5 signs of potential procure-to-pay fraud
Financial control weaknesses can develop in any organization, opening the door to fraudsters and their billing schemes to bilk thousands or even millions of dollars from businesses.
Annual fraud losses totaled $7 billion worldwide, according to a report this week from the Association of Certified Fraud Examiners. Organizations lose 5 percent of revenues on average from fraud in a given year.
To reduce the risk of purchase order fraud, accountants and business owners should keep an eye out for these potential warning signs.
1. Social engineering scams. In recent years, scams using social engineering techniques have been on the rise. Fraudsters create phony purchase orders and pose as a legitimate business to order merchandise. Major companies have been swindled out of millions of dollars using these scams. Watch out for:
- Incorrect domain names on websites, emails and purchase orders. For example, scammers might impersonate a university by setting up a similar domain name, but if it doesn’t end in .edu, it’s probably fraudulent.
- A shipping address on a purchase order that is different than the business location;
- A delivery address that is a residence or self-storage facility;
- Poorly written email correspondence with grammatical and spelling errors; and,
- Orders for unusually large quantities of merchandise, with a request to ship them by priority mail or overnight.
2. Shell companies. A fraudster creates a fake entity to bill the organization for fake services. Fraudsters in this scheme rely heavily on phony POs to perpetrate the fraud. Watch for:
- Unfamiliar vendors or variations on an approved vendor’s name;
- Vendors that only have a post office box address;
- Vendor addresses that match employee addresses; and,
- Repeated use of a one-time-vendor record for the same address.
3. Outlier purchases. Whenever a buyer or vendor makes a change to pricing and frequency, it calls for a closer look. Outlier purchases can signal an error or potential fraud. Watch for:
- Sudden increases in purchases from one vendor;
- Buyers processing POs for vendors outside their normal responsibilities;
- POs for vague or poorly defined services, including “blanket orders;” and,
- Sequential purchases, particularly those followed by change orders.
4. Order splitting. Splitting large orders across multiple POs is a red flag that someone may be trying to circumvent requisition and buyer approver controls, which were put in place to prevent out-of-compliance purchases. Split purchases can allow fraudsters to fly under the radar. Look for:
- Multiple POs to one vendor in the same or similar amounts from the same requesting group;
- Identical items purchased in different amounts simultaneously or within short periods of time;
- POs split by type of work (e.g., one purchase order for labor and another for material); and,
- Recurring purchases that fall just under review/authorization thresholds to avoid the scrutiny required for larger purchases.
5. After-the-fact PO. A transaction warrants further investigation if a PO is being issued after the transaction occurred and the vendor sent an invoice. Typically, an after-the-fact PO indicates a requisitioner, buyer or vendor that operates outside of policy, though not necessarily maliciously. Look for:
- Invoices that predate POs;
- POs that have been amended after invoices have been submitted; and,
- Vendors issuing invoices with missing or improper PO numbers, or verbal POs.
Data analytics can improve risk detection
Fraud is not always easy to spot. It takes a median of 16 months to detect most fraud scams, according to the ACFE. By that point, companies cannot recover most funds.
That’s where data analytics can help find fraud much faster. Powered by artificial intelligence and machine learning, data analytics can audit procure-to-pay transactions to uncover hidden fraud schemes that have escaped detection.
Organizations using anti-fraud controls such as data analytics find fraud schemes up to 58 percent faster and reduce fraud losses by 52 percent, according to the ACFE. Continuous data monitoring can help prevent cash leakage due to errors and stop fraud in its tracks before losses occur.