As per the commonly understood fraud triangle there, are three typical components why someone would commit a fraud scheme: motive, opportunity, and rationalization. While motive and rationalization are factors that could be limited to individual behavior and psychology, opportunity is something your internal controls can and should account for.
Within rationalization, anyone involved in a fraud scheme needs to have the ability and opportunity to conceal and commit fraud. There is a direct relationship between having the opportunity to commit fraud and having the ability to conceal the fraud and so auditors need to consider both opportunity and the ability to conceal in the design of an audit plan.
Knowing which common concealment strategies might have been deployed by any given fraud scheme is an essential part of any approach to preventing and detecting fraud. Let’s examine concealment in more detail.
Just as fraud scenarios are ever changing with the circumstances of your organization and wider industry, so concealment strategies are constantly adapting. The very nature of fraud concealment strategies is unpredictable but knowing the basics can help you better identify fraud schemes as they occur and will allow you to be more agile when approaching complex fraud scenarios.
Some common fraud concealment strategies can be quite simple – for instance during false vendor-billing schemes, the fraudster might employ the use of false documents, representations, and approvals to hide the fraudulent nature of their activity.
This is not to say that all concealment strategies are simple. Indeed, while many have red flags that teams can search for not all concealment strategies have obvious red flags that can be observed. The complex nature of fraud, and result fraud scenarios, often means that with a traditional approach to fraud some schemes are missed entirely – this is where a fraud-based approach to fraud detection really comes into its own
Red Flags in Straight Forward Scenarios
Where a concealment strategy is a tool used by a perpetrator to hide the truth, red flags are tools at auditor’s disposal to be used to unmask the truth. For the most part, red flags are events or conditions that, when met, can indicate fraud. When we refer to red flags in a fraud scenario we are looking at indications about how fraud has been concealed in data, documents, controls or behavior.
While fraud red flags are often present when fraud is occurring, it is worth noting that the existence of these red flags is not necessarily confirmation of fraud. Similarly, an important point to understand is that not all red flags are made equal and the weighting a red flag has can often indicate the predictability of fraud.
Since red flags and concealment strategies are two sides of the same coin, it follows that red flags are as non-absolute as the strategies they seek to find.
There are two types of red flags:
- Trigger flags: This is an indicator that will normally be associated with fraud and is enough to warrant further steps taken by an auditor to determine whether a fraud scenario is taking place. In any given scenario there will normally be between one and three triggered red flags. In simple cases of false billing schemes, these might be the absence of a vendor phone number, sequential invoice patterns from a vendor or even the absence of a vendor physical address.
- Awareness red flags: This indicator is sometimes (but not always) associated fraud. This will not normally be enough to require an auditor to take additional steps but may raise suspicion. It is at the auditor’s discretion as to whether it is necessary to instigate further. These can be small, and as simple as no website address being provided on a vendor invoice or a document being partially or entirely handwritten.
Fraud Prevention & Detection
Knowing when and how fraud can occur starts with fraud risk statements. There’s no need to start from scratch when it comes to providing your team with fraud risk statements – we can provide you with the most comprehensive listing of fraud risk statements that have been created to allow for the immediate generation of a unique fraud risk register for your organization.
Auditors may feel they’re often one step behind when it comes to fraud – in a way they are, since any perpetrator has had time to conceal their tracks – but the fast generation of fraud risk registers while developing your fraud audit program is precisely how you can stay one step ahead.