Accounts payable fraud continues to make headlines, with the AP operations of companies both public and private in the spotlight. For example, on Oct. 10 an employee of a Fort Worth, Tex.-based sign company who processed its payroll and AP was reportedly sentenced to six years in prison and a $200,000 fine after issuing herself fraudulent checks, imitating transfers and maintaining a lavish lifestyle. A trusted friend and employee, she was the sole bookkeeper for the company—a common but very risky practice among many small businesses.
Is your company doing everything it can to monitor for and prevent fraud in your AP functions? Accounts payable managers, directors, supervisors, analysts and processors, as well as accounting managers and controllers need to be able to identify weaknesses in their own accounts payable functions that may be exposing the business to both internal and external fraud.
The good news is there are tried and true methods—and some easy fixes—for adjusting your AP processes to prevent internal fraud and detect potential external fraudulent situations early so you can drastically decrease your company’s risk of falling victim to embezzlement and other frauds.
Fraud in Accounts Payable Is Widespread
Companies of all sizes are susceptible to fraud, according to nationally recognized accounts payable expert Mary Schaeffer. “This is everyone’s problem,” said Schaeffer in a recent presentation for Eli Financial. Her company, AP Now, conducts an annual survey of companies. In 2016, 75 percent of companies with fewer than 250 employees experienced a fraud attempt in the last 12 months. On the other end of the spectrum, 91 percent of companies with more than 5,000 employees reported the same.
The following activities of companies were the most frequently targeted for fraudulent activity— whether successful or not—in the past 12 months, according to AP Now: Checks, cards, ACH payments and wire transfers. “Risk, or potential for fraud, is everywhere,” according to Schaeffer. “Don’t think, ‘It would never happen here.’”
Creating a corporate culture that focuses on ethical behavior, implementing strong internal controls, and ensuring managers’ responsibility and accountability are the keys, said Schaeffer. Smaller AP departments, like the one in Fort Worth, are particularly susceptible to fraud because segregation of duties (SOD) is difficult. When one person runs your AP function, what happens when he or she is on vacation? Do you have backup? What is that person authorized to do?
In addition to inadequate SOD, according to Schaeffer, other common weak practices—especially for smaller companies—include:
- Returning checks to requisitioners
- Allowing too many rush checks
- Permitting management overrides
- Putting through the journal entries (approved)
- Maintaining poor practices around the master vendor file
A good review of your AP practices should include: a period step-by-step audit, watching out for processor workarounds, reviewing why duplicates get through and fixing them. Internal controls are one of the main ways to prevent fraud.
Keep It Together Inside
The Sarbanes-Oxley Act (SOX) was a game changer for AP departments. Enacted in 2002, SOX required public companies to implement internal controls to address fraud in accounting practices. Even though SOX has been on the books and in the news for the last 15 years, lack of internal controls was “the most prominent organizational weakness” that contributed to the frauds in the Association of Certified Fraud Examiners’ 2016 global fraud study.
The certified fraud examiners who participated in the ACFE study estimated that the typical organization loses 5 percent of revenues in a given year as a result of fraud, with the total loss caused by the cases in its study exceeding $6.3 billion, with an average loss per case of $2.7 million. Over 23 percent of the cases in the study resulted in a civil suit, and over 80 percent of those suits resulted in a judgment for the victim or a settlement by the company.
“Asset misappropriation was by far the most common form of occupational fraud, occurring in more than 83% of cases, but causing the smallest median loss of $125,000,” according to the ACFE report, and lack of internal controls accounted for over 29 percent of the cases. At over 16 percent, more fraud originated in the accounting department than in any other business unit.
Accounts Payable Best Practices
Start reviewing your AP function and internal controls as soon as possible. Examine particular points in your cycles where control often breaks down, according to Schaeffer: Who accesses your system for promotions and departures? Examine both company and employee-initiated departures. Also focus on payments made outside your AP department, and make sure they are using the same processes for payments made inside AP.
Schaeffer said you may already have at your fingertips many of the resources you need to fight fraud, including any enterprise resource planning (ERP) programs. “Before you look for added controls, use everything you pay for,” she recommended. Many ERPs have additional modules for controls and governance, so take a close look at yours. “Check to see what’s turned off!” she recommended. And if you do need to add procedures, “don’t scrimp when it comes to controls.”
Also, start simple: An easy test anyone can do is to compare the addresses in your master vendor file to employee addresses. Use Excel to identify dupes by using conditional formatting, highlighting cell rules and choosing “duplicate values.” Proceed carefully, because in your research, you can expect some false positives, Schaeffer noted.
You may need to get your HR department on board to conduct other simple tests, such as comparing the bank accounts for vendors in the master vendor file to the bank accounts used for payroll, or comparing the taxpayer identification numbers (TINs) in your master vendor file to the TINs used for payroll. You can also use IRS TIN matching. The point is to get started and protect your company from this growing threat to profitability.