IMGCAP(1)]I’ve worked to identify vendor risk and help companies prevent fraud as a certified fraud examiner for almost 10 years, and it’s given me a unique perspective on how fraud is perpetrated. The fact is, it’s easier for someone to “turn to the dark side” and decide to commit corporate fraud than you may think. Here’s what they could do.
First, they could make up a company whose acronym is well known, like IBM. But in the fraudster’s company, IBM stands for “In Business since Monday.” Next, they could send invoices to big and small companies alike. Not everyone will pay, but I know from my years in the field that there are plenty of companies out there that, when they see an invoice from an IBM or a Simon & Schuster, automatically send the invoice through for payment.
Vendor fraud occurs every day. It happens in small organizations where “Jenny”—who is brilliant at her job of singlehandedly running the accounting department and who brings in muffins every Friday for staff—has been quietly pilfering money for the last 15 years. It happens in large Fortune 500 organizations that only loosely enforce or embrace fraud prevention and detection practices. And there’s a good chance as you’re reading this article that fraud is occurring in your workplace as well.
The Most Common Type of Fraud
When asked why he robbed banks, notorious criminal Willie Sutton replied, “Because that’s where the money is.” Most incidents of fraud occur within accounting departments for the same reason—that’s where the money is. In addition, asset misappropriation schemes are frequently the most insidious and difficult to detect, often lingering for years.
The positive news is that companies are fighting back. Thanks to “instant” media and global reporting of fraud cases, companies are waking up and realizing, “This could be me.”
Facing Your Fears
There are numerous reasons companies don’t actively monitor for fraud. Staying in their comfort zone is the most common. Employees can fall into habits of glazing their eyes over contracts or invoices. They’re forwarding invoices for payment without tying them back to contracts. They’re putting too much trust in people with no controls in place to act as a check-and-balance system.
There are cultural challenges. In places like Asia, for example, it’s socially unacceptable to challenge someone who ranks higher than you. In the U.K., it’s not uncommon for someone to be aware fraud is occurring, but not feel obligated to report it unless there’s some sort of personal threat or danger to an individual. Even in U.S. corporate settings, the fear of speaking out and being labeled a troublemaker, or worse, losing your job, remains a huge obstacle to fighting fraud.
There’s also a false sense of security circulating among companies that think they have fraud prevention practices in place with passive processes, such as a yearly external audit. Held at the same time each year, external audits are predictable and allow a person plenty of time to exit the company before the audit takes place. And sample audits are often ineffective because they are conducted on such a small portion of transactional data, suppliers and employees that they have a small chance of pinpointing the very fraud they’re designed to identify.
Putting Best Practices in Place
Fortunately, there are proactive tools and practices you can put in place to better protect your company from vendor fraud. Below are best practices every company should employ.
Continuous monitoring: It’s expeditiously more effective to prevent fraud than to chase money that’s already left the building. Continuous monitoring on a daily, monthly and quarterly basis of 100 percent of your data, vendors and employees—with sophisticated scoring methodologies—allows you to block fraud from ever gaining a foothold. Software that spots duplicate or prohibited vendors, identifies supplier-employee collusions and verifies that each of your suppliers is a bona fide business entity helps you tackle fraud head-on, while also reducing your future risk exposure.
Know your suppliers and invoice/payment patterns: Knowing your vendors is key as it allows you to identify exceptions and anomalies. A Fortune 500 company with thousands of suppliers needs to have systems and personnel in place to throw up a red flag if a vendor submits an invoice in a way that’s outside standard operating procedure.
Ensure anonymity: Workers must feel safe to report fraud. Larger companies should have a hotline and make clear to employees how it’s monitored so there is no fear of detection or reprisal.
Employ fraud detection and prevention software: Aside from being able to proactively monitor data across multiple systems and formats to identify, score and prioritize your risks, technology also helps overcome cultural challenges. Now it’s a system throwing up a red flag, enabling employees to fall back on processes and say, “I’m obligated to investigate this.”
Put your teams in place and identify key stakeholders: Larger organizations often have controls in various functions—a compliance department, ethics committee or internal fraud division. Pre-planning is key. If a fraud is employee-related, who is your contact in HR? Having contacts and processes in place before fraud occurs will save you time, heartache and legal wrangling down the road.
Broadcast your intent to fight fraud: Investigating fraud isn’t a behind-the-scenes “Gotcha!” You want everyone in your company to know you have technology, systems and procedures in place. In other words, send the message that you have eyes on the floor when it comes to fraud, and that you’re not afraid to take action.
Looking Ahead
I’m often asked what I think the future holds when it comes to fighting vendor fraud. Although there is no clear answer, I do think we’ll see a substantial increase in cyber fraud, and I’m encouraging my customers to start preparing now. While there will continue to be upgrades in fraud detection systems and technology (and continuous monitoring practices will grow ever more important), in my mind, the most important and effective fraud-fighting technique is something every company can do today: present a united front.
Fraud detection and prevention are never the responsibility of a single division. From the C-suite on down, companies must send the message that the commitment to unearth fraud is deeply ingrained in corporate culture. Everyone needs to know that continuous monitoring, audits, hotlines and documented processes are all in place and enforced because the company believes in fighting fraud.
The Association of Certified Fraud Examiners’ 2014 “Report to the Nations on Occupational Fraud and Abuse” indicates that the typical organization loses 5 percent of its revenues to fraud each year, and that more than half of those organizations that fall victim to fraud fail to recover their losses. This is more than a cracked window or open back door through which money is flowing out of your organization. This is the roof being ripped off. Let’s work together to keep that roof in place and stop fraud before it has a chance to take hold.
Jacqueline Jones, CFE, is a client manager who specializes in fraud detection at
