Today in the enterprise world thousands of transactions occur every day. In these thousands of transactions, it is easy for someone committing fraud to hide illegitimate transactions in the Accounts Payable area, where most of the organization’s money gets through.
Some of the typical methods used by frauds to manipulate accounts payable transactions and key symptoms to watch out are listed in this document.
Evolution of AI and machine learning methods can be used as gatekeeper to identify and stop such transactions and frauds, as it happens.
Opportunity to commit fraud: Exploit invoice tolerances
|Background||Usually the enterprises that are using big enterprise software have some tolerances set up that are for the Purchase Order and Invoice matching. For instance, suppose there is a tolerance of 10% for the matching than for a Purchase Order of value £1000, an invoice up to £1100 will be posted and paid without any approval or any further checks.
It is possible thatthe suppliers can guess the pattern of these tolerances or can be assisted by a dishonest employee within the buyer’s organization to exploit the tolerance functionality.
|What is the Root Cause?||Why tolerances are generally required?
Numerous organizations host the supplier catalogue for shoppers in order to punch-out.Prices within these catalogues are not generally updated or shoppers just have copied an old order. However,this results in to a pricedifference as the price at the supplier end is changedwithout being reflected in the buyer’scatalogue.
In the above mentioned situation, if the tolerance is not setup then even a minute difference between PO and invoice prices can generally cause a delay in payment of the invoice. In order to tackle this issue the organization tends to use the tolerances to permits these minor differences.
On the other hand, there is high probability of tolerances being misused.
|Symptoms / Identification||In order to identify the misuse or exploitation of the tolerance functionalityby the supplier, we should usually look for:
– Suppliers whose invoice is very frequently above the PO value.
– The invoice value that coherently falls just under the amount requiring approval (Invoice value is generally close to PO value + tolerance value)
Opportunity to commit fraud: Forged Invoice
|Background / Root Cause||Nowadays,the procedure of invoicing is completely automated. Paper-based, or email-based invoices have to pass through OCR and the invoice data gets auto-populated.
A photocopied or an unprofessional invoice, or an invoice that has been created via a word/excel template cannot be easily detected due to the process automation. The only way to find such invoices is via the visual checks of the attachments.
|Symptoms / Identification||Look for the following points to identify the suspected forged invoices
– Invoice copy that looks unprofessional or photocopied or created in word or excel
– Vendor Invoice number would be in a sequence
– Invoice document would have important info missing such as address
– Price would be fluctuating unusually
Opportunity to commit fraud: Dishonest employees paying themselves
|Background||Employees that are committing fraud may be paying themselves using methods like “One Time Vendor Payment” or “Manual Payment”.Alternatively, an employee may createa fictitious vendor and pretend to purchase goods or services and make the transaction into their own bank accounts.|
|What is the Root Cause?||Ideally, segregating the duties should not provide opportunity for an employee to perform such fraud.
However, due to change in responsibilities, incorrect access setup, or assistance of someone else can contribute to a cause for such fraud.
|Symptoms / Identification||Look for the following to identify suspected Employee fraud situations
– Compare names, addresses, bank account numbers and telephone numbers of the vendors and employees.
– Compare the surname of the vendor/ Bank Account holder name with the employee’s surname.
Opportunity to commit fraud:Suspected Fraud Vendor
|Background / Root Cause||Large organizations tendto do multiple mergers and various joint ventures. These projects usually have stricttimelines and there are times when there is not enough time to perform data cleansing for every individual vendor.
This situation can create a risk where a vendor is on board without proper diligenceor the vendor getsduplicated.
|Symptoms / Identification||Identify the suspected vendors,where:
– Mailing addresses are theonly PO boxes
– Incorrect address
– The Address imitates a residential addresses
– Without a proper taxpayer ID / VAT Registration number
– Using non-registered email addresses like Gmail, yahoo etc.
– Vendor’s name that has been mentioned is aperson’s name instead ofthe organization name
– Vendor is blacklisted or based in blacklist country
Opportunity to commit fraud: Conflict of Interest
|Background / Root Cause||Employees may have some personal interest in the vendor’s organization which can createsituations of conflict of interests.
Ideally, the employees should do a discloser in casethere are any conflict of interest scenarios. However, this may not be always the case.
|Symptoms / Identification||We can perform a check by validating these facts:
– Identify, if the employee is a Director or Secretary ofan organization. If the answer is positive then verify if this organization is a vendor.
– For instance, inthe UK, company house API can be used to find whether the employee is a director of a company.
Opportunity to commit fraud: Duplicate Vendor and Duplicate Invoice
|Background / Root Cause||Ideally, ERP systems must not have duplicate supplier situations and only one vendor should be entertained in the system. However, in reality, vendors have various sites and a presence in multiple countries. Sometimes this results inmore than one vendor for the same vendor entity.
For an invoice without a PO (scenario – NonPO), if the vendor sends two invoices with two vendor codes orthe accounts team is mistaken, then this will not be easy to flag as duplicates.
Additionally, for the non-PO invoices, there is no reference document (Purchase Order) to validate the invoice data. Due to this reason, the non-PO invoice getsthrough manual approval. In case, the vendor’s invoice number is slightly different then it becomes difficult for an approver to spot it as a suspected duplicate invoice and it will pass through the system.
|Symptoms / Identification||Look for the following points to identify duplicate vendor or duplicate invoice situation
– Same Name, TaxID / VAT Reg Number, Address, Email ID Bank Accounts
– Compare the invoices for all codes for the duplicate vendor and look for suspected duplicate invoices
– If the vendor has sent the invoices with similar line items, however, the Vendor invoice number is found to be slightly different.
– Compare and identify the invoices with similar details and how closely they were sent from each other.
These are some other compliance issues that canprovide some indication about AP fraud, such as:
– Even though there is a preferred supplier list or a contract for goods or service, still the shopper repeatedly uses a supplier that is not on that list.
– Scan the invoice and PO items to confirm any vague or unnecessary, goods/services that are ordered by shopper.
– Even though the supplier has delivered the products or services of poor quality and there are repeated purchases made by the shopper.
– The shopper is avoiding approval by splitting the PO value
How Big Data, Machine Learning and AI can help in Fraud detection and preventions?
Machine Learning image processing and classification capability can be used to identify an unprofessional or photocopied invoice image. It can also detect the invoices that are designed using Word or Excel templates.
By using a machine learning algorithm, invoice data pattern can be analysed to identify any duplicate invoices, consolidate invoice data for duplicate vendor codes and then look for duplicate invoices and many more. Especially non-PO invoices need more policing as there is a higher potential for fraud.
Google services can be used to validate the supplier address and check for any supplies with duplicate details before processing the invoice. In the same way, supplier bank details like Branch code, IBAN number can also be validated.
Company house services or business directories can be used to find the employees who are directors as well. Subsequently, the companies where the employees are directors or secretaries can be matched against the vendor master.
Supplier vetting APIs can be used to validate whether the supplier is blacklisted or based in a blacklisted country.
A BOT assistant can alert relevant people and can takepreventative actions using RPA automation tools.
Overall, machine learning and AI technology can help reduce fraud in the accounts payable area.
About the Author :