Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.
The ACFE Fraud Tree classifies all occupational fraud into three branches: asset misappropriation, corruption, and financial-statement fraud. This taxonomy structures how investigators categorise schemes and how organisations prioritise controls.
Last updated:
When an investigator receives an allegation of financial misconduct, the first substantive question is: what kind of fraud is this? The answer shapes everything that follows. Which records to pull. Which people to interview. Which analytical techniques to deploy. Which control failures to document. Without a classification framework, investigations are slower, less systematic, and more likely to miss related conduct that falls outside the initial allegation.
The ACFE's Occupational Fraud and Abuse Classification System, universally known as the Fraud Tree, is the most widely used taxonomy in the field. Built by Joseph T. Wells and refined over multiple editions, it organises every form of occupational fraud into three top-level branches, each subdividing into detailed schemes. The structure makes it possible to name a scheme precisely, compare it against known patterns in the ACFE's research data, and match it to the relevant investigative methodology.
This topic walks through all three branches in depth, draws on the quantitative data from the ACFE's Report to the Nations to show what the distribution of fraud looks like across real cases, and explains how the taxonomy functions as an investigation-structuring tool, not just a classification exercise.
A misclassified fraud is an investigation looking in the wrong place with the wrong tools.
Classification is not bureaucratic tidiness. It is an analytical necessity. Different fraud categories leave different evidence trails, are detected by different analytical methods, and are addressed by different control responses. An investigator who treats a procurement fraud as an expense reimbursement fraud will look at the wrong records. One who treats a financial-statement fraud as an asset-misappropriation case will interview the wrong people and apply the wrong accounting standards as the baseline for comparison.
The Fraud Tree is also a communication tool. When a forensic accountant says 'we are investigating a billing scheme in the accounts-payable function', the taxonomy makes that description precise and shared. Everyone in the investigation, whether they are a CFE, a CPA, an attorney, or a law-enforcement agent, understands what kind of scheme is alleged, what the evidence profile is, and what a successful investigation needs to establish.
The taxonomy originated with Joseph T. Wells, who drew on his FBI investigative experience and the ACFE's growing case database. It has been refined across successive editions of the Report to the Nations and is now integrated into the CFE examination curriculum, the AICPA's forensic accounting guidance, and many corporate fraud-risk frameworks worldwide.
The most common fraud category by far, covering everything from stolen petty cash to multi-million-dollar payroll schemes.
Asset misappropriation accounts for approximately 86% of all occupational fraud cases in the ACFE's most recent reports, though it produces a lower median loss than the other categories ($100,000 to $200,000 range in recent editions, compared to millions for financial-statement fraud). It divides into two main sub-branches: cash schemes and non-cash schemes.
Cash schemes subdivide into theft of cash on hand and fraudulent disbursements. Cash-on-hand theft includes skimming (taking cash before it is recorded) and cash larceny (taking cash after it has been recorded). The distinction matters for detection: skimming leaves no accounting entry to query, so it is typically caught by comparing expected receipts to recorded receipts using external data, not by examining the accounting records themselves. Cash larceny, by contrast, leaves a recorded receipt with a subsequent deficiency, which shows up in reconciliation.
| Scheme | Branch | Primary detection method |
|---|---|---|
| Skimming (pre-recording) | Cash on hand | Compare expected vs recorded receipts using external proxies |
| Cash larceny (post-recording) | Cash on hand | Bank reconciliation and cash-count procedures |
| Billing schemes (fictitious vendors) | Fraudulent disbursements | Vendor master-file analysis, duplicate invoice testing |
| Payroll fraud (ghost employees) | Fraudulent disbursements | HR/payroll cross-match, payroll re-analysis |
| Expense reimbursement fraud | Fraudulent disbursements | Duplicate payment testing, policy compliance review |
| Non-cash theft (inventory, equipment) | Non-cash assets | Physical inventory count, asset register reconciliation |
Fraudulent disbursements are the largest sub-category within asset misappropriation, and billing schemes are the single most commonly identified scheme type. A billing scheme involves a fraudster causing the organisation to issue a payment for fictitious goods or services, inflated invoices, or personal purchases run through a company account. The fraudster typically creates a shell vendor or uses a real vendor account to which they have redirected payment, and the payment flows to an account they control.
