IN ORDER TO IDENTIFY SOMETHING you have to know what it looks like. If you don't know what it looks like, you may walk right past it without recognizing what it is. There are an infinite number of forms that fraud can take as there are an infinite variety of business structures, accounting systems, documentation characteristics, and so on. There are no guarantees that a fraud detection strategy will work all of the time and identify every fraud, but research indicates that most employee fraud is not sophisticated and, generally, not well concealed. All that is required, in many cases, is to identify what it would look like and it will be found. The process outlined here is not necessarily intended to provide an absolute catch-all solution to fraud detection but an incremental improvement in the odds against an organization becoming a victim of fraud.

As shown in Figure 21.1, there are three fundamental phases in the process of developing a fraud profile for your organization:

1. The first phase is the development of a fraud risk assessment to identify the key fraud risks and scenarios to which your business is exposed.
2. The second phase is the identification of the characteristics that these fraud exposures or hypothetical fraud scenarios would present. This is the fraud profile.
3. The final phase is the development of cost-effective monitoring to recognize, report, and react to the characteristics if they occur. This is the detection ...