PREVENTING FRAUD IN ACCOUNTS PAYABLE

Richard B. Lanza, CPA, CFE, CGMA

LEARNING OBJECTIVES

• Learn why the supplier account is one of the easiest to turn into a means to “steal” from the company.• Understand how anyone is susceptible to fraud and how to scan team members for top warning signs. • Then apply this newfound knowledge to all fraud types across the procure-to-pay processes.• See how report surveillance has been proven to reduce fraud by two-thirds in size while detection timeframes drop

by fifty percent. • Learn about instances when cost-cutting reviews can also become effective fraud fighters.• Walk away with a new set of methods that work together in a combined approach to increase detection rates of

errors and fraud such as: Report list scoring to improve fraud sample productivity Aligning structured and unstructured data for improved data populations Geo-mapping to pinpoint and profile vendors by location Textual and digital analytics to review letter and number patterns for unusual deviations Statistical visualization to allow the analyst to “blink” out fraud in process flows

WHY THE SUPPLIER ACCOUNT?THE RESEARCH

TOP ASSET MISAPPROPRIATION FRAUDS

2014 Report to the Nation – Association of Certified Fraud Examiners

BELFAST CITY COUNCIL £300K BOGUS BANK DETAILShttp://www.bbc.com/news/uk-northern-ireland-23655897

VENDOR BILLING FRAUD/CORRUPTIONIS #1 OR #2 NO MATTER WHERE YOU GO

CORRUPTION IS A WORLDWIDE ISSUE2014 Report to the Nation – Association of Certified Fraud Examiners

Types• Bribery• Conflict of Interest• Gratuities• Extortion

WARNING SIGNS OF SUPPLIER MISMANAGEMENT

Too many active vendors

(with no activity)

Improper segregation

of duties

Difficult to understand or improve spend management

Difficult to manage or improve payment terms

Invalid VAT or Tax IDs

Duplicate suppliers representing parents and

subs, for different companies, or just

mistakes = duplicate pays

Manual invoicing and approval process leads

Lack of vendor reporting Increases opportunity for

fraud

No safety net for when controls break down

REALISTIC APPROACH TO ERROR & FRAUD DETECTION USING SURVEILLANCE

PREDPOL WWW.PREDPOL.COM

Santa Cruz, California experienced:

• 27% decrease in burglary

• 11% decrease in robbery

• 56% increase in arrests

Predictive Modeling To Improve Police Detection

http://bit.ly/1VyQPQY

“PredPol does not replace the experience and intuition of our great officers, but is rather an invaluable added tool that allows our police force to use their patrol time more efficiently and helps stop crime before it happens.” Chief Mark Yokoyama

PREDPOLWorking Smarter Using Algorithms Tested By Earthquake Software

Type

Time

Place

• Crime strikes in the same dimensions

• People are needed to validate activity

• Focuses on a box of predicted crime

• Uses three prediction variables

SURVEILLANCE QUICKLY LOWERS FRAUD IMPACTS

300% Less Loss

200% ReducedDuration

2014 Report to the Nation – Association of Certified Fraud Examiners

Accounting • Accounting Dir. posts false invoice and then hides expense• Puts through phony expenses on T&E• AP Manager adds vendor and invoice• AP over charges or pays twice on purpose

Operations • Approves false invoice• Entertains governmental officials• Receives “facilitation” payments• Puts through phony expenses on T&E

Vendor• Submits known duplicate invoices• Charges higher than normal prices• Could be a family member of the company’s employees

REMEMBER – PEOPLE COMMIT FRAUD

HOW TO STOP A FRAUDSTER

Prevent Opportunities

Input controls, segregation of duties, strong review process as vendors are entered

Proactively Detect Inappropriate Behavior

Review for unusual vendor payment patterns proactively

Which, In Turn, Deters Company Employees From Committing Fraud

CONTROL AUTOMATION

• Who can buy and how much? – Purchase approval user authority

• Who is a vendor and how did we select them? – Vendor entry and validation

• Did we buy this? – 2 way or 3 way matching

• Did we follow the right contract/payment terms? – Analysis of current contract / purchase order to invoice pricing / terms

• Did we pay this while being mindful to all payment terms? – Was the payment rushed without approval?

• What is a deviation?...and who needs to approve it? – Deviations to any of the above questions, over a certain threshold, are forwarded for further review and approval.

GIVE ME A CONTROL AND I WILL PROVIDE YOU WITH A CIRCUMVENTION…

Who• Don’t confuse me with facts – I’m picking XYZ

Review the trail of bidding to see regardless of 3 bid process…why did it always swing a vendor’s way?

• Person deletes user access and trail of master changes Obtain quarterly data for testing

What• Edit the positive pay cheque list prior to bank upload• Multiple same amounts right under a limit

When• Weekend, late timed entries• Post the charge to a past period

FRAUD & ERROR FOCUSEDQUERY AND DATA MINING

THE POPULATION OF DATA

Structured Data

Accounting records

Sub ledger details

Monthly performance measures

Unstructured Data

Documents (Excel, PDF, Word)

Emails

Network Logs

External Data

Geomap Service

OFAC, Other Watch Lists

Tax ID Match Services

Death Masters

WHERE’S THE STRUCTURED DATA TABLES?

• Invoice Header• Payment Ledger• Invoice Distribution• Vendor Masterfile• Vendor Master Log Changes• Purchase Order• Price Table• Tax Table

BBC REITH LECTURESTHE FUTURE OF MEDICINE

• Doctors are not challenged…by anyone

Disturbances – Attitudes, systems, and human behavior play more of a role than technology

Ignorance (failure to know) & Ineptitude (failure to apply knowledge)

1929 – Intern proves heart surgery can be done and is fired

And…people are too polite to “confuse someone with facts”

“Outliers” by Malcolm Gladwell

• Use a checklist so you don’t miss a step

Top recommendation of the series – get a memory jogger

2M infections in the US alone due to not following a checklist

Person at the time doesn’t know what they should have known

http://www.bbc.co.uk/programmes/b04sv1s5

BUT, ISN’T FRAUD ABOUT FINDING THE DEVIATION?

