If you believe your company has experienced supplier fraud, it’s not your fault. Hiring a private investigator can you help you uncover vendor fraud before it’s too late.
To a degree, businesses operate on the principle of trust. All to often, that trust presents a problem when it opens your company to the risk of fraud. To combat fraud, it is important to understand the specific fraud risks for your company. One common form of fraud and a critical area to watch is supplier or vendor fraud which typically involves some form of manipulation of the company’s accounts payable, redirecting payments to accounts controlled by the fraudster.
If you already suspect supplier/vendor fraud, a private investigator can identify and mitigate its impact on your business.
Both the procurement processes and payment process are susceptible to fraud.
In procurement, the offender will often create fake vendors who exist in name only, hoping to bypass your controls and weasel their way into your vendor master database. There is usually an insider involved in these fake vendor ploys who will personally approve the vendor master changes, purchase orders, and payments.
A variant of this involves what is best described as business-level identity theft. The schemer will send legitimate-looking communications or will make a phone call to request bank account and address changes that can redirect payments meant for one of your suppliers.
Likewise, an insider can exploit any stale accounts. The fraudster will identify old open service POs containing outstanding balances, change the bank account, then submit invoices against the PO for dollar amounts lower than the standard matching tolerances.
Fraud also happens on the payment side. Someone can simply submit fake invoices and hope they will escape scrutiny. Often an unwary payables clerk will just create a new vendor record so the invoice can be paid.
Ten Tips for Preventing Fraud
No matter the source or the sophistication of the fraud, there are actions you can take to regain the upper hand and protect your bottom line. Consider implementing the following strategies, and you’ll be well on your way to reducing your risks.
Due diligence When setting up vendors
Since supplier or vendor fraud, by definition, involves suppliers and vendors, data is a great place to begin when combating fraud. To start, your company should implement standard due diligence process for all new vendors. Examples of this process could include:
Cross-checking vendor mailing addresses against employee mailing addresses. Any overlap would be an obvious red flag.
Verifying the legitimacy of vendors with only a post office box address
Verifying vendor tax ID numbers and telephone numbers
Verifying vendor or supplier ownership through business registration databases, the cross-checking for conflicts of interest with employees, board members or other key parties.
Having a third party review and approving any new vendors every month.
2. Use a supplier/vendor portal for change control
How often does accounts payable receive phone calls and email messages from suppliers and vendors asking to change a bank account number, address, or point of contact? How often are those changes verified and tracked to safeguard against scams?
It’s time-consuming and risky to make changes directly in your vendor master file. A practical alternative is implementing a supplier portal for secure self-service registration and change control. This creates a single source for vendor information that is tightly controlled and automatically vetted before payments are made.
Suppliers and vendors can enter and makes changes to their business name, mailing address, tax ID number, bank account, and other crucial information. A quality portal will automatically validate information in real time using available databases. Any inconsistencies will be flagged and must be resolved for registration to continue.
Any changes that are needed after the initial registration will need to be made by someone with the vendor’s login and password. Moreover, the portal keeps a log of each login, any changes made and the approvers, which enforces segregation of duties, dual control, and compliance.
3. Segregation of duties
There should be clear divisions between:
Personnel who receive goods and authorize services
Personnel who process invoices and those who process payments.
Personnel that process payments, those that receive bank statements and those who reconcile the bank accounts.
There most certainly should be an independent review of these functions completed regularly.
4. Close old POs and vendor master records
Any PO remaining open after a vendor has completed its work for your company is like leaving cash on the table. POs, which are meant to control spending and prevent fraud, provide an opening for fraudulent transactions to slip through.
Screen regularly for inactive POs and vendor records. Close POs with more than six months of inactivity and vendor records with more than 13 months of inactivity.
5. Tighten your payment approvals
At times, the simplest controls are the most overlooked. According to a recent survey, nearly half of companies don’t require a second approval for large payments. Many of us are eager to reduce touchpoints and streamline our procure-to-pay process, but the risks associated with large payments are just too great to ignore. Having a second pair of eyes review the information before large payments are released just makes sense.
6. Cross-reference supplier information with employee records
The ACFE Report to the Nations contains mind-boggling statistics on the costs of occupational fraud. The median loss is $150,000 when employees are involved. In nearly a quarter of employee-related fraud cases, losses will top $1 million. Codes of conduct and whistleblower hotlines just aren’t enough. You need additional control methods to reduce your risks.
Fortunately, there is fraud detection software that can cross reference employee records against your vendor master records to identify any overlap. If an address, phone number, bank account number or other details are found to exist in both, you’ll be notified and can investigate and intervene. Do fraud detection solutions work? According to the data reported in ACFE’s Report to the Nation, yes. Businesses using proactive data monitoring tools average roughly a sixty percent drop in losses from fraud.
Leveraging data-mining techniques
Data mining is a new area that companies can utilize to detect and prevent fraud. Internal and external audits rely on analysis of company data for fraud identification but audits only examine a fraction of the company’s data. Data mining conducts targeted analysis of all available data to identify trends, establish baselines and recognize anomalies.
A common use of data mining to fight vendor fraud is analyzing vendor payments to establish benchmarks. These benchmarks are then used as guidelines to identify anomalous payments to be investigated. Basic trend analysis is typically a great place to start. By knowing the average size of payments to a specific vendor and the average amount paid to that vendor each month, quarter or other established period, you can set expectations, and receive notification when those expectations are not met.
You can also flag a variety of specific patterns within the payments that could indicate fraud. Some of which include:
Payments falling just below the approval limit
Payments that deviate from standard payment procedures (payment by paper draft vs. electronic)
Payments with rounded dollar amounts
Payments with out of sequence or consecutive vendor invoice numbers
Payments with an alpha character at the end of an invoice number
Payments with delivery addresses which are different from payment addresses
Payments with duplicate amounts on the same date
8. Focus on common fraud attributes and patterns
Certified fraud examiners understand that there are distinct patterns and traits which signal a fraud scheme is present. Examples include consecutive invoice numbers, high-risk addresses and countries, small initial invoices meant to test the waters, and the use of private mailboxes which mask the absence of a physical address.
You should proactively monitor your payment systems to prevent losses before payments are disbursed. You should also perform regular audits to uncover and stop fraudulent activity which might have been overlooked in the past.
9. Use an e-invoicing solution
Moving from paper invoices and implementing e-invoicing or other automated, self-billing invoice systems will give you greater control over a vital entry point for costly billing schemes. Most invoice automation processes start with an approved vendor list, reducing the risk of bogus invoices being used to generate a vendor record. Like a supplier portal, only certain authorized individuals can access the e-invoicing system to submit invoices. Once a supplier is set up on an automated invoicing method, any invoices submitted through other pathways are rejected.
10. Use direct deposit
Most businesses adopting an e-invoicing solution also implement an automated clearing house (ACH) or other electronic payment processes. When using electronic payments, check tampering is no longer a concern. Direct deposit removes manual touch points and provides a secure path directly from your company’s bank account to that of your supplier.
Use an integrated approach
Since there is no single solution to protect against fraud, it is best to use an integrated approach and to do many things well. Implement the right technologies. Tighten your controls. Examine past data to uncover fraud which may already be embedded and be proactive to prevent potential scams before they can occur.
These are just ten ways you can protect your company from supplier/vendor fraud. Ensuring both preventive and detection controls are in place being enforced will go far in reducing your company’s fraud risk.
If you are uneasy about your vendor relationships, Phenix Investigations will assess suspected fraud and provide a detailed analysis.