Is Your P2P at Risk for Fraud?
Six Signs Your Company's Procure to Pay Is at Risk and What You Can Do About It
The Corporate Fraud Epidemic
The impact of fraud on today’s businesses and organizations is staggering. Just take a look at these examples pulled from headlines.
- The former head of digital fraud and security for the international Lloyds Banking Group was charged with defrauding his company of more than £2.5 million by creating false invoices and pocketing the income.
- Two employees of the U.S. Army Corps of Engineers pleaded guilty to a scam involving $30 million in payments made to bogus companies they created.
- Authorities in China arrested 18 people in a crackdown on an alleged invoice forgery ring; they confiscated more than 2.5 million fake invoices.
The activities of such fraudsters can be tough to detect—especially by companies with far-reaching global operations and multiple shared services centers. In its 2018 Report to the Nations, the Association of Certified Fraud Examiners (ACFE) says the typical organization loses 5 percent of its revenues to fraud each year – an estimated $4 trillion dollars industry-wide.
Most scams last a median of 16 months before being detected, ACFE says, and only about 1 percent of them are uncovered via IT controls. What’s more, almost half the organizations that fall victim to fraud fail to recover their losses.
Nowhere is the risk greater than in the procure-to-pay cycle, which represents the largest annual outlay for most companies. The ACFE says internal control weeaknesses were responsible for nearly half of frauds. Fraudsters simply follow the money. Often the perpetrators are trusted employees who are familiar with internal financial controls and know how to fly beneath the radar.
Here’s just one example of how it can happen. A member of the accounts payable team for a Fortune 50 company bilked her employer by establishing her brother as a fake vendor and paying him $9,999 weekly. The invoice amount was one dollar shy of the $10,000 limit requiring a second authorization. This well-orchestrated fraud put the employee on track to net more than $500,000 a year.
Do you have a fraudster on your own team?
Signs Your Organization Could Be a Victim of Fraud
While there can be dozens of potential tip-offs that a fraud scheme may be underway, here are six of the most common that you should definitely have on your radar screen.
1 Employee-Vendor Matches. Overlapping vendor and employee data, such as a mailing address or phone number, can signal that your own employees are conducting fraudulent activity.
2 Initials in the Vendor Name. Fraudsters use this technique to mask their true identity and to make it difficult for them to be found or identified if the illegal activity is discovered.
3 High-Risk Countries. Statistics show fraudulent transactions often can be correlated with countries scoring low on Transparency International's Corruption Perception Index and known to be havens for entities involved in fraud, money laundering and other corrupt practices. Ranking the lowest in the 2019 list are Somalia, South Sudan, Syria and Yemen followed closely by Venezuela, Sudan, Equatorial Guinea and Afghanistan which tied for being the fifth most corrupt countries.
4 Consecutive Invoice Numbering. It is unlikely a vendor is providing goods or services to other customers if the invoices you receive are numbered consecutively. If you are the only client, fraud may be the likely reason why.
5 Small First Payments. Fraudulent vendors who want to test your internal controls often will submit a small initial invoice, followed by larger amounts once they are firmly established in your systems. Look carefully for this suspicious pattern.
6 Round Amounts. With a few exceptions in professional services, invoices generally have dollars and cents. Summing to total rounded or even amounts is unlikely, but happens more frequently when contrived invoice amounts are created.
Why “Sampling” Is Not Enough to Uncover Fraud
Uncovering fraud in accounts payable can be a complex undertaking. It is virtually impossible for large companies to manually screen each vendor record and each invoice for fraudulent trends and anomalies—especially before disbursements are made. Instead, many organizations try to sample accounts payable data at some regular interval or after the fact.
Though sampling for signs of fraud is helpful, be forewarned that it has serious limitations. Experience shows the greatest potential for fraud is at lower spending limits where businesses have the largest number of vendors and invoices. That means huge data sets are needed for sampling to be effective. Both the time and expense involved are simply beyond the reach of most organizations.
How Audit Software Reduces Your Fraud Risk
To reduce costs and improve the thoroughness of fraud screening, many companies are turning to software-based tools that analyze all data—not just a sample. These systems are specifically designed to review your vendor and employee databases and invoice activity company-wide for high-risk characteristics—from vendors and employees who share the same mailing address to invoice or payment amounts that fail to match expected patterns.
