How to Prevent Accounts Payable Fraud Schemes
Ira Brooker March 17th, 2023
Fraud is a major concern for virtually every area of modern organizations, and the unprecedented rise in cybercrime over the past several years has only made the issue more pressing. Businesses are increasingly finding that they need to do more than focus on protecting against fraud. The more effective approach by far is investing in fraud prevention tools.
As noted by Dr. Rocco Lueck, Assistant Professor at D’Youville University’s Department of Business Administration, in his webinar “Fraud Prevention: Techniques to Reducing the Probability of Fraud in Organizations,” “If we only focus on fraud protection, it’s kind of like driving a car looking through a rearview mirror. It’s already happened. It’s already behind us.”
In this article, we’ll be looking more deeply into accounts payable fraud, including common types of fraud, common risk factors for fraud, and the many ways an organization can leverage AP automation software to prevent fraud. We’ll also explore the benefits of an automated software system for the AP employees who would otherwise need to spend a great deal of time and effort on fraud prevention.
TABLE OF CONTENTS
- What Is Accounts Payable Fraud?
- External and Internal Accounts Payable Fraud – with Examples
- 5 AP Fraud Red Flags
- 5 Common Types of AP Fraud
- Using Benford’s Law to Detect AP Fraud
- Investigating Accounts Payable Fraud
- 5 Ways to Prevent AP Fraud in Your Organization
- How AP Automation Helps Organizations Prevent Fraud
- AP Fraud FAQ
- Watch Fraud Prevention Webinar Recording
Accounts payable fraud can take many forms and come from many directions. The most basic definition of AP fraud is any kind of fraudulent financial behavior that targets or exploits an organization’s accounts payable system. That might include internal fraud committed by an AP employee, external fraud perpetrated by a vendor or supplier, or an employee and vendor working together. It also encompasses the rapidly growing field of third-party fraud, in which cybercriminals gain access to a business’s AP system.
Identifying and preventing cases of AP fraud should be top-of-mind for business leaders across all industries. More than half of large companies experience some sort of invoice-related fraud each year, costing them hundreds of thousands of dollars. A recent study in the United Kingdom found that large businesses lost around $349,000 per year to invoice fraud. Beyond the pure financial risk, letting fraud go undetected can do serious damage to vendor relationships, employee morale, and organizational reputations. That all adds up to costs no business wants to have to pay.
External and Internal Accounts Payable Fraud
Most AP fraud can be broken down into two categories: external and internal fraud. As you might presume, external fraud is committed by groups or people outside of the organization being defrauded, while internal fraud is committed by someone working within the organization. There is also a risk of hybrid fraud, where someone within your organization conspires with an unscrupulous vendor or third-party group to commit AP fraud. Let’s look at some common examples of each type of AP fraud.
Examples of External AP Fraud
As a hub for moving both money and data through an organization, accounts payable departments make a tempting target for criminals. In fact, a 2022 study found that AP departments are more susceptible to business email compromise (BEC) schemes than any other department, with 58% of businesses falling victim. And that’s only one part of the fraud picture. Just a few common examples of external AP fraud include:
- Social engineering scams including business email compromises
- Overbilling or submitting multiple invoices
- Full-price invoicing for incomplete or inferior products or services
- Theft of sensitive accounts payable data
- Invoicing scams involving subcontractors or third-party companies
Examples of Internal AP Fraud
As worrying as fraud from outside actors may be, businesses are statistically at more risk from within their own organizations. Researchers estimate that around two-thirds of AP fraud is committed internally. AP employees typically have access to a vast trove of valuable data and confidential financial information. That can make the temptation to commit fraud difficult to resist for less scrupulous workers. Some common examples of internal AP fraud include:
- Billing schemes involving shell companies, pass throughs, or fabricated invoices
- Forging or stealing physical checks
- Falsified expense reports and reimbursement forms
- Collecting kickbacks from a supplier or service provider
Five AP Fraud Red Flags
Fortunately, there are a number of ways for a diligent AP management team to identify potential fraud early and tamp it down before it spirals out of control. If you’re concerned about fraudulent behavior within your AP system, keep your eyes open for red flags in the following areas:
Watch for evidence of illegitimate or altered invoices, including:
- Invoices that include address or account information that matches an employee’s
- Invoices with missing information or fields left blank
- Invoices with suspiciously round numbers such as $2,000.00
- Invoices with PO boxes listed as addresses
- Invoices listing vague or unspecified services rendered
Your vendor list can reveal a number of forms of fraudulent behavior. Signs of ethical breaches in your vendor management system might include:
- A new supplier who receives an unexpectedly large contract
- Invoices containing data that doesn’t match your master vendor list
- Significant numbers of duplicate or inactive vendors
- Too many employees having access to vendor lists
While it isn’t advisable to treat your employees with undue suspicion, it is wise to keep an eye open for unusual behavior, possibly including:
- Employees who develop an unusually close working relationship with a specific vendor
- Employees who behave secretively about contracts or invoices
- Employees who suddenly seem to be spending more lavishly than usual
When in doubt, listen to your vendors. There may be a fraud problem if your suppliers are noting:
- Late or unusual payments that don’t match up with your records
- Unexpected changes in the invoicing process
- Unusual behavior from their contacts within your company
Five Common Types of AP Fraud
Accounts payable fraud can take many forms depending on the industry, the size of the companies involved, and the specific processes in place. Even so, most examples of AP fraud fall into one or more of the following six categories. Let’s take a closer look at each.
