Accounts Payable Fraud Services



Similar documents
by: Scott Baranowski, CIA

Using Technology to Automate Fraud Detection Within Key Business Process Areas

Auditing for Value in the Procure to Pay Cycle Dallas IIA Chapter. October 1, 2009

Introductions, Course Outline, and Other Administration Issues. Ed Ferrara, MSIA, CISSP Copyright 2015 Edward S.

Performance Audit City s Payment Process

Strong Corporate Governance & Internal Controls: Internal Auditing in Higher Education

AGA Kansas City Chapter Data Analytics & Continuous Monitoring

ACL WHITEPAPER. Automating Fraud Detection: The Essential Guide. John Verver, CA, CISA, CMC, Vice President, Product Strategy & Alliances

Procurement Fraud Identification & Role of Data Mining

Fraud Workshop Finding the truth in the transactions

Accounts Payable Best Practices

FREQUENTLY ASKED QUESTIONS ABOUT ACCOUNTS PAYABLE WHEN DOES THE STATE OF MARYLAND PAY MY VENDORS?

Fraud Awareness Training

Benford s Law and Digital Frequency Analysis

Contract and Procurement Fraud. Vendor Management

How To Prevent Fraud In The United States

Job Streaming User Guide

Fraud Prevention Training

Using Data Analytics to Detect Fraud

Fighting Fraud with Data Mining & Analysis

Internal Controls for Small Organizations. Jen Parker, CPA Director of Accounting & Finance US Youth Soccer

Fraud Prevention: The Prevention and Detection of Fraud Begins with You

Advanced Data Analytics, the Fraudsters Worst Enemy

TECHNOLOGY YOU CAN USE AGAINST THOSE WHO USE TECHNOLOGY FRAUD ANALYTICS: TAKING DATA ANALYSIS TO THE NEXT LEVEL

Why is Internal Audit so Hard?

Fraud and internal controls, Part 3: Internal fraud schemes

THE ABC S OF DATA ANALYTICS

P-Card Fraud Controls. Introduction

Invoice Number Vendor Number Amount A $1, A $1,035.71

Financial Transactions and Fraud Schemes

Preventing Duplicate Payments for Lawson Customers

Purchasing Card Frequently Asked Questions

Conversion. Concealment methods. Example #1: Skimming. Example #2: Skimming GASBO Conference. Thomas Buckhoff, Ph.D.

White Paper - Travel & Entertainment Spend Analytics Best Practices

Investigative Techniques

Fraud Prevention and Detection in a Manufacturing Environment

PROPOSAL RESPONSE FORM Use Additional Sheets as Required

ACL EBOOK. Detecting and Preventing Fraud with Data Analytics

City of Berkeley. Accounts Payable Audit

PAYMENT FOR WORKS, GOODS AND SERVICES FINANCIAL PROCEDURE 11

ACCOUNTS PAYABLE AUDIT RECOVERING LOST DOLLARS AT NO COST

Remote Deposit Capture: The Future of Check Processing BB&T Webinar March 28, 2007 Q&A Session

Introduction to Fraud Examination. World Headquarters the gregor building 716 West Ave Austin, TX USA

A Performance Audit of the State s Purchasing Card Program

KEY FRAUD INDICATORS (KFI): A NEW APPROACH TO SET UP AND USE EFFECTIVE FRAUD INDICATORS

Cash Back FAQs on txu.com

T&E Spend Analysis Report

Leveraging Big Data to Mitigate Health Care Fraud Risk

Data Analytics For the Restaurant Industry

Perp Poetry. Fraud & Embezzlement: Lessons From the Trenches. Presented by. acumen insight. ideas attention reach. expertise depth agility talent

Achieving the Goals of Accounts Payable Automation. White Paper

Continuous Audit and Case Management For SAP: Prevent Errors and Fraud in your most important Business Processes

Internal Controls, Fraud Detection and ERP

OFFICE OF THE CITY AUDITOR

Pay Your Vendors by Single-Use Credit Cards and Improve Your Cash Flow Management

WHAT YOU SHOULD KNOW ABOUT MERGING YOUR PRACTICE

White Paper. 10 Ways to Prevent Business Expense Fraud and Abuse

Citibank PROCUREMENT CARD GUIDELINES

BUSINESS PROCESS (SAS 112 Compliance)

