Fraud Auditing, Detection, and Prevention Blog

Mastering Shell Company Detection: Steps for Fraud Auditors (Part 8)

Feb 13, 2024 4:37:48 PM / by Leonard W. Vona

In our next two blogs concerning shell companies, I will highlight real-life shell company schemes detected by our firm using the fraud audit methodology discussed in our blogs. Remember, all these schemes were found in large publicly traded companies using the fraud audit methodology discussed in the last seven blogs. I have changed the names of the companies to respect the confidentiality of our clients. It is important to note that there were no allegations, no whistleblowers, and no leads.

As you read, ponder the following questions:

If you are performing a traditional internal control audit, using a random sample, would your audit have detected the fraud scheme?

As you see the red flags that caused us to be suspicious, at what point would you have been convinced that you needed to stop auditing and start investigating?

Shell Company One

A vice president caused R. Consulting, Inc. to be added to the vendor master file. The vice president stole $130,000 in one month through four invoices numbered in a sequential pattern: 1, 2, 3, and 4. The first two invoices bore the same date, and each invoice was below the control threshold (however, together the first two invoices exceeded the control level). All transactions were recorded in the same cost center. The invoice description indicated “consulting services.” We identified this as a created shell company scheme with the action statement being a false billing.

Red flags
  1. 1. The company was a new company on the master file.
  2. 2. The Invoice number pattern was sequential.
  3. 3. The invoice numbers were low.
  4. 4. All invoices were recorded in the same cost center.
  5. 5. The first two invoices in the aggregate circumvented the approval process.


Shell Company Two

In this example, the perpetrator created three different shell companies with different addresses in different states. The transactional analysis revealed the scheme because all three companies used the same invoice numbers, dates, and invoice amounts.

The link between the three different companies occurred in the document examination. The three invoices for each month had the same error on the paper invoice. The coincidence suggested to us that the invoices for the three different companies were created by the same person. They were also recorded in the same cost center. The organization’s losses from the shell company scheme were $19,800, and the total losses from all the perpetrator’s schemes exceeded $150,000.

Red flags
  1. 1. The company was a new company on the master file, other than that, there was nothing suspicious in the master file data.
  2. 2. The address was a street address, meaning no P.O. Box or suite number.
  3. 3. Three different companies in three different cities in the same cost center all had the same invoice number, same invoice date, and the same invoice amount.
  4. 4. Remember, all three companies were in vastly different geographic areas.
  5. 5. The spend level for each company was exactly $6,600. Typically, depending on the company's size, this spend level would not be high enough to get a second look.
  6. 6. If you compare the first and second examples, the total losses are similar, but the individual transactions are very different.

The moral of the story is sometimes the perpetrator does one large scheme and sometimes they commit a lot of small schemes. Once you find a fraudulent transaction, target your audit to the perpetrator sphere.

Shell Company Three

Lunoid Inc. outsourced computer programming services for more than $5 million per year. We investigated a potential shell company that provided programmers who worked remotely. First, we identified the general-ledger categories that would lend themselves to a pass-through scheme. Next, we compared invoice number patterns among all vendors in the same general ledger category to determine the normal pattern of vendor invoices. The invoice number analysis didn’t reveal any strong clues. However, anomalies in the line-item description fortunately revealed the perpetrator. Though line-item descriptions usually aren’t useful in identifying shell-company schemes for services, we followed the old adage, “If you don’t look, you can’t see.”

Red flags
  1. 1. In this FDA project, our analysis was performed by general ledger category by vendor. Our FDA interrogation was based on our educated guess as to the type of fraud scheme that would likely occur in that category. Our professional judgment.
  2. 2. The company was a new company on the master file. Let me explain this concept, new is a relative concept. In this FDA project, we used 48 months as a new company.
  3. 3. Our change analysis for the category indicates a change in vendors.
  4. 4. The new vendor and the old vendor were in the same zip code but at different street addresses.
  5. 5. In this company, all contract employees are assigned a badge with a number.
  6. 6. The line-item description on the invoice reflected a badge number for each contract programmer on the invoice. From a control perspective, we can only data mine for the date that accounting enters into the system. We have had enough projects where the line-item description was just inadequate.
  7. 7. We performed a duplicate number test on the line-item description. The test was duplicate badge number and different vendor number. If accounting had not entered the information into the accounting system as reflected on the invoice, we would not have been able to detect this scheme.


Shell Company Four

Manunte Inc. used a vendor, SLP Consulting Inc. The invoice-number pattern was sequential, but all the invoices were in a 30-day period. We didn’t see any pattern in the invoice dates or amounts. The invoices started with a high five-digit invoice number that provided the illusion of an existing company. To be clear, SPL Consulting was a real company operating in the marketplace.
Our investigation determined that the wife of the vice president of human resources at Manunte was providing these consulting services for a total cost of $120,000. We identified SLP Consulting as a conflict-of-interest shell company.

Red flags
  1. 1. The company was not a new company on the master file, but the vendor had not been used in two years.
  2. 2. The master file data appeared to be consistent with a real company operating in the marketplace.
  3. 3. However, because the vendor name did not describe the nature of the business, we considered that a red flag. Not a great red flag, but a red flag.
  4. 4. Based on our experience we consider vendor names with abbreviations (SLP) as a red flag.
  5. 5. Yes, the invoice numbers were sequential but all the invoices were within a thirty-day period.
  6. 6. Yes, the invoice amounts were round numbers, but I believe round numbers are not an anomaly for professional services.
  7. 7. Sometimes even when the data patterns do not strongly scream shell company, you will need to rely on your professional experience.
  8. 8. Our first audit step is always a legal background check. That is how we determined the business owner was the wife of the VP of Human Resources.
  9. 9. In full disclosure, the president of the subsidiary knew about the relationship but never required disclosure to corporate headquarters.


Fraud Trivia One more Try!

Okay, I am going to take a chance, here is my email, If you have an idea for fraud trivia, I will list your fraud trivia, give your credit, if you want credit or I will list the source as anonymous. All I ask is that you provide a source of the information.

Demystifying Fraud eBook CTA


Leonard W. Vona

Written by Leonard W. Vona

Leonard W. Vona has more than 40 years of diversified fraud auditing and forensic accounting experience. His firm, Fraud Auditing, Inc., advises clients in areas of fraud risk assessment, fraud data analytics, fraud auditing, fraud prevention and litigation support.