1. Billing schemes
The most commonly identified form of accounts payable fraud involves some form of billing scheme. This can take a number of forms, including shell companies set up to create invoices for nonexistent services or goods, pass-through schemes that create a shell company to add a mark-up to legitimate invoices, and exploiting the master vendor file to issue invoices on behalf of inactive vendors.
2. Check Fraud
AP-related check fraud generally involves employees stealing or falsifying physical checks and depositing them into an account that they can access. Access to accounts payable systems means these employees are often able to cover their tracks by manipulating accounting records.
3. ACH Fraud
Automated clearing house (ACH) transactions are a frequent target for fraud in an era of rising cybercrime. Hackers often employ bogus invoices or other social engineering attacks to gain access to an employee’s credentials. That allows them access to the AP system and the valuable data it contains.
4. Expense Reimbursement Fraud
For businesses that regularly allow employees to submit expense reports for reimbursement, inflated expenses, duplicate receipts, and fabricated purchases are all common pitfalls.
5. Kickback Schemes and Conflicts of Interest
Kickback fraud in an AP department involves collusion between an employee and a supplier to submit fabricated or inflated invoices, with the two parties splitting the excess profit between each other. These schemes often involve a conflict of interest in which someone uses a position of authority or an external relationship for unethical purposes — an AP employee conspiring with a former schoolmate who works for a supplier, for example.
Presenter: Rocco Lueck, Professor, D’Youville University
Many organizations focus on fraud detection techniques, but few utilize fraud prevention strategies. Register for our webinar to find out what constitutes a fraud prevention program and which elements exist in an organization’s culture that supports the prevention of fraud.
Using Benford’s Law to Detect AP Fraud
If you’ve done any research on accounts payable fraud, you may have seen mention of Benford’s law. This is an important concept for understanding common methods of fraud detection, but it may require some explanation for the layperson. Let’s discuss the idea and why it matters to your fraud prevention efforts.
What Is Benford’s Law?
To understand Benford’s Law, it may be helpful to know that it is alternately known as “the law of first digits” and “the leading digit phenomenon.” Named for the American physicist Frank Benford, it states that in any large set of naturally occurring numbers, smaller digits will appear disproportionally as the lead digit. Studies have shown that in such a set of numbers, “1” will be the lead digit around 30% of the time, while “9” will be the lead digit only about 5% of the time. If lead numbers were distributed evenly, each digit from 1 to 9 would occur as the lead around 11% of the time. This phenomenon occurs most regularly in sets of numbers that span several orders of magnitude.
When to Use Benford’s Law to Identify Fraud
Benford’s Law is a useful tool for identifying fraud because it can provide an easy visual illustration of whether a number set is naturally occurring or has been artificially altered. In most cases, a large set of natural numbers will include a high concentration of numbers with “1” as their lead digit. If all of the numbers in that set are included in a bar graph, the bar for numbers beginning with “1” will be the tallest, with each digit from 2 to 9 represented by progressively shorter bars. This is known as a Benford curve.
