Glossary

Access Rights Abuse refers to the improper or unauthorized use of legitimately granted system access by authorized users.

Access rights abuse is commonly associated with insider threats, weak internal controls, and insufficient segregation of duties. It is particularly critical when privileged accounts are used to bypass controls or manipulate data.

It is a common driver of internal IT-related fraud and can lead to significant financial and operational damage.

An administrator misuses privileged access to alter financial data for personal benefit.

Unauthorized access to user accounts.

Account takeover is commonly associated with cyber fraud, social engineering, and access rights abuse. It affects digital platforms, email systems, and business-critical applications and often serves as an entry point for further fraudulent activities.

Enables unauthorized transactions, data manipulation, and control bypassing, posing a significant risk especially for privileged accounts.

Email account hijacked after phishing.

Anti-Money Laundering (AML) refers to the set of legal, regulatory, and organizational measures designed to prevent money laundering and terrorist financing.

Anti-Money Laundering (AML) is a core component of compliance frameworks and is closely linked to enhanced due diligence (EDD), customer due diligence (CDD), and risk-based control approaches. It applies to financial institutions and, increasingly, to non-financial businesses subject to regulatory obligations.

Anti-Money Laundering (AML) is a key regulatory requirement that obliges organizations to implement effective controls to detect, assess, and report suspicious activities.

Requirement to identify and verify beneficial owners of customers.

Asset Misappropriation refers to the theft or misuse of an organisation’s assets by employees or third parties.

Asset misappropriation includes schemes such as cash theft, expense fraud, and misuse of company resources and is a core category of occupational fraud. It commonly occurs where internal controls are weak or where segregation of duties is insufficient.

It results in direct financial losses and indicates weaknesses in control and oversight.

Unauthorized personal expenses charged to a company credit card.

An Audit Trail is a complete and traceable record of transactions, changes, and system activities.

Audit trails are a key component of internal controls, forensic evidence handling, and IT governance. They enable traceability of actions and are closely linked to access rights abuse and audit procedures.

They are essential for audits, investigations, and regulatory compliance by ensuring transparency and accountability.

System logs capturing all changes to accounting entries and user activities.

Average Fraud Duration refers to the average time between the initiation and detection of a fraud scheme.

Average Fraud Duration is a key metric in fraud risk management and is commonly used as part of fraud KPIs by internal audit and compliance functions. It provides insights into the effectiveness of internal controls and detection mechanisms.

A shorter average fraud duration indicates effective controls and timely detection, while longer durations suggest weaknesses in monitoring and control environments.

A fraud scheme is detected after 14 months.

The individual who ultimately owns or controls an entity.

Transparency over beneficial ownership is essential for anti-money laundering (AML), know your customer (KYC) processes, and the identification of hidden conflicts of interest.

Transparency is essential for anti-money laundering (AML) and fraud prevention.

A vendor is effectively controlled by one individual.

Bid rigging involves collusion between bidders to manipulate tender outcomes.

Bid rigging typically occurs in procurement and tendering processes and is closely linked to collusion, corruption, and vendor fraud. It is particularly relevant in regulated markets and public procurement environments.

Undermines fair competition, leads to inefficient procurement outcomes, and causes significant economic harm.

Companies rotate winning bids in public tenders.

Bribery refers to the offering, promising, giving, or receiving of an undue advantage to influence the actions or decisions of an individual in breach of their duties.

Bribery is a core form of corruption and occurs in both public and private sector environments. It includes direct or indirect benefits, monetary or non-monetary, and is commonly associated with procurement, licensing, contracting, and regulatory decision-making. The term serves as an umbrella concept for specific forms such as bribery of public officials and bribery in the private sector.

Bribery undermines integrity, distorts decision-making, and creates significant legal, financial, and reputational risks. It is a central focus of compliance and anti-corruption frameworks.

A company offers financial incentives to a decision-maker to secure a contract award.

Bribery of Private Officials refers to offering, giving, or receiving improper advantages between private sector parties in a business context.

Bribery in the private sector typically occurs in procurement, sales, or contract negotiations. It is closely linked to Corruption, Conflict of Interest, and weak Internal Controls, and may result in market distortion and significant Compliance risks.

Bribery of Private Officials is illegal or subject to sanctions in many jurisdictions and represents a significant risk to corporate governance and integrity.

Kickback payments in exchange for preferential supplier selection.

Bribery of Public Officials refers to offering, promising, or giving advantages to public officials in order to improperly influence their actions or decisions.

Bribery of Public Officials is a core element of Corruption and is heavily regulated under international anti-corruption laws and compliance frameworks. It commonly occurs in connection with public procurement, licensing, and regulatory oversight.

Bribery of Public Officials represents a high legal and reputational risk and is subject to strict enforcement, particularly in cross-border business activities.

A payment is made to a public official to accelerate the approval of a license.

Business Email Compromise (BEC) is a fraud scheme in which business email accounts are compromised or impersonated to redirect payments or obtain sensitive information.

Business Email Compromise (BEC) is a form of cyber fraud closely linked to social engineering and phishing. Perpetrators exploit weaknesses in internal controls, particularly in payment approval processes and vendor master data management.

Business Email Compromise (BEC) is one of the most financially damaging forms of fraud, as it systematically exploits trust, processes, and control gaps.

A spoofed CEO email instructs an urgent wire transfer to a fraudulent account.

The theft of cash after it has been recorded in the accounting system.

Cash larceny is a form of asset misappropriation that occurs after cash has been recorded, distinguishing it from skimming. It is closely linked to weaknesses in internal controls, particularly in cash counts, reconciliations, and segregation of duties.

Indicates control deficiencies in cash handling processes and is generally detectable through discrepancies in recorded and actual cash balances.

Cash is stolen from the register after closing.

Chain of Custody refers to the documented and traceable handling, transfer, and storage of evidence throughout its lifecycle.

The Chain of Custody is a fundamental concept in forensics, internal investigations, and legal proceedings. It ensures that evidence remains identifiable, intact, and properly handled at all times.

A properly maintained Chain of Custody is critical for the admissibility of evidence, as it prevents tampering allegations and ensures evidential integrity.

Documented and signed transfer of digital evidence between investigators.

Channel Stuffing refers to the practice of deliberately oversupplying distributors to artificially inflate short-term revenue or performance metrics.

Channel stuffing is commonly associated with financial statement fraud and revenue manipulation and is considered a typical red flag in financial reporting. It is often driven by sales pressure and weak internal controls.

It distorts financial performance and shifts inventory and sales risks downstream to distributors.

Distributors are forced to accept excess inventory at the end of a reporting period to boost reported revenue.

The misuse or alteration of checks.

Check tampering is a form of asset misappropriation and is most common in organisations with manual or paper-based payment processes. It is closely linked to weaknesses in internal controls, particularly in payment approvals, reconciliations, and segregation of duties.

Indicates weak payment controls and is a common fraud scheme in low-automation environments.

A check is issued to an unauthorized payee.

Cooperation between parties to commit fraud.

Collusion often occurs in procurement, finance, and decision-making processes and is closely linked to kickback schemes, conflicts of interest, and weaknesses in internal controls. It is particularly critical because multiple parties deliberately cooperate to bypass control mechanisms.

