Fraud Auditing, Detection, and Prevention Blog

How to Use the Red Flag Concept in Fraud Auditing

Feb 21, 2022 8:00:33 AM / by Leonard W. Vona

Last month’s trivia questions and answers

Which country offers an on-line fraud quiz to test their citizen's awareness to fraud?

Canada: If your country offers such a quiz, please let me know.

What was the first recorded fraud?

The first recorded fraud scheme is from 300 B.C. in Greece.

Two Greek shipping merchants named Hegestratos and Zenosthemis took out a bottomry on a ship and cargo of corn. A bottomry is when a merchant would take out a loan with the promise to repay the loan with interest after selling their merchandise.

In what is the earliest recorded attempt of first-party fraud, Hegestratos planned to sink his empty ship, sell the corn, and keep the loan. Despite well-laid plans, Hegestratos was caught in the act of sinking his ship by his own crew. He was chased off the ship and drowned trying to escape them. So, does crime pay?

Red Flags in Auditing

In my last blog, I announced that it is time to make audit the number one reason for fraud detection. As it is now, audit remains a distant second in the fraud detection surveys behind “tips.” The first step to changing that is acquiring of knowledge. Today we’re honing in on how to use the concept of a red flag in fraud audit.

In the general knowledge section of the IIA Competency framework, there is a statement that an auditor should be able to recognize the “red flags of fraud.” So what exactly is a red flag? And what, then, is a red flag of audit?

 The Science of Red Flag Theory

The starting point is to define the phrase “red flag”. First, let’s take a look at some definitions from an internet search, and then I’ll give you my definition.

Source: Red Flags for Fraud issued by State of New York Office of the State Comptroller.

A red flag is a set of circumstances that are unusual in nature or vary from the normal activity. It is a signal that something is out of the ordinary and may need to be investigated further. Remember that red flags do not indicate guilt or innocence but merely provide warning signs of fraud.

Source: Kessler Topaz Meltzer & Check, LLP

Red flags are sets of circumstances or patterns that are out of the ordinary and may indicate that fraud or other misconduct may be occurring in each organization. While they may not necessarily be violations in and of themselves, they can serve as early warning signs, thus allowing for more efficient reporting of fraud. As such, it is imperative that both employees and management be able to identify and recognize red flags for fraud, as this can help prevent losses and costly violations. Source: Kessler Topaz Meltzer & Check, LLP

 Jonathan T. Marks, CPA, CFF, CITP, CGMA, CFE,

A red flag is an unusual circumstance or a pattern of anomalies that should alert a reasonable person of possible misconduct. In each such instance, further inquiry and due diligence might be necessary to determine if the anomalies are explainable and if not, an investigation should be considered. Not every red flag means there is fraud! As I mentioned above, you need to seek to understand. By Jonathan T. Marks, CPA, CFF, CITP, CGMA, CFE,


To identify or draw attention to (a problem or issue to be dealt with)

Leonard's Red Flag Definition for Auditors

Red flags are condition(s) that can be observed through the audit process. They are associated with the fraud risk statement. The conditions are found in data, documents, controls, or behaviors.

It is important to note that the ability to observe the condition will be impacted by the sophistication of concealment.

The Science of Identifying a Red Flag for the Audit Program

I need to stress the phrase “observed through the audit process.” If the audit is not capable or designed to see the condition, then what purpose does it serve to call something a red flag?

It is important to understand that a red flag causes increased sensitivity to fraud propensity. However, not all red flags hold the same weight. The weight of the red correlates to the predictability of fraud occurrence. The red flag correlates to the offender’s concealment strategy and the sophistication of concealment.

Red flags can be used in the planning phase to establish fraud predictability or in the audit testing phase to gather audit evidence on the occurrence of the fraud risk statement.

Here is the thought process that I follow in using red flags in my audit plans:

  1. 1. The starting point is the fraud risk statement, this should have been identified in your risk assessment
  2. 2. The next step is to select what you will be looking at: data, document, control, or behavior.
  3. 3. Assuming you have selected data, consider what elements you will be looking at.
  4. 4. Consider whether your red flag is associated with the entity data or the transaction data.
  5. 5. Now, that you know what you are looking for; link the red flag to the concealment strategy and identify the level of concealment sophistication.
  6. 6. Once you selected the data element; determine what pattern and frequency should alert the auditor.
  7. 7. Determine the red flag for the planning phase.
  8. 8. Determine the red flag for the testing phase.

Red flags can be used in the planning phase to establish fraud predictability or in the audit testing phase to gather audit evidence on the occurrence of the fraud risk statement.

The Art of Using Red Flags in the Audit Process

In the art phase, we need to be able to apply science to a real-life audit process. To illustrate, let’s look at how the above steps would be applied.

Step one, Fraud Risk Statement: Budget owner or payroll function causes a fictitious person to be set up on the employee master file, the budget owner or payroll submits time and attendance records for the fictitious person causing the diversion of funds

Step two, looking at data, document, control, or behavior: data

Step three, elements: gross pay and net pay

Step four, the red flag associated with the entity or transaction data: transactional data

Step five, the level of concealment sophistication: low level

Step six, the pattern and frequency that should alert the auditor The pattern is the percentage of net payroll to gross payroll

Step seven, the red flag for the planning phase: net payroll is 80% or higher of gross payroll and gross payroll exceeds $ 5,000.

Step eight, the red flag for the testing phase: A negative number in a withholding field.

Now repeat the process until you identified enough red flags that indicate with a high degree of certainty that the fraud risk statement is occurring in the core business system.

Simplification of the red flag process for auditors:

   Offender                                            Auditor

  1. How to Hide                                       How to Find
  2. Concealment                                      Red Flag
  3. Create a False Person                        Describe a false person
  4. Desire is net pay vs. gross pay           A % of net to gross.
  6. Fraud Quiz

  •  Besides the fraud triangle, what other shapes are used to describe the theory of why people commit fraud.
  •  In what year did Dr. Cressy publish the fraud triangle?


Demystifying Fraud eBook CTA

Topics: Fraud Risk Statements, Fraud Schemes, Fraud Auditing, Red Flags, Fraud Triangle

Leonard W. Vona

Written by Leonard W. Vona

Leonard W. Vona has more than 40 years of diversified fraud auditing and forensic accounting experience. His firm, Fraud Auditing, Inc., advises clients in areas of fraud risk assessment, fraud data analytics, fraud auditing, fraud prevention and litigation support.