What Is Accounts Payable Fraud?
Accounts payable fraud is a common type of deception that targets a company’s accounts payable department, which is responsible for paying suppliers and other vendors. Accounts payable fraud can be committed internally by employees, externally by vendors, the two parties working in concert, or, increasingly, by an outside party looking to gain access to the company’s accounts payable systems.
Fraud hits every business hard. A typical organization loses 5% of its revenue to fraud every year, with a median loss of $125,000, according to the Association of Certified Fraud Examiners (ACFE). Fraud typically goes unnoticed for an average of 14 months, resulting in average losses of $8,300 a month.
How Does Accounts Payable Fraud Work?
Under the ACFE’s Fraud Tree, accounts payable fraud falls under “asset misappropriation.” These are the most common forms of occupational fraud.
Accounts payable fraud involves fraudulent disbursements, the most common of which are billing schemes, check tampering and expense reimbursement schemes.
An employee could run a billing scheme by creating a shell company and then submitting fake invoices. This can be easier to perpetrate if the invoices are for things that aren’t physical goods, like consulting services. In a check tampering scheme, an employee steals and forges checks from their employer and then keeps the money for themselves. Suppliers can commit fraud by intentionally overbilling or double billing for services and then collecting these additional funds.
Fraud can also occur as the result of a bad actor looking to gain access to a company’s bank accounts through a phishing scheme, in which they often mimic key vendors and send fake invoices that, when opened, give them access to the business’s system.
Five Red Flags for AP Fraud
The overwhelming majority of organizations find out about fraud from whistleblowers, according to the ACFE’s 2020 Global Study on Occupational Fraud and Abuse. Internal audits and management reviews rank second and third as the most common sources of detection. But proactive surveillance, establishing IT controls and account reconciliation can cut the time fraud goes unnoticed in half, per the ACFE.
Some places the ACFE recommends looking for red flags include:
Invoices. Invoices that list the same address as an employee’s, only have a P.O. Box number listed or have even-numbered totals are red flags. Also look for key details missing on the invoices, such as a tax ID number or purchase order (PO) number.
Vendor master file. Monitor the vendor master file for a large number of inactive or duplicate suppliers. Watch for the same suppliers getting contracts or a new supplier getting a large, unexpected contract. Keep an eye out for invoices that don’t match the address in the vendor master file.
Checks. Missing checks and signatures that don’t look right are possible signs of check fraud.
External complaints. Complaints from suppliers about late payments or non-payments when your records suggest you’ve already paid them could signal an issue.
Employee behavior. At least one behavioral red flag was present in 85% of the fraud cases studied. Common red flags included employees living beyond their means and having financial difficulties, unusually close associations with vendors or customers and unwillingness to share duties.
Six Common Types of AP Fraud
Billing schemes. Billing schemes were the most common type of fraud perpetrated by the accounting department in ACFE’s 2020 study. Billing schemes can take on a few different forms, including:
- Setting up a shell company for which the employee can generate false invoices and cut checks. Fraudulent invoices for services companies are most common because there is no physical inventory to account for.
- Pass-through schemes, in which an employee who approves invoices and authorizes payments sets up a shell company that orders things the company legitimately gets from another supplier. These items are then marked up and sold to the business through the shell company, and the employee keeps the profit.
- Generating invoices from inactive suppliers in the vendor master file and writing checks to vendors the company no longer does business with.
Check fraud. In the AFP’s 2020 Payments Fraud and Control Survey, check payment schemes were the most frequent type of fraud. Employees committing check fraud forge or steal physical checks and deposit them to an account they control. Often, they then change the code in the accounting system to hide it.
ACH fraud. As more organizations shift to ACH payments, this is an area to keep a close eye on. Bad actors increasingly target ACH in cyberattacks, in which they gain access to the system through a compromised business email account. Often, these bad actors will send an invoice that looks like it’s from a supplier, but once someone clicks the link or opens the file, the attacker gains access to the system and can steal valuable information. ACH fraud can also occur when an employee opens a personal credit card with their employer’s account information.
