Fraud In Accounts Payable And How To Prevent It
No matter the nature or the extent, fraud can wreak massive havoc for your business in terms of your finances and your reputation. Accounts payable fraud is often attempted in the form of fraudulent invoices (sometimes duplicate invoices) being submitted for payment. This can happen to companies of any size.
According to the Association of Certified Fraud Examiners (ACFE)’s 2020 Report to the Nations, the typical fraud cases lasts 14 months before it is detected and causes a loss of $8,300 a month. Certified Fraud Examiners (CFEs) estimate that organizations lose 5% of revenue to fraud every year – with the average loss per case coming in at $1,509,000 and the median loss per case coming in at $125,000.
Fraudsters tend to target small companies with the idea that they lack the manpower to find the fraud. They target large companies because they hope the things you get lost in the madness of high volume accounts payable departments. To protect the company, accounts payable staff members have to be vigilant. Otherwise, they could process false charges.
Transparency from end-to-end along with the ability to process every invoice knowing its full context is necessary to avoid paying fraudulent charges. To accomplish this, data must think between accounts payable, approvers, and the people who receive the goods or services provided by the vendor.
You Won’t See Fraud in the Overall Picture
When you look at the overall numbers, you won’t see fraud. The control over your accounts payable is in the details. You need to look into the individual transactions, find the potential loopholes, and apply your controls across the board. If you apply any kind of special exception or otherwise compromise your internal controls, you become a magnet for fraud.
Fraud Comes from the Inside, Too
Just because someone works for you doesn’t mean that they are completely exempt from suspicion. Your employees, however, are the ones that know where system weaknesses lie. Even the long-term employees you trust can commit fraud so it’s important to use consistent control to reduce the risk.
Data from the ACFE shows that a lack of internal controls contributes to nearly 33% of frauds. More than half of all occupational frauds come from operations, accounting, upper management, and sales.
Small businesses are at a higher risk for certain types of fraud than large organizations. The risk of billing and payroll fraud is 2x higher, while payment and check tampering is 4x higher.
Implement Strong Internal Controls Throughout the Procure to Pay Process
Separate your duties across the procure to pay process to increase and countability. To do this, you have to make sure that no person does more than one part of the process. This creates a checks and balances approach to help catch mistakes that another person may have missed.
Implement a Zero Tolerance Policy
Do not give exceptions to friends or write anything off as a mistake. If you see fraud, corruption, or any other ethical misconduct, terminate the employee. Tolerating these kinds of things will ultimately destroy the business.
Don’t Forget Expense and Travel Fraud
fraud is fraud whether it comes from inside or outside the organization. Expense reimbursement can cost your company as much as any other type of fraud. It tends to add up over time. Ann’s, someone who has successfully defrauded your company in one way, may be tempted to defraud you in other ways as well.
Avoid Common Weak Practices
Look through this list of common poor practices – and if you find that you can answer yes to any of these questions, change the process. All of these practices make it easier for fraud to occur.
- Do you allow a lot of rush checks?
- Do you allow management to override your procedures?
- Are you lackadaisical with your master vendor file?
- Does one person have control over multiple parts (or worse, all of) the duties throughout the P2P process?
- Do you return checks to requisitions?
Too many rush checks adds a sense of urgency that makes it easy to pay more than you need to, or pay something that you don’t actually owe.
If management can override your procedures, there is a group of people in your organization that can do whatever they want for their own personal gain.
Limit the number of people who can make changes to the master vendor file. Insist that consistency is used across everything in the master file, from the naming convention to how to enter invoice numbers. Otherwise, you’ll end up with duplicates, which will lead a time-consuming cleanup process during an audit.
Remove inactive vendors from the master file to avoid inadvertent duplicate payments and reduce overall fraud potential. Require vendors to provide all information, including a W9, not just what they feel is appropriate to provide.
Don’t allow employees to enter vendors into the master vendor file if they notice one is missing. In some companies, employees who process invoices will automatically add vendors if they notice one that is not in the master file. This causes duplicate entries for the same vendor, and may introduce fraudulent vendors.
Use Controls Around All Payment Types
While all payment types require controls, it’s not possible or practical to rely on the same controls for all your payment methods. You cannot use the same system to prevent check fraud that you would use to prevent corporate card fraud.
Positive Payments, for instance, can help you with ACH payments, checks, and direct deposits. With these, you can match incoming ACH credits and debits against your established business rules to determine the trading partners that are allowed to debit money from your account. Some banks also offer the option to set up rules for incoming transactions as well. Positive payments compared the check number and dollar amount of the check presented for payment to what is in your check issue file. Deposit positive pay is used on deposit-only accounts. You receive a notification each time a check is prevented for payment on the account and have the option to choose between pay or return. This is a good option for businesses that have multiple locations or departments making deposits into a single account, where check fraud is common.
To decrease card fraud, establish spending limits by employee or employee level, commiserate with their responsibility level. Conduct a compliance review every month, so there is a permanent oversight function to deter fraud.
The person who submits requests for new cards should not be the person who receives the new cards as this prevents unauthorized new account setup. This should also be done when it comes to paying the card issuer so you can be sure payments are legitimate.
Check to make sure that address verification (AVS) is on if you have an online store. If you find that you have a high dispute rate (the average is less than 1%) but you’ve got a zero-decline rate, it’s a good indicator that fraudsters have found a loophole to exploit.
You can also set up internal controls like requiring the original signature, or requiring dual signatures before anything goes through – meaning both the requestor and approver have to sign before anything moves forward.
When properly implemented, using automation can remove human error from a lot of the process. This not only reduces your fraud risk, but also helps save money by paying only for goods and services billed and received. It also makes it easier to pay invoices on time, allowing you to capture early payment discounts.
Automation sets up workflows based on transaction volumes, transaction limits, and so on. This ensures that employees can only spend what they are allowed. The ability to add vendors or edit vendor addresses, for instance, can be restricted only to a small group of people.
Audit trails keep track of who takes what action and when, so that if red flags arise, it’s easy to determine who to reach out to for a conversation.
Train Your Staff
The majority of AP process mistakes are a result of a lack of knowledge. Fraudsters like to target lower-level employees because they may not be aware of the latest techniques, which gives them an easy way. To avoid this:
Educate your staff about fraud prevention. Keep them current so they know what to be looking for and what to avoid.
Explain why your processes are in place the way they are, because this helps ensure compliance compared to just stating that a policy exists (and this works with more than financial policies).
Stay Up to Date with New Frauds and Fraud Prevention Processes
Every time you think you’ve gotten all the fraud schemes figured out so you don’t have to worry about it anymore, there’s going to be something new to worry about. No matter what you have in place to protect yourself and your system, there’s always someone out there doing their best to get around it – one way or another.
That’s why it’s important to regularly visit your fraud prevention strategy and update it as needed. Doing so means you always have to assume the potential fraudsters are highly intelligent and constantly trying to tear down your defenses.
The more fraud detection measures you have in place, the better you can protect your bank accounts and your business reputation.