Posted by: Cheyenne Vyska - 04/02/2026
ACFCS Contributor Report: From Skepticism to Proof: Distinguishing Between a Traditional Audit and a Forensic Investigation
The skinny:
- In this thoughtful opinion piece, longtime fincrime fighter Ken Hines argues that to better pursue soaring fraud and accounting scandals, the world needs more forensic investigators, not more auditors.
- The reality is most fraud is uncovered not through routine internal audits, management reviews, or external audits, but through whistleblowers, tips, unusual behavior, lifestyle clues, or internal anomalies. The misconception that “the auditors will catch it” can be both dangerous and costly.
- For organizations, the practical question is: When should an issue move from audit to forensic investigation? Hines answers that question and also notes that cultivating an investigative skillset as a student can set you up for success in the compliance, legal, accounting and law enforcement fields.
By Kenneth J. Hines, MSA, EA, CFE
Partner, Integritas³ | Former IRS Criminal Investigation Executive | Part-time accounting teacher, University of Washington Bothell
April 02, 2026
With edits and minor content contributions by ACFCS Chief Correspondent, Brian Monroe
Introduction
The distinction between a traditional financial audit and a forensic investigation is often misunderstood, even within the accounting profession.
Both require technical expertise and professional skepticism, but the purpose, mindset, methods, and legal expectations are fundamentally different. One is focused on assurance. The other is focused on evidence—proof that can withstand courtroom scrutiny.
That issue of who should uncover potential frauds at a company – the auditor who is not an investigator, an investigator who is not an auditor, an accountant, who is not an auditor nor law enforcement, or a forensic investigator, who can be a mix of all of these – is a challenging and relevant dilemma for nearly any firm operating today.
Moreover, cultivating such a skillset early – understanding the difference between when numbers are more than errors and viewing financials through the lens of human duplicity – can also be a powerful career booster and an ally in the fight to bolster compliance defenses and detect and deter financial crime.
In banks, brokers, money remitters, crypto exchanges and more, anti-money laundering (AML) teams must review alerts of potential suspicious activity, investigate them and then pull together what it all means and if there are ties to money laundering and what specified unlawful activity could have generated these tainted funds.
Being able to command understanding from various audit, accounting and investigative fields can help better determine if aberrant transactions are potentially tied to fraud, corruption or money laundering and create more legally defensible transaction logs and conclusions in filed suspicious activity reports (SARs).
In that same vein, one prong of the AML program that in recent years has fallen short at some institutions is the requirement to do an independent AML review, in some circles referred to as the AML audit.
The individuals doing these reviews can be inside or outside the institution, but must have knowledge of a wide array of disciplines to be able to grade a financial crime compliance program.
Such a duty is a complex endeavor as AML is an amalgam of human training, decision-making, technology tuning, number crunching and balancing rising risks against the accumulated acumen across an institution.
But let’s take a look at some of the legal standards at play when people say audit, review and forensic investigation.
Financial audits vs. Forensic investigations: Reasonable assurance vs. legally defensible
A standard audit is designed to provide reasonable assurance financial statements are free from material misstatement.
Reasonable assurance means the auditor obtains a high—though not absolute—level of confidence that the financial statements are fairly presented.
It reflects the inherent limitations of an audit, including the use of sampling, reliance on internal controls, and the fact that not every transaction or document is examined.
Reasonable assurance does not guarantee that the financial statements are perfect, free of all errors, or free of fraud.
Instead, it means based on the evidence gathered, there is a low likelihood that a material misstatement remains undetected—one could influence the decisions of those relying on the financial statements.
An audit is also not designed to detect every instance of wrongdoing.
The auditor evaluates internal controls, tests a selection of transactions, and performs analytical procedures to determine whether the financial statements appear reasonable considering the available supporting documentation.
If the auditor gathers sufficient appropriate evidence to conclude that the financial statements are fairly stated in all material respects, the audit is complete.
Importantly, auditors are not required to identify every fraud, nor do they evaluate the intent behind transactions unless intent directly impacts the financial statement presentation.