On the other hand, a set of fraudulent or fabricated numbers is much less likely to follow a Benford curve. Whether the data set is generated by a computer or by hand, research shows that patterns will almost always emerge that reveal the set as non-natural. While Benford’s law is not an infallible test for fraudulent behavior in an AP setting — there are simply too many variables involved to definitively say that the absence of a Benford curve equals evidence of fraud — it is a strong indicator of a situation that demands further investigation.
Investigating Accounts Payable Fraud
No one wants to have to face down fraud in their AP department, and the odds are that most teams will never be put in that position. Even so, it’s important to be prepared to conduct an efficient and effective investigation if and when the situation does arise. Investigating potential accounts payable fraud requires some specific approaches and bases of knowledge. Let’s break down a few key areas of focus.
How to Find Fraud in Your AP Department
Suspicion of AP fraud can arise from any number of angles depending on the type and size of your business, but in most instances fraud investigations are initiated in one of three ways.
Conducting regular audits of your AP processes and records should be a regular part of your housekeeping routine. Periodical deep dives into your data can reveal telling anomalies and inconsistencies that point to fraud such as duplicate payments and invoices from inactive vendors.
After AP employees, AP managers are the most likely people to be able to identify fraud within your department. Managers should be tuned in to departmental norms and expectations, and maintain a close working relationship that engenders the trust employees need to feel safe presenting evidence of fraud.
What To Do If You Find Evidence of AP Fraud
In the unfortunate event that your organization positively identifies accounts payable fraud, you’ll need a plan to deal with it swiftly and decisively. In most cases, that means administering some form of internal discipline to the employees involved. That might mean anything from probation to termination, depending on the extent of the fraud and the roles of the employees involved. Some employers may wish to turn the case over to law enforcement, which can be an effective deterrent against future fraudulent behavior even if it does not result in a conviction.
Accounts Payable Fraud Prevention
As the old saying goes, an ounce of prevention beats a pound of cure. There are a number of approaches an AP department can take to prevent fraud from becoming an issue in the first place. That will almost always prove more efficient and less burdensome than trying to repair fraud damage after the fact.
The agent-principal problem is an economic concept acknowledging that the goals of an organization will not always align with the actions of its representatives. In an accounts payable setting, that might manifest as an AP employee making arrangements with a vendor or supplier that are not in the organization’s best interests. This could happen for a number of reasons, including fraudulent behavior. For example, an employee running a pass-through scheme might choose to accept a contract with a higher-priced vendor than the company would prefer in order to pocket more of the fraudulent profits.
The agent-principal concept represents a chance for organizations to prevent fraud through a combination of intelligent hiring decisions, open communication, and regular reviews. A well-vetted employee who feels that their needs and concerns are being heard, and who receives regular feedback about performance and expectations is less likely to act against the organization’s interests than an employee who feels that no one cares or notices what they do in the workplace.
The Fraud Triangle Theory
The fraud triangle is a concept introduced by business writer Steve Albrecht stating that many instances of fraud are motivated by three factors:
- Perceived pressure
- Perceived opportunity
- Rationalization that the fraud is somehow justified
Essentially, this theory states that an employee who feels pressured to live up to certain expectations and has access to systems that can be defrauded may be able to convince themselves that theft is acceptable in their specific circumstances. “Oftentimes, individuals who commit fraud will rationalize it: ‘Well, I didn’t get that promotion,’ or ‘They pay more at another company.’ However they present it, it’s rational to them at the time,” says Dr. Rocco Lueck.
Organizations can cut down on fraud by addressing each side of the triangle. Clear communication and two-way feedback sessions can help to alleviate some pressure for employees and also alert managers to issues that may fuel that pressure. Opportunity for fraud can be reduced via a well-organized chain of command that gives access to sensitive systems only to those employees who truly need it.
Five Ways to Prevent AP Fraud in Your Organization
“It is really everyone’s responsibility to prevent fraud,” says Dr. Lueck. “It might not be everyone’s responsibility to detect it, but preventing it should be everyone’s responsibility in the organization.” That sentiment holds true no matter what industry your business operates in. Making fraud prevention a team effort requires a solid strategy that can be communicated clearly throughout your organization. Some key focal points for building out that strategy include:
1. Integrate fraud prevention into your hiring process
Be sure to check references and background information carefully for any potential hire who will have access to your AP system. Dr. Lueck recommends asking fraud-related questions during interviews, such as:
- “Have you ever been part of detecting or preventing fraud?”
