Fraud Auditing, Detection, and Prevention Blog

Mastering Shell Company Detection: Is Their Credible Evidence to Perform a Forensic Exam?

Dec 12, 2023 9:49:22 AM / by Leonard W. Vona


In this series of blogs, we are looking at the practice of using a fraud audit to detect shell company schemes occurring in an accounts payable file. Because the practice of effective fraud auditing is grounded in knowledge, we will start with a knowledge section and then delve into a demonstration of the fraud audit process.

Trivia Answers

(from the last blog)

What is the origin of the audit? Auditing is as old as accounting. There are signs of its existence in all ancient cultures such as Mesopotamia, Greece, Egypt, Rome, the UK, and India.

What is the first record of a required audit? Why? British Companies made stockholders realize that an independent and impartial audit could well protect their interests. Such developments had a direct effect on the evolution of the practice of auditing, but the audit of business accounts could not be standard until the 19th century.

What was the first professional organization to provide training to auditors? Royal Charter incorporated the Institute of Chartered Accountants in England and Wales on May 11, 1880. The key purpose of this incorporation was to prepare Auditors.

Which country was the first exam offered to certify auditors? The British Association of Accountants and Auditors got established, and a person could be fully competent to work as a professional auditor after clearing this exam.

In what year was the first exam offered? January 1923.

Mastering Shell Company Detection: Practical Steps for Fraud Auditors (Part 6)

Knowledge Section

The Tax Justice Network, issued a report in July 2022, entitled Trust Registration around the world, I would highly recommend you read the report if you want to increase your knowledge.

As described in the Tax Justice Network’s brief on the role of trusts in the Pandora Papers, trusts create three specific secrecy risks and one asset protection risk.

  • Secrecy risk 1: Trusts do not need to register to have legal validity.
  • Secrecy risk 2: Trusts can use murky roles and numerous parties to obfuscate control and benefit.
  • Secrecy risk 3: Trusts are often used in complex structures that create hurdles for authorities.
  • Asset risk: Trusts shield assets against authorities and creditors.

You should know the language regarding trust registration.

In some cases, trust registration is minimal or basic requiring only the trust name and maybe a registered office. A slightly higher level of transparency requires the identification of all legal owners, meaning all parties to the trust: the settlors, trustees, protectors, and beneficiaries.

The best case is when registration also covers beneficial ownership. In this case, all parties to the trust must be identified just as at the legal ownership level. The only difference between “legal ownership” and “beneficial ownership” registration is that beneficial ownership registration includes the identification of the natural persons who ultimately own, control, or benefit as a party to the trust (e.g. the trustee). In other words, beneficial ownership registration should always include the ultimate natural persons who may or not be the same as the legal owners.

Because savvy business owners and investors know how to protect their investments, you will encounter these types of issues. Is this a fraud red flag or just a smart business decision? You will need to that sort out.

Here is the internal control issue, should your company conduct business with a vendor or customer if you cannot ascertain the true owner of the company?

Practical Application

Formulate an opinion as to whether or not there is credible evidence to perform a forensic examination.

What is a forensic investigation? According to Wiki, forensic science, also known as criminalistics, is the application of science to criminal and civil laws. During criminal investigations in particular, it is governed by the legal standards of admissible evidence and criminal procedure.

So, in my writing, when I use the word forensic, I am talking about legal action. At this point, I am taking off my auditor hat and putting on my investigation hat. Yes, it can be the same person, assuming that person understands the difference between audit and investigations.

Before you start your fraud audit, you should have thought about the eventual outcome. Is your goal to uncover suspicious transactions to cause a management change? Internal control change? Or is your goal to cause legal action? Remember, only the government can bring a criminal action. However, the corporation can bring a civil action. Yes, your corporation can self-disclose an issue to the appropriate government authority.

What is the legal definition of forensics? According to Black’s Law Dictionary, “Used in or suitable to courts of law”. When I write about forensic examination, I am solely discussing an examination with the intended outcome of a legal determination. That could be by in-house counsel, a judge, or a jury. So, the million-dollar question is the evidence gathered by the auditor: to support or justify a forensic examination. While not a legal primer, the keywords are sufficiency; competency; admissibility; authenticity, and the weight of all the evidence.

Degree of Certainty

Now, I want to introduce a concept that I call the “degree of certainty”. There are two different approaches to this concept. The first is having a lack of confidence in a key attribute of your fraud theory. In other words, you are unable to validate that attribute. The second is based on a percentage of confidence. 

The lack of confidence in a key attribute is subjective and depends on the facts and circumstances revealed by the auditor. The inability to validate a key attribute of your fraud theory most often occurs because the auditor does not have legal access to the documents or individuals necessary to independently corroborate or refute the representations made by management. I call this an unresolved red flag.

As for using a percentage, how confident do you need to be to recommend the conduct of an overt forensic investigation? 50% or 75% or 90% or 100%? Our standard is that you should be at least 50% confident that a fraud risk statement has occurred. Yes, this conclusion is subjective.

Let me illustrate

The auditor has determined that a supplier is selling items to your company that exactly match items produced by a manufacturer in a foreign country. It’s the same product description, same product number, etc. You have established that the supplier is charging a higher price than the manufacturer, but the markup seems reasonable. However, the supplier is a corporation registered in Mauritius and the company is registered in a trust. So who are we doing business with?

In my opinion, the auditor has unresolved red flags as to who is the owner of the company and why we are not purchasing directly from the manufacturer.

If you want to consider a percentage of certainty, it seems to me there is more than a 50% degree of certainty that an investigation is warranted.

In this case, you should consider a forensic investigation.

Trivia: Senior Scams

  • In 2021, how many older victims were scammed out of their money?
  • In 2021 it is estimated that seniors lost how much money to fraud schemes?
  • What are some of the most common scams perpetrated on seniors?
  • How much money did seniors lose to romance schemes?
  • Have you talked to the seniors in your life regarding these scams?


Demystifying Fraud eBook CTA



Topics: Fraud Auditing, Fraud Based Approach, Fraud Detection, Worked Example

Leonard W. Vona

Written by Leonard W. Vona

Leonard W. Vona has more than 40 years of diversified fraud auditing and forensic accounting experience. His firm, Fraud Auditing, Inc., advises clients in areas of fraud risk assessment, fraud data analytics, fraud auditing, fraud prevention and litigation support.