Fraud is not an easy task to commit. Money can not leave the company without stringent checks. Purchasing is the most crucial area to look for frauds. Purchasing fraud in its many forms leads as a source of losses, since paying vendors is one of the primary ways money leaves a company. Kickbacks, fake bills, fake vendors and conflicts of interest involving companies’ employees or officers and vendors are some of the most common purchasing frauds.
Though many of the experts say that “Internal control helps to prevent the frauds” – if this is the ultimate truth then the big companies having stringent internal controls would have never fallen prey to the occupational frauds.
Fraud is altogether a different ball game and to combat this creature along with the strengthening of the internal controls one also needs to assess the risk of frauds on the perpetual basis. Proactively managing the risk areas is not easy job. External auditors can do it but the small and medium sized companies can not afford the costs of extensive auditing.
According to the Economic Crime Survey of PriceWaterHouseCoopers smaller organisations detected a far greater proportion of economic crime through audit processes than by other means. Given the respective size of the organisations this is most likely to be via the external auditors – a worrying finding that suggests smaller companies may be placing too little attention on the development of effective controls and alternative checks and balances. Over-reliance on a single annual review to root out problems may be playing into the fraudster’s hands.
Perpetual assessment is the key to avoid the frauds all across. Apart from Microsoft Access, Excel, ACL and Idea, $afeGuard can be a useful tool in detecting common red flags of accounts payable fraud schemes.
One of the very common schemes of accounts payable frauds is fictitious company scheme. Employee fraudsters often set up fictitious vendors to commit a billing-scheme fraud. The fictitious vendor might be a shell company that provides no products or services. Or it might be a pass-through company, where the fraudster becomes an unnecessary intermediary between the legitimate company and the victim company to earn an unauthorized profit on payments to the legitimate vendor.
When setting up fictitious vendors in accounting information systems, fraudsters often leave behind clues that enable auditors to detect their crimes.
Common red flags include the following:
An employee’s home address matches a vendor’s address.
An employee’s initials match a vendor’s name.
A vendor’s address contains a P. O. Box.
Vendor’s data is missing
Perpetual assessments done with the aid of software will easily catch the above fraudulant schemes. However there are some more things which virtually every business owner should know in order to reduce the fraud losses.
Standards for supplier selection: Choosing the right supplier for the right material is not possible for every organization. Especially the small and medium organizations don’t formalize their procedures and lose substantial revenues because of incorrect selection of the vendors. A company should be uniform in the way it buys its goods and services. This includes establishing and enforcing competitive bidding rules, seeking quotations from genuine vendors and rules specifying what employees may accept from suppliers in the way of gifts and perquisites. What is considered as bribe is a point of legal importance in case of proceedings.
Maintain good internal controls: Keep files on all vendors, including information from reliable sources regarding the vendors’ business activities and reputations. Keep on rating the vendors based on various pre-defined criterions. Keep track of the address of the vendors. How many times did he change the communication address, whether PO Box number is mentioned in the address of the vendor?
Concurrent Analysis of Payments to Vendor: Payments need to be analyzed as and when they are made. Lesser the gap between payment date and the analysis date more are the chances that exceptions will be caught. If the exceptions are caught real-time then it becomes easier to recover the proceeds of the fraud if there is any. Perpetual analysis with tools such as $afeguard helps the owners of the businesses to check vendors and suspicious activities of vendors. Benford’s analysis is one of the methods of analyzing the payments digitally using statistical theorems. The frequency of the particular number occurring more than its probability determines the patterns of payments which may result into the fraud.
Require disclosure by employees and suppliers. Employees responsible for purchasing, and all senior executives, should be asked annually to complete conflict of interest statements and to disclose interests in related parties. Suppliers should be asked to disclose their ownership and financial condition. This helps as the deterrent for the employees who try to collude with the vendors to dupe the employers. There remains a moral tension when the employee gives the disclosures.
Verify disclosures and reputations. Confirm that the company exists as a legal entity. Check out possible sister corporations, companies that are affiliated with the supplier through common ownership or officers. Also check for multiple companies at an address or phone number, which can be easily done with a city “criss-cross" directory or similar resource. If two suppliers share an address, there is a potential for bid-rigging.
Small Businesses often don't exert enough control over vendors, they don't treat control as an organic process, so they're not always looking at the flow of transactions and who the vendors are and the procedures they follow when using vendors. We still see a lack of due diligence on vendors and also just a lack of a risk-based approach where the company is constantly looking at situations, testing weaknesses, analyzing vendors and identifying suspect vendors.
Some of the testing techniques include looking for multiple vendors at one location or phone number, or vendors who use box numbers or post offices. Consecutive or duplicate payments to one vendor also merit special scrutiny, as those payments may be attempts to avoid authorization limits.
If some body asks you what is there in name? Then there is a possibility that you might be caught on the wrong foot. Names of the vendors tell you everything. Simple analysis of the names of vendor can raise red flags. One should be always suspicious of companies with names that don't tell you what they do, like ABC Management Co. or company names that are just slightly different from well-known companies like I. B. M. Chemicals or Cesco Inc. Generally these names are created with the intent of facilitating the payments. Names that appear to be broker or sales or marketing companies should also be considered, because those are soft services.
A last word of caution about payments to vendors is Benchmarking. One should keep on comparing the purchases of the company with other companies on regular basis. This is a test which no software can do for the business. One needs to keep asking if similar business organizations require these services. If other businesses are paying at the same rate for same services?
Analyzing the accounting databases on these lines is not the assurance that your company is free of frauds but it will definitely help in providing a peaceful sleep at night.
About the author
Mr. Mayur Joshi authored this white paper. He is a Fraud Examiner and is associated with Indiaforensic research foundation for more than 5 years.