How to identify, control, and prevent Accounts Payable (AP) fraud - 27 warning signals and 40 Anti-fraud tips

Fraud is rampant everywhere. The total cost of occupational fraud exceeded $7.1 billion according to the 2018 AFCE survey reports. The survey included 2690 cases of occupational fraud in 125 different countries that were reported by Certified Fraud Examiners. This according to AFCE 'does not come close to representing the total amount lost to fraud. The true global cost of fraud is likely magnitudes higher, especially when factoring in the indirect costs, such as reputational harm and loss of business during the aftermath of a scandal.' Billing fraud costs victim organization $100,000 according to the same report.

Accounts Payable Best Practices

In view of the preceding and given the current business environment, mounting regulatory pressures, and the increased visibility and importance of the accounts payable function, best practices are something with which every professional need to be conversant.

Accounts Payble Fraud

Building a world-class accounts payable operation and implementing the critical anti-fraud audits under procurement and accounts payable can prevent leakage that occurs due to poor and inefficient processes. This article provides the keys to the detection and prevention of Accounts Payable Fraud. It will equip you to identify red flags of the AP function and put basic anti-fraud controls in place.

Identifying the types of Accounts Payable fraud

There are two main types of Accounts Payable fraud:

types of payble fraud

  1. External fraud
  2. External fraud is perpetrated by outsiders such as vendors, customers, and computer hackers and Include

    • Billing schemes
    • Delivery of substandard goods at full price
    • Shell companies
    • Social engineering
    • Subcontractor scams
    • Kickback schemes via involvement with insiders
    • Theft of confidential accounts payable data
    • Check fraud such as check counterfeiting, interception and forgery
    • ACH fraud: Theft of funds through the Automated Clearing House financial transaction network
  3. Internal fraud
  4. Internal fraud is when the employer is cheated via billing schemes.

    According to Kroll, approximately 67% of corporate fraud committed by insiders (Kroll)

    Some of the schemes commonly known as billing schemes are:

    • Shell Company schemes: A dishonest employee creates a shell company to bill the employer for goods and services it does not receive thereby converting the payment to his or her own advantage.
    • Pass-through schemes: The dishonest employee uses the shell company that is set up by him/her to purchase goods or services for the employer, then marks up and sells to the employer through the shell.
    • Pay-and-return schemes: A dishonest employee deliberately causes an excess-payment to the legitimate vendor and misuses the refund when the vendor refunds the excess-payment.
    • Personal-purchase schemes: A dishonest employee initiates purchase orders and payments for goods or services for personal use. The crook sometimes retains it for self and other times he returns it for cash.
    • Vendor master file fraud: A vendor master file with insufficient controls may let the dishonest employee adds sham suppliers, use inactive ones to commit billing fraud or make a fraudulent alteration of existing suppliers of existing supplier data in the vendor management file.
    • Kickback schemes: A dishonest employee colludes with the dishonest supplier and allows the supplier to submit inflated invoices, bill full price for substandard products or secure orders without competitive bidding.
    • Check fraud/tampering: Includes check counterfeiting, check-forging, enforced theft, interception or forged endorsement, check altering, concealed check schemes wherein an employee prepares a fraudulent check and submits it usually along with legitimate checks to an authorized maker who signs it without properly reviewing.

27 Warning signals or red flags to watch out for in Accounts Payable functions -

  1. What to watch out for in the invoices and invoice documentation
    1. Unusual pricing
    2. Unfamiliar vendors
    3. Even numbered pricing
    4. Supplier billings more than once a month
    5. Matching employee and supplier addresses
    6. Invoices of vendors that have only PO box address
    7. Large invoices are broken down into smaller invoices
    8. Invoices with company number that differs from their own
    9. Invoices for unspecified consulting services that are not specific or vague
    10. Invoices with the absence of employer ID or an invalid employer id
    11. Invoices that have consecutive numbers despite being weeks or month apart
    12. Unprofessional invoice related documentation such as purchase orders, shipping documents etc.
    13. Invoices in which the company names consist only of initials, - Although some legitimated companies have such names, it is a naming convention often used by crooks
    14. Invoices whereby the supplier address is different from the address in the vendor management file
  2. What to watch out for in the vendor management file
    1. Many inactive suppliers could indicate that pony suppliers are included
    2. Many duplicate suppliers with similar names in the vendor management files
    3. Many employees having access to the vendor management file may indicate theft by one or more of the authorized employees
  3. What to watch out for to identify kickbacks
    1. Replacement of a long-term supplier
    2. Unusual increasing rise in purchase of a particular product or services price
    3. Contracts awarded to the same supplier frequently or consecutively
    4. Unusual change in procurement trend of a particular product or service
  4. What to watch out for to identify check frauds
    1. Missing blank checks
    2. Missing signatures or seem to be forged
    3. Canceled checks appear to be erased or altered
    4. Dual or fraudulent endorsements of canceled checks
    5. Indications of forged endorsements on canceled checks
    6. When complaints about non-payments from suppliers and other payees abound (may be an indication that checks are stolen or altered.