Companies can use these powerful fraud detection tools in two ways. First, they can perform a retroactive audit to uncover and halt fraudulent activity overlooked in the past. Many find they recoup their investment in the software with this single data sweep.
The results can be heart stopping. One example: A large retailer used detection software to analyze 100,000 vendors and rank the 100 most risky. Subsequent investigations confirmed that approximately 40 percent of the top 100 were indeed problematic, representing tens of millions in lost revenue.
In addition to retroactive audits, fraud detection software can be used to intervene and prevent losses proactively. A data delimited file is pulled from each payment platform and analyzed for anomalies before payments are issued. The software produces an easy-to-use report ranking risky vendors and invoices by the level of threat they represent.
With data at your fingertips, you’ll be poised to further investigate potential fraud or policy violations and can intervene to protect hard-earned revenues. These same reports can be used to uncover systemic process weaknesses so you can shore up controls and policy enforcement.
Reducing Fraud Investigation Time
With the detailed case information that software and user analysis can produce, you also can shorten the time it takes to investigate fraud—readily answering the typical questions an investigator would ask.
A large global retailer using fraud detection software and risk analysis procedures, reduced investigation time from 12 weeks to just three days. That meant the retailer’s internal investigation team had time to pursue more suspected instances of fraud and could protect tens of millions in revenues that otherwise would have been lost.
WHAT TO LOOK FOR IN FRAUD DETECTION SOFTWARE
If you want to add automated fraud detection to your arsenal, look for a solution that adheres to industry best practices. Here are a few of the important features of best-in-class software:
- Reviews all data routinely, not just a sample.
- Provides a continuous auditing framework—from supplier setup through invoice reconciliation.
- Analyzes a wide range of vendor and invoice attributes right out of the box, without the need for costly software development.
- Easily extracts the data to be analyzed from all types of payment platforms, whether commercially available or developed internally.
- Compares employee data to vendor files and payment information in order to spot internal collusion.
- Raises an alert if transactions involve countries perceived to be a high risk for corrupt practices.
- Provides actionable results packaged in concise, easy-to-read reports that rank potential risk, minimize the number of false positives and capture the information you need to intervene.
- Supported by a company that invests in ongoing product development and evolves its analytics to keep up with savvy fraudsters.
Flexible Deployment Models
You also should look for a solution backed by a vendor who offers flexible deployment models. That means you will have the flexibility to integrate fraud monitoring into your accounts payable operations in a way that works best for you. Industry leaders will offer these options:
- Fraud detection software as a cloud-based, managed service. On-demand subscription pricing options and virtually limitless capacity can help you quickly respond to changing business needs.
- Fraud detection incorporated into a recovery audit. If you’re not ready to invest in fraud detection software or to sign up for a managed service, you can look for a recovery audit partner who incorporates fraud detection software into the recovery audit process.
One caution: There are a number of popular enterprise resource planning and management solutions that support accounts payable operations. Don’t be lulled into thinking these systems are enough to help your company detect and prevent fraud. They aren’t set up for that purpose and don’t have the in-depth capabilities required to get the job done. Instead, look for a solution especially tailored for the task at hand.
To Find Out More
If you would like to learn more about how to prevent fraud at your organization, contact apexanalytix at +1 800-284-4522.
About the Author
Derick Burgin is the Account Manager for Vendor Risk Compliance with apexanalytix and is a member of the firststrike® Consulting group, which implements and supports apexanalytix software for clients. In this role he manages vendor risk engagements, educates clients on third-party risk, evaluates vendor data and provides recommendations in support of client fraud risk and compliance initiatives. Prior to joining apexanalytix, he was a Special Agent with the U.S. Air Force Office of Special Investigations (OSI) assigned as a Procurement Fraud Criminal Investigator. He has also worked as a Special Agent with the National Geospatial-Intelligence Agency (NGA) Office of Inspector General (OIG) and the U.S. Department of Commerce Bureau of Industry and Security (BIS) where he investigated criminal violations related to the export regulations. Derick holds a BS in Bioengineering from Clemson University and a MA in International Affairs from Washington University in St. Louis. Derick is also a Certified Fraud Examiner (CFE) and a certified EnCase Computer Forensics Examiner (EnCE)