Fraud Auditing, Detection, and Prevention Blog

Using Fraud Auditing to Detect Shell Company Fraud Schemes

Jul 14, 2023 8:20:42 AM / by Leonard W. Vona

Using Fraud Auditing to Detect Shell Company Fraud Schemes

The last two blogs were an esoteric discussion on fraud auditing using either a principal-based approach or a rule-based approach. With this blog, we'll launch into the practical use of fraud auditing. By way of example, we will look at how to detect shell company fraud schemes perpetrated against your company. Remember, our goal is to make audit the number one reason for fraud detection.

The answers to last month’s fraud Trivia: (With Link)

Who is the father of modern internal auditing? Larry Sawyer.

In what year was the IIA created? In what city and state was it created? And how many charter members? The IIA certification of incorporation was filed on November 17, 1941, and just prior to the first annual meeting on December 9, 1941, at the Williams Club at 24 East 39th Street in New York City, 34 charter members were accepted.

The double-entry bookkeeping system was invented in which century? 13th Century.

In which century were internal auditors first noted? There are records that infer internal auditors were utilized before the 15th century.

Auditors were employed by kings and merchants for what purpose? Detecting or preventing theft, fraud, and other improprieties.

What is known as the roots of internal auditing? Control assessment and fraud detection have become known as the roots of internal auditing.

Fraud Auditing to Detect Shell Company Schemes

In this and upcoming blogs, we will discuss how auditors can detect shell company schemes that are occurring in their accounts payable files. Each blog will have a knowledge section and a practical audit section. This blog will not discuss how organized crime groups use shell companies to perpetrate criminal activities.

What is a Shell Company

Shell companies have a bad name because the term is most often affiliated with illegal activities. But in reality, shell companies provide useful law-abiding activities. Let’s start by understanding what a good shell company is and then what is a bad shell company. Always remember, knowledge is key.

Legal Business Purpose

Black Laws dictionary: “a corporation that has no active business and usu. (sic) exists only in name as a vehicle for another companies business operation.”

Some of the useful business functions are holding real estate, holding tangible assets, holding intangible assets, mitigating legal exposure, or tax avoidance strategies to name a few legitimate business purposes.

Illegal Business Purpose

A shell corporation is a corporation without active business operations or significant assets. A shell company does not have the attributes of a company operating in the marketplace. The shell company provides no commercially useful business purpose. It is used by the perpetrator to create the appearance of legitimacy and hide the true ownership of the company. The perpetrator uses the shell company to commit asset misappropriation schemes, corruption schemes, and conflict of interest schemes.

Shell companies are known by various names throughout the world, some of the more common names for shell companies are shell: straw, nominee, paper, fictitious, ghost, false, sham, mailbox, dummy, phantom,  and front just to name a few.

For the more advanced reader: The Trust

The concept of trust is probably less familiar to most than that of the corporation, but it has been around for longer than a corporation. Trust is a legal relationship that originated historically in England and developed mainly in countries with a common law or Anglo-Saxon legal tradition.

A trust in this sense is a legal arrangement or relationship whereby a person ("trustee") owns assets not for their own use and benefit but for the benefit of others ("beneficiaries"). Unlike a company, it is a corporate vehicle that does not have a separate legal personality and distinguishes legal ownership from beneficial ownership of assets vested in a trust.

In this context, a beneficiary is a person who is designated to receive something as a result of a trust arrangement. A trust may be set up with no identified existing beneficiaries, but the beneficiaries to a trust must be ultimately ascertainable. In this case, the trust provides the trustee with certain powers to administer the assets, which operate until such point when, under the terms of the trust, an individual or group of individuals become entitled as beneficiaries to income or capital on the expiry of a defined period. Some types of trust allow the beneficiary to be named or changed at any time, meaning their identity can be kept secret until ownership of the assets is transferred to them.

The separation of the legal ownership of the trust assets, which lies with the trustee, from the right to benefit from those assets, which lies with the beneficiaries, is the crucial factor in understanding trusts. Simultaneously, it is essential to understand that a "beneficiary" is not the equivalent of a "beneficial owner" Source of Trust Information: Basel Institute of Governance

Before you start your journey to search for shell companies, remember to consider the sophistication of concealment. What happens if one of your vendors is in a trust and in a country with strict secrecy laws involving trusts? Is this a fraud red flag or just a smart business decision? Yes, you will need to sort out these types of issues.

Fraud Auditing: How auditors can detect shell companies.

The audit plan for detecting shell companies is different from an audit plan testing the expenditure cycle. Fraud auditing does not focus on internal controls but rather on gathering the highest form of qualitative audit evidence to offer an opinion on whether or not a fraud risk statement is occurring. The fraud audit has the following eleven steps.

  • Identify which fraud risk statements are included in your audit scope.
  • Use fraud data analytics to create a sample of vendors that meet the profile of a shell company scheme.
  • Perform covert research on the vendors included in the sample derived from the fraud data analytics.
  • Formulate an opinion on whether or not the vendors examined have the attributes of a shell company. If no stop. If yes proceed.
  • Perform overt research on the internal selection process.
  • Perform overt research on the fraud action statement.
  • Examine internal documents.
  • Conduct interview of internal person that caused the vendor to be selected based on the totality of the evidence collected.
  • Formulate an opinion as to whether or not there is credible evidence to perform a forensic examination.
  • Write a report of the facts and circumstances that is the basis of your opinion.
  • Write a report explaining the necessary procedures that will be necessary to perform a forensic investigation.


In our next blog, we will discuss the fraud risk statements associated with asset misappropriation and corruption schemes. We will also continue our journey to provide you with pure knowledge that is necessary to conduct a shell company fraud audit and explain the fraud audit approach.

Accounting Trivia

Who is the Father of Accounting?

What was the occupation of the Father of Accounting?

The book titled Summa de Arithmetica, Geometria, Proportioni et Proportionalita published the first treatise on what?

In what year was the first known publication of double entry accounting system? 

Can you name one of the Father of Accounting’s roommates?

Demystifying Fraud eBook CTA

Topics: Fraud Auditing, Concealment Strategies, Fraud Detection

Leonard W. Vona

Written by Leonard W. Vona

Leonard W. Vona has more than 40 years of diversified fraud auditing and forensic accounting experience. His firm, Fraud Auditing, Inc., advises clients in areas of fraud risk assessment, fraud data analytics, fraud auditing, fraud prevention and litigation support.

Demystifying Fraud eBook CTA

Posts by Topic

see all

Recent Posts

Subscribe to Email Updates