When an accounts payable employee for a Fortune 50 company defrauded her employer, her knowledge of internal controls helped her to stay hidden. She started by registering her brother as a corporate supplier and then paid invoices to the fake firm for $9,999 weekly – just one dollar shy of the $10,000 limit requiring a second authorization signature. The well-constructed scam put her on track to net more than $500,000 a year.
Much of what companies lose to fraud is never recovered. The cost of prosecution is high and often exceeds the amount of the loss. Guilty individuals may be unable to make restitution. Also, the company taking legal action may suffer reputational damage if word gets out to shareowners and customers of inadequate internal controls. So, that makes fraud prevention the best of all solutions.
Accounts payable personnel is uniquely suited to contribute to the fight against fraud. With power over how and where the money moves, an accounts payable team is equipped to take a more visible and strategic role in the operations of any company.
Making certain suppliers are real and not fraudulent is an important task. Here are 10 tips to tighten up the supplier management process and the critical ongoing steps for monitoring supplier invoices:
The very first step in weeding out fraudulent shell companies and phantom suppliers requires profile forms from all suppliers or to use a supplier portal. Ask for the basics, including sales tax certificates, applicable business licenses, a physical business address, daytime phone number, and other verifiable data. It is also important to ask for the names of key officers so you can screen for any conflicts of interest.
Have control points for each of your suppliers before the first payment goes out the door. Require and receive a completed W-9 form for from each of your suppliers before the first payment. Use the IRS Tax Identification Number (TIN) online matching service to validate the information so you can confirm the supplier exists and has a valid TIN. This validation process will also help prevent B-Notices when you process your 1099s.
When a supplier uses initials in a company name, it is often a red flag for fraud. Why? It is harder to track the supplier down. Experienced fraudsters know this trick well. Carefully screen suppliers using initials as their company name.
The use of a post office box can indicate an attempt to obscure a physical address or to divert company funds to a personal mailbox. While a post office box address alone isn’t an indicator of fraud, it is yet another parameter to consider as you setup suppliers. Note that box numbers with one to four digits (typically used by independent mailbox providers) can be more indicative of risk than a traditional five-digit U.S. Postal Service box number.
Additionally, take a close look at “change of address” requests. Experienced fraudsters will use one address initially; to get established in your system, then submit an address change to divert the funds once they are in your supplier master file. So take a close look when “change of address” requests are received.
Statistics show fraudulent transactions are more likely to correlate with certain zip codes. Locations in New York, New Jersey, California, Florida, and border towns near Mexico are among those that represent the highest risk. Your bank or credit-card company can provide you with a current list of zip codes that may warrant a closer look.
We’ve all heard of the email scams based in Nigeria that bilk unsuspecting victims who agree to help a wealthy foreigner move his fortunes to the U.S. Flag them for review and check the Office of Foreign Asset Control (OFAC) and Foreign Corrupt Practices Act (FCPA) violations. If you support the healthcare industry, validate your suppliers with the Office of Inspector General (OIG) for possible Medicare and Medicaid fraudsters. Continue monitoring your supplier master file since compliance lists are updated on a regular basis.
Have any of your suppliers submitted invoices with consecutive numbering? That means it is unlikely they are providing goods or services to other customers unless they have set aside a series of numbers just for you.
Suppliers testing internal controls will submit a small initial invoice for a small dollar value, following with larger invoices. Once they are firmly established in your supplier master file, they will issue invoices for larger amounts. If the first payment issued to a supplier is unusually small relative to the average payment for that company’s products or services, that’s an indicator of a potential risk.
Benford’s Law is an audit technique and tool to uncover fraudulent financial activity. It is based on the discovery that for many kinds of numerical data, there is a pattern in the first digits of any number.
While logic says the first digit of an invoice amount could be any number, there should be an even spread among the first numbers used in an invoice amount, but, in actual practice that’s not the case. Benford’s Law says that the larger the digit, the less likely it will be the first number of in an invoice amount. The number "1" is by far the most frequent first digit of numbers in an invoice amount (found in roughly one-third of all entries); while the number "9" is found to be the first digit only 5 percent of the time.
Are certain suppliers billing you at significantly higher levels than before? Do their invoice amounts fall outside the norm for other suppliers in the same category? If so, this could signal a fraudulent invoice. Take time to dig into the background and take a closer look at those suppliers.
Supplier fraud is no accident, and neither is preventing it. The best approach is early detection to avoid significant losses.
Establish strong internal controls for adding new suppliers to your database; and monitor payables activity on an ongoing basis. This gives you a competitive edge for combating fraud and helping you stem its impact on your company’s bottom line.