.4.1.2 Regal Treasury Private Bank Ltd (Jeffery Israel Levenstein)
Summary of the fraud case: Levenstein was the Chairman of the Board and CEO of
Regal Bank. He was found, as a director, to be in breach of regulations issued in terms
of the Companies Act (Myburgh, 2002:12). In particular, Levenstein commanded that
corporate financial statements were not to show monthly depreciation above R200
000, despite the different reality that was revealed when accepted accounting
principles were applied (Myburgh, 2002:12). By 2001, about R20 million worth of
expenses had been hidden in treasury accounts. He falsified the accounting records
(management fraud) thereby misleading investors and shareholders (Myburgh,
2002:12).
According to the report of the Myburgh Commission (Myburgh, 2002:1-152) it was
concluded that Levinstein was not a fit and proper candidate for the positions of CEO
and Director of Regal Bank. The bank had been placed under curatorship in June 2001
because the depositors and shareholders had lost confidence in the financial
institution (Myburgh, 2002:12). The bank, under the leadership of Levinstein, failed for
a number of reasons, the main reason noted in the Myburgh report (2002:1-3) being
that he carried out the business of the bank recklessly. Levenstein did not exercise
"reasonable care and skill, he did not always act in the best interest of the bank,
shareholders and depositors, he acted dishonestly and fraudulently, his management
was incompetent and amateurish, and he confused corporate governance with
thuggery" (Myburgh, 2002:1-3).
4.4.1.3
African Bank (Leon Kirkinis)
Summary of the fraud case: On 10 August 2014, African Bank, together with its
holding company ABIL, were placed under curatorship (Myburgh, 2014:1-53). The
bank was experiencing severe liquidity challenges, exacerbated by poor policies on
bad debt provisioning and impairment, and a ballooning debtors book. The bank
experienced massive losses (R4.9 billion) in 2013 and 2014 (Myburgh, 2014:11).
Kirkinis, the CEO of the bank, appointed unqualified directors to the board. The Chief
Risk Officer and the MD were all handpicked by the CEO (Myburgh, 2014:9). They did
not have the appropriate and necessary competencies, experience or skills for their
positions (Myburgh, 2014:9). The directors who were qualified, like the Finance
director, were not allowed to participate in executive decision-making processes: the
CEO was, to all intents and purposes, the kingpin in the affairs of the bank (Myburgh,
2014:3). Kirkinis led the bank as it incurred massive losses (R4.9 billion) in 2013 and
2014 (Myburgh, 2014:3). He did not follow the regulatory standards in accounting for
bad debts (Myburgh, 2014:7). It was he who masterminded the adoption of the
incorrect method of accounting for bad debts (IAS 39) and their provisioning (Myburgh,
2014:3–17). Myburgh, (2014:3) had this to say: “… the bank was conducted in a
manner not to intentionally defraud creditors but was run in a reckless manner”.
14
4.4.2 International corporate fraud cases
The international cases of fraud under review in this section are Enron, WorldCom and
Lehman Brothers. They are analysed in the same way as the South African cases.
4.4.2.1 Enron (Lay, Skilling, Fastow)
Summary of the fraud case: Skilling headed Enron from the 1990s to 2000
(Rapaport, 2003:1373). Enron was the third largest energy company in USA at the
time (Rapaport, 2003:1373). Surprisingly, four months after Skilling's departure from
Enron, the company crashed into bankruptcy. This prompted the Department of
Justice to put together an Enron Task Force (Skilling v. US, 2010). The taskforce found
that the company had been manipulating its short-term stock price through overstating
Enron’s financial position. This led to the indictment of Skilling (Skilling v. US, 2010).
Skilling and two other directors were then charged with deceiving the investing public
and shareholders by manipulating the company's financial statements, and by making
public statements which were false and meant to deceive the investing public (Skilling
v. US, 2010). Skilling was charged with a further 25 counts of securities fraud, making
misrepresentations to external auditors, and insider trading (Skilling v. US, 2010).
Skilling, the CEO, and Lay, the former President and CEO of Enron, were also charged
with creative accounting, accepting illegal gratuities, and side dealing (Rapaport,
2003:1376). Lay had received $152 million in payments and stock. Fastow, the CFO,
had covered the $1 billion debt by deceptive accounting practices. Skilling was found
guilty of conspiracy, 12 counts of securities fraud, 5 counts of making false
representations to auditors, and 1 count of insider trading, (Skilling v. US, 2010).
4.4.2.2 WorldCom (Ebbers & Sullivan)
Summary of the fraud case: Ebbers, the former CEO of WorldCom, was sentenced
to 25 years in prison for his involvement in conspiracy and wire fraud while he was the
head of WorldCom (US v. Ebbers, 2006). Prior to the discovery of WorldCom’s
bankruptcy, Ebbers had been under increasing personal financial pressure: he owed
the banks US$ 400 million which he had borrowed to pay for his WorldCom shares
(US v. Ebbers, 2006). As the market was in a downward trend at the time, the shares
were losing value and banks were calling for the margins to be filled by more shares
Scharff (2005:109). Ebbers’ approach was to look after his own interests, not those of
the company’s investors (Scharff, 2005:110). He abused his position by ordering that
the financial statements to be adjusted to reflect a more desirable and advantageous
position – for himself (US v. Ebbers, 2006). Scharff (2005:109) notes that WorldCom
reported accounting irregularities of $11 billion at the time. Securities Exchange
Commission (SEC) (2003:3) says WorldCom practised public company accounting
fraud to a value of more than $ 9 billion, with its use of false or unsupported accounting
entries (which then found their way into the financial reports), achieved a desired
financial outcome. Sullivan (CFO and co-conspirator), fraudulently accounted for $3.8
billion of operational expenses as capital expenses (management fraud) (SEC
2003:5).
4.4.2.3 Lehman Brothers Holdings (Fuld)
Summary of the fraud case: Fuld was the Chief Executive Officer of Lehman
(Valukas, 2010:4). Under his stewardship, he pursued highly leveraged operations
financing risky business models through Lehman’s operations (Wiggins, Piontek &
15
Metrick, 2014:2). In September 2008, Lehman filed for bankruptcy, with investors
loosing over US$ 639 billion in assets (Wiggins et al., 2014:1). Among the several
reasons for its collapse was the fact that Lehman had pursued a significantly
aggressive business model, underpinned by high leverage ratios and a significant
number of balance sheet manipulations. All this was done to earn short-term rewards,
most of which accrued directly to the executive management, including Fuld, by way
of performance bonuses and other incentives (Valukas, 2010:4). Maux and Morin
(2011:15), and Mawutor (2014:87) argue that the management intentionally
manipulated financial statements, and this view is supported by Chadha (2016: 4).
Illegal gratuities amounting to over $500 million were clandestinely paid to “favoured”
management (Ross & Gomstyn, 2008:11).
4.4.3 Summary of how capability components were abused in these six fraud
cases
Position/ Function: In all six cases, the perpetrators of fraud were the CEOs who
abused their privileged positions by pushing their colleagues and staff members to
implement their self-serving and ill-advised decisions, which were blatant conflicts of
interest (Financial Services Board, 2004; S v Brown, 2013; Myburgh, 2002:5; Chadha,
2016:3; Mawutor, 2014:85; Skilling v. US, 2010).
