Running a business entails dealing with a great number of risks. Fraud risks can arise from involvement with third parties such as vendors or even employees. One such rampant fraud associated with the process of accounts payable is vendor fraud.
Vendor fraud can occur from one or multiple sources in a very sophisticated manner. If not detected, it can cost businesses severely. Read on to know more about vendor fraud, its categories, and the ways to detect and prevent it.
Table of Contents
What is Vendor Fraud
Vendor fraud refers to malpractices that can be committed for personal gains by a vendor, multiple vendors, or an employee, on the accounts payable (AP) of a company.
In simple words, it is a type of scam that involves faking a vendor or a recipient’s account information in AP to divert payments. Payment frauds can be committed by:
- One or multiple employees
- One or multiple vendors
- Collaboration between vendor(s) and employee(s)
- An outside entity who modifies a vendor’s payment information unknown to anyone
Sometimes the sheer complexity involved can make vendor fraud detection hard and make businesses vulnerable to huge losses.
Who Does it Impact
Typically, vendor fraud can impact small to medium-sized businesses quite severely. Such organizations are at a higher risk since they tend not to have strong controls or checkpoints that can track and pinpoint such frauds.
Besides, smaller organizations that have smaller teams of employees depend on minimum staff to handle multiple AP functions. Hence, one employee in charge of receiving invoices as well as authorizing payments can be tempted into manipulating the records which in turn can effect substantial damage to a company’s finances and credibility.
This does not mean that larger organizations are not at risk. But with their means, capability, and relatively larger staff, they are likely to deploy robust risk control that can lower the incidence of vendor fraud.
Smaller organizations are more susceptible to vendor fraud if they lack the means and capability to implement tracking processes and controls. Without them, it can be difficult to prevent or mitigate the various categories of fraud that can be committed in their AP department.
Categories of Vendor Fraud
Vendor fraud can vary greatly in the manner in which it is carried out. It can be categorized as detailed below:
- Billing Fraud: refers to payment manipulations that are done in 2 ways by employees. It can involve either a false vendor or making duplicate payments using the account of an actual vendor.
- Fictitious Vendor – An employee having adequate control and access sets up a fake vendor account or a shell company, registers it as a vendor, and makes regular payments to this account.
- Duplicate Payments – An employee uses a genuine vendor’s account, manipulates the payment records, and initiates double payments on a vendor’s invoice. The extra payment then gets transferred to the employee’s account.
- Check Manipulation: This kind of fraud involves an employee engaging in forging or modifying information on a vendor’s check, to route payments to a personal bank account.
- Accepting Bribes: A result of an understanding between a vendor and an employee, this type of fraud involves the employee receiving personal remittances from the vendor in exchange for extra benefits or sales.
- Excess Billing: When a vendor bills the company for excess quantities/prices than what was initially agreed upon, it is referred to as overbilling. This kind of practice can be done alone or in collusion with an employee.
- Price Fixing: This type of fraud happens when two vendors collaborate to fix prices at higher than normal rates. The buyer/company is then forced to pay higher prices irrespective of the vendor. Employees can serve as internal sources for the vendors to gain sensitive information on budgets.
- Bid Rigging: A common way of committing fraud, it is usually done through collaboration between 2 or more vendors and employees to get the procurement contract in favor of the highest bidder. The employee will duly get compensated for encouraging and assisting in the fraud.
- Cyber Fraud: Probably the most difficult kind to detect, such vendor fraud cases are carried out by unknown, unauthorized persons with no connection to either the company or the vendor. Here, outside entities can manipulate an existing vendor’s account and divert payments to their accounts. The entire transaction is done electronically which makes detection and prevention even harder for businesses.
Detecting and Preventing Vendor Fraud
Detecting and preventing vendor fraud is not easy but doable. Once you identify key areas where there is a lack of control, implementing stronger controls and measures can go a long way in preventing vendor fraud cases. Let’s see the various ways in which controls can be implemented in an organization to prevent vendor fraud.
Since most vendor fraud cases involve vendors, following certain precautions right from selection up to payments can potentially reduce their incidence. Here are some potential controls:
- Following due diligence in the vendor enrollment processes. Attention should be focused on verifying vendor details such as mailing addresses including P.O.boxes, contact numbers, vendor tax identification numbers, contact persons, and bank accounts.
