When a Stock Audit looks Too Good to Be True – Reading the Fraud Triangle beneath a clean engagement
Some years into my stock audit practice, I was engaged to conduct a stock and receivables audit of a borrower that, on every measure, presented an exemplary file. The stock register reconciled to the last rupee with the physical count. The debtor ageing was clean, with almost nothing beyond ninety days. The drawing power computed comfortably above the outstanding. The accounts team had every document ready before I asked. The stock statements submitted to the bank over the preceding year matched the books exactly. The previous two stock audits had returned clean reports.
By the standard of what most engagements present, this was the easiest file I could have hoped for. I could have completed the verification, confirmed that everything reconciled, computed the drawing power and submitted a clean report in half the usual time. It would have made the bank satisfied and the borrower pleased. Nothing in the standard checklist would have flagged a concern.
What stopped me was a question that the fraud examiner sitting in me asked. The question was simple: in twenty-five years of working with operating businesses, how often had I seen a working capital cycle so much clean, so much complete and so much perfectly reconciled in reality? The honest answer was almost never. Real operating businesses are messy. Stock registers always carry unreconciled differences be it small or big. Debtors age unevenly. Documents take time to locate. A file that is too perfect is, in my experience, not evidence of an exceptionally well-run business. It is sometimes evidence of an exceptionally well-managed presentation.
This article is about the engagements that look too good to be true, and about how the fraud triangle – the framework that most practitioners associate with fraud investigation rather than with routine verification – can be applied as a diagnostic overlay to probe beneath a clean surface. Across the over 700 stock and receivables audit engagements I have now conducted, the files that taught me the most were not the obviously problematic ones. They were the ones that looked perfect and were not.
The paradox of the perfect engagement
The stock and receivables audit is a special purpose assignment under the ICAI Guidance Note on Reports or Certificates for Special Purposes. It is not a fraud investigation. The engagement scope is the verification of inventory, receivables, drawing power and compliance with sanction terms. The appointing bank does not engage the stock auditor to detect fraud and the auditor who treats every engagement as a fraud hunt would be both exceeding the scope and damaging the professional relationship that the work depends on.
And yet, the engagements that produce the most consequential findings are frequently the ones where something has been managed beneath a clean surface. The paradox is that the verification framework, applied competently, can return a clean report on a file that has been constructed to pass exactly that verification. The borrower who understands what the stock auditor will examine can prepare a file that satisfies each examination while concealing the underlying position.
This is where the difference between conducting an engagement procedurally and conducting it intelligently becomes material. The procedural approach asks whether each item on the checklist is satisfied. The intelligent approach asks an additional question: if someone wanted this file to pass the verification while concealing a problem, what would the file look like, and does the file in front of me resemble that?
A file that is too good to be true is precisely the file that someone who understood the verification would construct. This does not mean that every clean file is concealing a problem – most clean files are simply clean. It means that the cleanness itself is not conclusive evidence of soundness and that the intelligent auditor treats an unusually perfect file as a prompt for additional scepticism rather than as a reason for early completion.
The fraud triangle as a diagnostic overlay
The fraud triangle, developed by the criminologist Donald Cressey and incorporated into the auditing framework through SA 240, holds that three conditions typically coincide where a trust violation occurs. Pressure is the motive. Opportunity is the means. Rationalisation is the mental narrative that allows the person to act while still regarding themselves as honest. The fraud diamond, developed later by Wolfe and Hermanson, adds a fourth condition: capability, the position and skill to execute and conceal.
For stock audit work, the value of the framework is not in labelling a borrower a fraudster, that is beyond the engagement scope and beyond what verification evidence can establish. The value is as a diagnostic overlay that directs the auditor’s attention. Each corner of the framework corresponds to a category of question that the auditor can ask of a clean file to test whether the cleanness is genuine or constructed.
| Corner | The diagnostic question for a clean file |
| Pressure | Is the borrower under any stress that would create an incentive to present a position better than the reality? |
| Opportunity | Does the borrower’s control environment provide the means to manage the presented position without detection? |
| Rationalisation | Is the borrower’s narrative around the clean position fluent in a way that suggests it has been rehearsed? |
| Capability | Do the borrower’s personnel have the knowledge and position to construct a file that passes verification while concealing the underlying position? |
When all four questions return affirmative answers in a file that simultaneously looks too good to be true, the auditor has reason to conduct the engagement with heightened scepticism and to extend procedures beyond the standard checklist. Let me take each corner in turn and describe what it looks like in stock audit context.