Brains: use of experience and cunning: The fraud experience and cunning of the
fraud perpetrators enabled their schemes to escape immediate notice. All of them
were experienced in their businesses’ specialist areas of operations, and because of
that experience they were able to push colleagues to support the questionable
decisions and actions which caused the corporate failures (Adu-Gyamfi, 2016:133;
Chadha, 2016:2; Duncan, 2012:13; US v. Ebbers, 2006; Myburgh, 2014: 15; Myburgh,
2002: 10)
Confidence and ego: In the Fidentia, Lehman brothers and WorldCom cases, the
executive management had full control of the board of directors, and they were thus
able to get what they wanted out of their corporations - including ostentatious luxuries
(Financial Services Board, 2004:12; Ross & Gomstyn, 2008:6; US v. Ebbers, 2006).
Levenstein at Regal Treasury bank exhibited confidence, managing to convince his
board of directors that they had nothing to worry about: as he was always ‘on top of
the situation’ (Myburgh, 2002:11). Fundamental his initial success, Brown was
described as being very persuasive and focussed (S v Brown, 2014).
Cohesive power: The management at Fidentia, Lehman Brothers, WorldCom and
Lehman Brothers abused their fiduciary obligations by either coercing their
subordinates or recruiting them to falsify accounting records (S v Brown, 2013:15; US
v. Ebbers, 2006; Valukas, 2010:4). They also rewarded their recruited accomplices
including members of the boards of directors to keep quiet (Chadha, 2016:3; Valukas,
2010:3; Skilling v. US, 2010).Ebbers in particular, created and exerted pressure on
employees to participate in and sustain the fraud (Gershon & Alhassan, 2004:2-4).
Effective liars: The CEOs of Lehman Brothers Holdings, Enron, Fidentia and Regal
Treasury Bank were able to consistently lie to institutional investors, their directors,
senior colleagues, and the regulatory bodies, (Ross & Gomstyn, 2008:5; Skilling v.
US, 2010; Myburgh, 2002:4-6). They were thus able to conceal the frauds which were
brewing in their corporates (Financial Services Board, 2004:22). As the pressure of
concealing the fraud became unbearable for an individual to cope with, WorldCom
16
management, for example, created a group of liars called "Close the Gap" who would
meet monthly to distort the financial figures in order to meet the market's expectations
(US v. Ebbers, 2006).
Ability to handle stress: The perpetrators of fraud all exhibited immense talent in
being able to handle stress (US v. Ebbers, 2006; Skilling v. US, 2010; Ross &
Gomstyn, 2008:11; Myburgh, 2002: 8; Myburgh, 2014: 17; S v Brown, 2013). In the
storms caused by their collapsing "deck of cards" both Ebbers and Brown remained
calm and focussed; right through to his last court appearance, Brown never looked
fatigued in public (S v Brown, 2013).
4.4.4 Practical deductions from these fraud cases
Fraud case similarities: The main frauds committed in all the six cases were:
fraudulent financial reporting; illegal gratuities; non-compliance with statutory
regulations (Financial Services Board Inspection Report, 2004; S v Brown, 2013;
Myburgh, 2002: 5; Chadha, 2016:3; Mawutor, 2014:85; Skilling v. US, 2010; US v.
Ebbers, 2006), and securities fraud were prominent in Enron and WorldCom (Skilling
v. US, 2010; US v. Ebbers, 2006). The CEOs in all cases were integral to the initial
successes and daily operations of the companies they led, and they all managed to
coerce the boards of directors into accepting their way of thinking, either by
intimidation, manipulation or by ensuring the board members were intellectually
inferior to themselves (Financial Services Board Inspection Report, 2004; S v Brown,
2013; Myburgh, 2002: 5; Chadha, 2016:3; Mawutor, 2014:85; Skilling v. US, 2010; US
v. Ebbers, 2006). All CEOs in the fraud cases analysed above had already developed
a culture of fear within their organisations two years prior to the downfall of their
companies. Kirkinis of African Bank, Levenstein of Regal Bank, Brown of Fidentia,
Ebbers of WorldCom, Fuld of Lehman and Lay, Skilling and Fastow of Enron were all
successful in manipulating their boards of directors, rendering them useless by
overriding or ignoring their oversight functions (Financial Services Board Inspection
Report, 2004; S v Brown, 2013; Myburgh, 2002: 5; Chadha, 2016:3; Mawutor,
2014:85; Skilling v. US, 2010; US v. Ebbers, 2006). All CEOs successfully
misrepresented the qualitative and financial information presented to the boards of
directors to conceal their management fraud and the misrepresentation arose because
management was driven by unbridled ego and unrestrained personal drive to succeed,
and when the operating environment became tougher for their companies, they
became consummate liars and excellent at handling stress (Financial Services Board
Inspection Report, 2004; S v Brown, 2013; Myburgh, 2002: 5; Chadha, 2016:2;
Mawutor, 2014:85; Skilling v. US, 2010; US v. Ebbers, 2006).
Factors enabling capability abuse: The CEOs had a mandate to nurture the
companies they led, to preserve the assets while maximising returns for shareholders.
In addition, they were psychologically and emotionally attached to “their” companies,
having helped to bring them to their positions of standing within their industries (this
was particularly evident in the case with Ebbers, Kirkinis, Fuld, Brown, and Levenstein)
(Myburgh, 2002: 5; Myburgh, 2014:14; S v Brown, 2013; US v. Ebbers, 2006; Chadha,
2016:4) . Further to this, the majority of CEOs believed they had to manage their
entities’ stock prices (rather than the businesses themselves), to ensure that the stock
price did not drop, because the company and the CEOs personally would suffer
massive losses as they all had significant allocations of stock and options (Financial
Services Board Inspection Report, 2004; Myburgh, 2002:5; Mawutor, 2014:84-85;
17
Skilling v. US, 2010; US v. Ebbers, 2006). In other words, the CEOs chose to manage
their wealth through the companies they were leading (conflict of interest).
Enabling environment: The most noticeable factor that enabled the frauds to be
committed was that management (CEOs) had complete control of the so-called four
pillars of good corporate governance (Institute of Directors, 2016:17). These pillars are
the board of directors and senior management; risk management; internal audit, and
the external auditors (Institute of Directors, 2016:18). The pillars were incapacitated
(board of directors, internal audit), giving the miscreants the latitude to commit fraud
(Myburgh, 2002: 5; Myburgh, 2014:14; S v Brown, 2013; US v. Ebbers, 2006; Chadha,
2016:4). Mawutor (2014:84-85) argues on the Lehman’s case that the Wall Street
business operating environment encouraged greed and deceit, and rewarded
handsomely the achievement of the corporate profit targets. This system pushed the
CEOs of WorldCom to misrepresent financial results in order to secure their rewards.
In summary, the reward system appears to have promoted deceit (Ashraf, 2011:23).
The perpetrators in the three South African fraud cases were the founders of their
organisations, and because of this, they were respected and feared (Financial
Services Board Inspection Report, 2004; Myburgh, 2002: 5; Myburgh, 2014:14; S v
Brown, 2013). This environment persuaded them to believe they could do whatever
they wanted.
4.5 Summary
The research thus far points out that key management and the board of directors are
associated with high median losses per fraud, and that executives and owners commit
more severe acts of fraud than do ordinary employees. The reason for this appears to
be capability abuse. The Chief Executive Officers, Chief Financial Officers and senior
managers abuse their positions, exercise coercive power, let egos run unchecked,
handle stress effortlessly and have the ability to lie convincingly to commit fraud. They
have the capability to collude with or coerce colleagues and employees, and to
override even tight internal controls. Where executives are involved in crimes, the
board of directors’ oversight role has usually been severely weakened. Thus, by the
time the economic crime is discovered, its effects are usually severe, if not
catastrophic (total collapse of the business). The regulatory authorities are informed
too late to enable them to act in a preventative or mitigatory manner: the perpetrators
have employed their capability to conceal their fraudulent acts until the crime collapses
the entity. The concealment measures are well crafted with the perpetrator’s egodriven perception being that if caught, he can talk himself out taking responsibility for
the crime.
This establishes the need for organisations to manage the risk of capability more
intentionally and directly. Possible ways of managing this risk are discussed next.
5 MANAGING CAPABILITY
A task force of representatives from the IIA, AICPA and ACFE (2008:7 & 55) concluded
that only through diligent and on-going effort, is an organisation able to protect itself
against significant acts of fraud. The task force proposed five principles for managing
an organisation’s fraud risk: putting a fraud risk management program in place;
performing periodic fraud risk exposure assessments; establishing prevention
techniques to avoid potential fraud; establishing detection techniques to uncover
18
fraudulent events where preventative measures fail, and having a formal approach to
ensure fraud is addressed appropriately and promptly. Guidance issued by IIA, AICPA
and ACFE (2008:7 & 55) indicates that it is management’s responsibility to give effect
to these principles, making management responsible for identifying the risks of fraud
as well as managing these risks. This view is supported by Ernst and Young (2013:3)
and Committee of Sponsoring Organisations of the Treadway Commission (COSO)
(2013: 2), who define risk assessment as a systematic approach by management,
where managers identify risks to business operational cycles, evaluate such risks, and
quantify them against the control activities in place.
Although it is generally accepted that the responsibility for managing the risk of fraud
in organisations rests with management, this study has pointed out that, it is
management itself that poses the biggest fraud risk associated with capability. The
remainder of this literature review addresses strategies to manage the risks associated
with capability.
5.1 Risk assessment
The appropriate use of abilities and traits needs to be monitored to ensure that they
are not abused by management to commit fraud. The following steps, according to the
IIA, AICPA and ACFE (2008:7, 55), and Cotton (2016:9), forms part of a risk
management plan which focuses on risk identification, risk assessment (determining
probability and impact) and risk response.
5.1.1 Risk identification
The IIA, AICPA and ACFE (2008:8), define risk identification as the gathering of
external information from regulatory bodies, industry sources, key guidance-issuing
groups, and professional organizations; the Association of Insurance and Risk
Managers (AIRMIC), the public sector risk management association (Alarm) and the
Institute of Risk Management (IRM) (2010:8), summarize risk identification as
establishing an organisation’s risk exposure.
Rollason (2011: 3-5), advises that the full list of the potential fraud risks and schemes
that may face the organization must be enumerated. The internal risk identification
also includes a review of whistle-blower complaints, and analytical procedures to
address such information (IIA et al., 2008:7).
The IIA et al., (2008:8) direct that an effective fraud risk identification process aimed
at controlling capability, also includes an assessment of the incentives, pressures, and
opportunities management faces in their operations which may drive (or tempt) them
to abuse their capability and to commit fraud. The IIA et al., (2008:8) advise that
management incentive programs and how they are calculated and structured, may
provide an effective basis for risk assessments that address capability abuse. The IIA
et al., (2008:8) further direct that, while engaged with the process of risk identification,
the fraud risk practitioners need to consider the risk that management might potentially
override controls; the process includes identifying areas where controls are weak and
where there is insufficient separation between management’s duties and the business’
operational processes, thus enabling management to abuse their capabilities and to
commit fraud.
19
51.2 Risk assessment - Likelihood /probability
To effectively manage the risk of capability abuse, COSO (2013:6) advises that the
organisation needs to assess the probability of capability abuse and the impact on the
organisation, should it happen. The IIA et al., (2008:8) advises that management (and
fraud risk practitioners) need to effectively assess the probability of a capability abuse
risk materialising. It is advisable that the likelihood of each risk materialising be
assessed as either remote, reasonably possible, or probable (IIA, AICPA and ACFE,
2008:55). McNeal (2011:3) is in full agreement with the literature reviewed above, and
recommends that the setting up of independent structures to assess the risk of
capability abuse by senior management be put in place by the board of directors, and
approved by shareholders. This ensures that the likelihood of capability abuse is
always controlled.
51.3 Risk assessment - Significance/ impact
ACFE (2018:5) notes in their most recent assessment that senior executives
accounted for 19% of the total number of reported cases of fraud, but that the median
loss per fraud committed by these executive is $850 000. The IIA et al., (2008:8)
advises that although assessing risk significance is a subjective process,
nevertheless, management as well as fraud risk practitioners need to assess the
significance (impact) of the occurrence of a perceived risk (in this instance capability
abuse). Ernst and Young (2013:10) describe risk significance as the probable impact
on the operations and profitability of the company of the risk, should it materialise.
Management and fraud practitioners must therefore seriously evaluate the financial
effect, damage to reputation, and ability to achieve key goals and objectives when
assessing fraud arising from capability abuse (Ernst and Young, 2013:10).
Fraud practitioners should not only consider monetary significance when they assess
the impact of capability abuse, but also its impact on the corporate’s reputation
(particularly with regard to its financial reporting), and operations, and its standing with
regard to legal and regulatory compliance requirements (McNeal 2011:9).
International Standards Organisation (ISO) 31000 (2009:13) advocates that
corporates should develop benchmarks against which to establish the significance or
materiality of the identified fraud risks, and then respond to those risks that are above
the agreed materiality levels. Materiality can be categorised in terms of financial
brackets for financial risks, days of disruption for operational risks, and share price
declines as a measure of reputational risk (ISO 31000, 2009:13).
The IIA et al., (2008:56) also advises that, just as management is required to identify
fraud risks associated with capability abuse, it is also important to identify the people
both in- and outside the organization that are at risk of abuse or are at risk of abusing
their unique capabilities. The knowledge will assist the organisation in fashioning its
fraud risk response, which may include “establishing appropriate segregation of duties,
proper review and approval chains of authority, and proactive fraud auditing
procedures” (IIA et al., 2008:56).
5.1.4 Risk response
20
Risk responses are the steps taken by management to mitigate the identified fraud
risks associated with capability abuse, so as to reduce the probability that the risk will
occur, and thus to decrease the significance (impact) of the risk (ISO 31000, 2009:
15). The ISO 31000 risk standard elaborates that the monitoring of the effectiveness
of the existing controls and the implementation of additional controls, are fundamental
components of the fight against fraud arising from capability abuse. ISO 31000
(2009:15) notes that risk assessment is best managed through the creation of a risk
register. The risk register is an action plan which considers currently active controls
and any further mitigatory actions that could or should be implemented to reduce the
probability of the risks occurring, and how to counteract their significance/impact.
Cotton (2016:11) argues that management (and fraud risk practitioners) need to
identify who might be tempted to abuse their capabilities, and to determine what the
fraud schemes or expense manipulations they are likely to engage in. Cotton
(2016:12) further says that there is a need to identify existing anti-fraud control
procedures with respect to identified fraud schemes or capability abuse risk, and
thereafter to assess the effectiveness of each existing control procedure, establish the
residual risk after considering the effectiveness of the existing controls, and then to
decide on the response to the residual risks that remain above the materiality levels.
