Trust Is Not a Control Mechanism!

Trust is not a control mechanism!

Hasan Alsancak, 08.01.2025

One of the phrases often heard in corporate life: “We are a family, it does not happen here!” Although this phrase is meant well, it is extremely dangerous and flawed from a risk management perspective.

One of the facts observed in the ACFE’s (Association of Certified Fraud Examiners) “Report to the Nations” studies is that approximately 5% of organisations’ revenues are lost due to fraud. approximately 5% of their revenues due to fraud a15> losses trillion dollars level measured (Rasheed et al., 2023). Moreover this cases large portion, institution from within, “trusted” by individuals within the organisation carried out (Denman, 2019; Rasheed et al., 2023).

Trust is important, but trust is not a control mechanism either.

Why is “trust” alone not enough?

Teams in small and medium-sized enterprises are often formed based on kinship, friendship or long-standing working relationships. This structure naturally creates an environment based on “family culture”, “cordiality” and “high trust”.

At this point, you often hear the following sentence:

“We are a family, it doesn’t happen in our family.”

The intention is often positive. However, research shows that this very statement is repeated more frequently in environments where the risk of abuse is systematically underestimated. If internal control and management oversight are weak, the emphasis on “family” can create an unregulated area rather than a safe culture (Bunn et al., 2019).

ACFE data based studies indicate that the “we are one family” approach prevails in small businesses:

• Fraud was only later noticed,
• The losses are even higher than that,
• The discovery is often left to chance.

reveals (Tysiac, 2012; Bunn et al., 2019).

In other words a statement:

• “We are a family,” they say, but if there is no control,
• Tasks if not separated,
• If tasks are left to one person on the assumption that “they’ll sort it out anyway,”

What emerges is not a strong sense of belonging, but rather a critical control gap.

What do the data say?

In reports based on ACFE’s global field studies:

• In the cases studied the total losses amounted to billions of dollars at the level of,
• In a significant proportion of cases the main factor is internal control weaknesses the primary cause of failure is internal control weaknesses the main factor is internal control weaknesses,

Cases show a significant proportion have no control mechanism in place is observed (Denman, 2019; Padgett, 2015; Skoczylas-Tworek, 2022).

A review based on the 2018 report shows that internal control weaknesses played a role in nearly half of the cases, while in 30% of cases, a complete lack of control paved the way for abuse (Denman, 2019). The finding is clear: Saying “I trust my team” is not the same as doing nothing in terms of risk management, but it often has the same effect.

Effective ones what? Concrete controls and systems

Studies show that certain controls significantly reduce the amount and duration of abuse:

• Hotlines: In regression analyses based on ACFE data, the existence of hotlines reduces the median amount of fraud by approximately 54% (Peltier-Rivest & Lanoue, 2015).
• Unannounced auidits: Surprise inspections also have a significant loss-reducing effect and are statistically significant controls (Peltier-Rivest & Lanoue, 2015).
• Education and ethics/fraud awareness programmes: Increase the likelihood of detecting misconduct and reduce losses (Peltier-Rivest & Lanoue, 2015; Denman, 2019).
• Internal audit and robust internal control environment: Effective internal control and robust internal audit functionality, both internal operations efficiency and also prevention of abuse capacity increased is shown (Denman, 2019; Ziorklui et al., 2024).

Trust is required where: Ethical culture + personal integrity

Modern fraud theories (fraud triangle, hexagon, etc.) focus on factors such as “pressure, opportunity, and rationalisation” (Kagias et al., 2021; Hikmah & Wondabio, 2023; Rasheed et al., 2023). New approaches, however, add the dimension of “integrity” to these elements and propose the “fraud square” model: a strong ethical culture and employees’ personal integrity are critical factors that reduce the likelihood of fraud (Saluja et al., 2021) .

Without a culture of trust and integrity, even the best controls can be bypassed.
But if there is only trust and no control, the opportunity factor is maximised.

Corporate activities, well designed internal control system and well a9> implemented corporate governance (good corporate governance) mechanisms, reduce the risk of misuse and management board, audit committee, internal audit such as structures play a critical role at this point a28> plays at this point (Efendi et al., 2024; Anisykurlillah et al., 2022; Nindito et al., 2025; Maulidi, 2022).

Organisations leaders and managers what should they do?

ACFE, organisations “have to do more with fewer resources” crisis periods internal control and compliance functions should not be weakened is particularly emphasised (Kagias et al., 2021; Padgett, 2015; Skoczylas-Tworek, 2022).

