Fictitious vendor fraud is a rather common scheme. Unfortunately, it is more difficult to detect than just a quick scan of the payees or the check amounts.
In simple terms, a fraudulently created invoice is usually submitted for payment by the internal accountant, clerk or controller for goods that were never received or services that were never rendered. Services are typically more likely to be the item charged as it is easier to track the receipt of a tangible item than a service. With a service, there is usually not a packing slip evidencing the shipping and receipt of goods.
Controls are easily compromised due to people in a hurry to enter (and pay) the invoice. But is the vendor legitimate? What due diligence have you conducted to verify and establish a vendor in your accounts payable system? Does the company even exist? Who owns the company, and do the owners appear related to anyone in your company? Has such a relationship been previously disclosed? Does your company prohibit transacting business with entities owned or affiliated with employees or members of their family? Is there a purchase order or, better yet, a written contract? Has the service been solicited for bid, or are there multiple quotes? Does the address correspond to a residential or a commercial district? So many questions, so little time!
Prevention begins by having thorough vendor setup procedures in your company’s accounting system. It is well worth spending some extra time on due diligence before entering a new vendor in the system. Always have more than one person involved in authorizing the creation of a new vendor; one person controlling the entire vendor setup from inception through payment authorization is a recipe for vendor payment fraud.
It’s never a bad idea to verify the information on the invoice with a trusted source. How long have they been in business? Is the address a mail drop, a post office box or a residential address?
What about the phone number? Wait—there isn’t one on the invoice? What about an email address? Not one there, either? These warning signs should have your professional skepticism on high alert!
Are you able to search the address and telephone number with your database of existing vendors and employees? What if you have duplicate addresses with different vendors? That’s a red flag!
Who requests the services? The same person who verifies receipt and authorizes the payment? Does this raise your eyebrows?
There are a number of other questions to ask:
- How do you know if the vendor was on site and addressed the alleged problem?
- Was there really a problem in the first place?
- Does the service provider log or clock in when on site?
- Is there a requisition form?
- Does anyone verify that the provider was actually there?
- Who signs off that the work was satisfactorily performed?
- Does the service provider provide you with a detailed bill noting date, service performed, name of employee providing the service and their rate?
Visit the Ohio Secretary of State’s business incorporation website and try searching the business name. When was the business established? By whom? Where? Who is the statutory agent? Do any of these ring bells with anyone within your company (or worse, your accounting department)? You can always verify their existence with a resource such as Dun & Bradstreet.
Adequate segregation of duties with regard to vendor setup, vendor selection, invoice approval and payment is essential to establishing adequate internal controls. The more staff that are involved in the process, the less likely your company will be the victim of a fictitious payment scheme.
Spending a little time implementing a thorough vendor setup program is a great first step in preventing fictitious payment fraud. If you need assistance with reviewing your existing vendor setup program, or creating an effective vendor review program, please call us for assistance.
For more information on fraud prevention in the workplace, download our e-book, Fraud Prevention Measures. Questions? Contact Frank Suponcic in our Valuation and Litigation Advisory Services Group at 440-449-6800.