An employee, contractor or supplier can commit fraud by knowingly submitting false, inflated or duplicate invoices with the intent to defraud, either acting alone or in collusion with contracting personnel as the result of corruption. This article is written for any organisation that is involved in the payment of invoices and is considering the associated risks.
In further detail fraud can commonly occur by:
- Third party fraud which occurs by creating an invoice for supposedly legitimate products or services that have never been delivered or carried out, and the invoice is then submitted for payment. A ‘contractor or supplier’ could work alone when submitting and obtaining payment or can collude with an employee on the inside to acquire payment.
- The payment of Duplicate Invoices. Whilst this may note be a deliberate fraud on all occasions, mistakes in the Accounts Payable processes sometimes provide leakage for payments to be issued by fraud or by genuine mistake.
- Employee fraud is potentially costly and cases have been seen where the employee obtains a legitimate vendor invoice for payment but then uses a bank account under their control to divert the payment to. To carry out this fraud, the employee usually has to gain access to the employers accounting software whereby they are able to change the vendors bank account to one under the employees control to receive the payment. To avoid detection the employee will then change the bank account number back to the vendors once the payment has been made and then pay the legitimate invoice again to the real suppliers bank account.
False invoice schemes – the red flags
False invoicing fraud is not particularly sophisticated, but it is difficult to keep them going for a long period without detection. Many red flags may be present;
- Weak controls around the segregation, review and payment of invoices
- Ease of being able to change the destination account number
- Poor makeup of the invoice, such as no address, incorrect /invalid dates, incorrect contact information
- Discrepancies between contract or purchase order, receiving documents and invoices
- Discrepancies between contractor’s invoices and supporting documents
- Invoice is in a round number amount if that is unusual (based on VAT being charged)
- Total payments to a contractor exceed total contract or purchase order amounts
- No receiving report for invoiced goods or services
- Invoiced goods or services cannot be located in inventory or accounted for
- No purchase order (PO) for invoiced goods or services
- Abnormal invoice volume activity
- Above average payments to vendors
- Multiple payments in the same time period
Multiple invoices with the same;
- Date/Amount/Invoice number/ Description of goods and services / PO number
This list of course is not exhaustive, but represents some common attributes of false invoices based on experiences.
How to avoid
The simple way for an employer to protect themselves against invoice fraud, would be of course to ensure that there are adequate controls in place. This should apply to all types and sizes of organisations.
Whilst the above statement could be considered flippant and obvious in tackling the issue, we have seen in certain instances individuals who manage invoices are also reconciling the bank accounts without segregation in duties from a four- eye perspective. In this instance fraud did occur.
Electronic invoicing is an excellent way to prevent invoice fraud and with the right management from the provider, the red flags detailed above can be included and managed from an exception perspective within the setup of the system, which should also compliment physical and behavioural controls that will cover;
- Production of an exception report that is issued to line management (same day or before payment is made) relating to high risk changes to vendor information such as account numbers
- Production of an exception report where manual overrides/text have /can be made in the invoice system
- An annual test of the end to end process and review of the controls around the payments of invoices, undertaken by an independent function and resulting actions followed up by Senior Management
- The action that should be taken when invoice payment confirmation (s) are returned by post (i.e. gone away)- should be dealt with by a team outside the payments section
- Appropriate sanction of payments being made to settle invoices, other than by electronic transfer (i.e. cheque)
- Clear segregation in duties from, procurement, bank reconcilations through to accounts payable.
Again, the above is only a snap shot.
By having adequate controls in place will make it harder for an employee in particular to commit false invoicing frauds against their employers. However, in the same way that you can only deter (and not completely stop) would be burglars by having an alarm in place, an employee intent on committing fraud may still find a way to do so despite the adequate controls in place. Similarly, Senior Management have a key role to play working in the invoice functions to ensure that “this will not happen to us mentality” is actually overridden by “I will not let this happen”.