Undermines key control principles such as segregation of duties and represents a major risk factor for difficult-to-detect fraud.

Buyer and vendor coordinate fake invoices.

Number of compliance violations.

Compliance breach frequency is a key metric in compliance and governance frameworks and is often analysed in conjunction with internal controls, fraud risk assessment, and monitoring systems. It can be broken down by type of violation (e.g. regulatory, internal, ethical).

Acts as an early indicator of weaknesses in governance, control environments, and organisational culture, and supports the management of compliance measures.

Multiple sanctions breaches.

Failure to comply with laws, regulations, or internal policies.

Compliance violations occur across various domains, including anti-money laundering (AML), data protection, competition law, and internal policies. They are often linked to weak internal controls, insufficient compliance governance, or lack of employee awareness.

May lead to significant legal, financial, and reputational risks and serves as a key indicator of weaknesses in compliance and control frameworks.

Ignoring sanctions requirements.

A Conflict of Interest arises when personal interests may influence an individual’s objective judgment or decision-making.

Conflicts of interest often arise in procurement, decision-making, or control processes and are closely linked to conflict-based corruption, internal controls, and fraud risk assessment. They are a core element of compliance programmes and governance frameworks.

Undisclosed conflicts of interest significantly increase the risk of misconduct, corruption, and fraud and undermine organisational integrity.

Awarding contracts to a company owned by a family member.

Conflict-Based Corruption refers to corrupt behavior driven by undisclosed or improperly managed conflicts of interest.

Conflict-Based Corruption typically occurs in decision-making processes such as procurement, contracting, or hiring. It is closely linked to corruption, weak internal controls, and insufficient compliance frameworks, particularly where disclosure requirements are lacking.

Conflict-Based Corruption is difficult to detect, as decisions may appear legitimate while being influenced by personal interests.

Awarding contracts to a company owned by the decision-maker without disclosure.

Percentage of controls operating effectively.

Control effectiveness rate is a key metric within internal controls and is commonly used in fraud risk assessment as well as internal and external audits. It evaluates whether defined controls operate as intended and effectively mitigate risks.

Measures the quality and reliability of the internal control system and serves as a key indicator of its overall performance.

85 percent effective controls.

Percentage of failed controls.

Control failure rate is a key metric within internal controls and fraud risk assessment. It measures the effectiveness of control mechanisms, such as approvals, reconciliations, or system-based controls, and is often assessed in audits and monitoring processes.

Direct indicator of weaknesses in the control environment and potential fraud exposure.

Multiple failed dual controls.

Control override refers to the deliberate circumvention or bypassing of established control mechanisms.

Control override often occurs in connection with occupational fraud, particularly involving senior management, and is closely linked to weak segregation of duties and inadequate monitoring of exceptions. It is a key concept in internal controls, governance, and audit processes.

It is a high-impact risk because authority and access can neutralize control frameworks.

A manager forces an exception payment approval.

Control Override Red Flag refers to the frequent or systematic bypassing of established control mechanisms, often through repeated exceptions or overrides.

Control override is a common red flag and is closely linked to control override practices and weak segregation of duties. It typically occurs in environments with high discretion and insufficient monitoring of exceptions.

It signals potential abuse of authority, policy violations, or deliberate manipulation.

Repeated manual overrides of payment approval controls.

Criminal liability of corporations.

Corporate criminal liability refers to the legal concept that corporations can be held criminally responsible for offences committed within the organisation. It typically applies where there are deficiencies in organisational structure, internal controls, or oversight. The concept is closely linked to compliance, corporate governance, internal control systems, and organisational failure.

Establishes direct criminal risk for corporations and significantly increases the need for robust compliance, control, and governance frameworks.

Company liable for control failures.

Corruption is the abuse of entrusted power for private gain.

Corruption is an overarching concept that includes various forms of undue influence, particularly bribery, illegal gratuities, and trading in influence. It occurs in both public and private sectors and is closely linked to conflicts of interest, kickback schemes, and internal controls within governance frameworks.

Distorts decision-making, undermines fair competition, and creates significant legal, financial, and reputational risks.

Awarding contracts in exchange for personal benefits.

Cost of Fraud Management refers to the total resources required for fraud prevention, detection, and investigation, including personnel, systems, analytics, and training.

The cost of fraud management is closely linked to fraud risk assessment, data analytics for fraud detection, and internal controls. It arises across the full control lifecycle, from preventive measures to continuous monitoring and investigative activities.

It supports cost-benefit analysis and enables organizations to balance investment in controls against potential fraud losses.

Budget allocated to fraud analytics tools, internal audits, and employee training programs.

Customer Due Diligence (CDD) refers to the risk-based assessment and ongoing monitoring of customers, transactions, and business relationships.

CDD is a core component of anti-money laundering (AML) frameworks and is closely linked to know your customer (KYC) and enhanced due diligence (EDD). It is applied during onboarding and throughout the lifecycle of a business relationship.

It ensures that controls and monitoring measures are proportionate to the risk profile of the customer.

Enhanced verification procedures applied to high-risk customers.

Cyber fraud involves fraud schemes executed through digital technologies.

Cyber fraud is closely linked to social engineering, access rights abuse, and other forms of occupational fraud as well as external cyber-enabled crime. It is particularly prevalent in digitalised business processes, e-commerce environments, and interconnected IT systems.

Represents a highly dynamic and difficult-to-control risk area due to scalability, automation, and global reach.

Phishing attacks to steal credentials.

Data Analytics Detection refers to the use of data analysis techniques to identify anomalies, patterns, and indicators related to fraud.

Data Analytics Detection is applied within fraud risk management, compliance, and internal audit to enable continuous monitoring of transactions and master data. It supports the identification of red flags, unusual patterns, and weaknesses in internal controls.

Data Analytics Detection enables scalable and continuous monitoring, increasing the likelihood of detecting complex or systematic fraud schemes at an early stage.

Duplicate vendor analysis to identify potential fraud or control weaknesses.

Data Analytics for Fraud Detection refers to the use of structured and systematic data analysis techniques to identify anomalies, patterns, and indicators related to fraud.

Data Analytics for Fraud Detection is a key component of fraud risk management, internal audit, and compliance programs. It enables the analysis of large and complex datasets to identify red flags, unusual transaction patterns, and control weaknesses.

Data Analytics for Fraud Detection enables scalable, full-population testing and significantly enhances the effectiveness and precision of fraud detection.

Matching vendor and employee data to identify overlaps or conflicts of interest.

Data manipulation refers to the deliberate alteration, suppression, or falsification of data to achieve a desired outcome or bypass controls.

Data manipulation often occurs in the context of financial reporting, operational metrics, or system logs and is closely linked to internal controls, access rights abuse, and forensic evidence handling. It is particularly relevant in IT-driven processes and integrated system environments.

Undermines the reliability of decision-making and can deliberately bypass control mechanisms.

Altering accounting entries in ERP systems.

Legal framework for personal data protection.

