Words have power, but words can also cause confusion.
One of my personal complaints about the professional literature used to describe the risk of fraud. We used a lot of terms interchangeably and I believe it can cause confusion. Let's try to eliminate this confusion by implementing a better definition.
For example, what is the difference between fraud plans, fraud situations, fraud risk statements and fraud risk?
And, is “fraud scheme” the right phrase for our profession? I raise this question because the new standard uses the term “fraud plan”.
My research tells me about the term “fraud scheme”
I searched for stage fraud schemes, and here is what I found:
Fraudulent schemes are one of many ways for scammers to illegally source funds from individuals or businesses. A fraudulent plan is a kind of theft.
A fraud plan is a plan created by a fraudster to execute a crime or fraud scenario to gain personal benefit from it.
Illegal businesses for profit (such as extortion, fraud or drug peddling or prostitution).
A plan is a plan or arrangement made by many people by government or other organizations. Fraud is a crime of obtaining money or financial benefits through skill or lying.
A fraud plan is a plan created by a fraudster to execute a crime or fraud scenario to gain personal benefit from it.
Go back to my question: Is the “fraud program” correct for our careers?
Internal Audit Standard 2025: Fraud Liability
As I said in my previous blog, I searched for “New IIA Standards and Fraud Liability Summary”, which is what AI provides.
The new IIA (Internal Audit Institute) Global Internal Audit Standards will actively evaluate and mitigate the emphasis of internal auditors who are risking fraud within an organization, demanding that they take a more active approach to fraud detection and incorporate a deeper understanding of potential fraud plans into their audit plans and execution; this is in line with the broader responsibility of the internal audit function to support strategic goals and contribute to the overall success of the organization, not just financial controls.
Leonard's Dictionary of Fraud Terms
In my practice, I have developed definitions of the terms we usually use so that we have a common understanding and consensus on what we are talking about.
Fraud: Deceptive behavior involving covering up the facts, breach of trust or false statements of truth. This is an attempt to intentionally cause harm or deprive someone of their rights. Fraud Definition of the Source of the Black Legal Dictionary.
Fraud risks: Intentional and hidden threats designed to cause damage by exploiting the natural vulnerability present in our overall internal control structure. Source Leonard Warner
Fraud risk statement: A description of the threat facing an organization that has elements of deception or concealment
Fraud Scenario: How someone will issue a fraud risk statement to your organization
Fraud plan: A systematic plan or arrangement in which the perpetrator makes a fraud risk statement. For reference only, the plan and plan are basically the same.
Fraud Risk Universe: All categories of fraud risk statements in all fraud risk statements can be made for the organization. Consider all known historical fraud risk statements and all expected future fraud risk statements.
Fraud data analysis: Methods of using data mining to analyze data on red flags related to a specific fraud risk statement. This is about identifying transactions with the highest probability that they include fraudulent transactions.
Fraud Review Procedure: Test the authenticity of transactions/document/internal controls by examining audit evidence from external or external storage.
Leonard’s experience teaching fraud courses
I personally talked about the risk of fraud on 6 continents and 45 countries. I think I've spoken with over 25,000 auditors. I wrote a lesson for IIA and remembered clearly the coach’s confusion about the terms used in the course. I have read the IIA Competency Framework, Guide to Fraud Risk Management, Second Edition. I can keep going, but I won't.
I believe that there is no doubt that the industry will be well served by creating an audit fraud dictionary. Promoting fraud auditing as a practice will be useful and make sure we talk about the same thing. Meanwhile, here is my advice for all CAEs: In your working document standards, or your audit plan to record the fraud clauses you use. One day, hopefully that day may never come, some regulators or attorneys will question the scope or quality of your work. Just ask Wells Fargo, Silicon Valley, and Arthur Anderson’s risk professionals.
For entertainment, how do you spell or say fraud in the following language?
1. Polished / “Oszustwo”
2. Arabic “aihtial” /احح
3. Russia “end”
4. Japanese “Saji” fraud
5. Persian “taghalab”
6. Serbia “прева”
7. Ireland “Calaois”
Obviously, I don't speak all these languages, so I rely on the internet. I hope this is right.
Since we were April Fools’ Day month, what do you know about this pseudo-holiday?
1. What is the origin of April Fool's Day?
2. Indeed, does every country have a custom about April 1?
3. Indeed, could the story of Noah’s Ark be inspired by the fools?
4. What scam did the BBC play with audiences in 1957?
5. Which technology company's history is an April 1 prank?
(The answer appears in the next blog)
