Preventing Accounts Payable Fraud

By Clark Keeler, BPM Director
February 9, 2011

According to the "2010 Report to the Nations" by the Association of Certified Fraud Examiners, the most common asset fraud, which makes up more than a quarter of all reported occurrences, involves purchasing and vendor billing schemes. By the time these schemes are uncovered they have, on average, been operating for two years and resulted in losses exceeding $125,000….regardless of the size or type of organization.

After most organizations discover fraud, the first corrective action that they do is strengthen their internal controls. Why? Because they are the processes that management implements to ensure that fraudulent activities are either prevented, or detected in a timely manner.

In order for fraud to occur, the perpetrator has to perceive a need and have a justification for the fraud. More critically, the perpetrator needs to have the opportunity to commit the fraud. Accounts payable fraud is usually a crime committed by an employee, often one who works with a vendor. After all, he or she knows how the company functions. Opportunity comes when no one is watching. An employee has the time and knowledge to figure out where that lack of attention exists.

If you want to address the risk of fraud, where should you start?
You will want to start by identifying the processes in which individuals handle multiple aspects of a job themselves, then break them apart. You want to provide yourself with some sort of oversight. You can insert other individuals in the process (segregation of duties), or have someone independently evaluate activities (a management review). Segregation of duties puts a second individual in the position of routinely reviewing the actions of the other, and therefore provides an ongoing and timely control. It takes more people, but it is the strongest anti-fraud control. Management review, on the other hand, is always done after the fact, so it may not catch a problem in as timely a fashion. However, when you have a limited number of people available, it may be the best monitoring control you have.

Don’t assume, verify. When individuals know that others are observing their actions, they know their opportunities will be limited and, in many cases, they will be completely deterred. But, never assume that you can prevent fraud. If truly motivated, the fraudster will find an opportunity to exploit. Instead, you should devise ways to detect those actions in a timely fashion, and be able to react quickly. That requires oversight, review and verification.

A Quick Check-Up: What to Look For and What to Do

Red Flags

  • Can purchases be made without requisitions, or before requisitions are approved?
  • Are purchasing, accounting, and shipping/receiving independent of each other?
  • Does the company have an approved vendor list for the main products you purchase?
  • Are receiving reports furnished to both accounting and purchasing, and kept on file in receiving?
  • Is a log maintained of all receipts?
  • Are procedures adequate for verifying receipt and rebilling of drop shipped items?
  • Are records of goods returned to vendors matched to vendor credit memos?
  • Are receipts under blanket purchase orders monitored? Are quantities greater than the amount authorized returned to vendor?
  • Are procedures adequate for the proper accounting for partial and backordered deliveries?
  • Are three way matches (purchase order, invoice, and shipping receipt) completed prior to payment?
  • Are invoices verified as to price, extension, footing, freight, allowances and credit terms?
  • Are purchases recorded in computer systems prior to payment?
  • Are accounts reconciled timely?

What To Do

  • Document and adhere to procedures for purchase order invoicing and payments.
  • Review additions to the Accounts Payable vendor master file and periodically review Accounts Payable Vendor list for strange vendors and addresses.
  • Review payment codings for abnormal descriptions.
  • Analyze vendor purchases for abnormal levels on both a monthly and yearly basis.
  • Compare and analyze purchases and inventory levels.
  • Implement system controls for identifying duplicate invoice and purchase order numbers.
  • Establish segregation of duties among authorization, purchasing, receiving, accounting and shipping.
  • Review shipping and receiving documents for completeness and accuracy.
  • Review and compare payments, receiving documents and purchase orders.
  • Scrutinize journal entries to inventory accounts.
  • Conduct spot audits.
  • Maintain purchase trails on assets.
  • Review bank statements for out of place vendors and endorsements.
  • Review credit card statements for irregularities.
  • Verify validity of invoices that have remittance to PO Boxes.
  • Install proper controls for the receipt and handling of return-to-sender checks.

Wherever there is money to be made, there is the risk of fraud. Individuals have been committing these acts for as long as records have been kept. So, although you cannot prevent fraud, you can reduce its risk and impact.

Remember, every fraud programs starts with management oversight. If you aren’t paying attention, the fraudster knows, and will take advantage of the opportunity. If you are, the fraudster knows that too and may be deterred completely. Hope is not a strategy. If you want to protect yourself, you have to take action.

This publication contains information in summary form and is intended for general guidance only. It is not intended to be a substitute for detailed research nor the exercise of professional judgment. Neither BPM nor any member of the BPM firm can accept any responsibility for loss brought to any person acting or refraining from action as a result of any material in this publication. On any specific matter, reference should be made to the appropriate advisor.