With the significant amount of fraud risk associated with the Accounts Payable process, having the proper controls and audit program in place is key to the overall health of this critical function. While there are both internal and external threats to your Accounts Payable organization, the external threat has become increasingly prevalent and sophisticated, with new schemes being developed on a frequent basis. The good news is that the technology to combat fraud has also become much more sophisticated in recent years and is being adopted by major companies at an increasingly rapid pace.
A recent Peeriosity PeercastTM featured the Director of Accounts Payable for a global company with annual revenue of over $10 billion with more than 40,000 employees. Accounts Payable is part of an organization called Supplier Services, which is one major tower in their Global Business Services organization.
In order to combat fraud, the feature company has implemented both the standard Accounts Payable and Corporate Card controls and some additional measures. The standard controls include effective purchasing policies, proper approvals for purchase orders, use of the three-way match, duplicate payment searches, and bank-supported positive pay matching. In addition, they have the following supplemental controls:
Vendor Master Data
- Verification of US Federal Tax ID (TIN)
- Direct contact for banking information & address changes
- Two-level approvals for new vendor setup requests
- Segregation of duties driven by ERP and roles
- W9 verification and filing for all vendors
Invoice & Disbursement Processes
- Invoice workflow utilizing signature authorization limits & duplicate checks
- APEX FirstStrike duplicate audit check
- Invoice processing quality check
Travel & Expense
- Targeted audits for certain expense types
- Cards shut off for expenses > 90 days old; Personal expenses not paid back after 45 days
- Level 1 certification by employee, Level 2 approval by manager for all reports
- Policy and audit rules are programmed into T&E system
A recent example of attempted fraud that our feature company shared was that an outside party contacted the company with valid outstanding invoice & PO information and asked to update their banking details. The Vendor Master and Procurement teams jointly reached out to their established vendor contact and the contact verified that no such request was made and that it was suspected fraud. This control prevented over $900K in payments being issued to a fraudulent account.
iPollingTM Results Review
As part of Peeriosity’s research in this area, a poll was generated using the iPollingTM technology. The first of two poll questions focused on the primary solution/approach that companies are using to identify Accounts Payable fraud. The most popular response was 3rd-party audit firms (39%), followed closely by standard ERP functionality (28%). The use of advanced fraud technology is also growing, with 11% using APEX and 6% using Oversight.
The second poll question then addressed the level of satisfaction the surveyed companies had with their primary solution/approach to identifying Accounts Payable fraud. For 73% of the companies, they were either very satisfied (56%) or satisfied (17%). Of the remaining 27% of the responses, 11% indicated that they were indifferent, while 16% said they were unsatisfied with their current solution.
The following are some poll comments made by Peeriosity members related to this topic:
Computers & Electronics Member: We are exploring other vendors to provide the service.
Real Estate & Construction Member: We have set up our own checks and balances to ensure that the vendors are valid. For example, if the mailing address is different, we will not process the invoice. A vendor request needs to be submitted to change the address, and that usually will identify a fraudulent invoice
Consumer Products & Services Member: With fraud attempts becoming increasingly sophisticated and prevalent, we are looking at providers like APEX to increase prevention. We are also increasing oversight.
Manufacturing Member: We use a third party to perform a post-audit mainly for duplicate payments. However, we are in the process of rolling out Oversight to provide additional information.
Healthcare, Pharmaceuticals, Biotech Member: We have a dedicated Sr. Fraud Analyst who reviews the APEX reports.
Computers & Electronics Member: We mostly rely on standard SAP functionality, but have supplemented our controls with a set of control reports that show exception activity and are reviewed daily. We also leverage PRGX as our asset recovery specialist.
Manufacturing Member: We will use a third party to do a “look back” fraud review. We also have internal detection (duplicate payments, etc.), but we could do more in this area.
The increasing level of attempts to defraud major companies through the Accounts Payable organization has to be a concern for Finance and Procurement leadership. As was well exhibited by our feature company, a very thorough approach using a variety of controls and technology to address this important issue is necessary to adequately protect the assets and financial integrity of the company.
How effective are the Accounts Payable controls related to fraud at your company? Are your current approach and technology meeting your needs or is it time to take another look at this important aspect of your operation?
Who are your peers and how are you collaborating with them?
“PeercastsTM” are private, professionally facilitated webcasts that feature leading member company experiences on specific topics as a catalyst for broader discussion. Access is available exclusively to Peeriosity member company employees, with consultants or vendors prohibited from attending or accessing discussion content. Members can see who is registered to attend in advance, with discussion recordings, supporting polls, and presentation materials online and available whenever convenient for the member. Using Peeriosity’s integrated email system, Peer MailTM, attendees can easily communicate at any time with other attending peers by selecting them from the list of registered attendees.
“iPollingTM” is available exclusively to Peeriosity member company employees, with consultants or vendors prohibited from participating or accessing content. Members have full visibility to all respondents and their comments. Using Peeriosity’s integrated email system, Peer MailTM, members can easily communicate at any time with others who participated in iPollingTM.