For the perpetrator, fraud in the disbursement cycle is like a child in a candy store. The child has a favorite candy, and the child seldom takes one piece of candy. For fraud data analytics, the favorite candy is the fraud scenario, and frequency analysis is the amount of candy. Just like the candy store, the choice of candy is limited to the candy in the store; for the perpetrator, the number of fraud scenarios is limited to the number of fraud scenarios in the fraud risk structure that links to the perpetrator.
The inherent scheme fraud theory states that the number of inherent schemes and scenarios are finite and predictable. The fraud auditor will need to convert the generic inherent scheme to a company‐specific fraud scenario, and if a targeted expenditure audit, to the language of the expenditure area.
The inherent scheme comprises an entity structure that is a supplier and a fraudulent action. The following fraudulent actions comprise the list of inherent disbursement schemes. To create the fraud scenario, the fraud auditor will need to link the person committing the scheme and the entity structure to the action statement. The auditor should write the scenario statement consistent with the approach described in Chapter 2.