Risk response can take the form of controls that reduce the probability of capability
abuse happening, and putting in place measures that reduce the impact of capability
abuse on the organisation (COSO, 2013:12). Should the risk of capability abuse be
realised, then the board of directors must authorise and monitor investigations into the
alleged capability abuse case (McNeal, 2011:8). Specifically, McNeal (2011:9)
advises that the board should put in place a system that permits “timely, competent,
and confidential evaluation, investigation, and resolution of allegations” involving
potential fraud arising from capability abuse, and that the procedures for this system
are formally documented.
5.2 Internal Controls
The ACFE (2018:26), indicates that fraud cases are prevalent in organisations where
internal controls are non-existent or are being imperfectly implemented, and where
internal controls are able to be overridden by the perpetrators. In the same vein, the
IAA et al., (2008:52) identify that management is responsible for implementing controls
and therefore have the opportunity to exercise their capability, including the
manipulation of the internal control system. To mitigate this risk, Gershon and
Alhassan, (2004:7), as well as the ACFE (2018:18) and McNeal (2011:8-9) suggest
that external third party controls are more effective: examples of such controls include
internal and external reviews; audit committee appointments; engaging independent
directors to serve on boards; establishment of whistle-blowing and other fraud
reporting lines; ethical codes of conduct with formal acknowledgement being required
from each member of staff, and strict and rigorously instituted action against
management found to be in contravention of the entity’s policies.
The ACFE (2016:17), suggests that organizations may reduce the duration and cost
of fraud events by implementing internal control processes that increase the likelihood
of active (real-time) detection, thus, “active management review, attentive account
reconciliation, and surveillance or monitoring techniques". The ACFE (2018:4), further
recommends that constant data monitoring and analysis, and surprise internal and
21
external audits, may limit management’s opportunities to commit fraud by detecting
the red flags promptly, and quickly addressing them. The probability of detection
should therefore be increased by increased frequency of active management reviews
and account reconciliations (Dorminey, Fleming, Kranacher & Riley, 2010:23). Both
active and passive detection methods must be instituted and supported by the board
of directors through the executive management of the organisation. A review of such
detection methods must be independently verified by an expert from outside the
organisation who is appointed by the Board, like external auditors (Cotton, 2016:13).
5.3 Anonymous reporting line for fraud and ethics violations
The ACFE (2016:17), found that external audits and whistle-blowers are impactful in
the control of fraud since their actions correlate with lower fraud losses and reduce the
time taken for their detection. Whistle-blowing and fraud/ethic hotlines are essential
in an organisation of any size, and should preferably be implemented and
administered from outside the corporate set-up (Dorminey, et al., 2010:22). The facility
may be out-sourced or handled internally without compromising the effectiveness of
the concept (Radebe and Another v Premier, 2012). The management of the facility
must be ethical and professional, and as a fundamental service it must afford the
utmost protection for the whistle-blowers from retaliation by the perpetrators he/she
reports (Kranacher, Riley & Wells, 2011:112). The whistle-blowing frame-work must
be handled by trained personnel (Institute of Directors, 2008:78), and the potential
users must regularly be reminded of its availability, the situations in which it can be
used, and particularly that the system protects the confidentiality of the whistle-blower
(McMahon, Pence, Bressler & Bressler, 2016:18-19). Furthermore, action taken in
response to reported cases of fraud that turn out to be genuine, and the final outcome
of the case, must be shared with the whistle-blower (Albrecht et al., 2012:97-110,
Kranacher et al., 2011:111). This facility keeps the management excesses in check
and reduces the commission of fraud by directly checking and reporting on capability
abuse by management.
5.4 Operational policies
To manage fraud risk from the top down, organisations need to consider reviewing
their various operational policies, including their human resource policies. Kranacher
et al., (2011:95-97) have noted a direct correlation between senior managers’ length
of employment by an organisation and the likelihood that they will abuse their
position/authority and commit fraud. They therefore recommend a fixed term
employment contract as a way to reduce the probability of the commission of fraud.
Albrecht et al., (2012:75-83) similarly recommend that management (who must always
be exemplary), must regularly be required to sign binding documents addressing
conflict of interest, and confirming their adherence to a professional code of ethics, in
an effort to dissuade them from committing fraud. McMahon et al., (2016:18) suggest,
as the best way to reduce the likelihood of fraud due to capability abuse, the rigorous
enforcement of all policies including the prosecution of fraudsters, and the publicizing
of successful convictions.
Companies must implement a code of ethics as part of operational policies, and have
employees read and sign such policies periodically, again to reinforce ethical conduct
and to emphasise that it is important to the company, and as a way of ensuring
22
employees are fully aware of the operational and other controls that comprise a
conscious corporate culture (Albrecht et al., 2004; Hopwood, Leiner & Young, 2011:
53). AICPA (2002:1756–1766), supports the implementation of policies that control for
opportunities to commit fraud. SAS No-99 maintains further that fraud can be
contained by creating a culture of integrity and the practice of a high level of ethics
within the organisation. The auditing standard further maintains that antifraud
processes and controls must be frequently evaluated to identify points of weaknesses
so as to take remedial action before the weaknesses are exploited.
5.5 Oversight Structures
AICPA (2002:1756–1766) suggests putting in place an appropriate oversight process
which includes at the absolute minimum: a sub-committee of directors; an independent
audit committee; internal and external auditors, and certified fraud examiners,
supported by ethical management, to extinguish any temptation to commit fraud by
those charged with stewardship of the organisation they lead. Krambia‐Kapardis
(2002:267) recommends that a strong-willed, committed and investigative board of
directors, together with satisfactory internal control systems and proactive and skilled
independent auditors must be continuously engaged in the operations of the
organisations. In line with the assertion above, Wolfe and Hermanson (2004:3)
suggest that the directors, charged with oversight of the business entity, need to
reassess the capabilities of top executives and key personnel periodically.
Jones (2011:28) recommends that with regard to the oversight structures, there must
be a clear division of responsibility between the Chief Executive Officer and the Board
of Directors’ chairman. This enforces segregation of duties: those executives who are
tempted to abuse their capability to commit fraud might thus be controlled by the
knowledge that others are overseeing high level operations and themselves. Jones
(2011:28) says “this prevents the unmitigated exercise of power (component of
capability) by one person”. Going hand-in-hand with the above observations, the board
members so appointed must be proactive, skilled, experienced, independent and
diligent in exercising their duties free of any limitation (McNeal, 2011:8-10). To attain
this, the board members themselves must participate in continuous professional
development in order to prepare them to appraise management’s anti-fraud risk
assessment methodology (Silver, Fleming & Riley, 2008:46-48). Jones (2011:18)
argues that the board must be allowed to report red-flag incidents directly to the
regulatory authority should the executive management show signs of insubordination
or reluctance to implement the board’s recommendations. He further recommends that
a structured report, with analytics designed to find and highlight red-flag events and
situations, and designed by and distributed by the regulators to organisations as part
of their reporting compliance, could prevent the commission of fraud, provided that the
regulators promptly investigate all red-flag events.
Boards of directors must be empowered, according to Jones and Welsh (2012:354),
to provide sufficient oversight and to exercise restraint over management to prevent
maleficence. This is achieved by promoting robust and independent risk assessment
of management’s operations, including the activities of the CEO and other executive
directors (Hopwood, 2011:55). The Board’s performance must periodically be
independently evaluated by the shareholders through a shareholders-appointed agent
and in conjunction with the external auditors (Institute of Directors, 2016:58).