Fraud

APPLYING THE ERROR / FRAUD SCORE

2. Trend Analysis – Multiple persective review of data (digital, textual, size, type, etc.) over time and by the key transaction subsets.

3. Material Score Review Manual/automated review of material transaction values to sizable score ratios

1. Specific Reports – Reports based on history or new hyphothesis to identify fraud

4. Low Score Stat Sample Statistical, stratified, or random sample of lower scored transactions

Keep Looking at the Data,

Test Samples, and Refine Logic

Doing More Analysis to Narrow the Bull’s-eye Selection

SPECIFIC RED FLAG REPORTS ALIGNED TO P2P

• Purchase Requisition and Approval Approver and enterer segregation of duties test

Purchase values are intently placed under approval limits

PO to non-PO spend and 2-way vs. 3-way matching

Purchase order pricing above average variance over time by item

Cataloging vendors into different business lines

Textual Analytics - Excel, Outlook, Word, and Text document analysis of buyers’ data

• Vendor Selection and Entry Sole vendors for a given category or too many

Bad vendor data (blank or inaccurate address, TIN, duplicates, etc.) Obtain and match vendor masterfiles between periods (get it quarterly)

Geomapping or match analysis of employee to vendor information Identify “bad” addresses or unusual locations for a business

Vendor to invoice entry segregation of duties test Vendor entry and approval – the next step to improved control

• Receiving Three way match testing Adjustment analysis by enterer, date, stratification, and time of day

• Invoice Processing Invoices by entry type (focus on manual vs. automated feeds with controls) Duplicate invoices (and payments) Incorrect invoice price to purchase order/contract pricing Adjustment analysis by enterer, date, stratification, and time of day Invoices right under an approval limit Vendors with a higher proportion of credits to invoices Bad invoice data (blank or inaccurate information)

Obtain and match invoices entered between periods (get it quarterly) Look for odd invoice average lengths and round dollar amounts

SPECIFIC RED FLAG REPORTS ALIGNED TO P2P

• Payment Processing Vendor paid to vendor on payment list in bank account and name Gaps in cheque sequence Numerous payments to the same vendor Payments = 0 Days payable outstanding averages by vendor for each quarter

Stratify each quarter by DPO and compare in a Pivot Invoices With Entry Dates After Payment Dates

• Accounting Reconcile the subledger data to the general ledger accounting Unrecorded liabilities

Invoices entered after with invoice dates prior to month end

Age the open invoice debits and credits http://bit.ly/1FzYA2r - Best Audit Finding in $$$ Terms

SPECIFIC REPORTS ALIGNED TO P2P

T&E FRAUD TASK TO REPORT MAPPING

COST RECOVERY OPPORTUNITIES

• Accounts Payable• Audit Fee Benchmarking• Advertising Agency• Document Fleet• Freight• Health Benefits• Lease• Media

• Order to Cash• Project Fraud• Real Estate Depreciation• VAT Tax• Strategic Sourcing• Telecom• Travel and Entertainment• Utilities

COST RECOVERY OPPORTUNITY TESTS

• Accounts that are sole sourced• Accounts that have too many vendors• Categories that map to the “recovery list”• Trend vendor spend over time • Trend volume/value by vendor (scatter graph)• Trend credits to debits in vendor accounts

USING THE 5W QUESTIONS In Your Data Query and Mining Efforts

5. Why (Transactional Score, Value, Type)

4. Where (Geomapping)

3. When (Time, Week, Period End, Month)

2. What (Digital, Textual, Value Strata, Type)

1. Who (Authorized, Buyer, Enterer)

BENFORD’S LAWTHE BASIS OF DIGITAL ANALYSIS

SAMPLE VENDOR RESEARCHFOR TOP SCORED VENDORS

• It works fast to quickly gain a perspective of the business process data: Look for deviations over a 3 year moving average to the current period Text is far richer in business value and providing a picture than simple looking at numbers The trends can be seen quickly to ask relevant questions and also to highlight fraud

TEXTUAL ANALYTICS SUMMARY

MAKING WORDLES WWW.WORLDE.NET

KEY WORD / TEXTUAL ANALYTICS

Opportunity

CHANNEL STUFFING

COOKIE JAR RESERVES

FRAUDULENT SHAM

QUID PRO QUO

SECRET ACCOUNT

Rationalization

DON’T KNOW WHAT ELSE TO DO

PIECE OF THE ACTION

TREAT ME THIS WAY

WORRY ABOUT IT LATER

THEYLL BE SORRY

Pressure

HAVE BILLS TO PAY

FROM PETER TO PAY PAUL

MANAGE EARNING

TICKING TIME BOMB

WALL STREET EXPECTATIONS

FIRST TWO LETTERSBRITBURN SONGS ANALYSIS

See Blog Article at: http://bit.ly/1jFD87b

CALCULATING SCORE RATIO

• Productivity of Report Scores to Transactions

Combined ScoreScores for each report run, which is prioritised in value by report

One TransactionTo be scored for selection

Each transaction has the chance of getting a

100% score

If the transaction shows up on all of the “concerning” reports

SEVERITY TO VALUE

www.basware.comwww.twitter.com/baswarewww.facebook.com/BaswareCorporationwww.linkedin.com/company/basware

THANK YOU

RICHARD B. LANZArich@richlanza.com