Jan 2006 cpaj cover - Nach LLC · when auditing in the presence of dark triad personalities ......

Mar2016CPAJCov1_Jan 2006 cpaj cover.qxd 2/25/16 1:03 PM

14 MARCH 2016 / THE CPA JOURNAL

InFOCUS

(01)_03-0216 Infocus_ Ramamoorti_Layout 1 3/3/16 2:29 PM Page 14

MARCH 2016 / THE CPA JOURNAL 15

Today’s Fraud RiskModels LackPersonality

Assessing the risk of fraud requires auditors to havean understanding of which individuals are most like-ly to commit fraud. The FBI has averred that psy-chopathy is a crucial concept for understanding

white-collar crime in the current business environment (see“Psychopathy: An Important Forensic Concept for the 21stCentury,” Paul Babiak, et al., FBO Law Enforcement Bulletin,July 2012, https://leb.fbi.gov/2012/july/psychopathy-an-impor-tant-forensic-concept-for-the-21st-century). More generally,the existence and prevalence within the executive ranks ofso-called “dark triad” personality types challenge the logicof applying the most commonly cited fraud risk models. Eventhe well-known Cressey Fraud Triangle, which has been inte-grated into professional standards, may not be very helpfulwhen auditing in the presence of dark triad personalities(Edwin Sutherland and Donald Cressey, “Why Do TrustedPersons Commit Fraud? A Social-Psychological Study ofDefalcators,” Journal of Accountancy, November 1951).

IN BRIEF

Recent behavioral science research on abnormal person-ality types may have a major impact on the practice ofauditing. This article discusses the possible prevalence of“dark triad” personality types within the executive ranks.The risk models currently used by the profession maybe insufficient for dealing with such abnormal personal-ities, for whom only opportunity may be necessary tocommit fraud. The authors suggest factoring in execu-tives’ personality types and the resultant behavioral/integri-ty risks as an integral part of risk assessment.

By Barry Jay Epstein and Sridhar Ramamoorti

Auditing with ‘Dark Triad’ Individuals in the Executive Ranks



What Is a Dark Triad Personality?

Recent research in personality psy-chology has identified at least threeabnormal (or deviant) personality types,whose behaviors may imply different riskprofiles for audit—and financial report-ing fraud—risk assessments, engagementplanning, and audit execution (see thedecade-long retrospective in AdrianFurnham, Steven C. Richards, andDelroy L. Paulhus, “The Dark Triad ofPersonality: A 10-Year Review,” Socialand Personality Psychology Compass,vol. 7, no. 3, 2013, pp. 199–216, aswell as Eric N. Johnson, John R. KuhnJr., Barbara A. Apostolou, and John M.Hassell, “Auditor Perceptions of ClientNarcissism as a Fraud Attitude RiskFactor,” Auditing: A Journal of Practice& Theory, February 2013, vol. 32, no. 1,pp. 203–219). These personality typeshave been named narcissism,Machiavellianism, and psychopathy—collectively termed “the dark triad.”

The narcissistic personality is charac-terized by grandiosity, pride, egotism,and a lack of empathy for others. Suchpersons are excessively preoccupied withpersonal adequacy, power, prestige, andvanity, and are mentally unable to seethe destructive damage they cause tothemselves and others. Historically, thiswas called megalomania, and it is anexaggerated variant of egocentrism.

The Machiavellian personality is char-acterized by the manipulation andexploitation of others, a cynical disregardfor morality, and a focus on self-inter-est and deception. Machiavellians aretemperamentally predisposed to be calculating, conniving, and deceptive, usingother people as stepping stones to reachtheir goals. Their tactics include charm,friendliness, self-disclosure, guilt, andpressure. Although they prefer to usesubtle tactics when possible to mask theirtrue intentions and provide plausibledeniability, they have been known to usepressure and threats when necessary.

Lastly, the psychopathic personality ischaracterized by enduring antisocialbehavior, impulsivity, selfishness, cal-lousness, and remorselessness.Psychopaths commonly exhibit glib-ness or superficial charm, a grandiosesense of self-worth, a heightened needfor stimulation and a low threshold forboredom, a pathological inclination forlying, a shallowness of emotionalresponse, a lack of empathy, a parasiticlifestyle, poor behavioral controls, a lackof realistic long-term goals, a failure toaccept responsibility for their actions, andcriminal versatility.

