While it's something treasurers and finance executivesgenerally don't like to think about, “occupational fraud”—fraudintentionally perpetrated against a company by one or more of itsemployees—is real. A survey conducted in 2015 by the AccountsPayable Network (APN) found that 44 percent of organizations hadexperienced an incidence of occupational fraud within the mostrecent three-year period.

The profile of a typical offender is far from what you mightexpect. Perpetrators of occupational fraud are often modelsenior-level employees who have been with the company for a whileand who may be committing their first offense ever. Differentperpetrators obviously have different reasons for committingoccupational fraud, but these crimes are often precipitated by acombination of financial pressures and a perception that the riskof getting caught is low. Offenders often rationalize their actionswith excuses such as “The company won't miss the money” or “Ishould be getting paid more.”

Occupational fraud and external fraud schemes, such as businessemail compromise (or “impostor fraud”), are both common and difficultto spot. Protecting a company against these risks requireswell-designed policies and vigilance in enforcement of thosepolicies.

|

How Fraud Happens

As a starting point, it makes sense for organizations toincrease visibility and control in areas that are commonlyvulnerable to fraudulent behavior, and key among those areas is theaccounts payable function. Here are three types of fraudulentactivities to look for in the area of corporate payments:

Vendor billingprocesses can present a crucial point of weakness; companies needto monitor billing activities with an eye toward fraudulentbehavior. A common fraud scenario occurs when an employee sets up aphantom supplier in the company's accounts payable system andsubsequently issues false invoices from that supplier. Look fortelltale signs, including invoices with sequential numbers that areissued from the same vendor, post office boxes withoutcorresponding street addresses, and invoices for amounts that arejust below the approval limit. Also, keep an eye out for checktampering, which typically results in larger losses and whichoccurs when employees forge, alter, and intercept checks that aredrawn on the company's account.

Invoice tampering is a type ofexternal fraud that occurs when a third party creates a fakeinvoice and sends it to the buyer through what appears to be asupplier's email address, but is actually a cloned address. Whileeverything might seem to match an existing account, the offenderhas changed the supplier's bank account information on the invoice.Also, be wary of inquiries from someone claiming to be with one ofthe company's suppliers, who requests a change to bank accountinformation in the vendor master file.

A kickback is a type of fraud that iscollaborative in nature, involving both internal and externalparties. In kickback scenarios, the supplier charges more than thegoods or services cost and gives a portion of the money to theinternal party. Red flags include overpayments and payment ofvalue-added (VAT) taxes when they are not required. A supplier andemployee may also collude around submitting duplicate invoices forgoods or services that the buying organization (employee'semployer) never received.

|

Rooting out Fraud

The good news is that by implementing processes and technologiesthat make it easier to identify suspicious patterns or unusualbehavior, you can reduce risk and protect your company againstfraud. Here are five best practices to help safeguard companyfunds:

1. Conduct an audit of your entire purchase-to-payprocess. A key first step in preventing fraud is toconduct an internal audit of policies and procedures to assess thespecific areas in which your organization's purchasing andinvoicing processes are most vulnerable. Some questions to considerinclude:

• Where are you lacking visibility and control?
• Do you have a system of checks and balances?
• Do you allow purchases without purchase orders (POs)?
• Do you have proper controls in place for off-contract andnon-PO spend?
• Are approval limits consistently applied across theorganization?
• Is there segregation of duties, or do some individuals haveauthority over multiple parts of the purchase-to-pay process?
• Who are your suppliers, and how did you select them?
• Have all these suppliers been vetted and approved?

2. Put controls in place. Once you'veidentified your areas of weakness, the next step in effectivelymanaging risk is to establish best practices in procurement and A/Pprocesses. For example, ensure that different individuals handledifferent processes, such as invoice approval, purchasing,receiving, accounting, and shipping. Allow orders only fromapproved suppliers. Establish invoice approval levels, and requiremultiple approvers for larger sums. Give only a few individualsaccess to the vendor master file, and document all of your policiesand controls.

3. Establish a fraud prevention program. Workclosely with C-level executives to implement a strict anti-fraudprogram and to communicate the company's commitment to thosepolicies, underscoring the importance of fraud prevention. Promotethis initiative broadly with employees and vendors as a deterrentto anyone considering fraudulent activities. Following are somespecific steps you can take:

• Create a tip line where employees, as well as others outsidethe organization, can anonymously report fraud.
• Communicate your fraud prevention and deterrence messagesclearly and often to internal audiences, using vehicles such as theemployee handbook, company intranet, and signage in commonareas.
• Conduct in-person and Web-based trainings for all employees onways to recognize the warning signs and report fraud, as well aspreventative measures they can take. Include the training as partof the on-boarding process for new hires and in ongoing trainingfor all employees.
• Provide in-depth, specialized training for senior executives aswell as managers and employees in functions particularly vulnerableto fraud, such as finance, business development, and sales.
• Make sure you clearly inform suppliers of your commitment tofraud deterrence by including anti-fraud language in theircontracts and by communicating your company's fraud preventioninitiatives on a periodic basis.

4. Automate processes and leveragetechnology. One of the reasons fraud is hard to spot isthat many companies still rely on time-consuming manual invoicehandling, which limits visibility into invoices and makes it hardto find discrepancies. Automation in accounts payable enablescompanies to better ensure that they're consistently enforcingpolicies and procedures, at the same time that it streamlinesprocesses. With automation, companies can more easily requireapprovals at certain invoice amounts, funnel purchasing through aneasy-to-use e-procurement system, manage more spend, make sureinvoices are always paid using master account information, andensure that only approved suppliers are used.

Moreover, an automated system will provide an audit trail, aswell as visibility into every person who handled each invoice. Itcan automate three-way matching to check and match all POs,invoices, and goods and services received. In addition,purchase-to-pay automation provides strategic value by enabling acompany to immediately view important financial information—e.g.,where it is spending money and with whom, and what financialliabilities it has at any time. All of this information is crucialfor effectively managing spend, cash, and working capital.

5. Use analytics to uncover unusual patterns orissues. Determine the metrics you need to track, and drilldown into the data to look for irregularities or suspiciousactivity such as duplicate payments, overpayments, similar invoiceswithin a certain cost range, or amounts that appear to be unusual.Run reports to dig deeper into potential areas of fraud—e.g., thenumber of exceptions by supplier, by purchaser, or by recentlyadded suppliers.

Fraud is high on the list of concerns for finance and treasuryprofessionals in all types of organizations. It's time we lift theveil of secrecy and shame, admit our vulnerabilities, and takeprudent steps to help prevent fraud from happening on our watch.Not only would doing so help safeguard corporate finances, but itwould also result in the adoption of best practices andtechnologies that can improve working capital management.

—————————————

Eric Wilson is VP ofpurchase-to-pay for Basware, a leadingprovider of networked purchase-to-pay solutions, e-invoicing, andfinancing services that enable organizations around the world togrow their businesses and unlock value across their operations. Formore information, contact [email protected],704.602.3379.