23
In managing executive management’s opportunities and proclivities for capability
abuse, there must be a committee responsible for risk oversight (of both the board of
directors and management), whose most important duty is to “assess and respond to
risk of fraud”, and in particular management fraud, because management has the
capability to override operational controls to the detriment of the organisation (IIA et
al., 2008:12). In this joint paper the IIA et al., (2008:12) further recommend that the
committee charged with risk oversight must meet regularly and for long enough
periods, after having thoroughly prepared for the meetings, to deliberate on and
respond to risks that threaten the organisation’s operational efficiency. Preparation for
the meetings ensures that the committee members have a comprehensive
understanding of what is happening in the operational areas of the business, and have
prepared pertinent and robust questions for those responsible for operational
management. Wolfe and Hermanson (2004:3), explicitly recommend that
management and the board of directors must independently assess the capabilities of
key substantive managers by analysing “situations offering capability and opportunity".
If it is observed that there are situations indicating the possibility of capability abuse,
then the governing body must respond promptly and appropriately. Ongoing
reassessments of capability must be done in order to discourage/reduce the abuse of
capability by top executives and key corporate managers (Wolfe & Hermanson,
2004:4). The response to capability abuse must be decisive and swift in order to
dissuade further commission of fraud through capability abuse.
5.6 Responding appropriately to fraud
Dellaportas (2012:29-33), argues that senior managers/executives who generally
commit fraud are fearful of the risk of prosecution, high litigation costs, the severity of
the stigmatization and its impact on their social and professional standing. In view of
this observation, the propensity of executives to commit fraud can be countered if the
penalties arising from the commission of fraud are high enough, and the probability of
detection is also high (Votey & Phillips, 1973:223-224). It is therefore necessary to
prosecute the offenders. The authorities, including those enforcing the regulatory
frameworks, must encourage the reporting of fraud to law enforcement agents, and
insist that thorough investigations are carried out. This alone will ensure that
appropriate punishment is levied on offenders (Dellaportas, 2012:29-33; Dorminey, et
al., 2010:22). The severity of the punishment must be deterrent enough to discourage
further commission of the offences (Votey & Phillips, 1973:223-224). Merely
dismissing the perpetrator from employment, or requiring/allowing the fraudster to
resign, is not sufficiently severe punishment to dissuade others from committing similar
frauds.
5.7 Effective and efficient legislation and regulations addressing capability
abuse
As pointed out earlier, management is responsible for risk management in
organisations, while also being in a position to abuse their capability. One of the ways
to effectively control fraud arising from capability abuse, is to successfully prosecute
offenders, a process that requires efficient and sufficiently severe deterrent legislation
(McMahon et al., 2016:18). Some of the South African legislation directed at curbing
fraud related to capability abuse, are the Companies Act, No 71 of 2008, the Financial
Intelligence Centre Act (FICA), No 38 of 2001, and the Prevention and Combating of
24
Corrupt Activities Act, No 12 of 2004 (PRECCA). These pieces of legislation are
discussed below.
5.7.1 The Companies Act, No 71 of 2008
Davis (2010:411), observed that the Companies Act’s objective is to ensure that
wrong-doing is discouraged and punished, through an effective system of corporate
governance, and disclosures. Werksmans Attorneys (2018:1), also claim that the
Companies Act increases the accountability of directors to the company’s
shareholders. Meskin (2011), adds that holding directors to account for their actions
also dissuades the directors from committing fraud by intentionally abusing their
capabilities. Deloitte (2013:23), notes that section 76 of the Companies Act sets out
guidelines on the standards of conduct directors should be required to adhere to in
order to eliminate fraud arising from capability abuse. Deloitte (2013:23) further
observes that section 76 (2) (a) provides guide lines for directors, including that they
should not to abuse their positions as directors; should refrain from using any
information obtained while acting as directors to gain a personal advantage, and
should not knowingly cause prejudice to the company or its subsidiaries. These
provisions aim to constrain the capability components of position/ function, cohesive
power and unique skills, which are very often those attributes abused by directors
tempted to commit fraud. Section 218 (2), as cited by Meskin (2011), exposes
convicted directors to civil action by the aggrieved party or parties. The provision is
intended to control the excesses of the fraudulent acts of the director/ senior
management by limiting their abuse of power, position, and reckless ambitions. It is a
given that any breach of the fiduciary duty of a director can, under statutory and
common law, be regarded as fraud (S v Gardener, 2011).
5.7.2 The Financial Intelligence Centre Act (FICA), No 38 of 2001
De Koker (2005:715–745), notes that FICA compels certain persons and institutions,
identified as "accountable institutions'', “to identify and verify the identity of a new
client” before any transaction may be concluded or any business relationship
established. This general objective of FICA is to discourage directors and senior
management from committing fraud by claiming ignorance and/or innocence, since
the Act stipulates that it is the directors who must identify and verify a new client in
order to avoid being implicated in suspicious and/or fraudulent transactions. De Koker
(2003:3) draws attention to the fact that section 21(1) of FICA specifies that the
accountable institution must identify and verify the truthfulness of the client’s intended
transactions, and must verify whether the transaction is legitimate or not. Sections 27
and 28, compel the directors of an accountable institution to report cash transactions
above a prescribed limit, and report suspicious and unusual transactions. In this
respect, de Koker (2003:8) additionally interprets the section to mean that directors of
accountable institution must report transactions in which the institution itself is a party,
and which exceeds the prescribed limits. In the same vein, section 28 recommends
that the institution also reports suspicious transactions in the form of conveyance of
cash to and from South Africa, electronic transfers of money to and from South Africa
and any other suspicious and unusual transactions (de Koker 2003:7-9). Maroun and
Gowar (2013:181–182) contend that section 29 of FICA imposes a general duty on all
businesses, and every employee, to report transactions which are known to involve,
or are suspected to involve, the proceeds of crime or to constitute tax evasion. Failure
to identify persons, to keep records, or to report suspicious transactions, and the
25
destruction of records, are all prosecutable offences under sections 46-52 of FICA (De
Koker 2003:15).
5.7.3 The Prevention and Combating of Corrupt Activities Act, No 12 of 2004
(PRECCA)
According to Corruption Watch (2015), PRECCA defines the general offence of
corruption and similar specific offences, and also provides guidance on the
investigative and preventative measures legally employable in the fight against
corruption. Sections 3 to 21 of PRECCA define offences in respect of corrupt activities
committed by employees or senior managers of businesses (Burchell, 2013:782).
Corrupt activities are defined in section 3; sections 4 to 21 thereafter identify offences
of corruption relating to specific individuals (Burchell, 2013:782). Section 26 then
specifies penalties for persons found guilty of contravening the provisions of PRECCA:
these range from a fine or a maximum term of imprisonment of 5 years for offences
tried in the Magistrate Courts, and to life imprisonment if found guilty in a case referred
to the High Court ((Burchell, 2013:785; Wakefield, nd:167-168).
5.8
Summary
This study responds to the problem that senior management commit frauds that are
more severe than those committed by ordinary employees. The losses associated with
such frauds have a high median value far greater than that for frauds committed by
lower ranked employees, and often lead to the ultimate failure of organisations. The
purpose of this study is to broaden the understanding of “Capability” – the fourth
element in the Fraud Diamond construct - as proposed by Wolfe & Hermanson
(2004:1-4).
