To Catch a Thief




Ask the right questions to uncover fraud.



  • EMPLOYEE FRAUD is big business—and getting bigger. As corporate automation grows, fraud opportunities rise apace and their detection and prevention become more problematic.
  • AS A RESULT, BUSINESSES must pay more attention to white-collar crime, and many are tapping the unique financial skills of the accounting profession to battle it. But CPAs are discovering that their facility with finances is not enough. They need to sharpen their sleuthing skills—namely, interrogation—to get beyond the numbers. To be effective, the CPA must understand the psychology of the thief.
  • THE KEY TO EFFECTIVE INTERROGATION is formulating questions in such a way that potential tipsters cooperate and thieves remain reasonably helpful because they are confident they won’t be caught.
  • ONE OF THE BEST WAYS to detect fraud and to identify internal control deficiencies is simply to ask. According to a fraud survey, tips and complaints from people inside or outside the company are the most common ways frauds are uncovered.
  • FRAUD EXPERTS CONTEND that one of the strongest deterrents to fraud is the perception that effective detection controls are in place. For obvious reasons, people who think they’ll get caught rarely commit fraud.
  • ALTHOUGH TECHNIQUES SUCH AS fraud assessment questioning aren’t perfect deterrents, they do go a long way toward protecting the company and are a potential engagement opportunity for accountants.
JAMES D. HANSEN, CPA, PhD, is an assistant professor of accounting at North Dakota State University, Fargo. His e-mail address is . THOMAS A. BUCKHOFF, CPA, PhD, CFE, is also an assistant professor of accounting at North Dakota State University in Fargo. His e-mail address is .

mployee fraud is big business—and getting bigger. As corporate automation grows, fraud opportunities rise apace while the detection and prevention of fraud become more problematic. As a result, businesses must pay more attention to white-collar crime, and many are tapping the unique financial skills of the accounting profession to battle it. But CPAs are discovering that their facility with finances is not enough. They also need to sharpen their sleuthing skills—namely, interrogation—to get beyond the numbers. Because it’s not a subject typically taught in either Accounting 101 or graduate school, CPAs need to know the interrogation basics for an engagement designed to uncover fraud.

Each incident of employee fraud results in a median loss of $116,000 .

—A 1998 KPMG survey.

Understanding the psychology of the thief is the key to effective interrogation. Except for the handful that get caught in a web of greed and clearly are nervous about being exposed, most thieves actually seem to believe they won’t get caught. As a result, as long as an interrogator exhibits a reasonably friendly front, suspects tend to cooperate. It is through that initial cooperation that a good interrogator can slowly peel back a suspect’s layers of lies and obfuscation or make a reluctant tipster comfortable with revealing information.

Equally critical are the interrogator’s listening skills. Good interrogators take notice of more than the interviewees’ verbal responses: They track body language, noting such clues as eye contact, posture and movement of the head, hands and feet. Those clues often reveal more than the words themselves—especially when there are discrepancies between verbal and nonverbal messages.

Fine, you may be thinking: How does an accountant develop the skills of the successful interrogator?


Clearly, interrogation skills are not acquired quickly or easily. A good way to start, though, is to learn a technique called fraud assessment questioning (FAQ)—an interview method designed to elicit information about potential fraud. It’s based on the notion that telling lies is unnatural to most people. As a result, a good interviewer can structure questions so the suspect isn’t fully aware of the potentially incriminating information being volunteered. To be sure, some people are such practiced liars that even a skillful interrogator will not unsettle them and blow their cover, but they’re clearly in the minority.

Hard as it is to believe, one of the best ways to detect fraud and to identify internal control problems is simply to ask about it. Fraud surveys have shown that the most common way frauds are discovered is through tips or complaints received from those either inside or outside a company. FAQ will solicit responses from interviewees about how someone can steal from the organization and not get caught; those responses can be used to identify internal control deficiencies, which then should be investigated to determine whether someone has already exploited them. Also, responses to FAQ can help identify high-fraud-risk employees; investigators can review the areas over which such employees have significant responsibility and opportunity to commit fraud.

Fraud experts believe that one of the strongest deterrents to fraud is the perception that effective detection controls are in place. Obviously, people who think they’ll get caught rarely commit fraud. Accordingly, organizations serious about fraud prevention need to convince employees that those committing fraud not only will get caught but also will be prosecuted. Asking all employees about fraud increases the perception of detection and thus is an effective fraud prevention device.

In conducting a fraud assessment interview, the accountant should try to meet with each staff person individually. The interviewer should begin by establishing a rapport with the employee—for example, asking about job titles, areas of responsibility, specific duties and length of employment. Then he or she can move on to the fraud assessment questions. This initial phase of an FAQ interview has two purposes: to help the employee become comfortable with the interview environment and to observe the employee’s verbal and nonverbal reactions when responding to questions that aren’t crime-related. When the interviewer later begins to ask questions concerning the potential for fraud, the interviewer can compare the employee’s verbal and nonverbal reactions. This process, called calibration, is effective in detecting deception by noticing significant changes in reactions. After the employee has been “calibrated,” the interviewer can move on to the following fraud assessment questions.

I’ve been engaged to look into the prevention and detection of fraud. The owner wants me to ask about potential misdeeds by management and employees. Do you understand?

Note that the employee is not being accused of wrongdoing. The interviewee is simply being asked if he or she understands the purpose of the interview.

When we talk about fraud in business, we’re not talking about taking a company pen or making a few personal copies on the copy machine. Rather, we’re referring to a whole range of activities where people steal from the company, lie to management or take unfair advantage of the company. Do you think fraud is a problem for business in general?

