Fraud Auditing, Detection, and Prevention Blog

Understanding the People in a Fraud Risk Statement

Oct 17, 2022 7:22:28 PM / by Leonard W. Vona

The answers to last month's trivia and the setup to this month's topic on the people behind the fraud

What industry was Equity Funding in? Insurance.

What fraud risk statement occurred in Equity Funding? False Revenue to a false customer.

How did the fraud become known? A whistleblower, who most likely was part of the cover-up at one time.

How many employees participated in the cover-up? Over 100!

Is it true that the auditors went to jail? Yes. Apparently, the jurors thought that negligence in performing an audit is as serious as participation in fraud.

What does Equity Funding have in common with Bernie Madoff? A close look at the fraud scheme would disclose a Ponzi scheme. Also, in the case of Equity Funding, the outside auditors were a small regional firm.

What does Equity Funding have in common with ZZZ Best? The officers controlled the audit process by requiring that all document requests go through their office, and then they would create fictitious documents to support the false claims.

What does Equity Funding have in common with Barings Bank? A special code was assigned to all bogus insurance policies, code # 99. The billing system would skip policies with a code 99 when performing monthly billing.

What court case associated with Equity Funding has been termed historic in helping define insider trading? Raymond Dirks v. Securities and Exchange Commission.

Studying the history of fraud provides great lessons. Let’s make audit the number one reason for fraud detection!

Fraud Risk Universe: Understanding the people committing the fraud risk statement

A common question I get is what is the difference between fraud auditing and fraud investigation? Here’s the short answer: In a fraud investigation, the person committing the fraud scheme becomes the target of proof. You must establish beyond a reasonable doubt that someone committed the crime. Whereas, in fraud auditing, either the entity or the fraud action is often the starting point.

With that said, my answer could be slightly different depending on the primary fraud category. Also, if the purpose of the fraud audit was to prepare a fraud risk assessment to assess the adequacy of the internal controls, then the person committing the scheme would be critical. Clearly, there are no absolutes.

Remember, the purpose of the fraud risk statement is to design your audit program. In earlier blogs, we have discussed how to integrate fraud risk statements into your audit program. I will not repeat myself in this blog. However, I would encourage you to refresh your memory on these concepts.

So, what is the purpose of understanding the person committing the fraud risk statement? Simple, to help you better identify fraud risk vulnerabilities in your organization.

Person Committing the fraud risk statement: Your Audit Scope

 How do we use the person committing the fraud scheme in fraud auditing? The first step is to understand the scope of your audit assignment. We start with understanding who is the perpetrator and who is the victim. The primary and secondary categories of fraud provide the clue to these permutations.

Financial statement fraud typically starts with someone in accounting. However, if you remember last month’s trivia, then you know the perpetrator was someone in the stock trading function. In the Kmart financial statement fraud, the perpetrator was someone in merchandising. In the Enron fraud case, the perpetrators were the most senior management. With Equity Funding, everyone helped conceal the fraud.

With improperly obtaining revenue schemes, such as the Tuna Fish scandal, the perpetrator is senior management, and the victim is customers.

In considering asset misappropriation, we need to drill down to the fraud action. With vendor over-billing schemes, the perpetrator often involves collusion between the vendor and an internal employee. Whereas, in vendor bid-rigging schemes, the perpetrators are the vendors with no involvement with internal employees.

It’s like the Wizard of Oz movie. Dorothy needs to start at the beginning of the Yellow Brick Road, and as a fraud auditor, you also need to start at the beginning of the road.

 Person Committing the Fraud Risk Statement: Creating the Fraud Risk Statements in your Audit Scope

 A properly prepared fraud risk statement always starts with the person committing. No, I am not saying a person’s name. Our style is to state the job function I.e., Payroll Manager; Accounts Payable Manager; Controller.

I encourage you to also consider the sophistication of the person committing the fraud risk statement. Think about the difference between an internal person committing the scheme for the first time compared to an organized crime group that is targeting your organization.

In cases of collusion, there are always two parties to the fraud risk statement. It is often one from within the organization and one from without. In corruption schemes, there are also two parties committing the scheme. The second person is typically the entity in the fraud risk statement.

Person Committing the Fraud Risk Statement: The Core Business System

When I am building a fraud risk assessment, I use the following starting points to identify the person committing the fraud risk statement. As I learn more about the system, I will expand the number of persons. I may or may not list every fraud risk statement based on the person committing the permutation. But I must understand every possible permutation.

  • Internal person with direct access to the core business system i.e., payroll clerk 
  • Manager of the core business system i.e., payroll manager
  • Senior management of the core business system. i.e., controller 
  • Internal person with indirect access to the core business system: i.e. Any department manager
  • Internal control inhibitors (those actions that cause a failure of the internal control system) i.e., a department manager and an internal employee committing a ghost employee scheme.


The importance of identifying the person committing the scheme is to understand the possibilities and avoid internal control blindness.

Corporate Collapses and Scandals Trivia

 What was the first recorded financial collapse?

Who coined the phrase “White Collar Crime”?

Name a CEO of a publicly traded company that lied about their credentials. You may be surprised how many there are.

Name a CEO that committed a material asset misappropriation scheme. Hint: There maybe more than you think.

Name a college football head coach that never played football.


The next time you make an inquiry, make sure you are exercising professional skepticism! Trust but verify. (Did you know that this phrase is an old Russian Proverb?)

Demystifying Fraud eBook CTA


Topics: Fraud Risk Statements, Fraud Schemes, Fraud Auditing, professional skepticism

Leonard W. Vona

Written by Leonard W. Vona

Leonard W. Vona has more than 40 years of diversified fraud auditing and forensic accounting experience. His firm, Fraud Auditing, Inc., advises clients in areas of fraud risk assessment, fraud data analytics, fraud auditing, fraud prevention and litigation support.