Audits focus on financial reporting—not determining whether misconduct or deception occurred.
When concerns arise that fall outside the boundaries of reasonable assurance, the work necessarily shifts from auditing to forensic investigation.
An audit provides a high level of confidence that the financial statements are free from material misstatement, but it is not designed to resolve unexplained transactions, determine intent, or address signs of concealment.
When documents cannot be produced, internal controls are overridden, explanations change, or financial activity defies economic reality, the auditor’s procedures are no longer sufficient.
These red flags suggest the issue may not be an error, but deliberate misconduct—requiring a different discipline and a different standard of proof.
A forensic investigation begins where traditional audit work ends.
There is no concept of materiality, no reliance on management representations, and no comfort in sampling procedures.
Instead, the forensic accountant must determine whether fraud or misconduct occurred, identify the responsible parties, quantify losses, and develop evidence suitable for legal proceedings.
This requires examining all relevant transactions, tracing funds, reconstructing financial flows, and analyzing communications to uncover patterns of deceit or concealment.
The work must also be thorough enough to withstand courtroom scrutiny, which in the United States includes a Daubert challenge—a legal motion used to exclude an expert’s testimony on the grounds that it is not sufficiently reliable, relevant, or based on scientifically valid methodology.
Under Daubert v. Merrell Dow Pharmaceuticals (1993), the judge acts as a “gatekeeper,” evaluating whether the expert’s methods are sound, whether they were applied appropriately, and whether the underlying evidence can produce a trustworthy conclusion.
In essence, a Daubert challenge tests the quality, rigor, and admissibility of forensic work.
The transition from audit to forensic accounting is therefore a shift from assessing whether financial statements appear reasonable to proving what actually happened and doing so with evidence capable of establishing fraud beyond a reasonable doubt.
An audit is also not designed to detect every instance of wrongdoing.
The auditor evaluates internal controls, tests a selection of transactions, and performs analytical procedures to determine whether the financial statements appear reasonable considering the available supporting documentation.
If the auditor gathers sufficient appropriate evidence to conclude that the financial statements are fairly stated in all material respects, the audit is complete.
Importantly, auditors are not required to identify every fraud, nor do they evaluate the intent behind transactions unless intent directly impacts the financial statement presentation.
Audits focus on financial reporting—not determining whether misconduct or deception occurred.
When concerns arise that fall outside the boundaries of reasonable assurance, the work necessarily shifts from auditing to forensic investigation.
An audit provides a high level of confidence that the financial statements are free from material misstatement, but it is not designed to resolve unexplained transactions, determine intent, or address signs of concealment.
When documents cannot be produced, internal controls are overridden, explanations change, or financial activity defies economic reality, the auditor’s procedures are no longer sufficient.
These red flags suggest the issue may not be an error, but deliberate misconduct—requiring a different discipline and a different standard of proof.
A forensic investigation begins where traditional audit work ends.
There is no concept of materiality, no reliance on management representations, and no comfort in sampling procedures.
Instead, the forensic accountant must determine whether fraud or misconduct occurred, identify the responsible parties, quantify losses, and develop evidence suitable for legal proceedings.
This requires examining all relevant transactions, tracing funds, reconstructing financial flows, and analyzing communications to uncover patterns of deceit or concealment.
The work must also be thorough enough to withstand courtroom scrutiny, which in the United States includes a Daubert challenge—a legal motion used to exclude an expert’s testimony on the grounds that it is not sufficiently reliable, relevant, or based on scientifically valid methodology.
Under Daubert v. Merrell Dow Pharmaceuticals (1993), the judge acts as a “gatekeeper,” evaluating whether the expert’s methods are sound, whether they were applied appropriately, and whether the underlying evidence can produce a trustworthy conclusion.
In essence, a Daubert challenge tests the quality, rigor, and admissibility of forensic work.
The transition from audit to forensic accounting is therefore a shift from assessing whether financial statements appear reasonable to proving what actually happened and doing so with evidence capable of establishing fraud beyond a reasonable doubt.