The goal of this question is to identify employees who—if given the opportunity—might defraud the company. A “yes” response indicates general agreement that fraud is a problem in business today. A “no” response can mean the interviewee either doesn’t believe fraud is a business problem or isn’t telling the truth. It also might mean the interviewee is uncomfortable with this line of questioning and wants to end it as soon as possible. That is a clue that the interviewee might be hiding something.

Do you think this company has a problem with fraud?

This question can help uncover fraudulent activity as well as identify high-fraud-risk employees. A “yes” response indicates the employee has specific knowledge of fraud within the company and should be questioned further. A “no” response indicates genuine belief or—as with question 2—denial of the problem. In general, negative responses tend to be associated with those engaged in fraudulent activities. Since the pattern of questioning is moving from the general to the specific, the interviewee may think that eventually he or she will be directly accused of fraud and may respond in ways that will terminate the interview as soon as possible.

If employees or managers are stealing from this company, why do you think they would do it?

Honest people tend to think that a fraud perpetrator must be either dishonest or greedy and will not offer rationalizations that minimize the seriousness of the problem. Someone engaged in fraudulent activity might minimize the act with rationalizations such as “the employee must have been underpaid or underappreciated” or “everybody does it.” In response to this question, sometimes a dishonest person will declare, “How should I know? I don’t steal (or I didn’t do it).” Since the person wasn’t directly accused of theft, such emphatic denials indicate a high-fraud-risk employee. Consequently, such a person’s areas of responsibility should be carefully, but discreetly, reviewed.

Frequent, small thefts by employees can add up to a lot of money. If you knew another employee was stealing from the company, what would you do?

This question can help determine whether employees are familiar with the company’s policy—assuming one exists—for reporting fraudulent activity. In addition, honest persons generally are willing to report fraudulent activity if they think they will be believed and there is a company policy for communicating what they know. Otherwise, they might say they would do nothing. Dishonest persons are unlikely to report fraudulent activity under any circumstances.

Do you know of anyone who might be stealing or taking unfair advantage of the company?

Not only does this question provide interviewees with an opportunity to expose fraudulent activity but it also increases the likelihood of detection since the thief may think other employees with knowledge of the fraud will blow the whistle. Both the thief and the honest person may be reluctant to implicate those engaged in fraudulent activity. A dishonest person may be more likely to quickly respond “no” to this question, while an honest person may hesitate before responding; hesitating allows time for the interviewee to either think of someone or consider whether he or she wants to be a tipster. Generally, an honest person with knowledge of fraud eventually can be persuaded to implicate others whereas a dishonest person, more often than not, may refuse to respond.

Keep in mind that generally there are honest people in the organization who are genuinely unaware of any fraudulent activity.

Suppose someone who worked at the company decided to steal or commit fraud. How could he or she do it and get away with it?

Although on the face of it the question appears limited to identifying internal control deficiencies in the company, interviewees’ responses may provide clues to their honesty. An honest person may offer ideas readily. However, someone engaged in fraud may hesitate to provide such information and may give nonspecific answers such as “they would catch you if you stole” or “anybody could steal anything around here and nobody would know.”

Remember that it’s to the advantage of an intelligent and skillful thief to offer specific suggestions about control deficiencies as a way of getting the interrogator off his or her trail.

In your opinion, who is beyond suspicion when it comes to committing fraud at this company?

In general, honest persons are not reluctant to eliminate possible suspects. In contrast, those engaged in fraudulent activity tend not to narrow the list of suspects. They want the circle of suspicion to be as wide as possible. Sometimes they will even issue a denial (such as “it wasn’t me”). Such denials to nonaccusatory questions may be indicative of a high-fraud-risk employee.

Did you ever think about stealing from the company even though you didn’t go through with it?

Dishonest persons may quickly and emphatically say “no.” Frequently, dishonest people attempt to increase the credibility of their denials with such phrases as “absolutely not,” or “quite honestly, no” or “to tell you the truth, no.”

Some honest people probably have thought about committing fraud but didn’t go through with it. Since honest people answer the question truthfully, they don’t need to increase their credibility.

Keep in mind, though, that a “no” response doesn’t necessarily mean the interviewee is engaged in fraudulent activity; it may simply mean that the person did not answer the question truthfully or is honest and affronted by the question.

Is there any other information you wish to furnish regarding possible fraud in this company?

This question allows the interviewee a final chance to provide information about possible fraud within the company. A dishonest person may quickly respond “no,” whereas the honest person generally hesitates while considering the question. The hesitation combined with some nonverbal clues (shifting positions, crossing arms or legs) can indicate the interviewee has information but is reluctant to share it. With enough encouragement, honest people generally can be persuaded to communicate information they have concerning possible fraudulent activity in the company.

After the interviewee has provided all the information he or she is willing to give, the interrogator should end the talk on a positive note by thanking the interviewee for taking time to help in the investigation.


When conducting interrogations, the CPA should remember that fraud assessment questioning is an art, not a science. There are no hard and fast rules. Honest people tend to respond in certain ways and dishonest ones in others. The fact that someone responds to a single question in a manner consistent with dishonest people does not necessarily mean the respondent is a thief. However, if a person responds to multiple questions in that way, his or her areas of responsibility should be discreetly reviewed for fraudulent activity.

For More Information

Fraud Examiners Manual, published by the Association of Certified Fraud Examiners ( ). Print version: $345; CD-ROM version: $285.


Keeping client information safe in an age of scams and security threats

A look at the Dirty Dozen tax scams and ways to protect taxpayer information.


More R&D tax help

"Can I use the R&D credit?" PATH Act enhancements make the credit more attractive to a wider range of taxpayers.


Learn to choose between ‘who’ and ‘whom’

Writers can stumble over who and whom (or whoever and whomever). If you write for business, this quiz can help make your copy above reproach.