40 ways to put anti-fraud controls in place

  1. Perform surprise audits
  2. Perform inventory checks
  3. Perform supplier audits
  4. Identify all post box addresses
  5. Place surveillance in key locations
  6. Apply multiple match techniques
  7. Match employee and vendor addresses
  8. Have a robust supplier validation in place
  9. Match employee initials to supplier names
  10. Perform regular audits including tests for particular red flags
  11. Manually review and compare payroll records against payees
  12. Apply basic analysis and audit techniques such as sampling, ratio analysis
  13. Use automation to detect irregularities in financial records
  14. Check supplier files for complete details
  15. Validate all suppliers to ensure legitimacy
  16. Place hotline to get employee tips to gather warning signals and potential evidence
  17. Perform audits for inconsistencies between invoices, disbursement records and canceled checks
  18. Ensure different personnel handle supplier approvals, purchase requests, purchase approvals, receipt and payment
  19. Implement Accounts payable transaction limits for specific personnel
  20. Ask approvals for purchase request beyond a specified amount
  21. Ensure that personnel authorized to approve purchases are not authorized to make changes to the approved supplier list
  22. Have a process to obtain competitive bids for all procurements beyond a certain amount
  23. Forbid purchase department personnel accepting gifts from suppliers that have value beyond the organization's policy limits from suppliers
  24. Implement monitoring for duplicate invoices
  25. Ensure all shipping documents and shipping receipts for goods reach Accounts payable within one business day
  26. Match corresponding purchase orders, invoices, and receiving documents
  27. Perform vendor management cleaning periodically to remove and flag duplicate suppliers
  28. Scrutinize suppliers having the same name but different postal addresses
  29. To prevent check frauds, always use a combination of payment or use Positive Pay, Payee Positive Pay, Reverse Positive Pay
  30. Make use of ACH Positive Pay, and/or ACH debit filters
  31. Make use of enhanced security stock to prevent check frauds such as counterfeiting or forgery
  32. Understand and use the check/payment fraud prevention services that banks offer
  33. Check if there are invoices paid without a purchase order
  34. Without delay, scrutinize any long-time supplier replacement
  35. Use electronic systems that have audit recovery/double invoicing controls
  36. Use control management systems (CCM)
  37. Implement job rotations whereby the purchasing staff should be refrained from dealing with the same supplier for long durations
  38. Implement mandatory vacations for accounts payable staff
  39. Reconcile accounts
  40. Ensure that there is consistency in following bidding rules

Attend the seminar Account Payable Best Practices to learn the newest best practice every organization should implement to ensure crooks don't get their hands on money or sensitive information. This is one session you might want to invite your colleagues in accounting, auditing and payroll to so they implement appropriate best practices and are not bamboozled by some of the newest frauds.

Richard Cascarino,is the Principal of Richard Cascarino & Associates, a highly successful audit training and consultancy company based in Colorado and Johannesburg. He is a regular speaker at National and International conferences and has presented courses throughout Africa, Europe, the Middle East and the USA. Richard is a Past President of the Institute of Internal Auditors in South Africa and also a member of ISACA and the Association of Certified Fraud Examiners. He was a member of the Audit Committee of the Department of Public Enterprises in South Africa and chairman of the Audit Committee of Gauteng cluster 2 (Premier's office, Shared Services and Health). He is the author of the "Auditor's Guide to IT Auditing" and the newly released “Corporate Fraud and Internal Control: A Framework for Prevention” both published by Wiley Publishing which is also used by universities worldwide.