Bart Henderson: How enterprise-wide fraud risk management solves fraud as a distortion

Key topics:Fraud risk shifts to Board oversight and management override concernsFraud as financial distortion measured via structural accounting signalsKey red flags: revenue-cash gaps, asset mismatches, end-period adjustments.Sign up for your early morning brew of the BizNews Insider to keep you up to speed with the content that matters. The newsletter will land in your inbox every morning on weekdays. Register here.Support South Africa's bastion of independent journalism, offering balanced insights on investments, business, and the political economy, by joining BizNews Premium. Register here.If you prefer WhatsApp for updates, sign up to the BizNews channel here..By Bart Henderson.The Board’s Blind Spot: When Fraud is the SystemMost fraud discussions focus on what is hidden. But for a Board, the real danger is what is reported—and believed.While executives are often constrained by the very metrics they oversee, Board members are mandated to exercise independent scepticism. When fraud is viewed not as an operational glitch, but as a systemic distortion of economic reality, it ceases to be a management issue and becomes a fundamental governance risk.Meaningful change in fraud detection requires authority that sits above the executive level. Without Board-level pressure to challenge the numbers used to govern, the greatest risk isn’t the thief in the warehouse—it’s the "management override" in the boardroom.Boards are being shown numbers that may not reflect economic reality — and current systems are not designed to reveal that.Fraud as a Distortion:In the world of enterprise-wide fraud risk management (EWFRM), the breakthrough insight is disarmingly simple: fraud is a distortion. It is not random wrongdoing; it is the deliberate forcing of a false economic narrative through a closed, self-balancing system — double-entry bookkeeping — that demands every debit equal a credit and every number reconciles.Because the accounting equation (Assets = Liabilities + Equity) and the matching principle refuse to accept lies quietly, fraud inevitably leaves behind measurable structural inconsistencies.If fraud is a distortion, then detection is not guesswork or intuition. It is a measurement problem. You monitor for structural inconsistencies:Asset–expense mismatches (capitalisation of costs, deferred losses)Revenue–cash flow inconsistencies (reported growth without liquidity)Balance sheet growth without operational support (assets expanding faster than underlying activity)End-of-period adjustments and reclassifications (forced alignment of irreconcilable numbers)These are not random indicators. They are the inevitable by-products of forcing false narratives through a system that demands balance..Read more:.Bart Henderson: The risk of fraud is measurable so why do we keep missing it?.If you monitor the right signals systematically, the system itself reveals the fraud. The four structural inconsistencies below are not speculative red flags. They are the inevitable by-products of trying to force irreconcilable numbers into balance. Tested against forensic standards, regulatory guidance, and the harsh lessons of history, they hold up with remarkable accuracy.Asset–expense mismatches (capitalisation of costs, deferred losses)When expenses that belong on the income statement are instead parked on the balance sheet as assets, current profits are artificially inflated and future periods are loaded with depreciation or amortisation. This is one of the most reliable fraud signals in existence. Forensic accounting literature and the PCAOB’s Auditing Standard 2401 flag it repeatedly: watch for depreciation expense lagging behind asset growth, or capital expenditure spikes that defy operational reality. The distortion is measurable and persistent.Revenue–cash flow inconsistencies (reported growth without liquidity)Revenue can be fabricated or accelerated through fictitious sales, premature recognition, or channel stuffing (an improper revenue recognition practice in which a company artificially inflates its reported sales and earnings by shipping or delivering significantly more products to its distributors, wholesalers, or retailers than those channel partners can reasonably sell to end customers in the near term).Cash, however, cannot be invented. The cash-flow statement becomes the ultimate truth serum. Persistent revenue growth without corresponding operating cash flow is a classic structural mismatch. It appears in virtually every authoritative red-flag checklist because it cannot be explained away by legitimate business activity for long.Balance sheet growth without operational support (assets expanding faster than underlying activity)When assets balloon faster than revenue, cash flow, inventory turns, or physical metrics, the books are being propped up by something that does not exist in the real economy. This was precisely the pattern in the Steinhoff scandal, South Africa’s largest corporate fraud.Between 2009 and 2017, a small group of executives engineered fictitious and irregular transactions worth approximately €6.5–7.4 billion. These created phantom profits and grossly inflated asset values. The group’s reported balance sheet grew dramatically, yet the underlying operations could not support it. When the distortion finally collapsed in late 2017, the share price fell over 90% in days.End-of-period adjustments and reclassifications (forced alignment of irreconcilable numbers)Because the system must balance, the