4.3 Concealment methods & accounting-based red flags

Key Takeaways

  • Concealment hides a fraud after the act through destroying or altering documents, off-book transactions, and disguised related-party dealings.
  • Off-book schemes such as skimming leave no ledger entry, so they are detected through tips, third-party evidence, and analytical anomalies rather than the books.
  • Missing or photocopied source documents, especially originals replaced by copies, are among the most common physical red flags of concealment.
  • Excessive voids, refunds, credit memos, and unauthorized discounts can hide cash theft and skimming at the point of sale.
  • Unusual journal entries, such as round numbers, entries lacking support, or entries posted near period-end, are prime indicators of manipulation.
Last updated: July 2026

Concealment: hiding the fraud after the act

Every fraud has three phases: the act, the concealment, and the conversion of proceeds to the fraudster's benefit. Concealment is what separates a sophisticated scheme from an obvious theft; it is the effort to keep the fraud from appearing in the records or from being noticed by auditors, supervisors, and examiners. Understanding concealment methods tells the examiner where the evidence was hidden, while the tell-tale accounting clues reveal that something was hidden at all.

Common concealment methods

Destroying or altering documents. The simplest concealment is to make the evidence disappear or change what it says. Fraudsters shred invoices, delete electronic files, alter dates and amounts, or substitute forged documents for genuine ones. A frequent tell is the replacement of original source documents with photocopies; a copy can hide alterations that an original would betray, so an examiner who is repeatedly offered copies 'because the original was lost' should be suspicious.

Off-book transactions. The most difficult schemes to detect are those that never touch the accounting records at all. Skimming (stealing cash before it is ever recorded) and unrecorded side deals or bribes leave no ledger entry to find. Because the books remain internally consistent, off-book fraud is uncovered not through the records but through tips, third-party evidence (bank statements, customer confirmations, vendor records), and analytical anomalies such as a declining cash-to-sales ratio.

Related-party and off-balance-sheet dealings. Fraudsters route transactions through relatives, shell companies, or entities they secretly control to move assets, inflate revenue with sham sales, or disguise the true nature of a payment. These deals are often papered to look arm's-length. The examiner looks for common addresses, overlapping ownership, sequential invoice numbers from a single 'vendor,' payments to a post-office box, and terms no independent party would accept. Because related-party dealings can be legitimate, the concern is not the relationship itself but the failure to disclose it and the absence of a genuine business purpose behind the transaction.

On-book concealment and the accounting clues

When a fraud must pass through the records, the perpetrator disguises it with forced entries, misclassifications, or manipulated supporting schedules. This is where the examiner's knowledge of accounting red flags pays off. The following clues frequently accompany concealed fraud:

Red flagWhat it may conceal
Missing or photocopied source documentsAltered or destroyed evidence
Excessive voids, refunds, and credit memosCash skimming at the register
Round-number or unsupported journal entriesFabricated or forced adjustments
Entries posted near period-endEarnings manipulation to hit targets
Related-party transactions without business purposeAsset diversion or sham revenue

Missing documents. Gaps in otherwise sequential records, a missing check, a voided-but-unaccounted invoice, or absent receiving reports, are classic signs that evidence has been removed. Examiners test for completeness precisely because fraudsters remove what incriminates them.

Excessive voids, refunds, and credit memos. At the point of sale, a cashier who steals cash must reduce the recorded sales to balance the drawer. Voided sales, false refunds, and credit memos are the standard cover, so an employee with abnormally high void or refund counts relative to peers is a prime suspect. The same logic applies to write-offs of receivables that mask lapping and to discounts granted without authority.

Unusual journal entries. Top-side and manual journal entries are a favorite fraud vehicle because they can move amounts without a routine transaction behind them. Warning signs include round-number entries, entries lacking supporting documentation, entries posted by someone outside the normal accounting workflow, entries to unrelated or suspense accounts, and, most tellingly, entries clustered near period-end, when management races to hit earnings targets. Data-analysis tools now let examiners test all journal entries for these attributes rather than sampling a handful, and they can apply Benford's Law to flag digit patterns that deviate from what naturally occurring numbers should show, a strong indicator of fabricated figures.

Physical and digital document clues

Altered documents often reveal themselves under scrutiny: mismatched fonts or ink, misaligned text, erasures, correction fluid, inconsistent logos, or figures that do not foot. In digital records, metadata such as creation and modification dates, author fields, and audit-trail logs can betray a document that was backdated or changed after the fact. Examiners preserve originals, work from forensic copies, and document the chain of custody so that any alteration they find will stand up as evidence. When originals are unavailable, the reason for their absence becomes part of the investigation rather than an accepted excuse.

Tying it together

Concealment and detection are two sides of one coin. The fraudster asks, 'How do I keep this out of sight?' and the examiner asks, 'If someone hid something, what trace would remain?' Off-book schemes push the examiner toward external evidence and analytics; on-book schemes leave forced entries, altered or missing documents, and statistical outliers that a systematic review will surface. By mapping each concealment method to its likely footprint, the examiner turns the perpetrator's own efforts to hide the crime into the very roadmap for uncovering it and building an evidence-backed case.

Test Your Knowledge

Which scheme is hardest to detect through the accounting records because it never generates a ledger entry?

A
B
C
D
Test Your Knowledge

A cashier stealing cash from the register would most likely conceal the theft using:

A
B
C
D