The aim of this part of the study was to analyse the components of and cultivating
factors resulting in capability abuse as a significant cause of the frauds that led to
significant corporate failures both in South Africa and in the USA. The study reviewed
the impact of capability abuse by top executives on the organisations they lead. The
study identified the components of capability: position or function of the perpetrator; a
brain that is experienced and demonstrates craftiness in the area of a person’s
dominance; arrogance; cohesive power; being an effective liar, and lastly being able
to manage stress. The study discovered that a perpetrator of fraud does so because
there are factors in addition to the advantages his professional skills afford him that
make it attractive for him to execute the fraudulent act. Some of the cultivating factors
noted are the desire to protect their organizations or present them in a better light;
management feels pressured to meet the requirements of third parties; ineffective
monitoring of management; lust for personal gain by those charged with governance;
excessive pressure on management/ operating personnel to meet financial targets set
by the board of directors; unusual and strongly held personal, political and religious
beliefs; fear of losing their reputation, and a complex or unstable organisational
structure.
Red flags associated with these cultivating factors were identified as they are
important in directing the attention of fraud practitioners to sources of capability abuse.
The discussion of fraud risk assessment evaluated how a fraud practitioner would do
risk identification (capability abuse in this instance), establish the likelihood or
26
probability of a risk materialising and the risk’s significance or likely impact, and
evaluate the entity’s response to risk.
To affirm and substantiate the views obtained from the literature review, an analysis
was performed of six prominent court cases involving commercial fraud. Three
prominent South African court cases involving economic crime (Fidentia, Regal
Treasury Private Bank and African Bank), as well as three court cases settled in the
USA (Enron, WorldCom and Lehman Brothers) were reviewed.
The latter part of the study looked at strategies that are independent of management
and which must be instituted to prevent fraud linked to capability abuse. Such
strategies include internal controls monitored from outside the corporate; anonymous
reporting line for fraud and ethics violations; well-crafted and publicised operational
policies; effective oversight structures; appropriate responses to the discovery that
fraud has been committed, and effective and efficient legislation and regulation which
addresses capability abuse from a public benefit point of view.
More specifically, this part of the study gave the following pointers for managing
capability:
Sections 5.2, 5.3 and 5.4, pointed out that it is essential for corporate entities must
implement a fraud policy and a dedicated telephone/email hotline. Where suspicion of
management can be reported, there must be protection of the identity of the
whistleblower. This should be accompanied by the implementation of a code of ethics
which should be signed periodically by employees, to reinforce their understanding of
the constituents of ethical conduct and promoting of a corporate culture that abides by
the provisions of the code of conduct, and thereby reducing fraud arising from
capability abuse.
Section 5.5 explained the necessity for a clear division of responsibility between the
Chief Executive Officer and the Board of Directors’ chairman as this enforces the
segregation of duties to curtail the abuse of capability and prevent the unmitigated
exercise of power (component of capability) by one person. Furthermore, the oversight
authorities within the entity’s structure, as well as the statutory regulatory agencies’
investigative and prosecutorial divisions must encourage the reporting of suspected
fraud in form of capability abuse to the designated whistle-blower hot line mentioned
above, and/or to law enforcement agents. Thorough investigations must be promptly
conducted if there is predication.
Section 5.5 of this article also points out that the regulatory framework including the
board of directors must be highly responsive to the situations indicating capability
abuse. The various aspects of capability need to be watched closely for aberrations
that might indicate the abuse of a manager’s capabilities. This can be structured so as
to be included in the monthly/ quarterly returns submitted by the reporting entity to the
regulatory body; such a policy, where a review of the components of capability is
evaluated by management themselves and the board of directors of the reporting
entities, before submission to regulatory bodies, would focus directors’ attention on
what is actually happening in the business.
As alluded to in section 5.6 above, the penalties under statutory and regulatory
provisions, and by extension the courts, should impose punitive penalties on
perpetrators of fraud to discourage executives from leveraging their capabilities for
27
personal or other non-company benefits. Punishment must be severe enough to serve
as a deterrent to others contemplating the commission of similar offences. Dismissal
from the normal form of employment is not a sufficient punishment, and has proven
ineffective in deterring the subsequent commission of economic crimes
28
References
Abdullahi, R. & Mansor, N. 2015a. Concomitant debacle of fraud incidences in the
Nigeria public sector: understanding the power of fraud triangle theory. International
Journal of Academic Research in Business and Social Sciences, 5(5): 312-326.
Abdullahi, R. & Mansor, N. 2015b. Fraud triangle theory and fraud diamond theory.
Understanding the convergent and divergent for future research, International Journal
of Academic Research in Accounting, Finance and Management Science, Vol. 5,
No.4, Oct 2015: 38- 45.
ACFE - see Association of Certified Fraud Examiners
Adu-Gyamfi. M. 2016. The bankruptcy of Lehman Brothers: causes, effects and
lessons learnt. Journal of Insurance and Financial Management. Vol.1 No.4: 132-149.
AICPA - see American Institute of Certified Public Accountants
AIRMIC – see Association of Insurance and Risk Managers
Albrecht, W. S. 2003. Fraud examination. Chicago: South Western/ Thompson
Albrecht, W.S., Albrecht, C.C. & Albrecht, C.O. 2004. Fraud and corporate executives:
agency, stewardship and broken trust. Journal of Forensic Accounting. (5):109 – 130.
Albrecht W.S., Albrecht C.O., Albrecht C.C. & Zimbelman F. 2012. Fraud Examination.
4th ed. USA: South Western Cengage Learning.
Allan R. 2003. Fraud- the human face of fraud: understanding the suspect is vital to
any investigation. CA Magazine-Chartered Accountant, 136(4): 39-40.
American Institute of Certified Public Accountants (AICPA).2002. Statement on
Auditing Standards (SAS) No. 99: 1719 – 1770.
Ashraf, J. 2011. The accounting fraud at WorldCom the causes, the characteristics,
the consequences, and the lessons learned. HIM 1990 (2015): 1107.
Association of Certified Fraud Examiners. 2014. Report to the Nations on
Occupational Fraud, and Abuse. Texas: ACFE Publishers.
Association of Certified Fraud Examiners. 2018. Report to the Nations on
Occupational Fraud, and Abuse. Texas: ACFE Publishers.
Association of Insurance and Risk Managers (AIRMIC), the public sector risk
management association (Alarm) and the Institute of Risk Management (IRM). 2010.
A structured approach to Enterprise Risk Management (ERM) and the requirements
of ISO 31000. London: Alarm Publishers
Baz, R., Samsudin, R. S., Che-Ahmad, A.B. & Popoola. O.M. J. 2016. Capability
component of fraud and fraud prevention in the Saudi Arabian banking sector.
International Journal of Economics and Financial Issues, 6(S4): 68-71.
29
Beasley. M. S., Carcello, J. V. & Hermanson D. R.1998. Fraudulent Financial
Reporting: 1987-1997. An Analysis of U.S. Public Companies. (Online). Available on:
http://www.coso.org/publications/FFR_1987_1997.PDF/ . (Accessed on 2018-09-10):
71-82
Bierstaker J.L., Brody, R.G. & Pacini. C. 2006. Accountants' perceptions regarding
fraud detection and prevention methods. Managerial Auditing Journal, 21(5):520-535
Burchell, J. 2013. Principles of Criminal Law. 4th Edition, Cape Town, Juta,
Boyle, D. R., Carpenter B. W. & Hermanson, D. 2012. CEOs, CFOs, and Accounting
Fraud. CPA Journal, 82(1): 62 - 65.