Of the three dark triad archetypes, thedarkest is psychopathy. Although the threepersonality types are distinct, some of thetraits are found in more than one profile,and over time there has reportedly been“construct creep,” which has been causedby the fact that the three concepts share aconceptual resemblance and becausetheir common measures overlap empiri-cally (Furnham et al., 2013).

Although the popular press has fre-quently classified certain malefactorswithin one of these types, those charac-terizations have rarely been based onactual psychological analyses. Utilizingexisting, reliable psychological instru-ments to identify these sets of behavioraltraits in real-world audit contexts may bethe biggest challenge facing the profes-sion in applying the dark triad theory toauditing risk assessment.

Prevalence of the Dark Triad in

Management

Examples of dark triad fraud perpe-trators abound. “Chainsaw Al” Dunlap,former CEO of Scott Paper and laterSunbeam Products, showed no com-punction in firing thousands of employ-ees and was characterized as apsychopath (Alan Deutschman, “Is YourBoss a Psychopath?”, Fast Company,July 2005, http://www.fastcompany.copm/53247/your-boss-psychopath; also,

Jon Ronson, The Psychopath Test: AJourney through the Madness Industry,Penguin Group, 2011). “Crazy” EddieAntar was a self-proclaimed psychopath,but he allegedly seized on that descrip-tion to obtain lenient sentencing for hisfraud (Al Lewis, “Psychos on WallStreet,” Wall Street Journal, March 3,2012, http://on.wsj.com/1mxrhIY).Aaron Beam, one of several HealthSouthCFOs who cooperated in that company’sfraud, labeled CEO Richard Scrushy a “sociopath” (John L. Smith,“HealthSouth Co-Founder Knows HowGreed Grows on You,” Las VegasReview-Journal, February 4, 2016),which in common parlance is used todescribe a milder version of the psy-chopath. Former Enron CFO AndrewFastow has been cited as being a nar-cissist (Charles Ham, Mark H. Lang,Nicholas Seybert, and Sean Wang, “CFO Narcissism and FinancialReporting Quality,” December 2, 2015,http://dx.doi.org/10.2139/ssrn.2581157).That name could apply to many perpe-trators of recent high-profile corporatereporting frauds, such as DennisKozlowski, who exhibited outsized needsfor luxury and ostentation. The late SteveJobs was hailed as Machiavellian “in thebest sense” (see comments by DanFraker in Del Thiessen’s blog post“The Machiavellian Tint of Steve JobsPart 1,” http://bit.ly/1PI763C), and indeed“good” Machiavellian behaviors, such asbeing able to convince others to followone’s lead, may be more welcomedamong management than the traits ofnarcissism or psychopathy.

Not surprisingly, however, evidencesuggests that corporate management con-tains a much higher proportion of darktriad personalities than the general pop-ulation (see Paul Babiak, Craig S.Neumann, and Robert D. Hare,“Corporate Psychopathy: Talking theWalk,” Behavioral Sciences and theLaw, vol. 28, pp. 174–193, 2010; and

InFOCUS



Sherree DeCovny, “The FinancialPsychopath Next Door,” CFA InstituteMagazine, vol. 23, no. 2, March/April2012). Given that psychopathy existson a continuum, Ronald Schouten spec-ulates that the incidence of subclinicalpsychopaths on Wall Street may top10%, with some studies suggesting anincidence rate of 5%–15% among stu-dents from the United States and Sweden(“Psychopaths on Wall Street,” HarvardBusiness Review, March 14, 2012;Ronald Schouten and James Silver,Almost a Psychopath, Hazelden/HarvardHealth Publications, 2012).

The apparent prevalence of psy-chopaths in corporate management sug-gests to the authors that auditors mightfind it useful to incorporate the “darktriad personality risk” factor into theirrisk assessments. To the extent that audi-tors remain uninformed about both thepossible presence of such personalitiesand the attendant implications of aheightened risk of fraud, they might failto appropriately compensate by expand-ing or altering audit procedures.

