27 Sep 2011 e-invoicing and the automation of fraud revisited
Recently we wrote about how the introduction of e-invoicing could allow fraud to be automated alongside AP processes. The previous article is here. And in case anyone was in any doubt about how prevalent fraud can be, we thought it would be interesting to provide a little insight from the purchase to pay coal face on how easy it can be.
Small and medium sized businesses are especially vulnerable to fraud and as e-invoicing becomes more and more accessible to SMBs as the cost of entry drops, so there is the real and increasing risk that solutions will be put in place without the simple safeguards around the purchasing process that are necessary to prevent invoice fraud. But it isn’t just the smaller business that face the risk of AP fraud. Some of the biggest companies in the world leave the doors wide open to abuse.
It’s a few years back now, and I would hope that the company concerned has taken appropriate measures to tighten their controls, but I once witnessed the most obvious fraud happening under the noses of an AP team in one of the world’s largest and most successful manufacturing companies.
For obvious reasons they will remain nameless and if they could claim mitigating circumstances it would be that their huge success made growth their number one priority. Almost everything else was irrelevant – their sourcing strategy was a shambles and their procurement processes paltry. I was reviewing their AP process. This is how the conversation went when the AP team told me how they ran their European function.
“We receive an invoice and we match it to a P.O. in Oracle”
“What if there is no P.O?”
“We create one.”
“You retrospectively create a P.O.?”
“Yes. So we can match it to the invoice”
“And is there a value limit on this practice?”
“So if an invoice came in for €100,000, you’d create a P.O. for €100,000?”
“Yes. In fact, I can show you one”
“What proportion of invoices don’t have P.O.s?”
“Most of them”
It was obvious from a tiny sample what was going on. A supplier’s sales guy, heading for an important quarter end, only needs one more invoice to make his bonus – why wouldn’t he raise one. If he’s really dishonest, just keep raising them. Make them bigger and bigger. It will always be paid. The customer is a big company – it’s a victimless crime – if it is a crime. It is so easy for a fraudster to justify their actions to themselves.
If fraud is possible – it is happening already. Fraudsters are like vermin – they’re never far away. Whatever you do to protect your business against them, they’ll find a weakness and when they do, they’ll exploit it relentlessly. And in the digital age we need to be even more cautious because just as we can automate our business processes so can the fraudster automate their theft.