Leaders for a practical framework:

1. Define trust as a cultural value, not as a substitute for control. Frame policies and procedures as a standard of professionalism, not as a sign of mistrust.
2. Apply the minimum control set:
   • Separation of duties,
   • Approval mechanisms,
   • Access and authorisation controls,
   • Whistleblower hotline and anti-retaliation policy
   • Periodic internal audits and unannounced inspections (Peltier-Rivest & Lanoue, 2015; Denman, 2019; Ziorklui et al., 2024).
3. Fraud prevention: clarify your strategy: Conduct a fraud risk assessment, based on the results accordingly updating the controls as necessary, Do not leave internal audit solely “on paper” (Denman, 2019; Hikmah & Wondabio, 2023; Skoczylas-Tworek, 2022).
4. Small businesses should not fall into the misconception that “it won’t affect us”. Research shows that small businesses apply fewer controls and more abuses and detect abuses more frequently by chance shows (Tysiac, 2012; Bunn et al., 2019).

Conclusion:
Trust, teamwork and commitment are indispensable for. However trust alone does not replace control over holds what does company internal misuse risk reduces.
Professional organisations use “trust in people and trust in the system” with “trust in the system trust” together constructs: Trusts people trusts, the system is based on data, control and transparency.
Protect trust, but always support it with controls!

Summary Table: Trust vs. Control

Table 1: Summary on trust and control’s impact on fraud risk

References

Kagias, P., Cheliatsidou, A., Garefalakis, A., Azibi, J., & Sariannidis, N. (2021). The fraud triangle – an alternative approach. Journal of Financial Crime. https://doi.org/10.1108/jfc-07-2021-0159

Peltier-Rivest, D., & Lanoue, N. (2015). Cutting fraud losses in Canadian organizations. Journal of Financial Crime, 22, 295-304. https://doi.org/10.1108/jfc-11-2013-0064

Denman, D. (2019). 2018 REPORT ON OCCUPATIONAL FRAUD: RESULTS AND HOW COMPANIES CAN PROTECT THEIR ASSETS. Journal of Accounting and Finance. https://doi.org/10.33423/jaf.v19i4.2175

Efendi, H., Sayekti, Y., & Irmadariyani, R. (2024). Organizational Culture, Internal Auditors, and Fraud Prevention with Internal Control and Good Corporate Governance as Intervening. Wiga : Jurnal Penelitian Ilmu Ekonomi. https://doi.org/10.30741/wiga.v14i1.1031

Tysiac, K. (2012). Small Businesses, Big Risk: Fraud Controls Lacking at Organizations with Fewer Than 100 Employees. Journal of accountancy, 214, 38.

Anisykurlillah, I., Januarti, I., & Zulaikha, Z. (2022). The role of the audit committee and employee well-being in controlling employee fraud. Journal of Governance and Regulation. https://doi.org/10.22495/jgrv11i4art16

Padgett, S. (2015). About the Association of Certified Fraud Examiners and the Report to the Nations on Occupational Fraud and Abuse. **, 239-242. https://doi.org/10.1002/9781118929773.oth1

Hikmah, A., & Wondabio, L. (2023). Evaluasi Peranan Audit Internal pada Penerapan Strategi Anti Fraud. Owner. https://doi.org/10.33395/owner.v7i4.1657

Nindito, M., Avianti, I., Koeswayo, P., & Tanzil, N. (2025). Guardians of integrity: Exploring the role of corporate governance in preventing financial statement fraud. Journal of Governance and Regulation. https://doi.org/10.22495/jgrv14i1art10

Bunn, E., Ethridge, J., & Crow, K. (2019). Fraud in Small Businesses: A Preliminary Study. Journal of Accounting and Finance. https://doi.org/10.33423/jaf.v19i3.2030

Skoczylas-Tworek, A. (2022). FRAUD RISK IN TIMES OF CRISIS AND THE DEVELOPMENT OF ITS MITIGATION TOOLS. Zeszyty Naukowe SGGW, Polityki Europejskie, Finanse i Marketing. https://doi.org/10.22630/pefim.2022.28.77.20

Maulidi, A. (2022). Philosophical understanding of the dynamics and control of occupational fraud in the public sector: contingency analysis. International Journal of Ethics and Systems. https://doi.org/10.1108/ijoes-04-2022-0078

Ziorklui, J., Ampofo, F., Nyonyoh, N., & Antwi, B. (2024). Effectiveness of internal controls mechanisms in preventing and detecting fraud. Finance & Accounting Research Journal. https://doi.org/10.51594/farj.v6i7.1322

Saluja, S., Aggarwal, A., & Mittal, A. (2021). Understanding the fraud theories and advancing with integrity model. Journal of Financial Crime. https://doi.org/10.1108/jfc-07-2021-0163

Rasheed, F., Said, J., & Khan, N. (2023). EVOLUTION OF FRAUD-RELATED THEORIES: A THEORETICAL REVIEW. Journal of Nusantara Studies (JONUS). https://doi.org/10.24200/jonus.vol8iss3pp322-350