Data protection law includes national and international frameworks such as the GDPR and the Swiss Data Protection Act and is closely linked to internal controls, forensic evidence handling, and internal investigations. It defines the legal boundaries for processing personal data, particularly in investigation, monitoring, and analytics contexts.

Establishes legal constraints and requirements for data use and significantly shapes the design of control, analytics, and investigation processes.

Limits on employee monitoring.

Deepfake Fraud refers to a form of fraud in which artificially generated or manipulated audio, video, or image content is used to convincingly impersonate a real person. The objective is to exploit trust in order to influence financial transactions, obtain sensitive information, or manipulate organisational decisions.

Unlike traditional impersonation techniques, Deepfake Fraud relies on generative artificial intelligence models capable of replicating a person’s voice, facial expressions, and behavioural patterns with a high degree of realism.

Deepfake Fraud represents an evolution of social engineering and operates at the intersection of cybercrime, identity fraud, and organisational fraud.

It is particularly relevant in scenarios involving:
• Business Email Compromise (BEC)
• CEO Fraud / executive impersonation
• payment authorisation processes
• remote communication channels (phone, video conferencing)

The increasing availability of generative AI technologies, including voice cloning and video synthesis, has significantly lowered the barrier to entry. What previously required specialised expertise can now be achieved using commercially available or even freely accessible tools.

Deepfake Fraud poses a fundamental challenge to established control mechanisms, as traditional forms of authentication—especially voice and visual recognition—become unreliable.

Its significance is driven by several factors:
• High credibility: impersonations appear realistic and persuasive
• Bypassing of controls: e.g. verbal confirmations or informal approval processes
• Scalability: attacks can be replicated with relatively low effort
• Detection complexity: manipulation may only be identifiable through forensic analysis

For organisations, this implies a shift from trust-based verification towards structured, multi-layered control environments.

A finance manager receives a phone call that appears to come from the CEO. The voice, tone, and speaking style match the known characteristics of the executive. During the call, an urgent payment is requested in connection with a confidential transaction.

In reality, the voice has been synthetically generated using AI-based voice cloning. The payment is executed without additional verification.

Deferred Prosecution Agreement (DPA) is an agreement between prosecutors and an organization to suspend criminal prosecution subject to specific conditions.

Deferred Prosecution Agreements (DPAs) are commonly used in compliance and corruption cases, particularly in connection with violations of anti-corruption laws or financial crime. Organizations typically agree to cooperate, conduct internal investigations, strengthen internal controls, and implement compliance enhancements.

Deferred Prosecution Agreements (DPAs) are a key enforcement tool, allowing organizations to avoid conviction while accepting significant financial penalties and compliance obligations.

A company agrees to pay fines, cooperate with authorities, and enhance compliance programs in exchange for deferred prosecution.

Distribution of fraud detection sources.

Detection source ratio is an analytical metric in fraud risk assessment and the monitoring of fraud detection methods. It breaks down detection by source, such as tips, internal controls, audits, or data analytics, enabling a structured evaluation of detection effectiveness.

Highlights the relative effectiveness of different detection channels and supports the targeted improvement of control and reporting mechanisms.

60 percent detected via tips.

Documentation Issues Red Flag refers to incomplete, delayed, inconsistent, or manipulated documentation related to business transactions.

Documentation Issues Red Flag often occurs in connection with Fraud, Financial Statement Fraud, or weak Internal Control systems. It may be used to obscure transactions, disrupt audit trails, or reduce the traceability of decisions and accounting entries.

Documentation Issues Red Flag is a key indicator of risk, as it reduces transparency, weakens controls, and significantly hinders the detection of Fraud.

Missing or inconsistent supporting documents for recorded transactions.

Multiple payments for the same invoice.

Duplicate payments typically occur in procurement and accounts payable processes and are often linked to weaknesses in internal controls, insufficient segregation of duties, or poor data quality. They are a classic example of red flags in fraud detection.

Indicates process and control weaknesses and may point to both errors and fraudulent activities.

Invoice paid twice.

Economic extortion refers to the extraction of economic benefits through threats, pressure, or the exploitation of dependencies.

Economic extortion often arises in business relationships, supply chains, or regulatory dependencies and is closely linked to corruption, including trading in influence and illegal gratuities. It is often enabled by power imbalances and weak internal controls.

It can involve both internal and external actors and represents a significant risk to integrity, compliance, and fair market practices.

Threatening delays unless paid.

Employee complaints.

Employee complaints are often associated with tips and whistleblower reports, red flags, and formal whistleblowing systems. They frequently arise outside formal reporting channels and can provide valuable qualitative insights into potential irregularities.

Serve as early warning signals of potential misconduct and should be systematically captured, assessed, and integrated into investigation processes.

Complaints about procurement favoritism.

Enhanced Due Diligence (EDD) refers to enhanced verification and assessment procedures applied to higher-risk customers or transactions.

Enhanced Due Diligence (EDD) is part of risk-based compliance and anti-money laundering (AML) frameworks. It is applied in higher-risk situations, such as politically exposed persons (PEP), complex ownership structures, or cross-border relationships. EDD builds on Customer Due Diligence (CDD) by introducing more in-depth checks, particularly regarding source of wealth and source of funds.

Enhanced Due Diligence (EDD) is mandatory in high-risk scenarios and is designed to identify and mitigate risks related to money laundering, corruption, and other forms of financial crime.

Additional verification of source of funds and source of wealth for a high-risk customer.

EU-wide whistleblower protection framework.

The EU Whistleblower Directive (EU 2019/1937) establishes minimum standards for whistleblower protection and is closely linked to whistleblower protection, tips and whistleblower reports, and internal investigations. It requires organisations to implement secure internal and external reporting channels and defined procedural safeguards.

Provides a legally binding framework for whistleblowing systems and strengthens transparency, compliance, and fraud detection.

Internal reporting hotline.

The submission of false or inflated expense claims.

Expense account fraud is a form of asset misappropriation and is common in decentralised organisations with large employee bases. It is closely linked to weaknesses in internal controls, insufficient management review, and lack of awareness within fraud prevention programmes.

Although often small per incident, it can result in significant cumulative losses and indicates systemic control weaknesses.

Personal meals claimed as business expenses.

Expense Manipulation refers to the improper recognition, deferral, or capitalization of expenses to influence reported financial results.

Expense manipulation is commonly associated with financial statement fraud, hidden liabilities, and earnings management practices. It is considered a typical red flag in financial reporting and is often enabled by weak internal controls.

It is used to manipulate earnings and distorts the true financial performance of an organization.

Expenses are deferred to future periods to artificially increase current profits.

Improper expense reimbursement claims.

Expense reimbursement fraud is a form of asset misappropriation and is closely linked to expense account fraud, weaknesses in internal controls, and insufficient management review. It is common in organisations with decentralised approval processes and high volumes of expense claims.

Although often small per incident, repeated occurrences can lead to significant cumulative losses and indicate systemic control deficiencies.

Duplicate or altered receipts.

Compliance with export control regulations.

Export control compliance involves adherence to national and international regulations (e.g. EU dual-use regulation, sanctions regimes) and is closely linked to compliance violations, regulatory reporting obligations, and internal controls. It is particularly relevant for companies operating in global supply chains or dealing with sensitive technologies.

