Fraud Auditing, Detection, and Prevention Blog

Hidden Entity Scheme

Aug 29, 2019 3:25:52 PM / by Leonard W. Vona

At the June 2019 ACFE conference I spoke about Fraud Data Analytics (FDA): How to Locate Complex Vendor Overbilling Fraud Risk Statements. My sessions were sold out, so for those unable to hear my presentation I am writing three blogs that explain three of the four fraud risk statements I covered: Price inflation scheme: hidden entity scheme and the pass-through scheme. The fourth fraud risk statement was explained in a blog posted on August 18, 2018.

The purpose of the hidden entity scheme is to corrupt the procurement process by either:

  • Providing the illusion that competitive purchasing occurred because multiple vendors submitted bids or 
  • Allowing each purchase order to stay below the control levels thereby avoiding the competitive bidding process.


Essentially, there is an illusion of compliance with company procedures, when in fact the unit price is usually above fair market value. 

The asset misappropriation typically occurs by an overstated unit price or other overbilling schemes. The following two fraud risk statements are the focus of this blog: 

  1. The hidden entity scheme is a real company operating under two or more names or numbers. There are two or more legally created companies with a common or beneficial ownership that operate under one physical structure. The primary test is to search for duplicate master file data: addresses, bank accounts, telephone numbers, government number and email accounts.
  1. The hidden entity is a real company operating under two or more names or numbers. There are two or more legally created companies with a common or beneficial ownership that operate under separate physical structures. Since there is no connection in the master file data, the primary test is duplicate transaction description data that correlates to two or more companies. 

As I explained in the July blog, the FDA for vendor overbilling schemes relies on line item descriptions. During the planning process, keep in mind that “data availability & data reliability equals data usability.” You must test the line items descriptions for usability.

Fraud Risk Statement 1

The FDA will focus on duplicate data in master file data. The key fields are address, bank account number, telephone number, government registration number, email and contact person. However, there may be others that could be useful. The FDA should start with exact match duplicate testing followed by close match duplicate testing. 

The address field is always the most difficult field because of spelling variations. The address spelling variations can be minimized by creating a numeric string using the number in the street address field and the postal code number. The process will take a few steps but is far more effective than some of the vendor fuzzy matching techniques. Note that vendors may provide the illusion of different addresses, when in fact all the addresses have a common link through the use of mailbox service address or a mailbox forwarding address.

The next step requires linking the transactions to only the duplicate vendor numbers. The test now is to search by duplicate vendor number and duplicate line item description. There are two possibilities:  both vendors used the same sku # and the alpha description in the line item description or they used slightly different line item descriptions. Since the number of duplicate vendors should be small, it should be possible to visually examine the line items. 

Once the duplicate vendor and duplicate line items are found, the next step is to confront the internal member of management with the results. A good fraud interviewer should be able to obtain a confession.  

Fraud Risk Statement 2

This fraud risk statement is more difficult to detect simply because the process starts with all transactions and is supported by a competitive purchasing process. Since there appears to be two different vendors, it will not be clear who is involved. Was the scheme perpetrated with collusion between the internal member of management and the vendor or did the vendor perpetrate the fraud scheme alone? The second potential difficulty is that if the vendor is sophisticated enough to have two separate physical structures, they may also be using two different line item descriptions. Remember FDA is logic based, either the vendor used a duplicate line item description or did not use a duplicate item description.

If both vendors use the same line item description (numeric and alpha), the use of duplicate a line item description should reveal the fraud risk statement. However, since the vendors were sophisticated enough to have two separate vendor identities, it is likely that the vendor will have two separate line item descriptions. But as the NYS lottery says, “Hey you never know”.

If both vendors use different line items, you will need to find ways to shrink the population before you start your FDA, otherwise the reports will be massive. The easiest way is to excluded transactions based on dollar amounts or focus on a category of expenses such as cost of sales. While this statement is contrary to my general rule on filtering, with this fraud risk statement you may not have a choice.

While the tendency is to search for duplicate line item descriptions, you may want to start with some high-level summary reports. The data interpretation strategy will be more useful in the early stages. 

My first report would try to make a connection between the same general ledger account and different vendor name. Use of the general ledger account at the highest level of detail is important. The idea is to find some sort of commonality between two different vendor names and two different line item descriptions, since we expect the line item description to be different between the two vendors. I have referred to FDA as code breaking, this FDA is definitely code breaking.  Remember, the goal is to shrink the population. Therefore, I would start with the exclusion theory of a homogenous data file. If you are fortunate, the size of the data file will allow visual examination, if not, you will need critically examine the line item descriptions.

Now that we have shrunk the size of the file, you will need to separate the line item description field between the numeric string and the alpha string. Start with exact match duplicate testing on numeric strings. If you have no luck, use close matching on the numeric string but shorten the string at either the first or last digit. You will need to follow a similar process on the alpha string. First search for a duplicate match, then by variations of alpha searches.

Now that the FDA has revealed that you are purchasing the same item from two different vendor names, the next step is to establish that the two vendor names are in fact owned by the same person. This step is must be assigned to the fraud investigator.

If you feel overwhelmed by fraud risk statement 2, you should be. Let me give you some advice: If it was easy, everyone would be doing it. But, let’s make a distinction between difficulty and intensity. Stay focused on the search for duplicate line item descriptions and remember it is the perpetrators’ job to conceal their footsteps -- it is your job to find them.

Demystifying Fraud eBook CTA

Topics: Fraud Data Analytics, Fraud Auditing

Leonard W. Vona

Written by Leonard W. Vona

Leonard W. Vona has more than 40 years of diversified fraud auditing and forensic accounting experience. His firm, Fraud Auditing, Inc., advises clients in areas of fraud risk assessment, fraud data analytics, fraud auditing, fraud prevention and litigation support.