Before I start, let me explain that in this blog I will not provide any answers to the phrase “Deeper Understanding of Fraud Schemes.” Rather, I will only raise questions regarding the phrase. To be honest, If I was a CAE, I am not sure what the profession wants me to do.
With that said, I praise the profession in recognizing the importance of gaining a deeper understanding of fraud schemes facing our companies. Maybe, I am talking out of both sides of my mouth. Remember, my blogs are designed to make you think.
So, think about this: Fraud is not predictable as to when it will occur but is fairly straight forward as to how it will occur.
Internal Audit Standards 2025: Fraud Responsibilities
To repeat myself from the January blog: I searched on “new IIA standards and fraud responsibilities summary” and here is what the AI provided.
The new IIA (Institute of Internal Auditors) Global Internal Audit Standards place a significant emphasis on internal auditors actively assessing and mitigating fraud risk within an organization, requiring them to take a more proactive approach to fraud detection and incorporate a deeper understanding of potential fraud schemes into their audit planning and execution; this aligns with the broader responsibility of the internal audit function to support strategic objectives and contribute to the organization's overall success beyond just financial controls.
What does a deeper understanding of potential schemes exactly mean?
Okay, I should be excited by this phrase because I have been writing about fraud risk statements for a long time. Unfortunately, I am nervous for all my CAE friends. As I stated, there will be no answers in this blog, just questions. So, here are some of the questions, I think you need to consider:
1. Do I need a better description of fraud schemes in my work papers?
2. Do I need to document in my workpapers all the fraud schemes within my scope?
3. Should I explain how the fraud scheme is being concealed --or, as I like to say, create the illusion that the transaction fully complies with all of our internal controls?
4. Should we shift our focus from a control perspective to an occurrence perspective?
5. Should I explain how the scheme could occur in our company?
6. Should I describe the scheme from a data-perspective?
7. Should I think like a prosecutor in documenting the elements of the fraud scheme?
8. What degree of confidence must you have in your audit procedures to detect the occurrences of the fraud scheme?
9. Is a test of controls sufficient to detect the fraud scheme?
10. Does he word “execution” means audit program?
Let me illustrate the problem of “deeper understanding”
In my opinion, a pass-through scheme is most likely occurring in every major organization in some capacity. If you are conducting an expenditure audit, purchasing audit or an accounts payable audit you should consider the likelihood of this scheme occurring in your company. To repeat myself from prior blogs, this scheme can comply with all of your internal controls and yet be occurring right under your nose.
My opinion on the likelihood is not based on any scientifically collected data but rather thinking about fraud as a business versus a crime. So, here is my description of the fraud scheme:
The shell company pass-through scheme is composed of three companies. There are two primary permutations of the shell company pass-through. The first company is your company, the second company is the shell company, and the third company is a real supplier. The shell company is either controlled by an internal person or by a salesperson at the third company, which is the supplier of the goods. Each version has a similar but different fraud data profile. In the false entity scheme both the entity and transaction analysis may be effective in locating the shell company.
Now, please rate my description as to a “deeper understanding.” Let’s critique my description.
1. Did you know that there are over 25 permutations of shell companies?
2. Did you know that an outside salesperson may have created the shell company for the purpose of selling to your company?
3. Did you know that this maybe a kickback scheme versus an asset misappropriation scheme?
4. Did you know that the shell company could be a shelf company or an identify theft company?.
5. Should we identify where our company is most vulnerable to this fraud scheme?. –(The proverbial how and where question.)
6. Should we describe the common concealment techniques?
7. Should we discuss, who could commit this scheme in your company?.
8. Should we limit our review to direct access to the data files, or should we consider indirect access to the data files? Do you know what this means?
9. Does it matter if the scheme is occurring within service expenditures or tangible goods?
10. Did your company create the shell company to meet minority business rules or to launder funds for the purpose of paying a bribe?
My opinion on the subject of "Deeper Understanding of Fraud Schemes"
Let’s be honest, our profession never wanted the auditor to be responsible for detecting fraud in the context of an audit. We prefer to say we will assess management’s fraud risk management program or assess the adequacy and effectiveness of management's internal controls. We created phrases like “fraud prevention internal controls”. But fraud prevention is nothing more than internal controls as described by COSO.
If you study the progression of audit responsibility for fraud from the late 80’s to current date, you will see a continued progression of audit having greater responsibility for preventing and detecting fraud in core business systems. CPA’s are now responsible for detecting fraud in financial statements that have a material impact. Consequently, they need to better understand the potential financial statement fraud schemes.
So, as we take the step to a “deeper understanding of fraud schemes” we will need to invest in the research and publication of this information. After all, you are not born with this knowledge, which is why I have often distinguished between the science of fraud and the practical application of the science of fraud.
Famous diaries that seem to be forgeries
Can you list some of the more famous diaries that seem to be forgeries?
1. Donation of Constantine
2. Shakespeare Lost Play
3. Lincoln's Love Letters
4. Hitler's Diaries
5. Howard Hughes Autobiography
6. Jack the Rippers Diary
7. Mussolini’s Diary
8. Protocols of the Elders of Zion
Source NOVA Home Page / Viking Home Page
For fun, how do you spell or say fraud in the following languages?
1. Polish
2. Arabic
3. Russian
4. Japanese
5. Persian
6. Serbian
7. Irish
