Before I start, let me explain that in this blog, I will not provide any answers to the term “a deeper understanding of fraud schemes.” Instead, I will only ask questions about the phrase. Honestly, if I were CAE, I wasn't sure what the industry wanted me to do.
That being said, I commend the industry for recognizing the importance of a deeper understanding of the fraud schemes our company faces. Maybe, I'm talking in my mouth. Remember, my blog is designed to make you think.
So consider: when fraud occurs is unpredictable, but it is quite straightforward to how it occurs.
Internal Audit Standard 2025: Fraud Liability
To repeat January's blog: I searched for “New IIA Standards and Fraud Liability Summary”, which is what AI has to offer.
The new IIA (Internal Audit Institute) Global Internal Audit Standards will actively evaluate and mitigate the emphasis of internal auditors who are risking fraud within an organization, demanding that they take a more active approach to fraud detection and incorporate a deeper understanding of potential fraud plans into their audit plans and execution; this is in line with the broader responsibility of the internal audit function to support strategic goals and contribute to the overall success of the organization, not just financial controls.
What does a deeper understanding of potential solutions mean?
OK, I should be excited about this phrase because I have been writing fraud risk statements for a long time. Unfortunately, I'm nervous about all my CAE friends. As I said, there is no answer in this blog, it's just a question. So here are some questions that I think you need to consider:
1. Do I need to better describe fraud plans in my working paper?
2. Do I need to record all fraud plans in scope on worksheets?
3. Should I explain how to hide the fraud scheme – or, I would say, the transaction is in full compliance with all our internal control?
4. Should we shift the focus from the perspective of control to the perspective of occurrence?
5. Should I explain how this program happens in our company?
6. Should I describe the scheme from a data point of view?
7. Should I be recording elements of a fraud plan like a prosecutor?
8. What confidence do you have in the audit process to detect the occurrence of fraudulent plans?
9. Is the testing of the control sufficient to detect fraud plans?
10. Does he call “execution” refer to audit procedures?
Let me explain the issue of “more understanding”
I think it is very likely that delivery plans will occur in every major organization in some capacity. If you are conducting a spending audit, purchase audit or account payable audit, you should consider the possibility of this plan happening to your company. To repeat a previous blog, the scheme can adhere to all your internal controls, but still beneath your nose.
My view of possibility is not based on any scientifically collected data, but rather treats fraud as a business rather than a crime. So here is my description of the fraud plan:
The Shell Company Direct Program consists of three companies. Shell passed two main permutations. The first company is your company, the second company is Shell, and the third company is the real supplier. Shell is either controlled by internal personnel or by sales staff of a third company (which is the supplier of merchandise). Each version has similar but different fraud data profiles. In fake entity scenarios, entity and transaction analysis may effectively locate Shell.
Now, please rate my description for “A deeper understanding”. Let's criticize my description.
1. Do you know Shell's 25 arrangements?
2. Did you know that external salespeople might have created Shell for the purpose of selling to your company?
3. Did you know this could be a kickback program and an asset misappropriation program?
4. Did you know that Shell could be a shelf company or identify a theft company?
5. Should we be sure our company is most vulnerable to this fraud scheme? – (Whole-known questions and locations.)
6. Should we describe common hidden techniques?
7. We should discuss, who can propose this plan in your company?
8. Should we limit audits to direct access to data files, or should we consider indirect access to data files? Do you know what this means?
9. Does the program occur in service expenditures or tangible goods?
10. Is your company creating Shell for payments to comply with minority business rules or money laundering funds?
My opinion on “a deeper understanding of fraud plans”
Honestly, our profession never expects auditors to be responsible for detecting fraud in the context of auditing. We prefer to say that we will evaluate management’s fraud risk management plan, or assess the appropriateness and effectiveness of internal controls at management. We created phrases like “Internal Control of Fraud Prevention”. However, fraud prevention is what COSO describes as internal control.
If you look at the progress of audit responsibilities for audit responsibilities from the late 1980s to the current date, you will see ongoing audit progress with greater responsibility for preventing and detecting fraud in your core business systems. The CPA is now responsible for detecting fraud in financial statements that have significant impact. Therefore, they need to better understand potential financial statement fraud plans.
So as we take a “more understanding of fraud schemes”, we will need to invest in research and release of this information. After all, you are not born, which is why I often distinguish between fraud science and practical applications of fraud science.
The famous diary seems to be forged
Can you list some more famous diaries that seem to be fake?
1. Constantine's donation
2. Shakespeare's defeat
3. Lincoln's Love Letter
4. Hitler's Diary
5. Howard Hughes's Autobiography
6.
7. Mussolini's Diary
8. Elder Zion's Agreement
Source Nova Home Page/Viking Home Page
For entertainment, how do you spell or say fraud in the following language?
1. polishing
2. Arabic
3. Russian
4. Japanese
5. Persia
6. Serbians
7. Irish
