18 Jan 2012 6 top ways to perpetrate purchase to pay fraud
Purchase to pay process, SOX controls, segregation of responsibilities – to a business they can, and are, seen as obstacles to just getting things do. But they are a necessary evil. Without them fraud would be rife.
So what are the most common purchase to pay frauds? We can’t know for certain which are employed most often but based on common knowledge and a bit of personal experience we think these are good candidates for the top six.
If someone can get administrator access to the finance system, its like having the keys to the safe. There’s lots of ways of persuading the IT team to give you admin access especially if you’re involved in system design and testing. Needing to set up new user accounts out of hours for testing has been known to do the trick. In an organization that hasn’t buttoned down its IT security procedures, there is always a way. Once granted admin access, new fictitious users, suppliers – even bank details – can be set up.
2. Fake invoices
This requires collusion with a supplier. You’d be surprised how many companies will retrospectively create a purchase order to match a fake invoice in order to get it paid. If invoices are paid on the nod below a certain level, this loophole can easily be exploited. Let’s say for example that any invoice below $1,000 gets paid – even if there’s no purchase order – all that is required is to have a chat with a friendly supplier, get a few invoices submitted and split the proceeds.
3. Make friends and undermine the SOX controls
Segregation of responsibilities is all about preventing collusion and these controls are the enemy of the fraudster who will work hard to undermine them. The fraudster will make friends, do people favors and offer to take workload off colleagues. When they need to call in a favor that involves compromising controls – it becomes easy.
4. Receipt goods that have never been delivered
This is so easy and almost impossible to detect in the right circumstances. Take for example a building site. If the concrete is being supplied by “friendly” supplier, the deliveries are signed for but they are never actually dropped off. The truck leaves the site without dropping off the concrete. The “friendly” supplier gets paid twice for a single delivery. The architects wonder why it’s taken twice as much concrete to build the office block than they estimated but by the time they figure it out, the trail has gone cold.
5. Kick backs
There are often unwritten clauses in supplier contracts. Whether it’s cash or a few freebies, many suppliers will collude to build in some costs to cover “commission”.
6. Diverting supplier payments
Finally, this simple scam has been known to fool even the most competent AP team. A supplier is selected that invoices large amounts regularly. A bank account is then opened in their name – or rather, nearly their name. Once the account is opened, it’s a simple matter to inform AP of the new bank account details. They probably won’t notice the minor name change and once set up, the fraudster can enjoy a few week of someone else’s money before anyone knows there’s a problem.
The graphic may be ironic but it’s no joke. Without proper P2P process, all of the above frauds are possible.