final desperate fix is often a flurry of manual journal entries, top-side adjustments, or reclassifications right at reporting deadlines. These are not routine housekeeping.PCAOB AS 2401 effectively codifies fraud as a problem of distortion. It requires auditors to interrogate journal entries for evidence of management override, with a specific focus on period-end adjustments, reclassifications, and entries posted to unusual or complex accounts.These are not random risk flags — they are the precise points where financial reality is most easily reshaped. When entries lack clear business purpose or adequate supporting evidence, the issue is not simply control failure; it is measurement failure.Fraud does not bypass the accounting system — it rewires it.Forensic practice confirms that clusters of such adjustments are the mathematical fingerprint of someone forcing the numbers to fit a false narrative.Why the Theory Is Mathematically RobustDouble-entry bookkeeping is a zero-sum constraint. Fabricate revenue or assets on one side of the equation and the distortion must appear somewhere else — in cash (which is hard to fake), timing differences, or ever-larger manual plugs. Over multiple periods these create detectable ratio anomalies, trend breaks, and reconciliation gaps.The COSO Fraud Risk Management Guide (updated in partnership with the Association of Certified Fraud Examiners) explicitly endorses data analytics to surface exactly these patterns as part of a comprehensive EWFRM program.Modern enterprise fraud management platforms turn the theory into continuous, real-time monitoring.The theory is not infallible — aggressive but legal accounting, one-off events, or sophisticated concealment tactics (special-purpose entities, collusive third parties) can create false positives or delay detection.Yet when two or more of these inconsistencies persist across quarters, the probability of distortion rises sharply. Context, multi-period trends, and non-financial corroboration turn the signals into actionable intelligence.From Theory to Enterprise-Wide PracticeThis measurement-based approach is the practical heart of mature EWFRM. It moves fraud risk management beyond checklists and annual auditor sign-offs into living, data-driven models.Start with systematic identification of pure risks across the enterprise (horizontal and vertical mapping). Layer in predictive analytics, quants, and algorithms to weight probabilities. Embed continuous monitoring of these four structural inconsistencies.Digitise the entire assurance process — full-population testing instead of sampling, AI-driven anomaly detection instead of subjective judgment — and the model becomes proactive rather than reactive.The Steinhoff collapse, like Enron, WorldCom, and the others before it, did not fail because the risks were unmeasurable. It failed because the distortions were not systematically measured until it was too late. Regulators have piled on rules for decades, yet the structural flaw in traditional auditing remains: it is still largely backward-looking and sample-based.The technology and frameworks now exist to close that gap. COSO’s integrated components (governance, assessment, controls, investigation, monitoring) and ISO 31000’s principles-based embedding of risk into operations provide the scaffolding. What remains is the organisational will to treat fraud detection as the measurement science it truly is..Read more:.FT’s Martin Wolf: We must be able hold tech platforms accountable for deep fake fraud.Risk leaders who embed these four structural tests into enterprise-wide models will not only catch distortions earlier — they will reduce the cost of compliance, minimize black-swan surprises, and turn fraud risk management from a defensive cost centre into a genuine source of strategic resilience.The measurable must be measured. The distortions will reveal themselves.And the organisations that watch for them systematically will define the next decade of corporate integrity..*Bart Henderson is a veteran fraud risk specialist and forensic investigator with nearly three decades of experience operating at the highest levels of financial crime detection, investigation, and litigation support across South Africa and beyond. An original official research partner for the NEPAD APRM, Bart spent over two decades advancing fraud risk methodologies across South Africa and the broader African continent. During this time, he developed and refined what became a pioneering 72 Red Flag / 400 Rule forensic audit andinvestigation model—a system that broke decisively from traditional silo-based methodologies and anticipated what is now widely recognised as Enterprise-Wide Fraud Risk Management. As a lecturer, Bart has presented lectures on the subject at multiple White Collar Crime Summits and Symposia, also on contract to the Institute of Internal Auditors (SA), Institute of Chartered Accountants (ZW), AUSAID, Central Bank of Kenya, Central Bank of Nigeria, and to a host of State-Owned Enterprises throughout Africa. In both prosecution and defence environments, Bart has been advisor, and represented high-net-worth individuals, senior executives, government officials, cabinet ministers, and a former Head of State. His investigative work has supported leading law firms and consulting organisations on some of South Africa’s most sensitive and complex matters across government, state-owned enterprises, and listed entities.

Bart Henderson: How enterprise-wide fraud risk management solves fraud as a distortion

Key topics:

Related Stories