B2B Payments New World

Automated Vendor Form for Disbursement Voucher Vendors Instruction Manual

Office Supplies Purchasing Guidelines Degree Programs. January 2009

Internal Controls and Fraud Detection & Prevention. Harold Monk and Jennifer Christensen

FRAUD RISK ASSESSMENT

DIXIE STATE UNIVERSITY PURCHASING CARD GUIDE

Miami University Purchasing Card Policy & Procedure

GRANITE SCHOOL DISTRICT PURCHASING CARD PROGRAM POLICIES AND PROCEDURES MANUAL

Procure to Pay Process Four Requisition Types. Procure to Pay Process Four Payment Types

Continuous Monitoring and Case Management For SAP: Prevent Errors and Fraud in your most important Business Processes

Fundamentals of Computer and Internet Fraud WORLD HEADQUARTERS THE GREGOR BUILDING 716 WEST AVE AUSTIN, TX USA

OFFICE OF AUDITS & ADVISORY SERVICES ACCOUNTS PAYABLE VENDOR MASTER FILE AUDIT FINAL REPORT

PURCHASING CARD POLICY AND PROCEDURES

Cardholder s Guide Policy for Disputed POS Transactions

Best Practice: Purchasing Card Auditing at Ohio University Shannon Bruce Ohio University

Comparison of Generalized Audit Software

Descriptive Statistics and Measurement Scales

GOVERNANCE: Enhanced Controls Needed To Avoid Duplicate Payments

How To Prevent Fraud On A Credit Card

Basic Account Basic Account

Office of Business and Finance

Association of Certified Fraud Examiners. How to Cheat on Your Expense Report

Dan French Founder & CEO, Consider Solutions

WellsOne Commercial Card Summary-Commercial Card Expense Reporting (CCER)

Case Western Reserve University Procurement Card Policy TABLE OF CONTENTS

INTRODUCTION TO FRAUD EXAMINATION

Data Mining/Fraud Detection. April 28, 2014 Jonathan Meyer, CPA KPMG, LLP

FINANCIAL ELECTRONIC DATA INTERCHANGE GUIDE for Vendors, Localities, Grantees, State Agencies and Non-state Agencies

Perfect Payables. Scott Pezza Research Analyst Aberdeen Group Sush Koka Senior Director, Product Marketing ADP Procure-to-Pay Solutions

Procurement Credit Card Handbook

Transcription:

Accounts Payable Fraud Services According to research conducted by the Association of Certified Fraud Examiners (ACFE), U.S. organizations lose an estimated 7 percent of annual revenues to fraud. 1 In response to this growing problem, Automated Auditors, LLC () has developed a suite of algorithms that identifies potential Accounts Payable (A/P) fraud. Typically, we import various tables from your A/P system (A/P, vendor table, employee table) into our proprietary software suite, customize the algorithms to your data, run the algorithms, refine the output, and write a final recommendations report which highlights the vendors we feel are the most abnormal and in need of further research. The graph below depicts our process: PROCESS FLOW DIAGRAM 1 http://www.acfe.com/resources/publications.asp Christy Warner 571-606-7743 Page 1

Description of Algorithms Duplicate Payments Duplicate payments are often mistakes in payment: perhaps an invoice was paid via check and wire, or via check and procurement card. But, sometimes duplicate payments can indicate fraud. A fraudulent employee may create a duplicate payment and alter the second check and cash it. We typically run the following duplicate payment algorithms, but if additional data is presented, we utilize it to maximize findings (such as service entry sheets). We use FUZZY-MATCHING logic to remove false positives. Fuzzy-matching is a method of detecting if two text-strings are similar to each other. For example, our software can tell Christy Warner 571-606-7743 Page 2

