• Mychal Evenson


Updated: Feb 21

Welcome to another platform post. This week, I am moving out of accounting theory and onto a new topic: FRAUD. With fraud, it is vital to settle on a definition. Black’s Law Dictionary says, “A knowing misrepresentation of the truth or concealment of a material fact to induce another to act to his or her detriment.” This definition has three components. The first is that the perpetrator must “knowingly” or with intent perform the act. The second is that fraud involves some cover-up. Finally, fraud must harm another entity.

Internal fraud falls under three categories: corruption, asset misappropriation, and financial statement fraud. The order of frequency is asset misappropriation at 85% of all fraud cases, corruption at 43%, and financial statement fraud at 10% of cases. You’re right to point out that this adds up to more than 100%. That’s because it fits into multiple categories about half of the time. The Association of Certified Fraud Examiners presents it as a Venn diagram that you can view on page 12 of the report linked at the end of this post.

Here is an example that fits under corruption (purchasing schemes) and asset misappropriation (fraudulent disbursement). Pretend for the moment that a public works department needs ten thousand tons of concrete each year. For this illustration, the market rate for this size bulk purchase is $50 per ton. The government should expect to pay somewhere around $500,000 per year for concrete. The government can usually negotiate rates below the market rate, so the government should consider the $500,000 amount the cap.

Unfortunately, in our fictitious case, the concrete company owner is the brother of the person in charge of purchasing. They negotiate $5 above the market rate, resulting in excess costs of $50,000 to the government. The concrete company pays the purchasing employee under the table as a reward for the higher rate. This fraud has two components: the first is a conflict of interest (corruption), and the second is a billing scheme (fraudulent disbursements).

Interestingly, despite asset misappropriation being the most common, it is the least expensive per event. According to the Association of Certified Fraud Examiners, asset misappropriation costs $100,000 per event, corruption costs $200,000, and financial statement fraud costs $954,000 per event.

If fraud is so expensive, then how is it detected? Page 19 of the report mentioned above shows that most fraud is detected via a tip. Internal auditors and managers are about 1/3 as likely to detect fraud compared to tips. With minor fluctuations, this finding has held steady for the past decade. This finding is important because an entity looking to detect fraud should use the tools most likely to detect fraud. County employees: Quick! What’s the fraud/whistleblower hotline? That’s fine; you don’t have to go look it up. The fact that we don’t know what it is (or even if there is one) is very telling. Using evidence-based strategies is a must when dealing with limited resources.

Organizations with a comprehensive fraud tip system detect fraud by tip 49% of the time, while those without only detect fraud by tip 31% of the time. That swing (18%) is greater than the frequency that internal auditors detect fraud in total (15%). A formal and comprehensive fraud tip system is a must for any organization.

I’m sure you’re asking me, “If tips are the most common way to detect fraud, what is the internal auditor’s responsibility in fraud and corruption detection?” That’s a great question. Finding fraud for an internal auditor is kind of like panning for gold. You dip your pan into the water and sift. If you see gold (fraud), it means there is gold where you are. However, not finding gold doesn’t mean that there isn’t any. You have to keep dipping the pan until you are satisfied that finding the gold would take more work than it is worth. Just like reasonable assurance, fraud detection uses statistics. The internal auditor sets the margin of error and the confidence interval and samples the correct number of transactions, just as reasonable assurance. Consider each item in the sample a dip of the gold pan. The conclusion is more scientific than finding gold, but the result is the same. It’s no wonder, either.

A skilled internal auditor can use statistical tools beyond just sampling. With a few notable exceptions, ledgers follow the same laws as any other natural number set. While I won’t bore you with all the details of what that means, an internal auditor can examine ledgers for violations of these natural number set laws. If any violations are detected, it is a trigger to look more closely for fraud. Since these are laws, a computer system can be programmed to examine every account regularly and report any suspicious accounts to the internal auditor.

The current Auditor-Controller’s fraud detection plan is not on the list of evidence-based fraud detection systems. Poring over everything line-by-line is not only not an effective fraud detection framework, but it is so ineffective that it can open the county to fraud opportunities. There are two primary reasons for this. The first is that items go through 3-7 approvals before arriving at the Auditor-Controller’s queue. It would be tough to identify a transaction lacking a business purpose after that many reviews.

The other reason is that re-reviewing every line item takes a substantial amount of time. If you read my reasonable assurance post, you saw just how much. When an internal auditing office is months to years behind, it becomes easier for a fraudster to “cover their tracks.”

Now that you have a fundamental understanding of fraud, here is my fraud detection and prevention plan:

  1. Create a comprehensive whistleblower tip system.

  2. Institute statistical sampling to detect fraud.

  3. Provide thorough training for employees and managers on how to handle potential fraud or a report from a colleague of potential fraud.

  4. Use natural numbers laws and technology to analyze the ledger for accounts that show elevated fraud risk and review those accounts.

If you want an Auditor-Controller that will take an evidence-based approach to fraud that leverages established best practices, vote for Mychal Evenson for Auditor-Controller on June 7th, 2022. Please like this post and share it. Please consider donating to my campaign at

23 views0 comments

Recent Posts

See All