Prevents unlawful transfers of goods and technology and mitigates regulatory, legal, and reputational risks.

License required for software export.

External Audit Detection refers to the identification of irregularities or Fraud by independent external auditors during the audit of financial statements.

External Audit Detection typically occurs within statutory audits and focuses on material misstatements in financial reporting. It is closely linked to Financial Statement Fraud, Internal Control, and Compliance, but is not primarily designed to actively detect Fraud.

External Audit Detection plays an important control role but identifies only a portion of Fraud, as external audits are risk-based and not designed as forensic investigations.

Material misstatements identified during the audit of financial statements.

Invoices for goods or services not provided.

False invoice schemes are a common fraud scheme in procurement and payment processes and are closely linked to vendor fraud, collusion, and weaknesses in internal controls. They are often enabled by insufficient verification of vendors, services, or invoices.

Result in direct financial losses and indicate significant deficiencies in procurement controls and verification processes.

Invoice without proof of delivery.

Financial Statement Fraud is the intentional misrepresentation of financial information to mislead stakeholders.

Financial Statement Fraud often involves manipulation of revenues, expenses, assets, or liabilities. It is typically committed by senior management and is closely linked to weak Internal Control systems and governance failures.

Financial Statement Fraud distorts decision-making, undermines market confidence, and can result in significant financial and legal consequences.

Premature recognition of revenue to inflate reported earnings.

Forensic Evidence Handling refers to the proper collection, documentation, analysis, and preservation of evidence during investigations.

Forensic Evidence Handling is a core component of investigations into fraud and other forms of financial crime. It is closely linked to the chain of custody, digital forensics practices, and investigative procedures.

Forensic Evidence Handling ensures the integrity and legal admissibility of evidence and prevents tampering or loss of critical information.

Collection and preservation of server logs for use in an investigation.

Forensic Interviewing is a structured interviewing technique used to systematically establish facts and obtain reliable statements during investigations.

Forensic Interviewing is applied in internal investigations related to fraud and other forms of financial crime. It is closely linked to evidence handling, investigative procedures, and behavioural analysis, and follows defined methodological and legal standards.

Forensic Interviewing supports the collection of reliable and legally defensible information while adhering to legal, psychological, and ethical requirements.

Investigators conduct structured interviews with employees as part of an internal investigation.

Fraud refers to any intentional act of deception designed to secure an unfair or unlawful gain or to cause a loss to another party.

Fraud is an umbrella term covering various forms of economic crime, including asset misappropriation, corruption, and financial statement fraud. It can be committed by employees, external parties, or through collusive arrangements. Fraud is closely linked to internal controls, governance structures, and risk management, and represents a core subject of economic forensics.

Fraud results in financial losses, reputational damage, and legal consequences. Preventing and detecting fraud is a key objective of internal controls, compliance frameworks, and forensic investigations.

An employee manipulates invoices or payment processes to divert funds for personal gain.

Number of fraud cases over a period.

Fraud case frequency is a key metric in fraud risk assessment and the monitoring of fraud detection methods. It is often analysed alongside indicators such as loss per case and average fraud duration to assess risk trends and control effectiveness.

Enables trend analysis, benchmarking, and evaluation of prevention and detection effectiveness.

Increase from 5 to 9 cases per year.

Fraud Detection Methods are systematic approaches used to identify fraudulent activities based on data analysis, controls, reporting mechanisms, and audit procedures.

Fraud detection methods include approaches such as tips and whistleblower reports, data analytics detection, internal controls, and audit activities. These methods are often combined to address different fraud risks and scenarios.

Combining multiple detection methods significantly increases the likelihood of identifying fraud and supports earlier detection.

Use of whistleblower reports, data analytics, and internal audits to detect fraud.

Fraud KPI (Key Performance Indicator) is a quantitative metric used to measure fraud risk, actual fraud cases, or the effectiveness of internal controls.

Fraud KPIs are used within compliance, internal audit, and fraud risk management frameworks. They support ongoing risk monitoring, trend analysis, and the evaluation of prevention and detection measures.

Fraud KPIs enable data-driven management, comparability across time and entities, and structured reporting to management and oversight bodies.

Number of detected fraud cases per year.

Total financial loss caused by fraud.

Fraud loss amount is a key metric in fraud risk assessment and is often analysed alongside indicators such as case frequency, loss per case, and average fraud duration. It may include both direct financial losses and, depending on scope, indirect costs such as reputational damage and investigation expenses.

Key measure of financial impact and a basis for risk prioritisation and decision-making.

Total loss from fake invoices.

Fraud Loss per Case refers to the average financial loss incurred per detected fraud case.

This metric is used as part of fraud KPIs and fraud risk assessment and is closely linked to average fraud duration, as longer undetected fraud typically results in higher losses. It enables comparative analysis across cases.

It supports risk prioritization by highlighting the financial impact of different fraud scenarios.

Average loss of 120,000 CHF per fraud case.

Measures designed to prevent fraud.

Fraud prevention includes organisational, procedural, and technical measures aimed at reducing fraud risks and is closely linked to internal controls, fraud risk assessment, and a strong tone at the top. It primarily addresses opportunity and rationalisation within the fraud triangle.

Effective fraud prevention reduces both the likelihood and impact of fraud and is generally more cost-efficient than reactive investigations.

Employee awareness training.

Percentage of recovered losses.

Fraud recovery rate is a key metric following internal investigations and is closely linked to fraud loss, regulatory reporting obligations, and legal recovery processes. It measures the effectiveness of actions taken to recover losses.

Indicates the effectiveness of investigation, legal enforcement, and loss recovery efforts after fraud incidents.

30 percent recovered.

Time between detection and reporting.

Fraud reporting timeliness is a key metric in incident and compliance management and is closely linked to internal investigations, regulatory reporting obligations, and tips and whistleblower reports. It measures the efficiency of escalation and reporting processes following the detection of irregularities.

Timely reporting reduces liability exposure, enables prompt response measures, and enhances the effectiveness of compliance and control systems.

Late escalation to compliance.

Fraud Risk Assessment is a structured process to identify, assess, and prioritize fraud risks across an organization’s processes and systems.

Fraud Risk Assessment is a core component of fraud risk management and part of broader compliance and governance frameworks. It systematically evaluates risk factors such as incentives, opportunities, and rationalization (e.g. as described in the fraud triangle), as well as weaknesses in internal controls.

Fraud Risk Assessment provides the foundation for effective prevention and control measures by systematically identifying, assessing, and prioritizing fraud risks.

A company assesses procurement processes and identifies weak vendor due diligence as a key fraud risk.

The fraud triangle is a model used to explain fraud, based on the three factors of pressure, opportunity, and rationalisation.

The fraud triangle is a key concept in fraud risk assessment and is closely linked to internal controls and the analysis of occupational fraud. It is used to systematically identify risk factors and behavioural patterns.

It serves as a foundational analytical model for fraud prevention, detection, and investigation by structuring the key drivers of fraudulent behaviour.

Financial pressure combined with weak internal controls.

GDPR (General Data Protection Regulation) is a European Union regulation governing the processing of personal data and the protection of individuals’ privacy.

