There is an old saying: Knowledge is Power.
In accounts payable, knowing common fraud schemes that are confronting your vendor payment process is the power to prevent the scheme from occurring. There are several key concepts for you to understand in order to have this power.
Understanding Fraud Schemes
First, fraud schemes are fundamentally simple to understand. Typical schemes have two elements.
- The type of vendor
- The fraud action statement
Regarding the type of vendor – is the vendor real or false? If false, is the false vendor created by the perpetrator or did someone take over the identity of a dormant vendor? If real, is the vendor complicit in the fraud scheme or not complicit?
Regarding the second component, there are several types of fraud action statements:
- False Billing for goods or services you did not receive. This typically occurs with disbursements associated with services.
- Pass-Through Schemes that often involve systematic markups converted through shell companies. These are a little more complicated and have up to fifteen permutations.
- Overbilling on price, quantity, quality, false charges, false add-on charges and no recovery of chargebacks or credits.
- Disguised Purchases occurring when someone buys something and converts the purchase to their personal use. A more complex version is buying an item and diverting it for resale.
- Conflict of Interest Schemes occurring when an internal employee has an ownership or a disguised ownership interest in a vendor.
- Intentional Duplicate Invoice Payment Schemes. These are self explanatory.
- Check Fraud Schemes. In truth, the complexity of these go beyond what can be covered in any blog article.
A very common and simple check scheme is when an employee has access to signed checks. The entry in the accounting record will indicate a proper vendor for a proper invoice, but the employee diverts the check and either alters the check or falsely endorses the check. By simply eliminating internal check handling this list of schemes goes away.
Mitigating Fraud Risk
The remainder of this article will focus on the two schemes that could occur in any company and comply with all of your internal controls. These schemes did occur in companies with excellent internal controls, and did result in losses to the company.
The Pass-Through Scheme is a difficult scheme to prevent because it is challenging to detect with traditional controls. In my opinion, the scheme is very common and could operate for years without detection. Since the scheme complies with your three-way match, it appears to be a valid transaction. So, the first step is to understand how a Pass-Through Scheme occurs in your expenditure cycle.
The standard Pass-Through Scheme is composed of three companies and can have a lasting effect on your bottom line. The three companies involved are your company, a shell company, and a supplier company. The shell company is either controlled by a perpetrator who is a member of your company or the supplier company, and the scheme unfolds like this:
- The perpetrator places an order with the shell company
- The shell company places an order with supplier company
- The supplier company ships the goods to your company. The goods are received and in good condition
- The supplier company invoices the shell company and the shell company invoices your company with a typical markup of 5 – 10 percent
Let’s look at a real-life use case for the sake of illustration:
A salesperson at one of your supplier companies convinces your employee to purchase from a shell company that the salesperson owns, instead of the actual supplier. The initial terms given to your employee were that the goods would be exactly the same price and quality, and this was all true to begin with. However, prices eventually rose and somewhere along the way the salesperson clued in your employee and began providing a healthy kickback to ensure continued business together. It was estimated that over the course of one year, your company was overcharged by $500,000.
Disguised Purchase Schemes
The second scheme that is difficult to detect is the Disguised Purchase Scheme. In this scheme, an internal employee has the authority to procure goods, and typically, this person ends up abusing some level of physical custody that they hold over those goods. Let me provide you with two-real life examples.
Consider an electrical contracting company. The project foreman is running many projects concurrently, and places an order for copper cabling to be delivered to a job site. Then, he diverts two of the rolls of cabling to another location and either sells them or brings the cable to a scrap yard to obtain cash.
Consider any business that relies heavily on the use of paper. Each time the office needs a re-supply of paper, the office manager orders a little more than necessary. When the shipment arrives, the office manager takes the extra paper that was ordered, and resells it to small businesses.
A common first step for companies who are looking to mitigate fraud risk is to perform a fraud risk assessment. This process involves creating a list of fraud risk statements facing your company and your business cycle. Then, you link the internal controls to the fraud schemes and ask yourself: Will our internal controls either prevent or detect the fraud scheme?
Unfortunately, not all fraud schemes can be prevented, and most fraud schemes are committed by people we trust. In addition to implementing sound payment controls, the best way you can protect your company against instances of fraud is to educate yourself, and learn how to detect fraud schemes through educated skepticism.