Fraud Investigation Reports vs. Audit Reports: What’s the difference?

Fraud and audit reports must be distinct because they are intrinsically different from one another. Read on for ways to present a full and succinct fraud investigation report using report design, content and tone. From the onset, fraud reports include different information and you want these reports to look distinct, but still look like part of the fleet of reports that internal audit cranks out. For example, you’ll probably need to stay within the font and design conventions of your company, but consider how the following areas can be changed to distinguish the fraud report.

Be specific: Make sure that the first thing your audience reads is “Fraud Investigation Report” so there is no confusion on the purpose of the report.

Enlarge the word Confidential: “Confidential” should be at the top of the report. Make it large and boldface the word. Fraud investigations are typically not shared outside of HR and upper management.

Change the color scheme: If your audit reports have a blue header, consider a different color header for the fraud report.

Content: Write to Your Audience. Because investigative reports mainly involve personnel and legal issues, your audience is limited. Your typical fraud audience will be the Chief Executive Officer, Chief of HR, Chief of Law, Chief Audit Executive, and Head of the Audit Committee. This small and informed audience knows the situation, and they are ready to move forward, so you can skip the internal audit fluff (e.g., scope, background, audit notes, distribution list). Because of the knowledge level of your audience, you can start your report in the middle of the conversation.

Design: Keep It Simple and Succinct. Fraud investigation reports are around 4-6 pages (excluding the Appendix). Once you’ve determined the outline for the fraud report, move on to deciding how to write each section of the fraud report.

Content: For Fraud Eyes Only. The outline above looks very different than typical audit reports. Here’s a quick breakdown of what to write in each section and i.e. Title, Date, Allegations (one paragraph under 70 words, or 3-4 sentences), Results (2-3 sentences per allegation) and Approach (Single sentence) and from Pages 2-4: Policy/Rule Violations, Summary of Evidence and Appendix

Allegations: in typical reports, there are no allegations – you look at a predetermined process or operation. In fraud, we have a specific allegation we’re going in to review. The report and content is always different.” How many allegations should you include in a fraud investigation? It varies depending upon the situation and the number of people involved.

“If the fraud investigation is about a person,” “like someone skims cash, commits payroll fraud, and abuses the company-purchasing card, then we have three allegations: theft, payroll fraud, and misappropriation of assets. However, because the same person commits all of these allegations, the report is still a single investigation.”

Approach: Approach is similar to the audit report scope section; however, approach lists who was interviewed and what the fraud investigative team looked at. In this section, you can also refer the reader to various exhibits and more information located in the appendix portion of the report.

Results: The Results section isn’t long – around 2-3 sentences per allegation. This section will determine whether the allegation was substantiated, unsubstantiated, or inconclusive.

Summary of Evidence: The summary of evidence in fraud reports is the same as the body of the report (the issues) in audit reports. The length of the summary of evidence varies according to the results. If substantiated, the summary of evidence could be from a single page to 3-4 pages.

To organize your summary of evidence section, break it down into sections, or subcategories. Using the example from above, categories could be Theft, Payroll Fraud, and Purchasing Cards.

Content: The Skinny on Recommendation and Risk Assessment. You might think that fraud reports should borrow some sections from the audit report (like risk or recommendations). However, these sections detract from the single purpose of the fraud report, to inform.

Recommendations: After all the investigating, fraud auditors should include their recommendations for action, right? Wrong. “In fraud, we give no recommendations,” “but we have to provide enough supporting evidence so the recipient can take the information and decide what they need to do.”

Risk: Unlike audit reports that outline the risk of audit issues, the fraud audience has to determine the risk on their own. Fraud investigations trust the audience is already well aware of the risk. For fraud, what once was a risk has often already materialized into a financial, productive, or reputational loss to the company.

Tone: Keeping Your Cool: In audit reports, you have to be a little more diplomatic. In fraud reports, you get to be candid, and for many, writing frankly is a breath of fresh air.

This candid method presents pros and cons. On the upside, you have very few people reviewing this – and the person being investigated is not a reviewer, so you get to be blunt. On the downside, you could inadvertently use negative instead of neutral language – especially when the suspect is guilty. You have to allow the facts to stand on their own and keep your tone neutral.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us on 0041 4350 830 9