The GDPR is a key element of compliance and directly affects how organizations handle personal data. It is closely linked to information security, internal controls, and regulatory requirements for data protection and processing.

The GDPR requires organizations to handle personal data responsibly and imposes significant financial penalties and reputational risks in case of non-compliance.

Unlawful storage or processing of employee personal data without a valid legal basis.

Ghost Employee refers to fictitious or terminated employees who remain on payroll and continue to receive salary payments.

Ghost Employee is a common fraud scheme in payroll and HR administration. It is closely linked to weak internal controls, lack of segregation of duties, and insufficient reconciliation between HR and finance systems.

Ghost Employee schemes result in direct financial losses and indicate weaknesses in joiner, mover, and leaver processes as well as system integration and controls.

Salary payments continue to be made to an employee who has already left the organization.

Hidden Liabilities refer to the omission, understatement, or concealment of existing obligations in financial reporting.

Hidden liabilities are commonly associated with financial statement fraud, improper asset valuation, and weak internal controls. They often involve the manipulation or omission of provisions, contingent liabilities, or off-balance-sheet obligations.

They distort the true financial position and create a misleading impression of financial strength.

Failure to recognize required provisions for expected liabilities.

High-Risk Process Exposure refers to the proportion or identification of business processes that carry an elevated risk of fraud or compliance violations.

High-risk process exposure is assessed as part of fraud risk assessment and is closely linked to internal controls and the prioritization of monitoring and audit activities. Common high-risk areas include procurement, payment processes, and master data management.

It supports risk-based resource allocation by focusing control efforts on the most exposed processes.

Procurement processes identified as high-risk areas requiring enhanced controls.

The misuse of personal data to impersonate someone.

Identity fraud is often linked to cyber fraud, social engineering, and insufficient know your customer (KYC) processes. It is particularly relevant in digital business models, financial services, and e-commerce environments where identities are verified remotely.

Leads to financial losses, reputational risks, and regulatory consequences and requires robust identity verification and monitoring mechanisms.

Account opened using stolen ID.

Illegal Gratuities refer to the provision or acceptance of benefits without a direct exchange, which may influence decisions retrospectively or create dependencies.

Illegal gratuities are closely related to corruption, often acting as a precursor or complementary practice to bribery. They typically arise in procurement, contracting, or approval processes and are linked to conflicts of interest and weak internal controls.

They undermine the integrity of decision-making, create dependencies, and increase the risk of subsequent corrupt behavior.

A gift provided to an employee after a contract has been awarded.

Improper Asset Valuation refers to the intentional overstatement or understatement of assets in financial reporting to misrepresent an entity’s financial position.

Improper Asset Valuation is commonly associated with financial statement fraud and other forms of fraud. It is closely linked to weak internal controls, flawed valuation processes, and deliberate manipulation of financial statements.

Improper Asset Valuation distorts financial ratios, affects creditworthiness, and may lead to misinformed decisions by investors, lenders, and other stakeholders.

Overstated inventory values to improve reported financial performance.

Improper Disclosures refer to incomplete, misleading, or intentionally distorted disclosures in financial statements or accompanying notes.

Improper Disclosures are often associated with financial statement fraud and other forms of fraud. They typically involve omissions or misrepresentations of key risks, assumptions, or uncertainties and are linked to weak corporate governance and internal controls.

Improper Disclosures reduce transparency and may lead to misinformed decisions by investors, regulators, and other stakeholders.

Omission of material risks or uncertainties in financial statement disclosures.

Internal Audit Detection refers to the identification of Fraud or irregularities through independent internal audit activities within an organisation.

Internal Audit Detection occurs within risk-based audit engagements and covers both financial and operational processes. It is closely linked to Internal Control, Compliance, and Fraud, and helps identify systematic weaknesses and control deficiencies.

Internal Audit Detection is particularly effective in identifying process-related weaknesses and control gaps but does not detect all forms of Fraud, especially in cases involving collusion.

Internal audit identifies manipulated accounting entries.

Internal Controls are organisational, procedural, and technical measures designed to ensure reliable, efficient, and compliant business operations.

Internal Controls form the foundation of governance, risk management, and compliance frameworks. They are closely linked to segregation of duties, control activities, and monitoring mechanisms, and are used to prevent and detect fraud, errors, and regulatory violations.

Effective internal controls significantly reduce risks related to fraud, errors, and compliance breaches and are critical for reliable business processes and reporting.

Segregation of duties in payment approval processes.

Internal Investigation refers to a structured process to investigate suspected misconduct within an organization, including fraud.

Internal Investigations are a key component of compliance and fraud risk management. They are closely linked to forensic interviewing, forensic evidence handling, and the chain of custody, and typically involve the analysis of data, documents, and communications.

Internal Investigations are a primary response to fraud and other misconduct and form the basis for legal, organizational, and disciplinary actions.

Review of emails and transaction data during an internal investigation.

The unauthorized taking of an organization’s physical assets, including inventory, equipment, or materials.

Inventory Theft / Asset Theft is a form of fraud that commonly occurs in warehousing, production, and logistics environments. It is closely linked to weak internal controls, lack of segregation of duties, and insufficient inventory management processes.

Inventory Theft / Asset Theft results in direct financial losses and may indicate broader control weaknesses in inventory management and oversight.

An employee repeatedly removes goods from inventory for personal resale.

Time required to complete investigations.

Investigation duration is a key performance and efficiency metric in internal investigations, forensic accounting, and compliance investigations. It is influenced by case complexity, data availability, cross-border elements, and legal constraints (e.g. data protection, due process). The concept is closely linked to time to detection, case management, and resource allocation.

Key indicator of efficiency, resource utilisation, and operational effectiveness of investigative functions.

Investigation lasts six months.

Artificially splitting invoices to bypass approval thresholds.

Invoice splitting typically occurs in procurement and payment processes and is closely linked to override of approval limits, control override, and weaknesses in internal controls. It is a classic example of red flags in fraud detection.

A common circumvention technique used to bypass formal approval processes and a clear indicator of control weaknesses or fraudulent intent.

Invoices are divided to avoid approval requirements.

A Kickback Scheme refers to a structured arrangement in which a person receives hidden payments or benefits in exchange for favouring a business partner.

Kickback schemes commonly occur in procurement and contracting processes and are closely linked to corruption, conflicts of interest, and weak internal controls. They are often enabled by insufficient segregation of duties and lack of transparency in vendor relationships.

Kickback schemes systematically distort procurement decisions, increase costs, and represent a significant fraud and compliance risk.

A purchasing manager receives undisclosed commissions from vendors in exchange for awarding contracts.

Kickback Vendor refers to a scheme in which a vendor provides secret payments or benefits to influence purchasing decisions.

Vendor kickbacks typically occur in procurement processes and are closely linked to corruption, conflicts of interest, and weak internal controls. They often arise in environments lacking proper segregation of duties and oversight of vendor relationships.

Vendor kickbacks distort procurement decisions, lead to inflated costs and reduced quality, and represent a significant fraud and compliance risk.

A supplier pays undisclosed commissions to an employee to secure contracts.

