Prevention is very often the best way of dealing with internal fraud. Being able to nip the problem in the bud will produce much better outcomes for a company than finding out that fraud is already occurring when it is already too late. With that being said, all companies should be aware of the warning signs that may flag when an employee is planning to, or is currently engaging in internal fraud.

Software developed by the FBI and Ernst & Young has discovered the most common phrases that are used in email conversations among perpetrators of internal fraud. Through this technology, more than 3,000 words and phrases were identified. The software can also detect unusual changes in tone that can suggest internal fraud is taking place within the business. 

List of phrases that indicate internal fraud

The phrases identified by the Ernst & Young software are a good indication that internal fraud may be occurring within a company, especially if they come up on a regular basis. The top 15 phrases are listed below:

  1. Cover up
  2. Write off
  3. Illegal
  4. Failed investment
  5. Nobody will find out
  6. Grey area
  7. They owe it to me
  8. Do not volunteer information
  9. Not ethical
  10. Off the books
  11. Backdate
  12. No inspection
  13. Pull earnings forward
  14. Special fees
  15. Friendly payments

Some phrases describe the internal fraud itself, including “Cover up,” “Write off,” “Illegal,” and “Grey area.” Other phrases suggest that employees want to defend their actions, such as “Nobody will find out,” and “They owe it to me.” Phrases like “special fees” and “friendly payments” are used in cases of bribery. Further phrases indicate that the employee is acting with a co-offender, describing how the fraud will take place in phrases like “Do not volunteer information,” “Off the books,” and “Pull earnings forward.”

The software also searches for outside events such as “call my mobile” and “come by my office,” which suggests that the employee does not want to be overheard.

Employees who do not wish to partake in these fraudulent activities with a fellow employee often use words like “no inspection,” “do not volunteer information,” “want no part of this” and “don’t leave a trail.

It may seem improbable at first instance for employees to directly mail other employees about their fraudulent actions. However, it is more than likely that they are colluding with someone else or are searching for acceptance from others about their activities.

According to the developers, this targeted means of analysing suspicious email conversation will save companies millions, as it is able to warn companies before major frauds have occurred. The software also highlights the success of analysing words as a method of investigating fraud, which is typically only conducted by looking at a company’s numbers.

The Fraud Triangle

A commonly used framework in auditing, the fraud triangle explains why an individual may decide to commit a fraud. It comprises the three components: Opportunity, Rationalisation, and Pressure. Many of the phrases that were identified by the software could be classified under one of these components.

internal fraud
The fraud triangle can classify the common red flags of internal fraud.


Internal fraud is more likely to transpire when there is an opportunity to commit it in a concealed way. This can manifest in a few different ways, for example, having limited approval processes, weak internal controls, or poor communication from leadership. 

The Ernst & Young software identified a number of phrases relating to this section of the Triangle, such as:

  • Nobody will find out
  • No auditor will review it
  • Nobody asks anything
  • The policy does not say anything about it
  • Bosses don’t ask


This component refers to the individual’s justification for committing the internal fraud, to the point where they feel that their actions are acceptable. They may feel that management is treating them unfairly and fraud is a way of getting payback. They may see upper management committing fraud and follow in their footsteps. They may feel that they have no other choice, for example losing their job, and fraud is the only option. Whatever their reasoning, dramatic changes in company culture are required to tackle this issue.

The common phrases associated with this element of the Triangle include:

  • They owe me
  • Everybody does it
  • I’m not hurting anyone
  • They don’t pay me enough
  • Nobody has to know


The final segment of the Triangle refers to an employee’s mindset towards committing fraud. Employees may be under pressure to meet targets that are tied to their remuneration, which may cause them to commit fraud to meet these objectives. There may also be pressure from investors and key stakeholders to increase the company’s share price, which can further impel them to commit fraud. 

The phrases discovered by the software relating to pressure include:

  • My bonus depends on this
  • Bosses are pushing me to do this
  • I should reach the numbers
  • The goal is very high
Excessive workplace pressure can lead to internal fraud, as employees struggle to meet targets without altering the numbers.

What was said about the Software

In a press release for the software, Rashmi Joshi, director of Ernst & Young’s Fraud Investigation & Dispute Services, noted that “Despite being the prime means of all conversations, unstructured email data plays almost no role in the compliance efforts of firms.

“Most often such email traffic is only seized upon by regulators or fraud investigators when the damage has been done.” 

Clearly, email plays an important role in internal fraud detection and should be one of the first things managers look into when trying to uncover the warning signs of internal fraud. This technology is especially relevant for financial services companies, who demand more effective and less costly compliance monitoring. Joshi goes on:

“Firms are increasingly seeking to proactively search for specific trends and red flags – initially anonymously – but with the potential for investigation where a consistent pattern of potential fraud is flagged.”

One of the main benefits of detecting these key indicators of internal fraud is that the company is one step ahead of the game. It is one thing to merely identify the red flags, the company should then be proactive and launch an investigation into whether internal fraud is occurring and its extent within the company. 

How Polonious can help

Polonious has seamless integrations with analytics engines, so we can pick up flags like these and automatically create an investigation.

Our case management system is flexible and adaptable to your needs. Once these warning signs have been spotted, any information that is needed for an investigation is just a few simple clicks away via our extensive list of integrations. 

We can design and build workflows for you that are compliant with relevant legislation. Our Status Action Metric Evidence methodology ensures that investigators can only perform allowed actions at the relevant stage of an investigation, while gated decision points ensure that the investigation cannot move forward without a decision and a justification. Strict security and a full audit trail also ensure that you are compliant with any audit requirements. All of this while adding minimal administrative/compliance burden to your investigators.

One of the biggest complaints we hear from investigators is the considerable amount of time spent on administration. Our system has a number of administration time saving features to combat this issue, including triage steps (so you can quickly remove false positives) and automation of communication. This results in a dramatic reduction in phone calls, follow ups, and requests for updates.

Overall, this leads to a 38% reduction in the total time to complete an investigation, or 134 minutes on average. Since this time is non-billable, the savings are translated into an immediate ROI for your company.

Other key features of Polonious’ case management system include fully customisable dashboards, and an ‘entity mapping’ report builder that lets you pick and report on any field in the system using a simple checkbox system. These features emphasise ease of use and cater towards what you want from your system.

The system also allows integration with Tableau, and more recently, is able to integrate with Maltego for graphical link analysis. These reporting tools allow you to spot trends in identified and confirmed fraud cases and so better target your detection efforts.

There are many warning signs that there may be fraud occurring within your business. These warning signs can be categorised into the three main drivers of fraud, which are Opportunity, Rationalisation, and Pressure. It is worthwhile launching an investigation if these red flags come up consistently to ensure that any fraud is stopped at the source.

Polonious’ easy-to-use case management system can pick up on these flags and immediately launch an investigation that reduces administration time and caters towards your needs.