Fraud in Australia is rising all the time. According to the ACCC, accumulated losses to invoice fraud was forecast to hit $532 million by the end of 2019 — the first time the figure has breached the half-a-billion-dollar mark. And that is just what is reported to authorities.
AP is the most vulnerable area within a business to be scammed or for illegal activity to be conducted. This is due to several factors, including how easy fraud is under manual AP processes with the ability to tamper with records, forge supplier payments and fabricate approvals and now with increased WFH scenarios business email compromise (BEC) and phishing fraud are on the rise.
Some estimates are citing a 600% increase since January of this year. With more employees working from home it is more likely than ever that an employee would receive a direction via email and are trusting email more than they have in the past. For example, a co worker may communicate from an outside email address or a vendor will likely be communicating via email because they can’t reach your employees at the office phone number.
So it’s timely to have a look at the different types of business fraud and what businesses should do to make this part of their organization more secure. So what are the most common fraudulant activities?
False invoices. A cybercriminal sends an invoice to a company for an expense the company never incurred.
Inflated invoices. A vendor deliberately sends an invoice more than it should be
Duplicate invoices. An internal or external fraudster has engineered a double payment or because the organisation’s systems did not pick up that it was paying the same bill twice.
Business email compromise. Cybercriminals send an email to the CFO, supposedly from the CEO, requesting immediate payment on an invoice or a vendor asks for a change in bank account details.
Employee fraud. Unfortunately, there are many ways an employee can commit fraud. An employee sets up a fictitious vendor account, submits invoices and processes payments for these, or accesses a vendor master record and inputting their own bank account information. An employee ordering materials or services for their own personal use, rather than the organization’s. An employee may collude with a vendor and approve purchases at inflated rates or for non-existent goods and services, in order to receive a kick-back from the vendor.
There are seven key processes that can be introduced with moving to a technology-backed AP process that can provide sophisticated controls to detect and prevent AP fraud, identify anomalies and establish accountability across multiple layers of the accounting process
1. Access Restricted
In accounts payable, access should be controlled at every phase. Automated systems can restrict certain functions to a few and this avoids unauthorized invoice and supplier access. This results in greater compliance and accuracy and offering the highest security against internal fraud.
2. Supplier management
Supplier management must be strictly controlled. Automation allows management to set up automatic checks of any new vendors being set up within the system, creating a gateway to verify vendors from potential billing schemes. This should always be performed by someone other than the party responsible for setting up the vendors initially.
For example in expensemanager, for a new supplier to be created there is a workflow that allows employees to request a new supplier, but the validation/approval of the supplier including the entry of the supplier bank account details to be only allowed by people with the appropriate access role. A request for a change to a supplier bank account also follows the same workflow and an audit trail that shows clearly who and when made any changes.
3. Deploy Purchase Orders
By introducing a purchase order system any invoice coming into the organization can be matched with a PO that will have already been approved. Using three-way matching AP can verify whether invoices received are genuine and before approving these accounts for payment. This approach involves a three-way match between the following documentation:
• Purchase orders
• Receiving documentation
A system like expensemanager can even automate the approval workflow based on a three-way-match. For example, the invoice can then either be auto-approved, or if a goods receipt acknowledgment is required the invoice can be automatically routed to the Purchase Order creator to acknowledge that the goods were in fact received.
4. Duplicate invoice check & variance flags
When using an AP automation solution like expensemanager, invoice payments cannot be set up manually. After an invoice is scanned in expensemanager a range of checks are automatically applied: a) duplicate invoice, variance to amount scanned and saved in the payment request, and c) a supplier has been reallocated
All of these checks are recorded in the audit trail to be easily identified and who made the changes.
5. Monitor Supplier Activity
Regular reporting on supplier activity will identify anomalies in invoices. For example, a supplier normally sends a bill twice a month and is now sending a bill 5 times a month or their total invoicing is much higher in a month.
6. Multi-level approval workflow
Efficiency is important in AP department, and it is difficult to achieve. The key culprit is the volume of paperwork to be processed and the associated approvals that have to be made to push payments through the AP cycle.
Automated AP allows company to set its best practices; it not only improves the workflow but ensures the step-by-step approval process is adhered to. These can include payments that require a pre-approval process (purchase order) and multi-approval processes configured on dollar limits. As all the rules and policies can be pre-defined, the system will automatically apply them to all the users preventing anyone from by-passing the phases.
7. Audit trails
For detecting fraud, AP automation does an incredible job of creating a full digital trail of invoices and payments, eliminating the past hassle of following paper and undocumented. All invoices are archived and can be easily pulled up for inspection, and each step of the process has a unique “fingerprint” of where it’s been and who’s been involved in the process.
By implementing best practices and automation, companies can gain visibility across their invoices and put controls in place to reduce fraud. Automation offers other important benefits, enabling companies to streamline processes, gain efficiencies and reduce costs.