This will be the summer of challenging our profession’s guidance on fraud risk assessment. As you know, last month we raised the question of whether fraud risk assessment is simply an academic process to meet a standard.
This month’s blog will challenge professional guidance on risk assessment. Does our professional guidance provide sufficient guidance for effective fraud risk management?
In particular, we’re considering the Fraud Risk Management Guide, second edition, and IIA’s Global Guidance, specifically the “IIA’s Global Practice Guide” titled “Internal Auditing and Fraud.
To be clear, this is not about right or wrong, but to challenge your thought process.
To illustrate my concern, I have selected two real-life examples of fraud perpetrated in the airline industry. Trust me, you could pick any industry and find the same examples.
Real Life Fraud Risk
I think we all agree that the airline industry is a mature industry. I think we can further assume that all the major airlines have a fraud risk management process. I will further assume that the procurement of airline parts would be rated at high risk and exposure.
Here is my question: Did the following two examples occur because the fraud risk assessment did not consider counterfeiters? Was there an overreliance on a preventive control? Or both? Now, I know we do not know the answer; only the airline companies would know that. But I will ask you to ponder my two questions.
Is fraud risk assessment simply an academic process to meet a standard?
Does our professional guidance provide sufficient guidance for effective fraud risk management?
First Example
UK-based AOG Technics’ director charged over alleged turbofan engine parts fraud as reported by David Kaminski-Morrow 28 May 2025.
The office alleges that AOG Technics defrauded customers by falsifying documentation relating to the origin, status, or condition of the aircraft parts, over the course of 2019-23. It is important to note that the investigation started in 2023 because an airline discovered fraudulent documentation for replacement parts.
According to reports from Bloomberg, AOG Technics was found to have defrauded multiple airlines by selling unapproved and fraudulently certified aircraft parts, including those used by American Airlines, Southwest, and United. AOG Technics also supplied parts to Ryanair and Delta.
Second Example
A much-reported, high-profile accident involving fake parts occurred on September 8, 1989, when Partner Flight 394 carrying 55 people from Oslo to Hamburg crashed into the sea, killing everyone on board. Investigators determined that counterfeit bolts and brackets had caused the tail section of the turboprop to tear loose. This was reported by Connector Supplier, which is the only publication that exclusively follows the news, trends, personalities, and innovations that impact the interconnect industry.
Now, without access to the various airlines’ fraud risk assessment documents, we can only surmise what they say. But these are the following questions I would like to ask the chief auditors based on the two examples:
Leonard’s Challenges to Professional Literature
1. Does our literature oversimplify fraud risk identification?
2. Does the guidance focus mostly on historical fraud risk?
3. Does the guidance differentiate between a statement of fraud risk (what) versus a fraud scenario (how)?
4. Is there overemphasis on preventive controls as the key strategy?
5. How much guidance does the literature provide on the sophistication of concealment?
6. Is mitigation calibrated to the sophistication of the perpetrator?
7. Does literature suggest incorporating industry information into the statement of fraud risk?
8. Do you believe risk assessment focuses on documentation of fraud risk versus understanding fraud risk?
9. Do you think that the goal of low residual risk contributes to failures in fraud risk management?
10. Is there a realistic way to quantify fraud risk exposure?
11. If you were to make changes to professional literature, what would you suggest?
Let’s evaluate considering two real-life examples, asking the following two questions:
• Should the fraud risk assessment process have anticipated counterfeiters?
• Should preventive controls anticipate fraudulent certifications?
I am hoping that my message is clear. In my opinion, proper fraud risk identification is not an easy task, and fraud risk management is even tougher. This is one of the reasons I am suggesting we need to do a better job of understanding fraud risk versus simply documenting fraud risk at a high level and arriving at a low residual risk rating.
To be honest, I am afraid that we are going the way of the public accounting profession. The public accounting profession denied responsibility for fraud in financial statements, even though the world thinks that auditors do have responsibility.
Yes, I know, auditors are supposed to assess management’s risk assessment process. But does the world expect more from us?
FRAUD TRIVIA
1. What was the name of the movie for Ferdinand Waldo Demara? The Great Imposter
2. Who played Ferdinand Waldo Demara in the movie? Tony Curtis.
3. What was the name of the college he created in Alfred, Maine? Originally known as LaMennais College, now known as Walsh College.
4. Demara had come to two beliefs; what were they? One was that in any organization, there is always a lot of loose, unused power lying about, which can be picked up without alienating anyone. The second rule is, if you want power and want to expand, never encroach on anyone else’s domain; open up new ones
5. Demara had two cardinal rules. What were they? The burden of proof is on the accuser, and “when in danger, attack.”
6. In what town was he born? Lawrence Ma,
7. This town was famous for “bread and roses”. What was this? A political slogan associated with women’s suffrage and the labor movement, as well as an associated poem and song. It originated in a speech given by American women’s suffrage activist Helen Todd. The phrase is commonly associated with the textile strike in Lawrence, Massachusetts, between January and March 1912
1. According to The Times of Israel, between 2017 and 2019 who allegedly conned 1 billion dollars from people and banks in a Ponzi scheme?
2. According to The Washington Post, following the release of the documentary, the movie has become the most ever watched Documentary on Netflix, and was nominated for five Emmy awards. What was the name of the movie?
3. In what year did his legal troubles start?
4. In which countries was he arrested for using a fake passport?
5. According to The Times of Israel, in 2020, he pretended to be a medical worker to get what treatment?
So many times, I hear auditors say, you need to think like a thief. So, do you think you could think like this conman? Could you pull off these schemes?