The three dark triad personality typesare thought to explain why some fraudperpetrators inherently are, or become,predators—persons who consciously seekout opportunities to commit fraud, oftenin serial fashion. This is in contrast to acci-dental or situational fraudsters, who suc-cumb to pressure—often, but notnecessarily, of a financial nature—and areable to rationalize atypical behaviors whenthe opportunity presents itself. JackDorminey, A. Scott Fleming, Mary-JoKranacher, and Richard A. Riley Jr. havehypothesized a distinction between acci-dental fraudsters and predators (“TheEvolution of Fraud Theory,” Issues inAccounting Education, vol. 27, no. 2, May2012), and furthermore posit that, overtime, even accidental fraudsters will exhib-it true predatory behavior if left unchecked,and in particular will no longer need torationalize their behaviors, which

become habitual. In sociology literature,this is referred to as normalization ofdeviance, or normalized deviance (DianeVaughn, Controlling UnlawfulOrganizational Behavior, University ofChicago Press, 1983). The transformation,over time, of an accidental fraudster intoa predator is a classic case of “a wolf insheep’s clothing” and could thereforepotentially escape detection.

Dark Triad Personalities and Fraud Risk Assessment Models

Generally accepted auditing stan-dards (GAAS) require that auditorsconsider the risk of fraud as part oftheir assessment of internal control risk.Although auditors can select from anumber of frameworks when assessingmanagement’s risk of fraud, AU-C sec-tion 240, “Consideration of Fraud in aFinancial Statement Audit,” adopts thewell-known “fraud triangle” model first

propounded by criminologists DonaldCressey and Edwin Sutherland more than60 years ago. This model theorizes thatthe confluence of three factors mayincrease the likelihood that fraud willoccur: a perceived need or pressure, aperceived opportunity, and the ability torationalize such behavior (see S.Ramamoorti and W. Olsen, “Fraud:The Human Factor,” FinancialExecutive, July/August 2007).

The logic of the Cressey model is man-ifest, even if direct observation of perceivedpressure or an ability to rationalize is almostimpossible. For example, consider a man-ager with a sick child needing expensivemedical treatments who sees an opportu-nity to perpetrate vendor fraud with thehelp of a friend outside the companybecause controls over ordering, receiving,and authorizing payments are weak. Theprospective fraudster—who has a normal,non–dark triad personality—needs the abil-

EXHIBITThe Collapse of the Fraud Triangle

Pres

sure

Traditional Fraud Triangle

Under Abnormal Personality Conditions

Collapses to a Single Dimension

Rationalization

Opportunity

Opportunity



ity to rationalize his theft and accompany-ing financial reporting fraud in order toresolve the resulting internal conflict, com-monly described by social psychologists asaffective-cognitive dissonance. This ratio-nalization often takes the form of seekingjust compensation for resentment over“unfair” pay raises or privileges grantedto others (see L. Festinger, “A Theory ofSocial Comparison Processes,” Human

Relations, vol. 7, no. 2, pp. 117–140, 1954).When these factors are aligned, fraud ismore likely.

It is now common practice for audi-tors, employing “checklists” or otheraids, to watch out for the elements of theCressey fraud triangle and use such indi-cations when making decisions about auditscope. Even if it were practical toobserve each of the three Cressey factors,however, the potential effects of abnormalpersonality types in key management posi-tions would still be left unexplored.

Concern about the applicability of tra-ditional models under abnormal person-ality conditions can be readily illustrated

using the fraud triangle. One could arguethat an aberrant personality would notneed to rationalize behavior, and in factmight not even require a perceivedneed or unshareable burden to engage infraud, only the opportunity (see MarthaStout, The Sociopath Next Door: TheRuthless Versus the Rest of Us,Broadway Books, 2005). In this extremecase, the fraud triangle might collapse to

a single dimension, with obvious andworrisome implications regarding theneed for effective controls (see theExhibit). For example, in the case of anormal personality, merely modest con-trols might be sufficient to eliminateobvious opportunities for fraud, becausean individual would still require both apressing need and the ability to ratio-nalize a dishonest act before committingfraud. On the other hand, if the subjectis a dark triad personality, only abso-lute absence of opportunity would serveas a barrier to fraud. Even then, an imag-inative and intelligent dark triad person-ality could well be capable of creating

opportunities where none might existotherwise.

