Essential Guide to Accounts Payable Fraud: Types, How to Spot It & Prevention

Blog Credit: Scott Beaver, February 17, 2022 (Essential Guide to Accounts Payable Fraud: Types, How to Spot It & Prevention | NetSuite)

In order to protect the financial assets and security of an organization, companies of all sizes should be hyperaware of their financial transactions and implement measures to both curtail and respond to fraudulent payments and activities. Failure to do so could leave businesses at a significant risk for accounts payable fraud, which could severely damage their reputation and incur high costs that could affect their financial health.

What Is Accounts Payable Fraud?

Accounts payable fraud is a common type of deception that targets a company’s accounts payable department, which is responsible for paying suppliers and other vendors. Accounts payable fraud can be committed internally by employees, externally by vendors, the two parties working in concert, or, increasingly, by an outside party looking to gain access to the company’s accounts payable systems.

Fraud hits every business hard. A typical organization loses 5% of its revenue to fraud every year, with a median loss of $125,000, according to the Association of Certified Fraud Examiners (ACFE). Fraud typically goes unnoticed for an average of 14 months, resulting in average losses of $8,300 a month.

How Does Accounts Payable Fraud Work?

Under the ACFE’s Fraud Tree, accounts payable fraud falls under “asset misappropriation.” These are the most common forms of occupational fraud.

Accounts payable fraud involves fraudulent disbursements, the most common of which are billing schemes, check tampering and expense reimbursement schemes.

An employee could run a billing scheme by creating a shell company and then submitting false invoices. This can be easier to perpetrate if the invoices are for things that aren’t physical goods, like consulting services. In a check tampering scheme, an employee steals and forges checks from their employer and then keeps the money for themselves. Suppliers can commit fraud by intentionally overbilling or double billing for services and then collecting these additional funds.

Fraud can also occur as the result of a bad actor looking to gain access to a company’s bank accounts through a phishing scheme, in which they often mimic key vendors and send fake invoices that, when opened, give them access to the business’s system.

Five Red Flags for AP Fraud

The overwhelming majority of organizations find out about fraud from whistleblowers, according to an ACFE study. Internal audits and management reviews rank second and third as the most common sources of detection. But ACFE notes proactive surveillance, establishing IT controls and account reconciliation can cut the time fraud goes unnoticed in half.

Some places the ACFE recommends looking for red flags include:

  1. Invoices. Invoices that list the same address as an employee’s, only have a P.O. Box number listed or have even-numbered totals are red flags. Also look for key details missing on the invoices, such as a tax ID number or purchase order (PO) number.
  2. Vendor master file. Monitor the vendor master file for a large number of inactive or duplicate suppliers. Watch for the same suppliers getting contracts or a new supplier getting a large, unexpected contract. Keep an eye out for invoices that don’t match the address in the vendor master file.
  3. Checks. Missing checks and signatures that don’t look right are possible signs of check fraud.
  4. External complaints. Complaints from suppliers about late payments or non-payments when your records suggest you’ve already paid them could signal an issue.
  5. Employee behavior. At least one behavioral red flag was present in 85% of the fraud cases studied. Common red flags included employees living beyond their means and having financial difficulties, unusually close associations with vendors or customers and unwillingness to share duties.

Six Common Types of AP Fraud

  1. Billing schemes. Billing schemes were the most common type of fraud perpetrated by the accounting department in ACFE’s 2020 study. Billing schemes can take on a few different forms, including:
    1. Setting up a shell company for which the employee can generate false invoices and cut checks. Fraudulent invoices for services companies are most common because there is no physical inventory to account for.
    2. Pass-through schemes, in which an employee who approves invoices and authorizes payments sets up a shell company that orders things the company legitimately gets from another supplier. These items are then marked up and sold to the business through the shell company, and the employee keeps the profit.
    3. Generating invoices from inactive suppliers in the vendor master file and writing checks to vendors the company no longer does business with.
  2. Check fraud. In the AFP’s 2020 Payments Fraud and Control Survey, check payment schemes were the most frequent type of fraud. Employees committing check fraud forge or steal physical checks and deposit them into an account they control. Often, they then change the code in the accounting system to hide it.
  3. ACH fraud. As more organizations shift to ACH payments, this is an area to keep a close eye on. Bad actors increasingly target ACH in cyberattacks, in which they gain access to the system through a compromised business email account. Often, these bad actors will send an invoice that looks like it’s from a supplier, but once someone clicks the link or opens the file, the attacker gains access to the system and can steal valuable information. ACH fraud can also occur when an employee opens a personal credit card with their employer’s account information.
  4. Expense reports/reimbursement fraud. The most common examples of this type of fraud include falsifying receipts, duplicate expensing by employees who dined and traveled together for the same meals, submitting non-qualifying transportation and entertainment expenses, claiming the maximum expense amount that doesn’t require a receipt or overstating mileage.
  5. Kickback schemes. In a kickback scheme, employees and their suppliers work together to earn money on the side. For instance, the supplier inflates an invoice, the AP clerk cuts the check, and they split the additional money.
  6. Conflict of interest. Kickback schemes are often borne of conflicts of interest, which could materialize if someone in the organization is related to the supplier or receiving significant gifts from the supplier. Conflicts of interest can become a problem when someone uses their professional or official role for personal or corporate gain.

What Is Benford’s Law?

Those looking for fraud often apply Benford’s Law, which has to do with the expected occurrence of leading digits in a dataset. Under this law, the numeral 1 will be the first digit in a naturally-occurring set of numbers 30.1% of the time, while the numeral 2 will be the leading digit 17.6% of the time and each numeral after, from 3 through 9, will be the first digit with decreasing frequency.