- Maintaining a centralized vendor database with set preferences. Having a separate list of high-risk vendors can help initiate additional approvals for clearing payments.
- Conducting a review of vendors through an external audit/source or an employee outside the vendor department for an unbiased assessment.
- Verifying that a vendor’s address or other information does not match any employee’s information or is similar to an existing vendor.
- Checking vendor master files periodically to ensure that billing volume is realistic and there are no inconsistencies.
Though termed as vendor fraud, often it is through an insider’s help that most frauds are orchestrated. Some key measures to check employee involvement in such fraud are:
- Running thorough background checks while hiring new employees
- Keeping financial information privy and restricted to employees at higher levels
- Larger organizations can segregate the duties of employees at different levels for better internal control. Hence,
- A person in charge of entering vendor data should be different from those who approve the vendors as this can eliminate the creation of fake vendors
- Different personnel should handle receiving goods or services, processing invoice payments, and authorizing approvals of payments
- Smaller companies can rotate duties of employees in the vendor/ AP department or rope in managers to monitor important tasks which can eliminate the chances of planning a fraud.
Using Invoice Matching Methods
Invoice matching is one of the effective ways that can be used by small to large organizations to prevent the common occurrence of vendor fraud.
Invoice matching is a process used by companies to check vendor invoices against other relevant documents such as purchase orders (PO), goods receipts, inspection slips, and even against contracts.
These mandatory checks can help verify the authenticity of vendor invoices before they are approved for payment. Invoice matching can be done in different ways.
- Two-way matching – It is carried out by matching the invoice to the original purchase order (PO). This process verifies that the goods or services listed in the invoice match those that have been ordered by the organization.
- Three-way matching – This process involves double checks on the invoice. The invoice is first matched to the purchase order and then to the receipt of the goods. It helps verify that the goods/ services listed in the invoice match the PO and have also been delivered correctly.
- Four-way matching – The most elaborate matching process necessitates checking the invoice against 3 other documents namely, the PO, the goods receipt, and an inspection slip. This procedure ensures that the goods/services mentioned in the invoice are received as per the PO and also have been inspected to verify that they are accurate.
- Non-PO or contract matching – In situations where businesses do not use multiple documents, the vendor’s invoice is matched against the contract agreement to verify that the price and services mentioned are not deviating from the contract itself.
Applying Data Mining Techniques
Data mining is a modern technique to analyze huge amounts of data and discover patterns that help in business analysis and decision-making. This technique is highly accurate in fraud detection and can be leveraged to mitigate vendor fraud cases.
Using trend analysis, data mining can detect anomalies that can indicate fraudulent activity. Organizations can use data mining techniques to check for specific patterns that include:
- Payments that deviate from normal procedure, low dollar inconsistencies, & amounts that are maximized to the approval limit
- Duplicate payments on the same date to the same vendor or total number of payments exceeding the contract agreement
- Payments made during non-business hours
- Deviations in vendor information such as variation in delivery and payment addresses, use of the same purchase order in invoices, non-sequential invoice numbers etc..
Other Organizational Measures
Apart from major measures, companies can exert other adequate measures to keep vendor fraud in check. Some of the viable ones are:
- Setting up a fraud hotline – An anonymous helpline setup can help employees report irregularities without worrying about consequences. It creates an atmosphere of vigilance and can help the organization roll out corrective measures quickly.
- Tighten internal controls – An organization should ensure that control procedures are in place and everyone from the management to the entry-level is aware of them. Educating and updating employees on vendor fraud can help them be more aware of the risks and consequences. Performing periodical risk assessments can provide insight on loopholes that need to be rectified to mitigate vendor fraud.
- Two-tiered approvals – Both vendor approvals and payment approvals should be run through a multi-layered approval process. This can ensure that the company gets legitimate vendors and that payments are under better scrutiny with more than one employee supervising the process.
Vendor fraud can take a heavy toll on an organization and cost it dearly. Prevention of vendor fraud necessitates proper planning, reviewing, and updating company policies at regular intervals. Preventive measures should be implemented on a multi-level approach to mitigate fraud and protect organizations from severe losses in the future.