Expense reports/reimbursement fraud. The most common examples of this type of fraud include falsifying receipts, duplicate expensing by employees who dined and traveled together for the same meals, submitting non-qualifying transportation and entertainment expenses, claiming the maximum expense amount that doesn’t require a receipt or overstating mileage.
Kickback schemes. In a kickback scheme, employees and their suppliers work together to earn money on the side. For instance, the supplier inflates an invoice, the AP clerk cuts the check, and they split the additional money.
Conflict of interest. Kickback schemes are often borne of conflicts of interest, which could materialize if someone in the organization is related to the supplier or receiving significant gifts from the supplier. Conflicts of interest can become a problem when someone uses their professional or official role for personal or corporate gain.
What Is Benford’s Law?
Benford’s Law has to do with the expected occurrence of leading digits in a dataset. Under this law, the numeral 1 will be the first digit in a naturally-occurring set of numbers 30.1% of the time, while the numeral 2 will be the leading digit 17.6% of the time and each numeral after, from 3 through 9, will be the first digit with decreasing frequency.
Fraud examiners use Benford’s Law to determine whether datasets, like a group of payment amounts, are genuine. For example, if an employee’s expense report lists 100 line items whose distribution of first digits differ significantly from the distribution outlined in Benford’s Law, examiners have reason to believe the employee forged their expense reports.
Catching and investigating AP fraud committed by employees, vendors and outside parties starts with creating audit trails, segregation of duties and integration with procurement systems. Here are the basic steps.
How to Find Fraud in Your AP Department
Whistleblowers—especially at smaller companies—most often alert the business to potential fraud. Make sure your company has procedures in place that both encourage whistleblowers to come forward and protect them once they do. ACFE’s 2020 report reveals that whistleblowers increasingly prefer to come forward via email or a web form. They are also likely to report fraud to a direct supervisor, so it’s crucial that managers are trained and educated on how to handle complaints.
After whistleblowers, regular audits and reviews by management are the second and third most common ways organizations catch fraud. Best practices include carefully reviewing bank statements, monitoring for duplicate payments and regularly checking vendor master files to guard against invoices from inactive suppliers are good places to start.
What to Do if You Find AP Fraud
In the cases examined by the ACFE in which an organization determined an employee committed fraud, 80% of the employees responsible received some form of internal punishment. Employees were more likely to be fired for fraud than managers or executives. Although 59% of businesses reported these cases to law enforcement, a smaller number resulted in criminal conviction or a civil judgment.
AP Fraud Prevention and Detection Tips
Most organizations do not recoup their losses from fraud, making it even more crucial to prevent fraud in the first place.
To prevent accounts payable fraud:
- Be proactive—conduct regular audits, monitor KPIs closely, watch for red flags, and always check bank statements.
- Set up a tip line and other ways for employees to report fraud, and establish a set of guidelines for protecting them once they do.
- Conduct background checks on all employees. Check their references.
- Implement a written code of ethics. This code should be easily digestible and resonate with the industry and business culture. It should include policies outlining conflicts of interest.
- Put clear policies in place for expense reimbursement. Enforce them at the highest levels of the organization.
- Segregate duties and define roles. At the basic level, divide bookkeeping and check signing authority. Don’t have the same person cut the checks, sign the checks and reconcile the bank accounts.
- Educate employees on threats posed by phishing attempts and how to identify them.
- Implement policies for providing appropriate verification of any changes to existing invoices, bank deposit information and contact information.
- Check and update the vendor master file regularly to keep all vendor information current.
- Automate the AP process to ensure security and segregation of duties.
AP Automation and Fraud Prevention
Automating the AP process safeguards against fraud by creating audit trails, segregation of duties and integration with procurement systems that ensure three-way matching and compliance with purchasing policies. What’s more, an AP automation system can automatically flag outliers that appear fraudulent and turn data into reports that make it easy to see changes in spend.
Most accounting solutions can automate much of the work involved with AP and offer the protections outlined above. Technology not only makes it harder to commit fraud but also increases the chance that someone catches any attempted deception quickly.