The art of being persuasive: reasonable assurance vs. reasonable doubt
Reasonable assurance is the standard used in financial statement audits, meaning the auditor has obtained enough persuasive—though not absolute—evidence to conclude the statements are free of material misstatement.
It accepts inherent limitations such as sampling, reliance on internal controls, and the possibility that some errors or even fraud may go undetected.
In contrast, beyond a reasonable doubt is the highest standard of proof in the legal system, requiring evidence that is so clear, convincing, and comprehensive that no reasonable person could question the defendant’s guilt.
While reasonable assurance seeks a high level of confidence about financial reporting, beyond a reasonable doubt demands near certainty about facts, intent, and misconduct—making it fundamentally more rigorous and exacting.
This difference in mindset is not theoretical—it is real and consequential.
Before entering academia, I spent more than two decades with IRS-Criminal Investigation, eventually serving as Director of Operations, Policy & Support.
Throughout my career, I conducted and supervised complex criminal tax, money laundering, corruption, and financial fraud cases.
The investigators I worked with could never assume the documents were accurate, the statements were truthful, or the numbers told the full story. Our job was not to express an opinion—it was to prove willfulness beyond a reasonable doubt.
The investigative mindset is now central to the forensic accounting courses I teach at the University of Washington Bothell.
Students do not work on hypothetical textbook scenarios; they analyze real-world evidence—bank records, government exhibits, email communications, IRS investigative reports—and must determine whether fraud occurred, how it was concealed, and whether the evidence supports criminal charges or civil penalties.
They learn quickly that it is one thing to identify a questionable transaction, and another to prove intent.
In the classroom, I see my students react the same way I saw seasoned IRS-CI special agents respond when something seemed off: “This just doesn’t look right.” The critical next question is, “How do I prove this is fraud?”
That shift—from suspicion to evidence—is what separates routine accounting from true forensic investigation, and it changes everything.
Traditional audit procedures rely on sampling, confirmations, and analytical procedures to reach a comfort level.
The evidence is persuasive but often not conclusive.
A forensic investigation frequently requires examining 100 percent of relevant transactions, reconstructing financial flows, recovering deleted digital records, and interviewing individuals using behavioral techniques designed to detect deception.
As an example, in one of the investment fraud cases I worked as a special agent, a business owner disguised millions of dollars in income through related entities and sham loans to hide the fact he was running a Ponzi scheme.
A financial statement audit may have accepted the internal documentation at face value.
Instead, I analyzed bank deposits, bank transfers, matched expenditures to personal lifestyle spending, and traced funds through layered accounts. The defendant was found guilty at trial of fraud and tax evasion.
Real world examples: How auditors can miss the target and why
These kinds of schemes are more common than you might imagine. Here are some examples when auditors were lied to, manipulate and provide false information:
HealthSouth Corporation
HealthSouth’s executives, led by CEO Richard Scrushy, orchestrated a multibillion-dollar earnings inflation scheme throughout the 1990s and early 2000s by directing employees to make fraudulent top-side entries that artificially boosted revenue and understated expenses.
Ernst & Young served as the company’s auditor and issued unqualified opinions, not detecting the false adjustments concealed through management collusion, forged documents, and intentionally deceptive journal entries.
When the fraud was uncovered in 2003, multiple HealthSouth executives pled guilty to criminal charges, but the auditors were not implicated as co-conspirators; the courts and regulators found no evidence the auditors knowingly participated in the misconduct.
The case remains a leading example of how even competent auditors can fail to detect fraud deliberately hidden through override of controls and coordinated falsification.
Satyam Computer Services
Satyam, one of India’s largest IT outsourcing companies, perpetrated a massive accounting fraud by overstating cash balances, fabricating revenue, and inflating profits for years.
The auditors issued clean opinions, not realizing the supporting documentation—bank statements, confirmations, and invoices—had been falsified by management.