that the following two invoices are similar because they have the same primary root number: 0012345 12345RE Fuzzy-matching is also used to identify amounts that are similar. We identify if amounts are: 3% +/- one another half of one another sum of 2 invoices = 1 other...for example: invoice 001234A $280,000 invoice 1234B $180,000 invoice 001234C $100,000 Duplicate Vendors Duplicate vendor numbers for the same vendor can exist legitimately in any A/P operation, i.e. when you have different locations or one is a billing address and the other is a geographical address. Then there are the mistaken entries where an A/P staff member erroneously created a second (or third!) vendor number. Then there is FRAUD: when an employee purposely creates another vendor id to funnel payments to him or herself, using the same address or banking information. Or perhaps it's an outside job where the vendor is fictitious and they have set up multiple operations and are billing you from different directions. Whatever the cause - we have the tools to find your duplicate vendors. Using the power of fuzzy-matching logic, we analyze the following fields (and more if you have more) to determine if vendors are duplicate records: Christy Warner 571-606-7743 Page 3

Procurement Card Analysis Our staff has experience working with Procurement Card (P-Card) data and specifically identifying overpayments and potential fraud perpetrated using P-Cards. Below is a list of the algorithms we typically run: Duplicate payments within the Procurement Card data. We will run as many duplicate payment algorithms as is feasible with the data provided. Duplicate payments: 1 from A/P and 1 from P-Card. Sometimes, purposely or mistakenly, an employee uses the P-Card and in addition, submits a reimbursement request such as for travel, resulting in a duplicate payment. Automated Auditors uses fuzzy-matching algorithms to compare transactional information, which is useful if there exists no real "link" between the A/P data base and the P-Card data base. We can merge by name or an ID if there is one (such as an employee ID) or also by date/amount combinations to identify potential duplicates. Identification of sequential transactions to highlight split purchases ($5,000 over 5 days of $1,000 each to fly under the radar), both per employee and across multiple employees. Sometimes multiple employees will collude and purchase items that are above the maximum (i.e. $3,000 is a common max threshold) and "split" the purchase between them so it gets approved. They can then take turns purchasing things by this splitting method. Summary information of Procurement Card data to aid management in making decisions, with specific focus on the highest and most frequent P-Card users. If data are sufficient, conduct detailed analysis on P-Card data, ideas include to compare daily purchase amount with item(s) purchased. Fraudulent employees Christy Warner 571-606-7743 Page 4

will often fold their receipts up before faxing in, so it appears they only purchased 1 item, when in fact, they have bought several personal items. It is easy to go undetected without a 100% data investigation. Benford's Law Benford's Law is a hot buzzword in the fraud-detection world. But what does it do? Benford's Law is a logarithmic phenomenon whereby the first digit of a continuous amount (such as invoice amount) is "1" a little over 30% of the time. We have personally tested this theory out with numerous large datasets and it always holds true. For fraud detection, this means we can identify vendors who are perhaps billing amounts that start with "8" or "9" a lot more frequently than their peer-groups. Rounded Amounts Another tool in our toolbox is to identify vendors who are consistently using rounded amount checks (no pennies). Our analysis identifies both low- and high-volume vendor behavior because sometimes the vendor is a hit-and-run fictitious vendor and will just submit a couple of $5,000 invoices and no more. Another scheme is the 'below the radar' scheme where an employee may use a fictitious vendor number to consistently bill for, Christy Warner 571-606-7743 Page 5

say, $300 per week. Our approach identifies both schemes and weeds out false positives by gauging how far from the average the vendor is. Vendor/Employee Cross-Check This test is extremely useful for identifying employees who have created a vendor using their personal information. It is very similar to our duplicate vendor check, although we use the employee's information and cross-reference it with the vendor information. We typically compare the vendor and employee by address, phone, banking information, and weed out false positives where there was a valid travel and expense voucher for an employee. We also focus on situations where the vendor appears to be a Corporate Entity, with the same address or other information as the employee. This suggests that perhaps the employee created a fictitious vendor and is funneling funds to him/herself. Sequential Invoice Numbering Sequential invoice number is an abnormality because it indicates that the vendor does business with ONLY YOU. If they are legitimate, they most likely will have other clients. So we use this algorithm to determine if a vendor is billing with sequential invoice numbers, usually they start with "001", "002" and very low numbers and never have a gap. True, this can be legitimate, especially if the vendor tacks on some letters in front or after the number, perhaps meaning the invoice numbers are sequential just for your company and they have a separate scheme for other customers. Nevertheless, this is a great tool for identifying vendors that stray from the normal! Missing Checks This algorithm is used to identify missing checks/gaps in your check numbering. If checks are stolen, the gap may show up on this report and be invaluable to catching fraud as soon as it occurs. Checks Dated on Weekends and Holidays Christy Warner 571-606-7743 Page 6