Biegelman, M. T., Bartow, J. T. 2012. Executive roadmap to fraud prevention and
internal control: creating a culture of compliance. Johannesburg: Wiley.
Bressler, M. S, & Bressler, L. A. 2007. A model for prevention and detection of criminal
activity impacting small business. The Entrepreneurial Executive, (12): 23–36.
Corruption Watch. 2015. Understanding PRECCA. (Online) Available from:
https://www.corruptionwatch.org.za/wp-content/uploads/2015/06/Corruption-WatchUnderstanding-PRECCA.pdf (Accessed on: 2018-11-07)
Chadha, P. 2016. What caused the failure of Lehman Brothers? Could it have been
prevented? How? Recommendations for going forward. Int J Account Res S1: (002):
1-8
Committee of Sponsoring Organisations of the Treadway Commission. 2013. COSO’s
Internal Control – Integrated Framework.
Cotton, D. 2016. The ACFE-COSO fraud risk management framework, unpublished
Cressey D. R. 1953. Why Do Trusted Persons Commit Fraud? A Social-Psychological
Study of Defalcators," Journal of Accountancy, (22): 973-979
Cressey, D.R. 1973. Other people’s money: a study in the social psychology of
embezzlement. New Jersey: Patterson-Smith
Crous C., Lamprecht J., Eilifsen A., Messier W., Glover S. & Prawitt D. 2012. Auditing
and assurance service. First South African edition. McGraw-Hill Higher Education.
Berkshire, UK.
Davis. 2010. Dealing with corporate defaulters: Curbing the unfettered exercise of
criminal law. Acta Juridica (411): 10.
Deloitte.
2013.
Duties
of
directors.
(Online)
Available
from:
https://www2.deloitte.com/content/dam/Deloitte/za/Documents/governance-riskcompliance/ZA_DutiesOfDirectors2013_16042014.pdf/. (Accessed on: 2018-08-12)
De Koker, L, 2003, Money laundering control: the South African model, unpublished
30
De Koker, L. 2005. Client identification and money laundering control: perspectives on
the Financial Intelligence Centre Act 38 of 2001. Journal of South African law, (4): 715745.
Dellaportas. S. 2012. Conversations with inmate accountants: Motivation, opportunity
and the fraud triangle, unpublished
Dorminey J.W, Fleming A.S, Kranacher, M, and Riley, R.A. 2010. Beyond the Fraud
Triangle, Enhancing Deterrence of Fraud. The CPA Journal. 80(July):17-23
Duffield, G. & Grabosky, P. 2001. The psychology of fraud. Trends & issues in crime
and criminal justice. No. 199. Canberra: Australian Institute of Criminology. (Online)
Available from: https://aic.gov.au/publications/tandi/tandi199/ (Accessed on: 2018-0812)
Duncan, S. 2012. Causes of collapse: the failure of Lehman brother holdings, Inc.
SSRN. 10(2139):11-20
Ernst and Young, 2013. Perspectives on risk assessment, (Online). Available from:
https://www.ey.com/za/en/issues/business-environment/assessing-risk-andopportunity-in-africa/ (Accessed on: 2018-08-12)
Financial Services Board. 2004. Inspection Report: Fidentia Asset Management, FSP
No 569, 1-56
Fin24. 2014. African Bank not out of the woods yet, (Online). Available from:
https://www.fin24.com/Companies/Financial-Services/African-Bank-not-out-of-thewoods-yet-20141107/ (Accessed on: 2018-10-13)
Fin24. 2015. African Bank narrows loss to R2.8bn. (Online). Available from:
https://www.fin24.com/Companies/Financial-Services/African-Bank-narrows-loss-toR28bn-20150626/ (Accessed on: 2018-10-13)
Fin24. 2018. Jooste advised friends to sell Steinhoff stock before collapse, (Online).
Available from: https://www.fin24.com/Companies/Retail/jooste-advised-friends-tosell-steinhoff-stock-before-collapse-20181010/ (Accessed on: 2018-10-13)
Gershon, R. A. & Alhassan, A. D. 2004. Corporate Governance and Diffusion of
Authority. Paper presented at the 6th World Media Economics Conference, HEC
Montréal, Montréal, Canada, 12-15 May: 1-12.
Girgenti R.H., & Hedley T. P. 2011. Managing the risk of fraud and misconduct. New
York, McGraw Hill
Gullkvist, B. & Jokipii A. 2012. Perceived importance of red flags across fraud types,
Critical Perspectives on Accounting. 24 (2013) 44–61
Hopwood, W. S, Leiner, J. J, & Young, G. R. 2011. Forensic accounting and fraud
examination, Second Edition, Illinois, USA
31
Institute of Directors in Southern Africa. 2016. King IV Report for Corporate
Governance for South Africa, (Online) Downloaded from:
https://www.adamsadams.com/wp-content/uploads/2016/11/King-IV-Report.pdf/ .
(Accessed on: 2018-08-28)
International Standards Organisation. 2009.
principles and guidelines. Geneva.
ISO 31000:2009, risk management
International Accounting Education Standards Board. 2011. International Education
Standard 8 (IES8), competence requirements for audit professionals, Institute of
Internal Auditors, 2011. International Standard on Auditing 240: 1-78
Institute of Internal Auditors-IIA, The American Institute of Certified Public
Accountants- AICPA & Association of Certified Fraud Examiners. Undated. Managing
the business risk of fraud- a practical guide. (Online) Available from:
https://www.acfe.com/uploadedfiles/acfe_website/content/documents/managingbusiness-risk.pdf. (Accessed on: 2018-09-22): 1-79
Institute of Internal Auditors. 2009. Consideration of Fraud in a Financial Statement
Audit, (Online) Downloaded from:
https://www.aicpa.org/Research/Standards/AuditAttest/DownloadableDocuments/AU
-00316.pdf, (Accessed on: 2018-09-22)
James, L., Bierstaker, R. G. & Brody, C. P. 2006. Accountants' perceptions regarding
fraud detection and prevention methods. Managerial Auditing Journal, 21 (5): 520- 535
Jones, M. 2011. Creative accounting, fraud and international accounting scandals,
Jones Michael (Ed), Texas. John Wiley and Sons Ltd.
Jones R. M & Welsh, M. 2012. Toward a Public Enforcement Model for Directors' Duty
of Oversight. Vanderbilt Journal of Transnational Law. 45 (2):343-403.
Kassem, R. & Higson, A. 2012. The new fraud triangle model. Journal of Emerging
Trends in Economics and Management Sciences (JETEMS), 3 (3):191–195.
Khan, D.A. & Varma, T.N. 2016. Greed an attribute of fraudster. National Institute of
Technology, Jamshedpur. 10 (2): 83-99
Kranacher, M. Riley. Jr. R.A, & Wells, J.T. 2011. Forensic accounting and fraud
examination, USA, Wiley
Krambia‐Kapardis M. 2002. A fraud detection model: A must for auditors. Journal of
Financial Regulation and Compliance. 10(3): 266-278,
Kovacich, G.L. 2007. Fighting fraud: how to establish and manage an anti-fraud
program. Brussels, Butterworth-Heinemann
Mawutor, J.K.M. 2014. The failure of Lehman brothers: causes, preventive measures
and recommendations. Research Journal of Finance and Accounting 5(4): 85-91.