Pressure – reading it even when the books are clean
Pressure is the corner most invisible in the books and most visible in the environment. A borrower whose books are clean may nonetheless be under significant pressure that the clean books are designed to obscure.
The pressure indicators that I look for in the engagement environment, independent of the figures, include the following. The borrower has had recent lenders’ discussions in which lenders raised concerns. The borrower is approaching a facility renewal. The borrower’s working capital outstanding has been persistently near the sanctioned limit. The borrower is involved in a pending fund-raise, acquisition or business combination that creates an incentive to present stronger numbers. There have been recent exists from the finance and accounts department. The borrower’s sector is under stress that the borrower’s own clean numbers do not reflect.
The diagnostic significance of pressure in a too-good-to-be-true file is specific. Where the environment shows clear pressure but the books show no trace of it, the gap between the two is itself the signal. Real pressure leaves marks. A borrower under genuine working capital stress will normally show some sign of it – stretched creditors, delayed statutory payments, increased reliance on related parties, ageing in the debtors. A borrower under evident environmental pressure whose books show none of these marks is a borrower whose books may have been smoothed.
| Environmental Pressure Indicator | What a Genuine Position Would Usually Show | What a Managed Position May Show |
| Recent covenant or renewal pressure | Some stretch in creditors or statutory dues | Perfectly current creditors and dues |
| Persistent high facility utilisation | Cyclical variation in the operating accounts | Unnaturally smooth account operation |
| Sector under stress | Some softening in debtor collection or inventory movement | Debtor and inventory metrics better than sector norm |
| Pending fund-raise or combination | Normal operational messiness | Exceptionally clean presentation timed to the event |
The auditor cannot conclude from this gap that the books have been manipulated. What the auditor can do is recognise that the gap warrants the extension of procedures and direct the engagement effort toward the areas where smoothing, if it has occurred, would be detectable.
Opportunity – the perfectly controlled environment
Opportunity in a stock audit context is usually discussed as a weakness – poor controls, lack of segregation, single-person control of the working capital cycle. In a too-good-to-be-true file, opportunity often presents in an inverted form. The environment is not chaotic; it is unusually controlled. A single individual, or a small tightly coordinated group, has complete command of the inventory records, the debtor ledger, the creditor processing, the bank reconciliation, and the interaction with the auditor.
This concentration of control is what makes the perfect file possible. A file can only be uniformly clean if a single coordinating intelligence has ensured that every component reconciles. In a genuinely decentralised operation, where different functions are handled by different people who do not coordinate their records for the auditor’s benefit, the file will normally carry the small inconsistencies that arise from independent record-keeping. The absence of any such inconsistency suggests a level of coordination that itself deserves examination.
The opportunity indicators I look for in a too-good-to-be-true file include the following. The accounts head personally handles every interaction with the auditor and is reluctant to involve junior staff. Requests to provide trial balance or verification of books on system are deflected or delayed. The borrower’s records are presented as polished summaries rather than as raw system extracts. The inventory is held at locations that the engagement scope does not permit the auditor to physically verify and the borrower’s representations about those locations cannot be independently corroborated. The reconciliations between physical and book inventory have all been performed by the same individual who controls both records.
The diagnostic procedure for the opportunity corner is to insist, politely but firmly, on examining the raw data rather than the prepared summaries. The borrower who has nothing to conceal will provide the system extracts, trial balance and the access records without difficulty. The borrower who has managed the presented position will find reasons why the raw data is not readily available or why is it needed. The reluctance, where it appears, is itself information.
Rationalisation – the fluent narrative
Rationalisation in a too-good-to-be-true file is audible rather than visible. It appears in the language with which the borrower’s personnel explain the perfection of the position.
The rationalisations I have encountered in such files are consistent. “We run a very tight ship – our systems are better than most companies our size.” “Our promoter insists on clean books; he does not tolerate any laxity.” “We have always maintained this standard; our previous auditors have all confirmed it.” “This is simply how a well-managed business operates.” Each of these is presented confidently and may well be true. What makes them diagnostically significant is when they are offered pre-emptively, before the auditor has raised any concern, as though the borrower anticipates that the perfection will be questioned and has prepared the explanation in advance.