In this age of "24/7" it is more common to work on the weekends. But to CUT CHECKS on the weekend is still rare, and even more rare on holidays. This algorithm identifies any checks cut on a Saturday or Sunday or a holiday in that year (we have a list of Federal Holidays recognized by the United States government and their dates in the past). Above Average Payments Using this algorithm, we identify way above-average payments per vendor by using a 'zscore' outlier detection method. The z-score is just a measure of how many standard deviations away from the vendor payment mean that a single payment is. This algorithm is most useful when combining it with some of the other algorithms, such as the Rounded Amount algorithm. Ask us how we found real fraud using this technique! P.O. Box It is common for a vendor to have a P.O. Box as their address, but somewhat less common for that to be the ONLY address you have on record for them. This program identifies vendors for which you only have a P.O. Box (no geographical location). To weed out false positives from this report, we split the report into how many digits are in the P.O. Box number. Why is this useful, you might ask? Large P.O. box numbers, such as "P.O. Box 123456" are usually very large - and legitimate - commercial mail distribution centers, many of which are in Atlanta, GA. If we can isolate the vendors who have P.O. Boxes with, say, 2 or 3 digits, we are more likely to isolate the abnormal and potentially fictitious vendors. Mail Drop as Address Developed by Certified Fraud Examiner, Craig Greene (www.mcgoverngreene.com), this algorithm compares the vendor file with our proprietary and CURRENT list of mail drops across the United States. Our list includes: the UPS Store Mail Boxes, Etc (purchased by the UPS Store) Parcel Post Christy Warner 571-606-7743 Page 7

PakMail any other business categorized as a mail drop / mail box service This algorithm is instrumental in identifying potential fictitious vendors, because fraudsters may often use a mail drop as their "store-front" and have no actual physical location. Again - this behavior might be legitimate and the way we weed out false positives is to cross-check our findings on this report with all of the other reports (See Master Vendor List at the end of this document). Just Below Approval Levels This is the algorithm we nick-named "Flying Below the Radar" because that is exactly what the fraudster wants to do. Either by themselves, or via collusion with a manager with approval privileges, an employee may submit invoices that are just below common approval thresholds, such as $5,000, $10,000 and beyond. What are your approval thresholds? We will customize this algorithm to fit your approval thresholds and look for any payments that fall just beneath them. In addition - we look for vendors who exhibit this behavior CONSISTENTLY. Employee Travel and Expense (T&E) Analysis In this analysis, we focus on employees who exhibit strange travel and expense voucher/reimbursement behavior. By "strange", we mean: employees with an unusually high dollar amount total or per-event expense employees with unusually high frequency of T&Es employees with T&Es dated on weekends frequently employees with duplicate T&Es (especially duped with a procurement card) employees with T&E totals that violate any known policies at your company Master Vendor List Automated Auditors has been doing this business long enough to know that it does no good to give you a pile of lists, from which you have to cull out the good fraud leads. That is why we have developed the idea of a "Master Vendor List". The master vendor list Christy Warner 571-606-7743 Page 8

combines all of the alert lists into one. We do this several ways, but the easiest and most straight-forward is to just add up the number of lists that a vendor appears on. We typically "weight" some lists more than others, though. For example, we weight the "vendor/employee cross-check" list twice as heavily as other lists because this is a very good indicator of fraud. Below is a sample master vendor list, giving you an idea of how we combine the various lists into one shorter list: Christy Warner 571-606-7743 Page 9

Vendor Name Rounded amounts? Vendor/Employee Cross-Check? Mail Drop? Approval Levels? Total # of Lists ABC, Inc. YES YES YES YES 4 The AA Express YES YES YES 3 Ward & Long, PLC YES YES 2 MailServ Depot YES YES 2 The master vendor list will be easier to manage, and will help us and you identify suspect vendors more quickly. Christy Warner 571-606-7743 Page 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information