Know Your Customer (KYC) refers to procedures used to identify and verify customers and business partners, including the assessment of identity, beneficial ownership, and risk profiles.

KYC is a core component of anti-money laundering (AML) frameworks and is closely linked to enhanced due diligence (EDD) and risk-based compliance approaches. It is applied during onboarding, transactions, and ongoing monitoring.

KYC provides the foundation for preventing money laundering, fraud, and sanctions violations and is a regulatory requirement in many industries.

Verification of customer identity and beneficial ownership before account opening.

Lifestyle Red Flag refers to a standard of living or accumulation of wealth that is inconsistent with an individual’s known income and financial situation.

Lifestyle Red Flag often appears in connection with Fraud, Corruption, or Embezzlement, particularly in the context of Fraud Risk Assessments or investigations conducted by Internal Audit. It may indicate that illicit gains are being generated and used for personal benefit.

Lifestyle Red Flag is a classic indicator of risk, as it may point to undisclosed or illicit income, especially for individuals in positions of trust.

An employee maintains a luxury lifestyle that cannot be explained by their salary.

Management fraud refers to fraudulent acts committed by individuals in senior or decision-making positions who use their authority to override controls or influence outcomes.

Management fraud is closely linked to control override, corruption, and weaknesses in internal controls and governance structures. It often occurs in connection with financial statement manipulation, incentive misalignment, and insufficient oversight.

Particularly high-impact and difficult to detect due to authority, access, and influence.

Executive-led financial manipulation.

Review activities performed by management.

Management review is a key component of internal controls, complementing automated and process-based controls through analytical oversight at management level. It is closely linked to fraud risk assessment, red flags, and operational performance monitoring.

Enables early identification of anomalies and strengthens the control environment through critical review and challenge.

Management questions cost deviations.

Money Laundering is the process of concealing the origin of illicit funds to make them appear legitimate.

Money Laundering typically involves multiple stages, including placement, layering, and integration. It is closely linked to Fraud, Corruption, and organised crime, and is a key focus of regulatory frameworks such as anti-money laundering regimes.

Money Laundering enables criminal activities by legitimising illicit proceeds and exposes organisations to severe regulatory and reputational risks.

Complex transactions with no clear rationale.

Occupational Fraud refers to fraud committed by employees, managers, or executives against their employer for personal gain.

Occupational fraud is a central concept in economic crime and includes schemes such as financial statement fraud, kickback schemes, and access rights abuse. It is often enabled by weak internal controls, insufficient segregation of duties, and lack of oversight.

It is the most common form of economic crime and can result in significant financial losses and organizational damage.

An employee diverts company funds by manipulating vendor payment processes.

A recurring method used to commit and conceal fraud.

Fraud schemes are a core analytical concept in occupational fraud and are systematically used in fraud risk assessments and fraud detection methods. They help classify common patterns, such as asset misappropriation, corruption, or financial statement fraud.

Understanding common fraud schemes enables targeted control design, prevention, and detection, as many fraud cases follow recurring patterns.

Creating shell vendors and paying fake invoices.

Override Frequency refers to the number of times established internal controls are overridden or bypassed within a given period.

Override Frequency is a key metric in fraud risk management and part of fraud KPIs. It is commonly analyzed in high-risk processes such as payment approvals, procurement, and access management to identify weaknesses in internal controls or unusual behavior patterns.

A high override frequency may indicate control abuse, ineffective processes, or systematic circumvention of controls and is therefore considered a significant red flag.

Frequent manual overrides of payment approval controls outside the standard process.

Override of Approval Limits refers to the deliberate structuring or splitting of transactions to bypass defined approval thresholds and control mechanisms.

Override of approval limits is commonly associated with red flags, weak internal controls, and insufficient segregation of duties. It frequently occurs in procurement and payment processes and is often enabled by inadequate monitoring of exceptions.

It indicates intentional control circumvention and represents a significant fraud risk.

Multiple payments are split into amounts just below the approval threshold.

Phishing refers to attempts to obtain sensitive information such as credentials or payment data through deceptive communication.

Phishing is a core technique in cyber fraud and is closely linked to social engineering, account takeover, and access rights abuse. It often serves as the initial attack vector in multi-stage attack scenarios, particularly in digital and interconnected environments.

A common entry point for broader attacks and a key risk factor for both information security and fraud.

Fake IT support email requests credentials.

A Politically Exposed Person (PEP) is an individual who holds or has held a prominent public function, as well as their close associates and family members, who present an elevated risk of corruption and money laundering.

PEPs are a key focus of anti-money laundering (AML) frameworks and require enhanced scrutiny under know your customer (KYC) and enhanced due diligence (EDD) processes. They are particularly relevant in cross-border relationships and high-risk jurisdictions.

PEPs are subject to enhanced monitoring and due diligence due to their increased exposure to corruption and financial crime risks.

A government minister identified as the beneficial owner of a corporate client.

Red Flags are indicators, anomalies, or patterns that may suggest fraud, misconduct, or irregularities.

Red flags typically arise in processes, transactions, or behavioural patterns and are a key element of fraud risk assessment, internal controls, and fraud detection methods. Individual red flags are rarely conclusive but can form a strong risk signal when combined.

They support early risk identification and act as a trigger for further analysis and investigation.

Repeated payments just below approval thresholds.

A Register Disbursement Scheme refers to fraudulent or improper payments made through legitimate disbursement processes.

Register disbursement schemes are commonly associated with occupational fraud, vendor red flags, and weak internal controls. They often involve falsified documentation, manipulated vendor master data, or insufficient segregation of duties.

They are among the most common fraud schemes in financial operations and can remain undetected in the absence of effective controls.

Payment made to a fictitious vendor using manipulated payment records.

Regulatory Enforcement Action refers to a formal action taken by a regulatory authority to enforce compliance with laws and regulations.

Regulatory Enforcement Actions typically arise from violations of compliance requirements, particularly in areas such as anti-money laundering (AML), corruption, or financial regulation. They may result from audits, investigations, or external reporting.

Regulatory Enforcement Actions are key mechanisms for enforcing regulatory standards and may have significant financial, operational, and reputational consequences for organizations.

A financial institution is fined for violating anti-money laundering (AML) regulations.

A Regulatory Reporting Obligation refers to the legal requirement to report specific events or suspicions to supervisory or law enforcement authorities.

Regulatory reporting obligations are a core element of anti-money laundering (AML) and compliance frameworks. They are closely linked to know your customer (KYC) processes, enhanced due diligence (EDD), and internal reporting mechanisms. Common examples include suspicious activity reporting.

Compliance with reporting obligations is mandatory; failure to report can result in significant penalties, legal consequences, and reputational damage.

Filing a suspicious activity report with the relevant financial intelligence unit.

Percentage of repeat fraud offenders.

The repeat offender rate is a metric used in fraud risk management, compliance monitoring, and internal control systems. It measures the extent to which identified individuals or organisational units are involved in recurring incidents. The concept is closely linked to root cause analysis, control effectiveness, and disciplinary actions.

Indicates insufficient remediation, weak controls, or ineffective enforcement of corrective actions.

Repeat fraud in same unit.