The Cressey model is not unique inthis perceived limitation. Several extensionsor variations of the fraud triangle modelhave been proposed in the years since itwas first theorized, but even when the darktriad concerns have been noted, newerapproaches have not demonstrated howto fully address them. For example,David T. Wolfe and Dana R. Hermanson’sfraud diamond model adds a fourth dimen-sion, capability, to Cressey’s triad.Zabihollah Rezaee and Richard A. Rileyoffer the CRIME model, standing forcooks, recipes, incentives, (lack of) mon-itoring, and end results (FinancialStatement Fraud: Prevention andDetection, 2nd Ed., Wiley, 2009). ACrowe Horwath white paper(http://bit.ly/1mIk1Kq) put forth the fraudpentagon, consisting of the Cressey trioplus arrogance and competence (orWolfe and Hermanson’s diamond plusarrogance). The respected textbookForensic Accounting and FraudExamination, coauthored by ACFEFounder and Chairman Joseph T. Wells,uses the acronym MICE, which stands formoney, ideology, coercion, and ego (orentitlement) (Forensic Accounting andFraud Examination, Wiley, 2011).

Additionally, “The Evolution of FraudTheory,” referenced above, offers a“metamodel” of white-collar crime thatincorporates the fraud triangle but urgesthe formal consideration of otherbehavior and decision models affectingthe classic three factors. Most recently,Tim V. Eaton and Sam Korach have fur-ther elaborated on this metamodel,exploring literature from other disciplinesin order to better identify criminologi-cal personality profiles and to incorpo-rate different behavioral features thatapply to white-collar fraud (“ACriminological Profile Of White-CollarCrime,” The Journal of Applied BusinessResearch, vol. 32, no. 1, pp. 129–142,

InFOCUS

Recent research in personality

psychology has identified at

least three abnormal personality

types, whose behaviors may

imply different risk profiles

for audit risk assessments,

engagement planning,

and audit execution.



InFOCUS

January/February 2016). But none of theabove models and frameworks (withthe possible exception of the just-pub-lished Eaton and Korach article) attemptto distinguish, in terms of the assessmentof fraud likelihood, normal and abnor-mal actors in positions with high fraudrisk susceptibility.

Personality-based risk factors aretherefore not typically considered by audi-tors; the susceptibility of a manager or

other employee is implicitly presumed tobe that of a normal personality type. Noattempt is made to fine-tune the model toaddress increased likelihood of fraud bythose with abnormal personality traits. Inessence, the extant internal controlframeworks and risk assessment tools are“people-neutral,” indifferent to the per-sonalities and motivations of those whocommit fraud. Although this is historical-ly understandable, it means that under cer-tain circumstances control risk assessmentsmay inadequately capture the true risk offraud. Incorporating management person-ality factors into audit and control riskassessments could potentially enhance

the detection of financial reporting fraud. In order to fully employ a risk-based

auditing strategy, as mandated by thePCAOB, all factors contributing to riskmust be understood, addressed, and, ifpossible, systematically measured—including the impact of deviant person-alities. In the authors’ opinion, thisrepresents a major opportunity for theprofession to improve the effectivenessof audits, as well as internal controls and

other systems and procedures. Fraud riskassessment based on abnormal person-ality factors could represent a significantbreakthrough.

How Auditors Can Address Dark Triad Personalities

As a first step, practicing auditors—including current accounting students,who have a unique opportunity to expandtheir auditing knowledge base—shouldstrive to become educated about abnor-mal personalities and their potentialimpact on audit risk. This will require anew focus on areas that so far have playedlittle or no part in accounting curricula.

Many practitioners and academics maysee these areas as hardly relevant to themainstream concerns of accounting andauditing, and may therefore be resistant;however, the profession’s experience infinding, and, more importantly, in failingto find, evidence of fraud puts the lie tothat assumption. As little as one targetedcollege course, or the equivalent amountintegrated into several classes, couldconvey a decent understanding of behav-ioral cues and personality diagnoses,which could then be used in actual auditsettings. (For further discussion, seeSridhar Ramamoorti, “The Psychologyand Sociology of Fraud: Integrating theBehavioral Sciences Component intoFraud and Forensic AccountingCurricula,” Issues in AccountingEducation, vol. 23, no. 4, pp. 521–533,2008; and Sridhar Ramamoorti, D. E.Morrison, J. W. Koletar, and K. R.Pope, A.B.C.’s of Behavioral Forensics:Applying Psychology to Financial FraudPrevention and Detection, Wiley, 2013).In the authors’ opinion, a better under-standing of personality characteristics,even informally or partially implementedby auditors, could lead to significantimprovement in fraud risk assessmentsand audit scope decisions. Later, asmore sophisticated, formalized practicescome into use, further improvements tofraud risk assessment processes in evenroutine financial audits are almost certain.Furthermore, a focus by auditors on per-sonality factors is unlikely to go unnoticedby potential dark triad personality types,and the heightened “perception of detec-tion” may itself potentially serve as adeterrent.