Fraud examiners use Benford’s Law to determine whether datasets, like a group of payment amounts, are genuine. For example, if an employee’s expense report lists 100 line items whose distribution of first digits differ significantly from the distribution outlined in Benford’s Law, examiners have reason to believe the employee forged their expense reports.

Investigating Fraud

Catching and investigating AP fraud committed by employees, vendors and outside parties starts with creating audit trails, segregation of duties and integration with procurement systems. Here are the basic steps.

How to Find Fraud in Your AP Department

Whistleblowers — especially at smaller companies — most often alert the business to potential fraud. Make sure your company has procedures in place that both encourage whistleblowers to come forward and protect them once they do. ACFE’s report reveals that whistleblowers increasingly prefer to come forward via email or a web form. They are also likely to report fraud to a direct supervisor, so it’s crucial that managers are trained and educated on how to handle such complaints.

After whistleblowers, regular audits and reviews by management are the second and third most common ways organizations catch fraud. Best practices include starting by carefully reviewing bank statements, monitoring for duplicate payments and regularly checking vendor master files to guard against invoices from inactive suppliers.

What to Do if You Find AP Fraud

In the cases examined by the ACFE in which an organization determined an employee committed fraud, 80% of the employees responsible received some form of internal punishment. Employees were more likely to be fired for fraud than managers or executives. Although 59% of businesses reported these cases to law enforcement, a smaller number resulted in criminal conviction or a civil judgment.

10 AP Fraud Prevention and Detection Tips

Most organizations do not recoup their losses from fraud, making it even more crucial to prevent fraud in the first place.

To prevent accounts payable fraud:

  1. Be proactive — conduct regular audits, monitor KPIs closely, watch for red flags and always check bank statements.
  2. Set up a tip line and other ways for employees to report fraud, and establish a set of guidelines for protecting them once they do.
  3. Conduct background checks on all employees. Check their references.
  4. Implement a written code of ethics. This code should be easily digestible and resonate with the industry and business culture. It should include policies outlining conflicts of interest.
  5. Put clear policies in place for expense reimbursement. Enforce them at the highest levels of the organization.
  6. Segregate duties and define roles. At the basic level, divide bookkeeping and check signing authority. Don’t have the same person cut the checks, sign the checks and reconcile the bank accounts.
  7. Educate employees on threats posed by phishing attempts and how to identify them.
  8. Implement policies for providing appropriate verification of any changes to existing invoices, bank deposit information and contact information.
  9. Check and update the vendor master file regularly to keep all vendor information current.
  10. Automate the AP process to ensure security and segregation of duties.

Safeguard Against Fraud with AP Automation

Automating the AP process safeguards against fraud by creating audit trails, segregation of duties and integration with procurement systems that ensure three-way matching and compliance with purchasing policies. What’s more, an AP automation system can automatically flag outliers that appear fraudulent and turn data into reports that make it easy to see changes in spend.

Most accounting solutions can automate much of the work involved with AP and offer the protections outlined above. Technology not only makes it harder to commit fraud but also increases the chance that someone catches any attempted deception quickly.

Given the extent to which AP fraud can result in financial losses and negatively affect a company’s reputation, it is understandable why tackling this problem can seem daunting. But stopping AP fraud before it starts is critical, and having systems in place that can identify, deter and effectively react to fraudulent activities could substantially protect the integrity and future prosperity of a company. Ultimately, by being aware of the different types of fraud and being proactive, businesses can prevent and minimize the negative effects of this crime.

Accounts Payable Fraud Frequently Asked Questions

How is accounts payable fraud calculated?

There is no single formula to calculate AP fraud, and the amount of money lost to this activity will vary widely from one company to the next. Within the average organization, fraud usually goes undetected for 14 months and incurs 5% of a business’s yearly revenue. Thus, companies should use Benford’s Law, look out for missing checks and investigate complaints from suppliers and invoices lacking key information to spot fraud and calculate how much money they are losing.

How can accounts payable fraud be prevented?

The best way for businesses to protect themselves against AP fraud is by staying vigilant and closely monitoring their transactions and financial statements for inconsistencies, hiring trustworthy employees and fostering an ethical work environment in which they feel inclined to report fraudulent behavior. Other best practices include clearly defining employee’s roles to separate financial duties amongst workers, consistently updating vendor information and strengthening internal controls to ensure that adequate verification is required to adjust financial statements.

What are some of the abuses regarding accounts payable?

The most common abuses within the accounts payable process are billing schemes, check fraud, ACH fraud, expense reports and reimbursement fraud, kickback schemes and conflicts of interest.

How do you spot a fraud vendor?

Signs of a fake vendor include invoices that are missing necessary information, making them untraceable, vendor master files containing significant amounts of inactive or duplicate suppliers that are receiving large and unexpected contracts, and employees who seem to inexplicably be living beyond their means. Business leaders should also be on the lookout for checks that go missing or contain inconsistent signatures and suppliers notifying them of late or non-payments that were already accounted for within the company’s records.

Achieve Better Business Results with NetSuite & CE

Grow and scale your business while gaining a competitive advantage with NetSuite’s best-in-class integrated cloud business software and CE’s expertise in NetSuite implementation, advisory, managed services and direct staffing. Let us show you how to leverage our direct staff pool of resources to realize better insights, organizational efficiency, increased profitability and improved relationships with your suppliers and customers – and ultimately take your business to the next level.

Contact CE today to learn more about our NetSuite consulting services.