Corruption schemes involve a third party and are the hardest to detect, because both sides have reasons to conceal the arrangement.
Corruption accounted for approximately 38% of cases in the ACFE's 2022 Report to the Nations (cases can involve multiple fraud types, so percentages do not sum to 100). Corruption schemes involve an employee misusing their position or authority for personal benefit, almost always in collaboration with an external party: a vendor, a customer, a regulator, or a competitor.
The four primary sub-categories within corruption are bribery, kickbacks, conflicts of interest, and economic extortion. Bribery involves offering, giving, receiving, or soliciting something of value to influence a business decision. Kickbacks are a specific form of bribery in procurement: a vendor pays a percentage of a contract back to the employee who awarded the contract, typically in cash or through an intermediate entity. Conflicts of interest arise when an employee has an undisclosed personal or financial interest in a transaction they are making on behalf of the organisation.
The rarest category and the most expensive: where accounting elections become weapons.
Financial-statement fraud represents fewer than 10% of cases in the ACFE's data, but it produces by far the highest median losses: in the range of $500,000 to several million dollars per case in recent editions, compared to $100,000-$200,000 for asset misappropriation. This reflects the nature of the fraud: it is typically perpetrated by senior management or executives, who have both the capability to execute it and the authority to direct the accounting treatment that conceals it.
Financial-statement fraud subdivides into schemes that overstate financial performance and schemes that understate it. Overstatement is far more common: inflating revenues, understating expenses or liabilities, and overstating assets. Each of these has multiple scheme variants documented in the taxonomy. Revenue fraud includes fictitious sales, premature revenue recognition, and channel-stuffing. Expense fraud includes capitalising operating costs (WorldCom's core technique), suppressing accounts payable, and off-balance-sheet liabilities (Enron's SPE structure).
Understatement fraud, where an organisation deliberately underreports its performance, occurs less often but is not rare. It appears in tax-fraud contexts, in situations where an executive wants to depress a target company's price before a buyout, or where a controlling shareholder is diverting profits to related parties not reflected in the financial statements.
The most common fraud type and the most expensive fraud type are almost completely different, which has direct implications for resource allocation.
Every two years, the ACFE publishes its Report to the Nations on Occupational Fraud and Abuse, analysing data from thousands of actual fraud cases investigated by CFEs across multiple countries. The data are gathered from the investigators, not the organisations, which reduces underreporting bias. The resulting frequency and loss figures are the most concrete available benchmarks for fraud risk management decisions.
The consistent finding across editions is a stark inversion: asset misappropriation is the most frequent branch by a large margin (85-90% of cases) but produces the lowest median losses. Financial-statement fraud is the least frequent (9-10% of cases) but produces median losses often five to twenty times higher than asset misappropriation. Corruption sits in the middle on both dimensions. This pattern holds across industries, countries, and organisation sizes.
For an organisation deciding how to allocate its fraud-prevention budget, the frequency-versus-loss relationship has a direct implication. If the goal is to prevent the largest number of cases, resources go toward asset-misappropriation controls: segregation of duties, surprise audits, and cash controls. If the goal is to prevent the largest financial impact, resources go toward financial-statement fraud detection: strong audit-committee oversight, management-override controls, and whistleblower channels that give employees a safe route to report concerns about how the organisation is reporting its results.
Classification is step one. It determines steps two through ten.
When an allegation arrives, placing it in the taxonomy early is one of the most valuable early steps an investigator can take. The categorisation is a hypothesis, not a conclusion, and it will be tested and possibly revised as evidence accumulates. But it immediately directs the investigation toward the right data sources, the right interview sequence, and the right control-failure narrative.
Which branch of the ACFE Fraud Tree is most common by frequency but produces the lowest median losses?
Test yourself on Forensic Accounting and Financial Forensics with free, timed mocks.
Practice Forensic Accounting and Financial Forensics questionsSpotted an error in this page? Report a correction or read our editorial standards.