The pre-emptive rationalisation is a specific signal. A genuinely well-run business does not usually feel the need to explain its good management to the auditor; the quality speaks for itself and the management has no particular anxiety about it being examined. A managed presentation, by contrast, often comes with a prepared narrative because the people presenting it are conscious that the perfection is unusual and anticipate that it will attract scrutiny.
The diagnostic procedure for the rationalisation corner is to interview the borrower’s personnel separately rather than collectively, and to ask the same questions of different individuals. Where the position is genuine, different individuals will describe it in their own words with natural variation. Where the position has been managed, the descriptions tend to converge on a common script, because the individuals have been briefed on what to say. The convergence of language across individuals who should be describing the same reality independently is, in my experience, one of the more reliable signals that a narrative has been constructed.
Capability – the sophisticated borrower
The fourth corner, capability, is what makes the too-good-to-be-true file possible at all. A file can only be constructed to pass verification by someone who understands the verification in detail.
The capability indicators in such a file are recognisable. The borrower’s finance personnel have extensive prior experience of stock audits and know exactly what the auditor will examine. The documents are prepared in anticipation of the auditor’s requests, often before the requests are made. The finance head is fluent in the language of drawing power, margins and sanction compliance, and steers the engagement toward the areas they want examined. The borrower’s responses anticipate the auditor’s questions in a way that suggests detailed familiarity with the verification process.
None of this is improper. Experienced, competent finance personnel are an asset to any business and their competence is not evidence of wrongdoing. The diagnostic significance arises only in combination with the other corners. A sophisticated finance function, in a borrower under evident pressure, with concentrated control of the records, offering a pre-emptive narrative for an unusually perfect file, presents a combination in which the capability to construct a managed presentation coincides with the pressure to do so, the opportunity to do so, and the narrative to explain it. It is the coincidence of all four corners, not any single one, that warrants the auditor’s heightened scepticism.
Conducting the engagement smartly – specific procedures
Recognising that a file is too good to be true is only the starting point. The intelligent conduct of the engagement lies in the procedures that the recognition prompts. The following procedures are the ones I have found most productive in testing whether a perfect file is genuine or constructed. None of them exceeds the legitimate scope of a stock audit; each is a deeper application of procedures that the engagement already permits.
| Procedure | What It Tests | Why a Managed File May Fail It |
| Examine raw ERP extracts, not prepared summaries | Whether the underlying data matches the presented summaries | Summaries can be smoothed; raw data carries the marks of any adjustment |
| Review the ERP audit log for entries around reporting dates | Whether entries cluster suspiciously near period-ends | Window-dressing entries concentrate on reporting dates |
| Examine the dates of inventory movements in the last week of the period | Whether stock was built up artificially before the reporting date | Reporting-date inventory may be inflated relative to mid-period levels |
| Trace a sample of clean debtors to subsequent collection | Whether the clean debtors actually pay after the period | Fictitious or related-party debtors do not collect in the normal cycle |
| Cross-check book sales against GST returns and e-way bills | Whether reported sales correspond to actual movement of goods | Accommodation sales lack the GST and e-way bill trail |
| Reconcile physical inventory locations against the hypothecation | Whether inventory is where it is represented to be | Inventory at undisclosed locations may not exist or may be double-counted |
| Interview finance personnel separately on the same questions | Whether the narrative is genuine or a rehearsed script | A constructed narrative converges across individuals |
| Compare the current clean file against the messiness of prior years | Whether the perfection is a recent and sudden development | A position smoothed for a specific purpose appears as a discontinuity |
The last procedure deserves emphasis. A borrower that has filed messy but honest stock statements for years and suddenly presents a perfect file in the quarter before a covenant test or a fund-raise has produced a discontinuity that the year-on-year comparison will reveal. The intelligent auditor does not examine the current file in isolation; the auditor examines it against the pattern of prior periods. A sudden improvement in every metric, with no corresponding operational explanation, is one of the clearest signals that a file has been managed for a specific occasion.
The reconciliation that is too perfect
There is a specific feature of the too-good-to-be-true file that merits separate discussion, because it is counter-intuitive. A reconciliation that ties out to the last rupee, with no difference whatsoever, is in many real operating environments more suspicious than a reconciliation that carries a small, explicable difference.
