Fraud Auditing, Detection, and Prevention Blog

Mastering Shell Company Detection: Practical Steps for Auditors Part 2

Aug 14, 2023 5:32:05 PM / by Leonard W. Vona

In this series of blogs, we are discussing how auditors can detect shell company schemes that are occurring in their accounts payable files. Because the practice of effective fraud auditing is grounded in knowledge, each blog will have a knowledge section as well as a practical audit section. (This blog will not discuss how organized crime groups use shell companies to perpetrate criminal activities.)

Shell Company Trivia

Who is the Father of Accounting? Luca Pacioli

What was the occupation of the Father of Accounting? Franciscan Friar. FYI, I am a graduate of Siena College which is “rooted in its identity as a Franciscan and Catholic institution.”

The book titled Summa de Arithmetica, Geometria, Proportioni et Proportionalita published the first treatise on what? Double entry accounting

In what year was the first known publication of the double entry accounting system? 1494 FYI, Columbus sailed the ocean blue in 1492. I guess a lot was happening back then.

 Can you name one of the Father of Accounting's roommates? Leonardo da Vinci

 Fraud Auditing to Detect Shell Company Schemes (Part 2)

 In this series of blogs, we are discussing how auditors can detect shell company schemes that are occurring in their accounts payable files. Because the practice of effective fraud auditing is grounded in knowledge, each blog will have a knowledge section as well as a practical audit section. (This blog will not discuss how organized crime groups use shell companies to perpetrate criminal activities.)

Knowledge Section

What is a Registered Agent

An LLC registered agent is an individual or entity designated by an active company, such as an LLC, C Corp, or any other entity type, to receive service of process notices, government correspondence, and compliance-related documents on behalf of the company.

While generally, the term “agent” means someone authorized to represent an individual or an entity or enter into transactions for an individual or an entity, registered agents don’t have a similar mandate.

The registered agent for an LLC has one primary function: to be an agent for service of process, as well as receiving other important correspondence on behalf of the company. Additionally, a registered agent must promptly forward such materials to an active company, such as an LLC, C Corp, or any other entity type. Source Legal Zoom

When you look at Government registrations you should see the registered agent listed. Obviously, make sure the registered agent is not an employee of your company. Typically, the registered agent is a company that provides registered agent services. The requirements and duties of the registered agent can vary country by country. A registered agent can also be a law firm or a business owner.

So, if a registered agent is an attorney, is this a fraud red flag or just a smart business decision? Yes, you will need to sort out these types of issues.

Practical Application

Identify which fraud risk statements are included in your audit scope.

The starting point of establishing the audit scope is to identify the perpetrators, victims, primary, and secondary categories of fraud. In this blog, this is the parameters of our audit scope:

  • Perpetrators are internal management or internal management in collusion with an external source.
  • Victim is your company, which will suffer a financial loss through the scheme.
  • Primary category is asset misappropriation.
  • Secondary category is loss of monetary funds.
  • Entity type is a fictitious company.
  • Fraud action statement is false billing, a pass-through scheme, or a conflict-of-interest scheme.


It is also healthy to discuss what fraud schemes are not part of your audit plan. This would include shell companies created by an external source and shell company schemes used by management to circumvent FCPA regulations. 

The next step is to create fraud risk statements. The following illustrates the fraud risk statements that would be associated with the proceeding scope discussion.

False Billing:

Senior member of management acting alone or in collusion with a direct report cause a shell company to be set up on the vendor master file, process a purchase order or contract and approves a fake invoice for goods or services not provided causing the diversion of company funds.

Pass Through

Senior member of management acting alone or in collusion with a direct report cause a shell company to be set up on the master file, places orders for goods thru the shell company, the shell company places an order with a real supplier, the real supplier ships directly to the senior member of management company, the real company invoices the shell company and the shell company invoices the senior member of management at an inflated price causing the diversion of company funds.

Conflict of Interest

1.    Senior member of management creates a real company; senior member of management causes the issuance of a purchase order or contract to their real company for goods and services that are provided without disclosing the conflict of interest.

2.    Senior member of management in collusion with an external party creates a real company; senior member of management causes the issuance of a purchase order or contract to their real company for goods and services that are provided without disclosing the conflict of interest.


Next, Generic to Specific Fraud Risk

It is time to remember November 2022 blog regarding fraud action statements. We need to change the generic fraud risk statement and create a company-specific fraud risk statement for the expenditure area under review. The following illustrates the concept:

Executive vice president of plant operations acting alone causes a new vendor to be added to the master file as a government-preferred vendor (fictitious shell company), the V.P. causes purchase orders to be issued for plant supply items to the shell company, the shell company places an order with a real supplier, the real supplier ships directly to your company, the real company invoices the shell company and the shell company invoices your company at an inflated price causing the diversion of company funds.

Depending on the reason for the audit, you may have to further define “plant supply items” to specific items or a specific expenditure budget code. You may decide to make the opportunity element to be less specific by stating Plant Operations Manager or the procurement function.

The key point is to define the scope of your fraud audit in a way that allows you to prepare a fraud audit program. Now, I would encourage you to use the proceeding fraud risk statements and adapt the generic risk statement to your company / expenditure-specific fraud risk statement. Now using the risk statement, create a few fraud risk scenarios based on your company-specific fraud risk statement. Remember the fraud risk statement is “what can happen” whereas, the fraud scenario is “how it can happen”.

Shell Company Trivia

  • Does law enforcement use shell companies?
  • Do publicly traded companies use shell companies to commit crimes?
  • Why is Upjohn v. United States, 449 U.S. 383 (1981) important to fraud auditors?
  • What is the difference between a shelf company and a shell company?
  • According to the Organized Crime and Corruption Reporting Project which country is at the top of the list for “financial secrecy index”.
  • Name three African tax havens?

 

Demystifying Fraud eBook CTA

Topics: Fraud Risk Statements, Fraud Auditing, Fraud Detection

Leonard W. Vona

Written by Leonard W. Vona

Leonard W. Vona has more than 40 years of diversified fraud auditing and forensic accounting experience. His firm, Fraud Auditing, Inc., advises clients in areas of fraud risk assessment, fraud data analytics, fraud auditing, fraud prevention and litigation support.

Demystifying Fraud eBook CTA

Recent Posts

Subscribe to Email Updates