The fraud surfaced in 2009 when the chairman confessed to manipulating more than $1 billion in fictitious cash and overstated assets.
Multiple executives were criminally convicted for their roles.
Though the auditors faced regulatory penalties for audit failures, there was no determination the auditors were co-conspirators; they, too, had been misled by falsified evidence specifically designed to defeat audit procedures.
Olympus Corporation
For more than a decade, Olympus executives hid over $1.7 billion in investment losses using complex mergers, acquisitions, and inflated advisory fees that masked the true nature of the transactions.
The company’s auditors failed to detect the fraud, largely because Olympus management provided falsified documentation and employed opaque accounting maneuvers designed to obscure economic reality.
When a whistleblower exposed the scheme in 2011, several executives were criminally convicted for their roles.
Although the auditors were criticized for deficiencies in professional skepticism, there was no finding that they knowingly participated in the fraud.
Instead, the case highlighted how corporate collusion, hidden side agreements, and intentionally deceptive evidence can circumvent even large, reputable audit firms.
Parmalat
Parmalat, once a global dairy conglomerate, carried out one of Europe’s largest accounting frauds by fabricating assets, overstating liquidity, and creating a fake €3.9 billion bank account.
Two different auditors issued clean audit opinions.
The auditors did not uncover the fraud because Parmalat management presented forged bank confirmations, fake financial statements from subsidiaries, and manipulated offshore entities.
When the scheme collapsed in 2003, it led to criminal convictions of senior executives, including founder Calisto Tanzi.
The legal environment and the audit – forensic accounting divide
While the auditors faced regulatory scrutiny and civil suits, they were not found to be co-conspirators, as the fraud relied on elaborate forged documents and collusion specifically designed to mislead the audit process.
The legal environment reinforces this divide.
Audit workpapers are not prepared for litigation. They may not contain chain-of-custody documentation, interview notes designed to withstand cross-examination, or supporting schedules that explain evidence in plain language.
There is also a tension that if the audit is too rigorous, and the audit firms finds too many things wrong, the client will simply drop them for a firm that won’t look as deeply at their financial health.
Some audit and consulting firms have actually been chided by oversight bodies because they did just that, only sharing with regulators and investigators a portion of what they found wrong in a lookback for a bank – not the full range of missed SARs.
A forensic report, by contrast, must anticipate legal challenges.
Every document, calculation, and opinion must be supported with evidence that is admissible, authentic, and traceable back to its source.
Another critical difference is the treatment of management representations.
Auditors must evaluate the risk of fraud, but they are allowed to rely on management explanations unless evidence suggests otherwise.
A forensic accountant conversely must assume the possibility of concealment. Missing documents, unexplained transactions, unusual accounting entries, and shifting explanations are not dismissed—they are clues.
After decades inside IRS-CI, one thing became unmistakably clear: fraud doesn’t just happen—it is engineered.
Every false document, disguised transfer, or fabricated explanation is part of a plan. The forensic investigator starts where the deception begins, peeling back layers of concealment until the truth has nowhere left to hide.
This is exactly what students learn in my UW Bothell forensic accounting courses.
They review court filings, bank records, witness statements, financial statements, accountant workpapers, and other documents, including public records.
They quickly learn simply using accounting software does not mean a business owner understands the health of their business or the tax consequences of what is recorded.
They see how emails, bank records, and handwritten notes can reveal a very different reality than what appears on a tax return or financial statement.
Most importantly, they experience why every transaction must be traced from beginning to end, no matter how small it may seem.
The reality is most fraud is uncovered not through routine internal audits, management reviews, or external audits, but through whistleblowers, tips, unusual behavior, lifestyle clues, or internal anomalies.
The Association of Certified Fraud Examiners repeatedly reports that external audits detect approximately 16 percent of occupational fraud schemes. The misconception “the auditors will catch it” is both dangerous and costly.
When should companies consider moving from a standard audit to a deeper forensic review?
For organizations, the practical question is: When should a matter move from audit to forensic investigation?
