Words have power, but words can also create confusion.
One of my personal complaints about the professional literature regarding terms used to describe fraud risk. We use so many terms interchangeably that I believe it creates confusion. Let’s try to cut through that confusion by implementing better definitions.
For instance, what is the difference between a fraud scheme, a fraud scenario, a fraud risk statement and a fraud risk?
And, is the phrase “fraud scheme” the correct phrase for our profession? I raise this question because the new standards use the phrase “fraud scheme”.
Fraud Auditing, Detection, and Prevention Blog
Leonard W. Vona
Recent Posts
What is a Fraud Scheme?
Apr 24, 2025 11:57:52 AM / by Leonard W. Vona ...
Gaining a Deeper Understanding of Fraud Schemes
Mar 13, 2025 4:00:00 PM / by Leonard W. Vona posted in Fraud Schemes, Fraud Auditing, ...
Before I start, let me explain that in this blog I will not provide any answers to the phrase “Deeper Understanding of Fraud Schemes.” Rather, I will only raise questions regarding the phrase. To be honest, If I was a CAE, I am not sure what the profession wants me to do.
With that said, I praise the profession in recognizing the importance of gaining a deeper understanding of fraud schemes facing our companies. Maybe, I am talking out of both sides of my mouth. Remember, my blogs are designed to make you think.
So, think about this: Fraud is not predictable as to when it will occur but is fairly straight forward as to how it will occur.
Proactive Approach to Fraud Detection: A New State of Mind
Feb 24, 2025 7:19:20 PM / by Leonard W. Vona posted in Fraud Auditing, Fraud Detection, ...
Many years ago, the IT auditor was created. In fact, I was an IT auditor in 1979. For the last 40 years, however, I have been a fraud auditor. Unfortunately, unlike IT, the profession does not recognize the title of fraud auditor.
In my opinion, it is time for the title of Fraud Auditor to be created and recognized by the profession. Auditors are not born with fraud risk or fraud audit knowledge or fraud skills. I suspect that college courses are not designed to provide this knowledge. If the profession is serious about a “more proactive approach to fraud detection” it is time to recognize that this will require auditors to develop and gain a new set of skills. I recommend that every audit department invests in human fraud risk intelligence.
Is Fraud Auditing About Mitigating or Managing Risk?
Jan 18, 2025 8:27:17 AM / by Leonard W. Vona posted in Fraud Risk Statements, Fraud Auditing, ...
Current audit standards call for us to use a mitigation standard when it comes to audits This means that unless you want to be an outlaw, your assessment will end with mitigate. However, the question I want you to ask yourself is, right now do we have enough information to properly assess the mitigate question?
A New Model for Assessing Fraud Risk Management
Dec 19, 2024 9:06:14 PM / by Leonard W. Vona posted in Fraud Risk Identification, Fraud Auditing ...
Let me introduce a new model for assessing fraud risk mitigation. Before you read my blog, remember sarcasm is good, if it makes you think. Remember our theme, to look behind the curtain. The curtain is the current professional audit standards.
Where are the Fraud Risk Professional Standards?
Nov 15, 2024 2:49:05 PM / by Leonard W. Vona posted in Fraud Risk Statements, Fraud Risk Identification, ...
We're continuing with my thought process of looking behind curtains in fraud risk, but with a slight change. This time, we're looking behind a new curtain.
Looking Behind a New Curtain to Improve Fraud Risk Assessment
Oct 18, 2024 8:15:00 AM / by Leonard W. Vona posted in Fraud Auditing, Fraud Detection, ...
This month I will present at a conference a new approach to fraud risk assessment. It is the cumulation of my 40 years of experience in building the fraud audit model.
A Peek Behind the Curtain to Look at Account Take Over Attacks
Sep 17, 2024 1:20:02 PM / by Leonard W. Vona posted in Fraud Auditing, Cyberattack, ...
Businesses face a growing threat of account take over attacks as fraudsters become more sophisticated and take advantage of advances in technology. This week, we're pulling back the curtain to take a closer look at them and how to add this to your fraud protection strategy.
Fraud Trivia: Phishing
Phishing is a prevalent type of social engineering that aims to steal data from the message receiver. Typically, this data includes personal information, usernames and passwords, and/or financial information. Phishing is consistently named as one of the top 5 types of cybersecurity attacks.
An Analysis of Modern Internal Control Structures and Their Efficacy
Aug 21, 2024 8:25:58 PM / by Leonard W. Vona posted in Fraud Auditing ...
The theme of the last three blogs was “look behind the curtain” in order to tell the fraud story. Upon reflection, maybe I did not tell the entire fraud story. Maybe, I did not look behind the right curtain. So, this month, we are going to look behind a different curtain.
What’s Behind the Internal Control Curtain? Is it a Fraud Story?
Jul 22, 2024 2:49:59 PM / by Leonard W. Vona posted in Fraud Schemes ...
This month, we're pulling back the curtain again to take a look at a look at what could be going on even when everything seems to be fine on the surface. We'll consider what can happen despite the appearance of effective internal controls and how to uncover it.