Genuine operating businesses generate small reconciliation differences as a matter of course. Goods received but not yet invoiced. Invoices raised but not yet dispatched. Timing differences between the physical movement and the system entry. Rounding in the valuation. A small unreconciled difference, properly explained, is evidence that the records are being maintained independently and reconciled honestly. The difference is the fingerprint of a real process.
A reconciliation that shows zero difference, quarter after quarter, across all categories of inventory and all classes of debtors, is statistically improbable in a real operating environment. It suggests either that the reconciliation has been forced to tie out, or that the underlying records have been adjusted to produce the perfect match. The auditor who is reassured by the perfect reconciliation has misread the signal. The auditor who is made more curious by it is reading it correctly.
This is not to say that a perfect reconciliation is always evidence of manipulation. Small, well-controlled businesses with simple operations can genuinely reconcile cleanly. The point is that the perfect reconciliation should prompt the question of how it was achieved, rather than closing the inquiry. In my experience, asking a borrower to walk through exactly how a perfect reconciliation was produced – which entries were passed, when, by whom, and on what basis – is one of the more revealing procedures available to the stock auditor. The genuine borrower walks through it readily. The managed presentation begins to show its seams.
Boundaries of the auditor’s role
It is essential to maintain the boundary between recognising the indicators and concluding on the question of fraud. The stock auditor who identifies that a file is too good to be true, who applies the diagnostic overlay of the fraud triangle, and who extends procedures accordingly, is conducting the engagement intelligently within scope. The stock auditor who concludes in the report that the borrower has committed fraud has exceeded both the scope of the engagement and the evidence that verification procedures can produce.
The appropriate output of the intelligent engagement is the surfacing of observations, supported by data, framed in factual language, presented for the bank’s consideration. Where the extended procedures reveal that the perfect file does not withstand deeper examination – where the debtors do not collect, where the GST trail is absent, where the reconciliation cannot be explained, where the inventory cannot be located – the auditor reports these specific findings factually. Where the extended procedures confirm that the file is genuinely clean, the auditor reports a clean position with the confidence that comes from having tested it properly.
The professional discipline is to let the data carry the conclusion. An observation that the debtor balances of Rs [amount] lakhs did not collect in the subsequent period, supported by the bank statement evidence, is useful to the bank and withstands the borrower’s response. A conclusion that the borrower has fabricated its debtors goes beyond what the stock audit can establish and exposes the auditor to challenge. The intelligent auditor reports the former and leaves the latter to the bank’s forensic process, where the bank chooses to initiate one.
The 2024 RBI Master Directions on Fraud Risk Management provide the framework within which the bank acts on the auditor’s observations. The auditor’s role is to surface the early warning signals that the engagement encounters; the bank’s role is to weigh them, to seek the borrower’s response in accordance with the principles of natural justice, and to decide on classification and further action. The boundary between these roles protects both the integrity of the bank’s process and the professional position of the auditor.
Reporting the observations from a too-good-to-be-true engagement
Where the extended procedures on a too-good-to-be-true file produce observations, the reporting requires particular care. The report must convey the substance of the concern without overstating what the verification has established and must give the bank the information it needs to decide on further action.
The reporting structure I have found effective for such engagements is as follows. First, a factual statement of the position as presented by the borrower and as verified. Second, a description of the specific procedures extended beyond the standard checklist, and the reasons for extending them, framed in neutral language. Third, the specific findings from the extended procedures, quantified and supported by reference to the underlying evidence. Fourth, where the findings warrant it, an observation that the position presents features that the bank may wish to subject to further examination beyond the scope of the stock audit. Fifth, the management representations obtained on the matters identified.
