Fraudsters go to great lengths to structure their fraud around regulators, auditors, and other interested parties to avoid detection. Such is the case with an online scam that was recently disrupted by the FTC. Scammers set up over 100 fake companies and then submitted fictitious transactions to credit card processors. The transactions were structured to be inconspicuous to the owners of the credit cards--transactions were usually between $0.25 and $9.00 and many of the fictitious companies had names similar to legitimate companies. Per the FTC, the fraudsters charged 1.35 million credit cards a total of $9.5 million, but only 78,724 of these fake charges were ever noticed. (via Macworld)
Financial statement frauds often involve such strategic behavior by fraudsters. For example, at the height the HealthSouth fraud, the company was generating over 125,000 fictitious transactions PER QUARTER, all under the dollar threshold established by their auditor for "significant" transactions (if you haven't already listened to the FASRI roundtable with Aaron Beam and Weston Smith, former CFOs of HealthSouth, I would encourage you the check it out here). When management knows what behavior to expect from auditors, management can design a fraud with a much greater likelihood of avoiding detection.
How can auditors respond? One of the best ways auditors can prevent strategic fraud is by being strategic themselves. Strategic reasoning helps auditors to consider how management could structure a fraud to avoid standard audit procedures, and helps auditors respond by changing the nature, timing, and extent of audit procedures. As audit procedures become more unpredictable, not only are auditors more likely to catch fraud, but potential fraudsters are less likely to engage in fraud in the first place.