- “Did your past organization have a fraud prevention program?”
- “How did you feel about that fraud prevention program?”
2. Set policies that encourage structured interviewsDevelop and test pre-written interview questions that are designed to elicit specific answers. That might include questions about past experiences with fraud or hypotheticals that gauge a potential hire’s reactions to common fraud scenarios.
3. Emphasize fraud in your onboarding process
Once an employee has joined your team, their onboarding process should include education on your organization’s specific fraud concerns, policies for preventing and detecting fraud, and penalties for fraudulent behavior.
4. Train your team to recognize symptoms of fraud
A well-trained team will be more alert to signs of possible fraud. Develop training programs that include elements such as the fraud triangle and principal-agent problem, and instruct employees on your organization’s policy on what to do when fraud is suspected.
5. Plan a strategy for testing employees’ fraud knowledge
Incorporate lessons on fraud prevention into ongoing employee evaluations such as performance reviews. This not only confirms that your workforce is up to date on fraud policies and practices, but also brings fraud prevention to the front of their minds.
How AP Automation Helps Organizations Prevent Fraud
AP automation tools can play a key role in guarding your organization against fraud. Automated software can flag abnormal data and suspicious activity without the risk of human error that comes with a manual system. A three-way matching process automatically compares invoices against purchase orders and receipts of goods or services. If any data is missing or does not match, the document is routed to an exception path for further review. Automation also checks for both duplicate invoices and payments, providing a double layer of protection. Encryption of ACH and positive pay files helps to safeguard against any human tampering or alteration.
“Fraud is one of the biggest concerns we hear about. Businesses know there are all kinds of threats out there, but they don’t always know what can be done to prevent them. The peace of mind our customers get with the MHC NorthStar system is one of our biggest points of pride. “
Gina Armada, MHC CEO
How Can MHC NorthStar Help Your Organization Prevent Fraud?
Is it time for your organization to bolster fraud prevention by making the leap to an automated AP software system? If you’re ready to see some of these anti-fraud tools in action, contact us today to schedule a free demonstration of our MHC NorthStar software solutions. We’re eager to show you the difference a reliable AP automation system can make in guarding your organization against fraud at every level.
See MHC in Action!
Accounts Payable Fraud FAQ
Only a court of law can determine whether fraud has been committed in the legal sense, which serves as a reminder for employers to be cautious about using that specific terminology.
There is no universally agreed-upon profile for employees who are more likely to commit fraud than others. Fraud could be committed by anyone with access and opportunity.
No, small businesses have the same risk of fraud as larger ones, and in fact may have fewer resources available for fraud detection and prevention.
Just as the specifics of fraud will vary widely from organization to organization, so will the ways by which those organizations calculate fraud losses. There is no single method for calculating AP fraud.
While fraudulent activity comes in many forms, some of the most common include billing schemes, fraudulent reimbursement and expense reports, check fraud, ACH fraud, and kickback schemes.
Invoices submitted without key information, employees who seem to be spending beyond their means, master vendor files containing an inordinate number of inactive or duplicate suppliers, and reports of unpaid invoices that do not match internal records are all red flags for a fraudulent vendor.
Fraudulent AP behavior is most commonly identified by a whistleblower within your team or your vendor’s organization. Internal audits and manager reviews can also reveal evidence of fraud.
Fraud prevention begins with alert hiring and onboarding practices and continues with regular fraud training, internal audits, and close communication between AP employees and management. Investing in an automated AP software system that can flag inconsistencies and suspicious behavior is also a hugely useful tool for fraud prevention.
Presenter: Rocco Lueck, Professor, D’Youville University
Organizations lose money to fraud every year. Many organizations focus exclusively on fraud detection techniques, but few try to utilize fraud prevention strategies. This webinar will highlight why it is important for organizations to concentrate on fraud prevention. The webinar will also demonstrate the importance of having fraud policies in an organization, and how not having them could cause disruption to the success of preventing fraud.
Dr. Rocco Lueck, Assistant Professor at D’Youville University’s Department of Business Administration, develops and teaches courses in Economics, Financial and Managerial Accounting, Financial Management, and Corporate Finance.
Fill out the form to get exclusive access