The neutral framing of the reasons for extending procedures is important. The report should not say that the auditor suspected fraud. It should say that the position presented certain features – the unusual completeness of the reconciliation, the concentration of record-keeping control, the discontinuity from prior periods – that warranted the application of additional procedures within the engagement scope. This framing is factual, defensible, and conveys the substance of the concern to a bank credit officer who knows how to read it, without imputing a conclusion that the verification cannot support.
| Report Element | Purpose | Framing |
| Position as presented and verified | Establish the baseline | Factual |
| Procedures extended and reasons | Explain the deeper inquiry | Neutral; features warranted additional procedures |
| Findings from extended procedures | Convey the substance | Quantified, evidence-referenced |
| Observation for bank consideration | Direct the bank’s attention | The bank may wish to examine further |
| Management representations | Record the borrower’s position | Verbatim or substantively complete |
A reflection on why the perfect file teaches the most
When I look back across the engagements of my practice, the files that advanced my own understanding the most were not the obviously troubled ones. A troubled file announces its problems; the ageing is visible, the creditors are stretched, the reconciliation does not tie out and the standard procedures surface the concerns without difficulty. The troubled file requires diligence but not particular insight.
The perfect file is different. It announces nothing. It presents a surface that the standard procedures confirm as sound. It rewards the procedural auditor with an easy clean report and rewards the intelligent auditor with a harder question. The discipline of treating perfection as a prompt for scepticism rather than as a reason for completion is what separates the engagement conducted procedurally from the engagement conducted intelligently.
This discipline is not native to the verification framework. The framework asks whether the items reconcile, and a perfect file answers yes to every question. The discipline comes from elsewhere – from the fraud examination perspective that treats the absence of any imperfection as itself a datum, from the operational experience that knows how messy real businesses are, and from the professional scepticism that SA 240 requires but that the routine of verification can erode over many clean engagements.
I do not suggest that every clean file is hiding something. The large majority of clean files are simply clean, and the borrower deserves the clean report that the verification supports. What I suggest is that the unusually perfect file – the one that is too good to be true – deserves the additional question before the clean report is issued. The cost of asking the question is a few additional hours of procedure. The cost of not asking it, where the perfection was constructed, is a clean report on a position that subsequently fails, with the consequences that follow for the bank and for the professional standing of the auditor who certified it.
“Kuch to Gadbad hai, Daya” is perfect quote a stock auditor should always ask himself.
Conclusion
The fraud triangle is usually presented as a tool for investigating fraud after it has surfaced. Applied to stock audit work, it serves a different and earlier purpose: as a diagnostic overlay that helps the auditor recognise, during the engagement, when a clean surface may be concealing a managed position beneath it.
The too-good-to-be-true file is the specific situation where this overlay is most valuable. The file that reconciles perfectly, presents no imperfection, and is supported by a fluent narrative from a sophisticated and tightly coordinated finance function, in a borrower under evident environmental pressure, presents all four corners of the fraud diamond simultaneously. The intelligent auditor recognises the combination, treats the perfection as a prompt rather than a reassurance, and extends procedures to test whether the cleanness is genuine or constructed.
The procedures that test this are not exotic. They are deeper applications of what the stock audit already permits: examining raw data rather than summaries, reviewing audit logs for reporting-date clustering, tracing clean debtors to subsequent collection, triangulating sales against the GST and e-way bill trail, comparing the current file against the messiness of prior years, and asking the borrower to walk through exactly how a perfect reconciliation was achieved. Each of these is within scope. Together, they convert a procedural engagement into an intelligent one.
The professional satisfaction of stock audit work, in my experience, comes not from the files that were easy but from the files that looked easy and were not, and from having had the discipline to ask the additional question before signing the clean report. The borrower whose exemplary file I described at the start of this article did not, in the end, withstand the extended procedures. The bank was grateful that the question had been asked. The verification framework alone would not have prompted it. The fraud triangle, applied as a diagnostic overlay by an auditor conducting the engagement smartly, did.
*****
Disclaimer: The views expressed are the author’s personal professional observations based on experience in stock and receivables audit practice and do not constitute legal advice, regulatory guidance, banking policy interpretation, or any authoritative position. References to RBI, ICAI, Standards on Auditing, and forensic standards reflect the author’s understanding as of the date of writing and readers should consult the latest original sources. The examples and patterns discussed are anonymised composite illustrations and do not relate to any specific borrower, bank, auditor, or engagement. Nothing herein overrides applicable laws, regulations, RBI directions, ICAI pronouncements, or auditing standards, which shall prevail in case of any inconsistency. The author accepts no liability for any loss arising from reliance on this article. Practitioners should apply the concepts discussed only within the scope of their engagements and with appropriate professional judgment and scepticism.
Author Bio