Secondly, at least in the near term,auditors must develop and fine-tunefraud risk assessment tools to cope withthe possibility of managers with abnor-mal personality profiles in positionswhere fraud could take place (i.e., man-agers in the “financial reporting supplychain”) and go undetected. These toolsshould be designed to identify these

Evidence suggests that

corporate management contains

a much higher proportion

of dark triad personalities

than the general population.



deviant personalities and adjust audit riskassessments to reflect their potentialimpact on the entity’s financial report-ing. Such observational or measure-ment techniques would ideally beunobtrusive, but that may be easier saidthan done.

The Need for Further Research

A number of instruments for the mea-surement of narcissism, Machiavellianism,and psychopathy exist, in some cases test-ed and validated in research conductedover many years. For example, theNarcissistic Personality Inventory, theFive-Factor Narcissism Inventory, theMachiavellian Personality Scale, thePsychopathy Checklist (Revised), and theShort Dark Triad (SD3) have all beenwidely employed, albeit not in auditenvironments. Although selection fromamong these would be ideal, it is also pos-sible that an amalgamation of these tools,or the informed development of a newset of tools, might be required to meetthe unusual, and probably challenging,requirements of the auditing profession.It will take careful research to determinewhether these tools will in fact be usefulin increasing detection and lessening over-all occurrence of financial reporting fraud.

The biggest challenge will be to devel-op inconspicuous ways to analyze the per-sonalities of at-risk individuals. Unlikebehavioral scientists’ typical subjects—thebeloved college sophomores looking toscore some easy extra credit—corporateexecutives will almost certainly resist andresent receiving multiple-item question-naires concerning abnormal personalitytraits or the proclivity to perpetrate fraud.Behavioral scientists and auditing profes-sionals will have to work together to devel-op new tools in order to accomplish suchdiagnostic exercises, taking into accountthe existence of the powerful “social desir-ability of responses” bias. Once that isdone, a means for drawing operationalinferences from the results of those exer-

cises will need to be developed. For exam-ple, if a given CFO scores high on the nar-cissism scale, there will need to be amechanism to combine this insight withother risk assessment data so thatplanned auditing procedures can be alteredaccordingly. Indeed, at some point the pro-fession may have to choose, as a solutionto personality-driven fraud risks, whetherto change auditing procedures or simply

to conduct “more auditing.” This of courseis not a new problem; the standard math-ematical audit risk model does not speci-fy how much “more auditing” should beperformed for a given amount of additionalassessed risk (inherent risk or control risk),and there is no reason why the risk of darktriad personalities would be any different.

Thinking Outside the Box

While factoring in deviant personalitiesmight seem too out-of-the-box for pro-fessional accountants, the emerging fieldof behavioral forensics provides insightsinto how and why people commit fraud.The profession cannot afford to ignore the

significance of behavioral and integrityrisks in management as part of a fraudrisk assessment. The well-known CresseyFraud Triangle is too basic and does notconsider abnormal or deviant personali-ties, for whom neither perceived pres-sure nor the need to rationalize matter.Instead, for the dark triad personality,the three vertices of the triangle collapseinto one: opportunity. Auditors need to be

aware of this, and to the heightened riskof fraud when one or more members ofmanagement falls into one of the darktriad personalities. After all, it is peoplewho commit fraud: internal controlsshould not be people-neutral, and neithershould be the auditing profession. q

Barry Jay Epstein, PhD, CPA, CFF,is a principal at Epstein + Nach LLC,in Chicago, Ill. Sridhar Ramamoorti,PhD, CPA, CFE, CFF, MAFF, is anassociate professor in the school ofaccountancy and director of the corpo-rate governance center at KennesawState University, Kennesaw, Ga.

The transformation, over time,

of an accidental fraudster into

a predator is a classic case of

“a wolf in sheep’s clothing”

and could therefore potentially

escape detection.


Jan 2006 cpaj cover - Nach LLC · when auditing in the presence of dark triad personalities ......

Documents

Transcript of Jan 2006 cpaj cover - Nach LLC · when auditing in the presence of dark triad personalities ......