Fraud auditing is truly searching for a needle in a haystack. To illustrate the concept, someone in a business system may be misstating the financial statements, stealing assets, or committing a corrupt act. However, at the beginning of the fraud audit we do not know who, what, or when. Yet there is an expectation that an auditor should be able to detect who, what, and when. So, where or how should the auditor start searching for the fraudulent transaction?

While the fraud auditor may not know who or how or when, the fraud auditor does know what fraud scenario someone can commit in a business system. The fraud auditor does understand how perpetrators conceal their footprints. The fraud scenario approach is designed to even the playing field between the auditor and the perpetrator. Yes, the perpetrator does have an advantage because of how he conceals his footprints. However, the auditor has the advantage because fraud data analytics is an integral part of fraud auditing. Whether the fraudulent act causes a misstatement of the financial statements, a misappropriation of assets, or a corrupt act that is a violation of law or policy, fraud data analytics is intended to uncover the fraud scenario hiding in the haystack.

The fraud scenario approach is based on a methodology of how to write a fraud risk statement. The fraud scenario statement becomes the basis for building the fraud audit program. The sampling technique is driven by the fraud ...