Revenue recognition fraud involves intentionally recording revenue in a manner that does not reflect the underlying economic reality.

Revenue recognition fraud is a key form of financial statement fraud and is closely linked to management fraud, earnings management, and accounting standards (e.g. IFRS or US GAAP). It commonly occurs in sales-driven or publicly listed companies facing pressure to meet financial targets.

A high-impact fraud scheme directly affecting financial reporting, company valuation, and stakeholder trust.

Premature revenue recognition.

Transactions with no economic substance.

Round-tripping typically occurs in the context of financial statement manipulation and revenue recognition and is closely linked to improper asset valuation, improper disclosures, and management fraud. It is often observed in complex group structures or related-party transactions.

Used to artificially inflate revenue, liquidity, or business activity and distort the economic reality.

Reciprocal billing schemes.

Compliance with international sanctions regimes.

Sanctions compliance refers to adherence to national and international sanctions regimes, particularly concerning individuals, organisations, and states, and is closely linked to anti-money laundering (AML), know your customer (KYC), as well as transaction monitoring and screening processes. It is critical for financial institutions and globally operating companies with elevated regulatory exposure.

Violations can lead to severe legal, financial, and reputational consequences and therefore represent a key compliance risk.

Blocked payment to sanctioned entity.

Segregation of Duties (SoD) refers to the separation of critical tasks and responsibilities across different individuals or roles.

Segregation of Duties (SoD) is a fundamental principle of internal controls and a key component of compliance and governance frameworks. It is widely applied in high-risk processes such as procurement, payment processing, and access control models, and plays an important role in fraud risk assessment.

Segregation of Duties (SoD) reduces the risk of fraud and errors by ensuring that no single individual can execute all steps of a critical transaction.

A user responsible for vendor creation cannot approve payments.

A legally registered entity with little or no operational activity.

Shell companies are frequently associated with anti-money laundering (AML), corruption, and fraud schemes, particularly for concealing beneficial ownership or facilitating fictitious transactions. They are also relevant in the context of customer due diligence (CDD) and beneficial ownership identification.

May be used to obscure ownership structures, financial flows, or fraudulent activities and therefore represents a key risk indicator.

Payments made to an entity with no real business operations.

SIM Swap Fraud refers to a form of fraud in which an attacker takes control of a victim’s mobile phone number by fraudulently transferring it to a new SIM card issued by a mobile network provider.

By gaining control over the phone number, the attacker can intercept SMS-based authentication messages, including one-time passwords (OTPs), and use them to access and compromise existing accounts.

SIM Swap Fraud is closely associated with:

• Account Takeover
• Identity Fraud
• Social Engineering
• bypassing Multi-Factor Authentication (MFA)

The attack exploits weaknesses in identity verification processes at telecom providers, often combined with previously obtained personal data.

It commonly targets:

• online banking systems
• cryptocurrency platforms
• email accounts
• social media accounts

SIM Swap Fraud represents a critical vulnerability in systems relying on SMS-based authentication.

Key risks include:

• Bypassing authentication controls: SMS-based OTPs are compromised
• Rapid escalation: multiple accounts can be accessed quickly
• High financial impact: particularly in financial and crypto environments
• Third-party dependency: security depends on telecom provider processes

The method highlights the limitations of SMS-based multi-factor authentication as a standalone security measure.

An attacker impersonates a victim when contacting a mobile network provider, using stolen or publicly available personal data. The attacker requests a SIM replacement for the victim’s phone number.

Once the number is transferred, the attacker receives all incoming messages, including authentication codes, and uses them to access banking or email accounts.

The theft of cash before it is recorded.

Skimming is a common form of asset misappropriation and typically occurs in cash-intensive environments such as retail, hospitality, or service industries. It is closely linked to weak internal controls and lack of segregation between cash handling and recording.

Particularly difficult to detect due to the absence of accounting records and a significant risk factor in cash-based operations.

Cash sales are not recorded.

Social Engineering refers to the deliberate psychological manipulation of individuals to induce them to disclose confidential information or perform actions that compromise security.

Social engineering is a key method in cyber fraud and is closely linked to business email compromise (BEC) and access rights abuse. Attacks are typically executed via email, phone, or digital communication channels and aim to bypass internal controls.

It exploits human behavior such as trust, authority, and urgency, making it one of the most effective ways to circumvent technical security measures.

A fraudulent email impersonating a CEO requests an urgent payment transfer.

Substantiated Case Rate refers to the percentage of reported or investigated cases that are confirmed as valid.

The substantiated case rate is used as part of fraud KPIs and is closely linked to tips and whistleblower reports and the effectiveness of internal investigations. It helps assess the quality of reporting and investigation processes.

It serves as a key indicator of report quality and investigation effectiveness.

40 percent of reported cases are substantiated after investigation.

A Suspicious Activity Report (SAR) is a formal report submitted to authorities regarding suspicious transactions or activities in accordance with legal requirements.

SARs are a core component of anti-money laundering (AML) frameworks and are closely linked to regulatory reporting obligations, know your customer (KYC), and customer due diligence (CDD). They are triggered by unusual or unexplained transaction patterns.

They are a key mechanism for detecting and preventing money laundering, terrorist financing, and other financial crimes.

Filing a report on unusual transaction patterns identified during monitoring.

The Swiss Data Protection Act (DPA) is Switzerland’s federal law governing the protection and processing of personal data by private and public entities.

The Swiss DPA is highly relevant in the context of internal investigations, forensic evidence handling, and IT controls. It is closely aligned with international frameworks such as the General Data Protection Regulation (GDPR) and influences data access, logging, and retention practices.

Compliance with the Swiss DPA is mandatory and defines how personal data must be collected, processed, and protected, particularly in investigative and control environments.

Restricting access to employee data during an internal investigation.

Synthetic Identity Fraud refers to a form of identity fraud in which a fictitious identity is created by combining real and fabricated information. Typically, genuine personal data—such as social security numbers or dates of birth—is merged with invented names, addresses, or other identity attributes.

The objective is to establish a seemingly legitimate identity that does not correspond to a real individual and can be used for financial or fraudulent activities.

Synthetic Identity Fraud is particularly relevant in environments involving:
• financial services and lending
• Know Your Customer (KYC) and Customer Due Diligence (CDD)
• digital onboarding and identity verification
• online banking and fintech platforms

Unlike traditional identity theft, this method does not involve taking over an existing identity. Instead, a new identity is gradually constructed and strengthened over time through legitimate-looking activity.

The increasing digitisation of onboarding processes and the availability of large datasets have significantly increased exposure to this type of fraud.

Synthetic Identity Fraud is considered one of the most difficult fraud types to detect, as there is no clear victim who can report misuse.

Key challenges include:
• Detection complexity: no direct link to a real individual
• Long-term development: identities are built over time
• High financial impact: especially in credit and lending environments
• Circumvention of controls: traditional KYC measures are insufficient

Organisations must therefore complement identity verification with behavioural analytics and cross-data validation.

A synthetic identity is created by combining a real but inactive social security number with a fictitious name. Over time, small financial activities are conducted to establish a credit profile.

Once the identity is considered credible, larger credit lines are obtained and subsequently defaulted.