32
Loebbecke, J.K., Einning, M. M. & Willingham, J. J. 1989. Auditors’ experience with
material irregularities: frequency, nature and detectability auditing. A Journal of
Practice & Theory. 9 (1):1–28.
Li, Y. 2010. The case analysis of the scandal of Enron. International Journal of
Business and Management. 5 (10): 37-41
Maroun, W. & Gowar, C. 2013. South African auditors blowing the whistle without
protection: a challenge for trust and legitimacy. International Journal of Auditing. 17:
177–189
Maux, J. & Morin, D. 2011. Black and white and red all over: Lehman brothers'
inevitable bankruptcy splashed across its financial statements. International Journal
of Business & Social Science, 2(20): 39-65.
McMahon, R., Pence, D., Bressler. L. & Bressler. M. 2016. New tactics in fighting
financial crimes: moving beyond the fraud triangle. Journal of Legal, Ethical and
Regulatory Issues, 19 (1): 16 -25
McNeal, A. 2011. The role of the board in fraud risk management. Director Notes, The
Conference
Board.
(Online)
Assessed
from:
https://www.conferenceboard.org/competencies/publicationdetail.cfm?publicationid=2025&competencyID=4/
(Accessed on: 2018-10-13)
Meskin PM (Ed) Hennopsberg on the Companies Act 71 of 2008 (Butterworth’s
Durban 2011).
Myburgh. S. C.2002 in terms of s 69A (11) of the Banks Act, 94 of 1990: Regal
Treasury Private Bank Ltd, (in curatorship)
Myburgh. S. C. 2014 in terms of s 69A (11) of the Banks Act, 94 of 1990: African Bank
Limited, (Investigation)
National Association of State Auditors, Comptrollers and Treasurers (NASACT) and
the Oregon State Controller’s Division. (Online). Assessed from:
https://www.agacgfm.org/Tools-Resources/intergov/Fraud-Prevention/FraudAwareness-Mitigation/Fraud-Triangle.aspx/ (Accessed on: 2018-09-22)
Radebe and Another v Premier, Free State and Others 2012 (5) SA 100 (LAC)
Rapoport, Nancy B. 2003. Enron, Titanic, and the Perfect Storm. Fordham Law
Review, 71 (1): 1373 -1395
Rollason, V. 2011. Applying the ISO 31000 risk assessment framework to coastal
zone management. BMT WBM Brisbane, QLD
Ross, B., & Gomstyn, A. 2008. Lehman Brothers Boss Defends $484 Million in
Salary, Bonus. (Online) Assessed from:
33
http://abcnews.go.com/Blotter/Story?id=5965360&page=1. (Accessed on: 2018-10-
01)
Roebuck, S. 2016. Examining motivational factors that influence the likelihood of fraud.
Unpublished Honour’s thesis. USA: East Carolina University.
Rubasundram, A. G. 2015. Perceived “tone from the top” during a fraud risk
assessment. Procedia Economics and Finance, 28(1): 102 –106,
Rudewicz. F. 2011. The fraud diamond: use of investigative due diligence to identify
the “capability element of fraud”. CTTMA Newsletter, 15(1): 1-12
Sawyer. L. B., Dittenhoffer M, A., & Scheiner. J. H. 2003. Sawyer’s internal auditing,
the practice of modern internal auditing. 5th ed. Florida: Institute of Internal Auditors.
Scharff, M. M. 2005. Understanding WorldCom’s accounting fraud: did groupthink play
a role? Journal of Leadership and Organizational Studies, 11 (3): 105-116.
Securities and Exchange Commission. 2003. Report of investigation by the special
investigative committee of the board of directors of WorldCom, Inc. Washington, DC.
(Online)
Available
from:
https://www.google.com/search?rlz=1C1RNVH_enZA631ZA631&ei=GftSXPqHN8isg
weLo5ioDQ&q=Securities+and+Exchange+Commission.+2003.+Report+of+investig
ation+by+the+special+investigative+committee+of+the+board+of+directors+of+Worl
dCom&oq=Securities+and+Exchange+Commission.+2003.+Report+of+investigation
+by+the+special+investigative+committee+of+the+board+of+directors+of+WorldCo
m&gs_l=psy-ab.3...1903643.1903643..1905071...0.0..0.0.0.......1....2j1..gwswiz.qAH95nOjgls/ (Accessed on: 2018-10-01)
Skilling v. US, 130 S. Ct. 2896 - Supreme Court 2010,
S v Brown (681/2013) [2014] ZASCA 217 (1 December 2014)
S v Gardener 2011 (4) SA 79 (SCA)
South Africa. 2001. Financial Intelligence Centre Act, No 38 of 2001. Government
Gazette, (438) 22886: 1-28. (Online) Available from:
http://saflii.org/za/legis/num_act/fica2001243.pdf/ (Accessed on: 2017-10-21)
South Africa. 2004. Prevention and Combating of Corrupt Activities Act, No 12 of
2004, Government Gazette, (466) 26311: 1-46. (Online) Available from:
https://www.saps.gov.za/dpci/downloads/prevention_combating_corrupt_activities_a
ct.pdf (Accessed on: 2017-10-21)
South Africa. 2008. Companies Act, No 71 of 2008, Government Gazette,
(526)32121: 1-172. (Online) Available from:
https://www.gov.za/sites/default/files/32121_421_0.pdf , (Accessed on: 2017-10-21)
34
Singleton, T. W. & Singleton, A.J. 2010. Fraud auditing and forensic accounting. 4th
ed. USA: Wiley.
Silver S.E, Fleming A.S, and Riley R.A. 2008. Preventing and detecting collusive
management fraud. The CPA Journal, 78 (10):46-48
US v. Ebbers, 458 F. 3d 110 - Court of Appeals, 2nd Circuit 2006.
Valukas, A. R. 2010. Lehman Brothers Holdings Inc. Chapter 11 Proceedings
Examiner’s Report. (Online) Accessed from:
https://old.datahub.io/dataset/lehman-brothers-report-valukas/resource/251fbd20a664-4cec-9796-b69d42f9452e/ (Accessed on: 2018-08-12): 4
Von Wielligh P., Prinsloo F., Penning G., Butler R., Nathan D., Kunz R., Motholo V.,
O’Reilly G., Rudman R. & Scholtz H. 2014. Auditing fundamentals in a South African
context. Oxford University Press. South Africa.
Votey, H. L., & Phillips, L. 1973. Social goals and appropriate policy for corrections:
An economic appraisal. Journal of Criminal Justice, 1: 219–240.
Wakefield, R. undated. No free lunches, a review of the law on corruption. The
Quarterly Law Review for people in business, 13(4):167 – 168.
Werksmans Attorneys. 2018. Companies Act No. 71 of 2008, Duties and Liabilities of
Directors.
(Online)
Accessed
from:
https://www.werksmans.com/wpcontent/uploads/2013/04/Director-duties-and-liabilities-FINAL-updatedelectronic.pdf/. (Accessed on: 2018-10-22).
Wolfe, D., & Hermanson, D. 2004. The fraud diamond: considering the four elements
of fraud. CPA Journal, 74(12):1-4
Wiggins, R., Piontek, T. & Metrick. A. 2014. The Lehman brothers’ bankruptcy an
overview. (Online) Available at: SSRN: https://ssrn.com/abstract=2588531/
(Accessed: 2018-08-22)
35