The answer is when there is credible concern something is being hidden: when documents cannot be produced, explanations change, employees resist questions, internal controls are overridden, or financial activity does not make sense economically.
A single unexplained journal entry might be harmless. A pattern of them is something different.
The skillset required to navigate the transition from audit to forensic investigation, and ability to function effectively as a forensic accountant, is increasingly in demand.
Companies, law firms, government agencies, and regulators now expect accountants to do far more than confirm balances.
They expect forensic capabilities: the ability to identify deception, reconstruct transactions, trace funds, analyze patterns of concealment, and communicate financial evidence clearly to non-accountants.
This is why forensic accounting education must go beyond theory.
Students should analyze actual case exhibits, use bank tracing techniques, and write professional reports blending accounting, law, and investigative reasoning. They must learn not just to spot irregularities, but to prove them.
After decades spent investigating financial crime, and now teaching the next generation of forensic accountants, I believe the profession must reinforce one enduring, essential truth.
What is it?
A traditional audit asks whether the financial statements are fairly presented; a forensic investigation asks whether the numbers are truthful, how the scheme worked, who benefited, and whether the evidence proves intent.
One discipline provides reasonable assurance. The other seeks to establish proof.
In a modern financial environment defined by cyber-enabled fraud, offshore havens, cryptocurrency transactions, and increasingly sophisticated concealment strategies, the need for professionals who understand this distinction has never been greater.
The world does not need more checklists. It needs more investigators.
How does the rise of artificial intelligence impact auditing and forensic reviews?
Artificial intelligence is changing the landscape of the accounting profession, and we must embrace it and not fear it.
AI can rapidly analyze massive volumes of financial records, emails, accounting logs, and even blockchain data, identifying anomalies, hidden relationships, and suspicious activity.
These tools automate labor-intensive tasks like reconciliations, clustering, and pattern recognition, enabling forensic accountants to focus their time on the highest-risk transactions and the most revealing evidence.
In short, AI can increase the speed, scale, and precision of modern investigations, and could help companies and individuals more easily and confidently make the jump from auditing a firm to analyzing it through the lens of a forensic investigator.
But while AI enhances the investigative process, it should not replace the human factor, nor can it.
AI can identify what looks unusual, but it cannot determine whether an anomaly reflects fraud, error, misunderstanding, poor bookkeeping, or a legitimate but uncommon business event.
It cannot evaluate credibility, conduct an interview, interpret motive, understand organizational culture, or assess how evidence will be viewed by prosecutors, regulators, or a jury.
Those judgments require skepticism, legal awareness, investigative instinct, and real-world experience.
While some organizations assume a forensic investigation will always be more expensive than an audit, the reality is far more nuanced.
A targeted forensic engagement often costs less in the long run because it focuses directly on the source of the problem, prevents additional losses, and provides evidence strong enough to withstand legal scrutiny.
By contrast, delaying or limiting an investigation to save money can allow misconduct to continue, inflate losses, and increase legal exposure.
In many cases, the true financial risk lies not in the cost of the forensic work, but in failing to uncover the full scope of the issue.
Businesses should avoid being penny wise and pound foolish; investing in a thorough forensic investigation when red flags appear protects the organization’s assets, reputation, and decision-makers far more effectively than a superficial or incomplete response.
Fraud is ultimately a human behavior problem, not just a data problem. AI may help us find the irregularities faster, but only trained forensic accountants can determine what those irregularities mean.
And the mindset we cultivate matters more than any technology: a willingness to look past what merely appears reasonable and instead ask the only question that truly matters in a fraud case—can I prove it beyond reasonable doubt?
About the author
Kenneth J. Hines, MSA, EA, CFE is a Partner at Integritas³, a global consulting firm specializing in tax, compliance, forensic accounting, and litigation support.
He spent more than two decades with IRS-Criminal Investigation, leading high-profile tax fraud, corruption, and money laundering cases. Mr. Hines is also an Executive-in-Residence and part-time accounting teacher at the University of Washington – Bothell’s School of Business.