Time required to detect fraud.

Time to detection is a key metric in fraud risk assessment and the monitoring of fraud detection methods. It is often analysed alongside average fraud duration and fraud loss to assess the effectiveness of controls and whistleblowing mechanisms.

Short detection times limit potential losses and indicate effective control, monitoring, and reporting mechanisms.

Fraud identified within two weeks.

Timing Anomalies refer to transactions or activities occurring at unusual or unexpected times outside normal business operations.

Timing anomalies are a common red flag and are often associated with access rights abuse, control override, and insufficient monitoring of system activities. They are particularly relevant in IT-driven transaction environments.

They may indicate attempts to bypass controls, conceal activities, or perform unauthorized actions.

Transactions posted late at night outside normal business hours.

Tips and Whistleblower Reports refer to information provided by employees, customers, or third parties regarding potential misconduct, including fraud.

Tips and Whistleblower Reports are a key component of compliance and whistleblowing systems. They are closely linked to fraud risk management and are typically collected through formal reporting channels such as hotlines or dedicated reporting platforms.

Tips and Whistleblower Reports are the most common source of fraud detection and play a critical role in the early identification of risks and irregularities.

An anonymous report submitted through a whistleblowing hotline.

The ethical example and leadership set by senior management.

Tone at the Top is a key component of internal controls, fraud risk assessment, and compliance frameworks. It strongly shapes organizational culture and is closely linked to red flags, particularly in behavioural and decision-making patterns.

Consistent leadership behavior significantly reduces fraud risk.

Leadership enforces expense rules consistently.

Trading in Influence refers to the offering or receiving of benefits in exchange for the use of real or perceived influence over decision-makers.

Trading in Influence is a specific form of corruption that exploits access to decision-makers rather than formal authority. It typically occurs in political, regulatory, or administrative environments and is associated with elevated compliance risks.

Trading in Influence is difficult to detect, as perceived influence may be sufficient. It undermines the integrity of decision-making processes and represents a significant legal and reputational risk.

Payments are made to individuals claiming they can influence regulatory or political decisions.

Percentage of employees trained.

Training coverage rate is a key metric within fraud prevention and compliance programmes and is closely linked to tone at the top, fraud risk assessment, and awareness initiatives. It measures the extent to which employees are trained on risks, controls, and expected behaviours.

Indicator of the maturity of prevention measures and the organisation’s level of awareness regarding fraud and compliance risks.

90 percent complete fraud training.

The systematic monitoring of transactions to detect anomalies.

Transaction monitoring is a core tool within anti-money laundering (AML), fraud detection methods, and data analytics detection. It is typically implemented in financial systems and ERP environments and relies on both rule-based and analytical approaches to identify anomalies.

Enables early detection of suspicious activities and is a key component of effective prevention and detection frameworks.

Alert triggered by unusual refund activity.

Transaction Pattern Red Flag refers to unusual clusters, repetitions, or structural anomalies in transactions that cannot be explained by normal business activity.

Transaction Pattern Red Flag often appears in connection with Fraud, Money Laundering, or the circumvention of Internal Controls. It may result from deliberate structuring, repetitive transactions, or systematic deviations from expected business patterns.

Transaction Pattern Red Flag is a strong indicator of risk, as it may reveal structured and recurring manipulation or concealment activities.

Multiple small transactions to the same recipient designed to avoid approval thresholds.

Unreconciled Accounts refer to accounts with unresolved differences between recorded balances and actual or externally confirmed amounts.

Unreconciled accounts arise in financial closing processes and are closely linked to internal controls, improper asset valuation, and financial statement fraud. Regular reconciliations are a key control to ensure accuracy and transparency.

They indicate increased risk of errors, irregularities, or fraud and are considered a common red flag in financial reporting.

Cash balances that do not match bank statements.

Unusual Write-Offs Red Flag refers to unusually high, frequent, or insufficiently justified write-offs of assets.

Unusual Write-Offs Red Flag often occurs in connection with Financial Statement Fraud, Fraud, or weak Internal Control systems. Write-offs may be used to shift losses, clean up balance sheets, or conceal prior manipulations.

Unusual Write-Offs Red Flag is a common indicator of potential earnings manipulation, weak valuation processes, or deliberate distortions in financial reporting.

Large and recurring write-offs of receivables without clear economic justification.

Fraud committed by suppliers against an organization.

Vendor fraud typically occurs in procurement and contracting processes and is closely linked to fraud schemes, collusion, and weaknesses in internal controls and vendor due diligence. Internal employees are often involved, for example through kickback schemes or conflicts of interest.

Leads to financial losses, quality risks, and distorted procurement decisions and represents a key risk area in purchasing functions.

Billing for services not performed.

Vendor Red Flags refer to unusual, inconsistent, or implausible characteristics of vendors that may indicate irregularities.

Vendor Red Flags often occur in procurement-related Fraud schemes. They are closely linked to Corruption, Conflict of Interest, and weak Internal Control systems and may indicate shell entities or undisclosed related-party relationships.

Vendor Red Flags are key indicators of risk, as they may point to shell companies, related-party transactions, or deliberate circumvention of controls.

Vendors without a business presence or multiple vendors sharing identical addresses or bank details.

Whistleblower Protection refers to legal and organizational measures designed to protect individuals who report misconduct, particularly from retaliation.

Whistleblower protection is a core element of tips and whistleblower reports and compliance frameworks, and is closely linked to the prevention of whistleblower retaliation. It is often mandated by law in many jurisdictions.

Effective protection encourages reporting, strengthens trust in reporting systems, and enhances fraud detection capabilities.

Legal protection against dismissal after reporting misconduct.

Whistleblower Retaliation refers to any adverse action taken against individuals who report misconduct or irregularities.

Whistleblower retaliation occurs in the context of tips and whistleblower reports and is closely linked to organizational culture, compliance frameworks, and legal protections. It is a key concern addressed in whistleblower protection regulations.

Retaliation discourages reporting, reduces transparency, and weakens fraud detection mechanisms.

An employee is demoted after reporting misconduct through a whistleblower system.

Whistleblower Usage Rate refers to the number of reports submitted relative to the size of the workforce, typically measured per employee base or time period.

The whistleblower usage rate is closely linked to tips and whistleblower reports, organizational culture, and trust in compliance mechanisms. It is often used as part of fraud KPIs and fraud risk assessment to evaluate the effectiveness of reporting systems.

Low usage rates may indicate fear of retaliation, lack of awareness, or low trust, while appropriate usage levels suggest effective reporting channels.

2 reports per 1,000 employees per year.

Whistleblowing involves reporting misconduct within an organization.

Whistleblowing refers to the reporting of misconduct or legal violations within organisations by internal or external whistleblowers. It is closely linked to compliance, whistleblower protection, internal investigations, and regulatory frameworks (e.g. EU Whistleblower Directive). Whistleblowing systems are a core element of modern governance structures and enable early identification of risks such as fraud, corruption, and compliance violations.

One of the most effective mechanisms for early detection of fraud and misconduct, particularly where trusted reporting systems are in place.

Anonymous report via a whistleblower hotline.