Busting Accounts Payable and Disbursements Fraud
10.02.2013 The noted bank robber, Willie Sutton, was once asked, “Why do you rob banks?” Legend has it that Sutton’s response was, “Because that’s where the money is.” Not unlike banks, the accounts payable and cash payments process within any business is “where the money is.” This is probably why accounts payable fraud, sometimes called “vendor fraud,” is one of the most common methods for white collar criminals to exploit their employer’s resources. Accounts payable is literally at the ‘tip of the spear,’ when it comes to the volume of cash that leaves a business, whether by proper or improper means and methods
Categories and Statistics
Every other year, the Association of Certified Fraud Examiners (ACFE) publishes the results from its global fraud study, in the Report to the Nations on Occupational Fraud and Abuse. In the Report, fraudulent disbursements include payments made from the accounts payable system, as well as from payroll processing and payments straight from the cash register.
In the 2012 Report to the Nations, fraud from billing schemes, fraudulent expense reimbursements and check tampering accounted for 51% of all fraud cases. The median losses for billing schemes, expense reimbursement fraud and check tampering were $100,000, $26,000 and $143,000, respectively. While other categories of fraud, such as Financial Statement Fraud and Corruption were far more costly, vendor fraud was far more commonplace.
Fraud Prevention Framework
Remember this: in its essence, accounts payable processing is a vendor or supplier (whether legitimate or not) that is requesting to be paid for goods and/or services, and presenting supporting documentation to receive that payment.
When you think about protecting your business from fraud, imagine a traffic light – red light at the top, yellow light in the middle and green light at the bottom. The red light represents your risk – how the fraud scheme is committed. The yellow light represents ‘caution,’ or the symptoms you may notice that may help you detect the fraud (sometimes called ‘red flags.’) The green light represents ‘go;’ the internal control measures that you can proactively implement in your quest to prevent workplace theft and abuse.
Here I will provide A) an example of the sub-categories of vendor fraud (‘red lights’), as well as B) symptoms, red flags and detection (‘yellow lights’) and finally, C) controls, countermeasures and prevention (‘green lights’). So, away we go…
Examples of Fraud: Red Lights
Shell Company: An employee creates a bogus company and bills the company for goods or services that are not actually provided. It may also include inflated, above-market prices on the invoice for goods and services delivered (which is called a ‘pass-through’ scheme).
Personal Purchases: An employee orders personal items and submits an invoice to the employer for payment. Lately, we’ve seen this scheme manifest itself in the personal use of company credit cards or procurement cards (‘P-cards’).
Fraudulent Expense Reimbursements: An employee files a false, inflated or fictitious expense report claim, requesting reimbursement for personal meals, travel or quasi-business goods or services. This scheme may also involve submissions of duplicate or inflated expenses.
Check Tampering: An employee steals blank checks from the company, inserting his or her name, or the name of a collaborator. The employee may also intercept a legitimate, outgoing company check, forge the endorsement or alter the payee name, and then deposit into their personal bank account. I’ve also seen this take the form of counterfeiting, where the fraudster takes bank account and routing numbers from a company account and feeds it to an outside accomplice for reproduction on check stock purchased from an office supply store.
Symptoms: Yellow Lights Indicate Possible Fraud
Be on the lookout for…
- The causes behind increased costs, coupled with lower quality goods or services.
- Incomplete vendor information (address, tax identification number).
- Unusual, unauthorized vendor names or addresses added to the vendor master list.
- Missing or altered copies of supporting documentation, such as purchase orders, invoices and receiving documents. Watch for copies of these documents, instead of originals!
- Changes in lifestyle – lavish trips, jewelry, personal assets. Listen for bogus stories like ‘I won the lottery,’ or ‘a rich aunt died and left me her fortune.’
- Increase in purchases from favored vendors or unusually close relationships with suppliers.
- Goods received but not ordered. And goods ordered but not received, too.
- Data analytics may also show linkages between employee information from the employee master file and the vendor master file (address, related parties, bank account, etc.)
Green Lights: Implementing Controls for Fraud Prevention
Get ahead of the curve, by…
- Separating the vendor setup and approval process from the payment process.
- Rigorously vetting all new vendors, when they are set up.
- Frequently reviewing the vendor master file, with payment volume activity, for reasonableness and consistency with known business and operational trends.
- Maintaining and reviewing a log of sequentially numbered checks and payables processing batches.
- Setting up Positive Pay (or Reverse Positive Pay)
- Did I say, ‘Always require original receipts or invoices’? If I did, it’s worth saying again. Especially with expense reimbursement.
- And, oh, by the way, NEVER, EVER sign blank checks!
All said, be creative, connect the dots and don’t be afraid to think outside the box in your proactive (or reactive) stance toward vendor fraud prevention. Your valuable assets (cash, to be precise) are at risk, and your stakeholders would much rather you be proactive, than be faced with the need to be reactive, after the horses have left the barn, and the toothpaste is out of the tube.
About the blogger
David Sawyer is a partner with Frazier & Deeter, where he leads the Forensic Accounting practice. He is a CPA, Certified Fraud Examiner and licensed private investigator. He can be reached at david.sawyer@Frazierdeeter.com.