Benford’s Law

How a Simple Misconception can Trip up a Fraudster and How a Savvy CFE Can Spot It

By Ken Stalcup, CPA, CFE

ken-stalcup-50x50.jpg   FraudBasics  

Who knew that Frank Benford’s number theory would turn out to be such a valuable tool for CFEs? Benford, an electrical engineer at General Electric in the 1930s, rediscovered the importance of the frequency of the first digit in a set of nonrandom numbers.

In the 1880s, astronomer Simon Newcomb, who used tables from logarithm books to multiply large numbers, noticed that the earlier pages of his tables – the pages containing the lower digits one, two, and three – were more worn than the pages with the higher numbers seven, eight, and nine. He thought that was an interesting observation and published a paper on it.

Benford carried the principle further. He said that in a set of data more of the numbers begin with a one, two, or three than with a seven, eight, or nine. This is counterintuitive; most people think the leading digits in a data set are equally likely to begin with a one as with a nine. Benford proved this isn’t true, and the result – Benford’s Law – has been the downfall of fraudsters and a boon to fraud examiners.


Benford’s Law, sometimes called the first-digit law, is expressed in this formula:

P(d) = logb (d + 1) - logb (d) = logb (1 + 1/d)

After testing several thousand data sets – such as utility bills from the Solomon Islands, street addresses of the first 342 people listed in the book “American Men of Science,” and the populations of American cities – Benford found that the first digits followed a definite pattern. That is, the first digit is a one almost one-third of the time, a two appears 18 percent, a three 12 percent, and so on until you get to the larger digits, which occur much less frequently; a nine appears less than 5 percent of the time. (See Exhibit 1)

It was an interesting observation, but it took several decades to find a truly practical application. In the 1990s, Mark Nigrini, Ph.D., a college professor, came up with a practical fraud application. Nigrini reviewed sales figures, insurance claim costs, and expense reimbursement claims and did studies on detecting overstatements and understatement of financial figures.

His articles in the April/May 1994 issue of the ACFE’s The White Paper (the precursor to Fraud Magazine), “Using Digital Frequencies to Detect Fraud” and in the May 1999 Journal of Accountancy, “I’ve Got Your Number,” confirmed the law’s proven usefulness to fraud examiners and auditors in accounting engagements.


Let’s look at the expected pattern predicted by Benford’s Law for cash disbursements. If you have a reasonably large sample, the leading digits of the checks’ amounts will follow the expected distribution curve, which is the red line shown in Exhibit No. 2.

A sample of checks pulled from a fraud-free account – see the blue line in Exhibit No. 2 – is plotted against Benford’s Law curve.There are some variations in the leading digits, but for the most part, the fraud-free distribution follows the expected pattern.

However, in Exhibit No. 3, the blue line represents a sample of disbursements from a known fraud. It shows a very different picture when compared to the Benford curve. There’s an unusually large number of checks beginning with a five or an eight. The stark zigzag doesn’t indicate fraud per se, but it says there’s a definite pattern of unusual disbursements that CFEs should look into.

Reviewing the data that created the spike around five showed several checks for an even $5,000. If that had happened only once or twice, it probably wouldn’t be noticed as a significant deviation from the expected. In this case, however, the recurring $5,000 upsets the overall pattern and you need to find what caused this anomaly.


You’ve been engaged to investigate an organization that has a review and approval policy on all disbursements exceeding $5,000 and write-offs for more than $10,000. You’ll use Benford’s Law to test disbursements and invoices billed to customers for the year because each is a large sample. Both will generally follow the sloping line in exhibit No. 1. If the results zigzag as they do in exhibit No. 3, you should start asking questions because something or someone is causing the numbers to fall outside a proven pattern.

Look for a digital anomaly occurring just below the review level. For example, if disbursements of $5,000 or more require two reviews, the fraudster is likely aware of this and might try to sneak in his disbursements just under that limit. Benford’s Law can catch this if the pattern is pronounced and repetitious. If you detect a larger-than-expected pattern of checks starting with the number four, you might be onto something.

Suppose you suspect a controller of inappropriate write-offs of billings to friends. In this case, you’ll review the sample of write-offs. Suspicious activity might include a higher level of write-offs below the review limit or any other instance in which the pattern of write-offs falls outside the expected distribution. In this example, if the controller was required to seek approval for write-offs exceeding $10,000, you would test for a zigzag or a spike in the range just below that limit. If the controller is routinely writing off amounts of $9,000, a Benford’s Law analysis will detect his activity and allow you to ask some pointed questions.


Benford’s Law won’t work on small samples. If you examine a bank account with 20 checks for the year, your sample isn’t likely to follow the predicted patterns. You need larger samples to make the test work.

The test typically won’t capture a fraudster who manipulates one or very few transactions. What does this mean? Well, you won’t catch a guy who wrote one check to himself, but you might catch someone who, through a series of transactions, manipulates the billings or payments enough to upset the predicted pattern.

There are other limitations. Not all data sets can be tested; assigned numbers, such as telephone numbers, Social Security numbers, and account numbers generally can’t be expected to follow Benford’s Law.


We’re living in extraordinary times. We’ve witnessed many huge financial scandals. There will always be individuals and organizations facing extraordinary pressures and struggling to meet earnings goals. Fraud is tempting, and fraud examiners need to know and use all possible tools to prevent and detect errors and irregularities. Benford’s Law is a quick, high-level tool you might find useful in auditing large pools of data. It can narrow the testing required, highlight the anomalies, and facilitate your work in fraud detection. 


Thank you, Frank Benford. 


Ken Stalcup, CPA, CFE, is auditor manager at Somerset CPAs, P.C., in Indianapolis, Ind. 


The Association of Certified Fraud Examiners assumes sole copyright of any article published on or ACFE follows a policy of exclusive publication. Permission of the publisher is required before an article can be copied or reproduced. Requests for reprinting an article in any form must be e-mailed to: