There is good well-supported research that provides ample information and statistics about fraud – who commits it, their state of mind, and how to reduce the risk.

Who are the perpetrators of fraud?

According to research conducted by KPMG on Global Fraud Patterns:
  • 40% of fraud is committed by people 36-45
  • 85% of fraud is committed by men
  • 82% of fraud is committed by management or higher (29% by management, 35% by senior management, 18% by the board)
  • 90% of fraud is committed by people that have been with the company for over 3 years (29% 3-5 years, 27% 6-10 years, 33% more than 10 years)
  • 32% of fraud is committed by the finance department, 25% by operations, and 26% by the CEO’s office.
  • 74% of fraud exploits weak internal controls
  • It takes about 4 years to detect the fraud in the emerged economies (4.2 years in North America, 4.3 years in Australia, 3.7 years in Western Europe, and 5 years in Asia)
In other words, fraud is committed by men over 30 in a management position that have been with the company long enough to know how it works, and exploit weak internal controls. And they can get away with it for about 4 years.
Another point made in the report is that: “more interesting is how the failure to initially respond to red flags and lapses in internal controls were an increasing contributor to enabling the fraud to occur.”
Other research estimates that 5 percent of the population will commit fraud regardless of the circumstances, 10 percent of the population will not commit fraud under any circumstances, and the remaining 85 percent of the population will commit fraud given certain conditions. These conditions consist of a need, perceived opportunity and the ability to rationalize fraudulent behavior. These circumstances are more commonly known to practitioners as the “fraud triangle” of incentives/motives, opportunities, and attitudes/rationalizations.

The Fraud Triangle

The Fraud Triangle (attributed to Donald Cressey) describes three factors that are present in every situation of fraud:
  • Motive or pressure – the need for committing fraud (need for money, etc.)
  • Rationalization – the mindset of the fraudster that justifies them to commit fraud
  • Opportunity – the situation that enables fraud to occur (often when internal controls are weak or nonexistent).
To break the fraud triangle and reduce the risk of fraud, one of the elements of the triangle must be removed.


It is extremely hard if not impossible to completely prevent fraud. It is, however, relatively easy to dramatically reduce it.
In the database arena, Database Auditing is the most effective means of reducing fraud. This effectiveness is due to these three lines of defense:
  • Deterrence – Most of the 85% of the population that will commit fraud given the right conditions are not likely to do so when their activity it recorded
  • Red Flags – A fraudster is likely to “test the waters” before committing a major violation. Intelligent auditing tools can assist in flagging unusual activity. Following up on these red flags is likely to prevent a real incident
  • Detection – Intelligent auditing tools can assist in a timely detection of fraud, thereby significantly reducing (or eliminating) the associated costs
Core Audit has all these capabilities.

What's next?

I want to know more about Core Audit!
Great! Here are a few options:
  • Read more about Core Audit features, reports, etc.
  • Try our Online Demo and play with Core Audit right now
  • Ask for a Personal Demo from one of our experts and get all your questions answered
  • Download a Free Trial and experience Core Audit on your systems
I only want more information, not a product
Not a problem, here is a list of relevant pages, and we are always available to answer any question
  • Hackers – Read
  • Intelligent Auditing – Read
  • Rationalizing Oracle database auditing – Read
  • Incident investigations and forensic analysis – Read
  • Large security scope in Oracle databases – Read
  • Cost of a database breach – Read
  • Oracle database security – Read