PREVENTING FRAUD IN ACCOUNTS PAYABLE Richard B. Lanza, CPA, CFE, CGMA.
-
Upload
victoria-hudson -
Category
Documents
-
view
221 -
download
0
Transcript of PREVENTING FRAUD IN ACCOUNTS PAYABLE Richard B. Lanza, CPA, CFE, CGMA.
PREVENTING FRAUD IN ACCOUNTS PAYABLE
Richard B. Lanza, CPA, CFE, CGMA
LEARNING OBJECTIVES
• Learn why the supplier account is one of the easiest to turn into a means to “steal” from the company.• Understand how anyone is susceptible to fraud and how to scan team members for top warning signs. • Then apply this newfound knowledge to all fraud types across the procure-to-pay processes.• See how report surveillance has been proven to reduce fraud by two-thirds in size while detection timeframes drop
by fifty percent. • Learn about instances when cost-cutting reviews can also become effective fraud fighters.• Walk away with a new set of methods that work together in a combined approach to increase detection rates of
errors and fraud such as: Report list scoring to improve fraud sample productivity Aligning structured and unstructured data for improved data populations Geo-mapping to pinpoint and profile vendors by location Textual and digital analytics to review letter and number patterns for unusual deviations Statistical visualization to allow the analyst to “blink” out fraud in process flows
WHY THE SUPPLIER ACCOUNT?THE RESEARCH
TOP ASSET MISAPPROPRIATION FRAUDS
2014 Report to the Nation – Association of Certified Fraud Examiners
BELFAST CITY COUNCIL £300K BOGUS BANK DETAILShttp://www.bbc.com/news/uk-northern-ireland-23655897
VENDOR BILLING FRAUD/CORRUPTIONIS #1 OR #2 NO MATTER WHERE YOU GO
CORRUPTION IS A WORLDWIDE ISSUE2014 Report to the Nation – Association of Certified Fraud Examiners
Types• Bribery• Conflict of Interest• Gratuities• Extortion
WARNING SIGNS OF SUPPLIER MISMANAGEMENT
Too many active vendors
(with no activity)
Improper segregation
of duties
Difficult to understand or improve spend management
Difficult to manage or improve payment terms
Invalid VAT or Tax IDs
Duplicate suppliers representing parents and
subs, for different companies, or just
mistakes = duplicate pays
Manual invoicing and approval process leads
Lack of vendor reporting Increases opportunity for
fraud
No safety net for when controls break down
REALISTIC APPROACH TO ERROR & FRAUD DETECTION USING SURVEILLANCE
PREDPOL WWW.PREDPOL.COM
Santa Cruz, California experienced:
• 27% decrease in burglary
• 11% decrease in robbery
• 56% increase in arrests
Predictive Modeling To Improve Police Detection
http://bit.ly/1VyQPQY
“PredPol does not replace the experience and intuition of our great officers, but is rather an invaluable added tool that allows our police force to use their patrol time more efficiently and helps stop crime before it happens.” Chief Mark Yokoyama
PREDPOLWorking Smarter Using Algorithms Tested By Earthquake Software
Type
Time
Place
• Crime strikes in the same dimensions
• People are needed to validate activity
• Focuses on a box of predicted crime
• Uses three prediction variables
SURVEILLANCE QUICKLY LOWERS FRAUD IMPACTS
300% Less Loss
200% ReducedDuration
2014 Report to the Nation – Association of Certified Fraud Examiners
Accounting • Accounting Dir. posts false invoice and then hides expense• Puts through phony expenses on T&E• AP Manager adds vendor and invoice• AP over charges or pays twice on purpose
Operations • Approves false invoice• Entertains governmental officials• Receives “facilitation” payments• Puts through phony expenses on T&E
Vendor• Submits known duplicate invoices• Charges higher than normal prices• Could be a family member of the company’s employees
REMEMBER – PEOPLE COMMIT FRAUD
HOW TO STOP A FRAUDSTER
Prevent Opportunities
Input controls, segregation of duties, strong review process as vendors are entered
Proactively Detect Inappropriate Behavior
Review for unusual vendor payment patterns proactively
Which, In Turn, Deters Company Employees From Committing Fraud
CONTROL AUTOMATION
• Who can buy and how much? – Purchase approval user authority
• Who is a vendor and how did we select them? – Vendor entry and validation
• Did we buy this? – 2 way or 3 way matching
• Did we follow the right contract/payment terms? – Analysis of current contract / purchase order to invoice pricing / terms
• Did we pay this while being mindful to all payment terms? – Was the payment rushed without approval?
• What is a deviation?...and who needs to approve it? – Deviations to any of the above questions, over a certain threshold, are forwarded for further review and approval.
GIVE ME A CONTROL AND I WILL PROVIDE YOU WITH A CIRCUMVENTION…
Who• Don’t confuse me with facts – I’m picking XYZ
Review the trail of bidding to see regardless of 3 bid process…why did it always swing a vendor’s way?
• Person deletes user access and trail of master changes Obtain quarterly data for testing
What• Edit the positive pay cheque list prior to bank upload• Multiple same amounts right under a limit
When• Weekend, late timed entries• Post the charge to a past period
FRAUD & ERROR FOCUSEDQUERY AND DATA MINING
THE POPULATION OF DATA
Structured Data
Accounting records
Sub ledger details
Monthly performance measures
Unstructured Data
Documents (Excel, PDF, Word)
Emails
Network Logs
External Data
Geomap Service
OFAC, Other Watch Lists
Tax ID Match Services
Death Masters
WHERE’S THE STRUCTURED DATA TABLES?
• Invoice Header• Payment Ledger• Invoice Distribution• Vendor Masterfile• Vendor Master Log Changes• Purchase Order• Price Table• Tax Table
BBC REITH LECTURESTHE FUTURE OF MEDICINE
• Doctors are not challenged…by anyone
Disturbances – Attitudes, systems, and human behavior play more of a role than technology
Ignorance (failure to know) & Ineptitude (failure to apply knowledge)
1929 – Intern proves heart surgery can be done and is fired
And…people are too polite to “confuse someone with facts”
“Outliers” by Malcolm Gladwell
• Use a checklist so you don’t miss a step
Top recommendation of the series – get a memory jogger
2M infections in the US alone due to not following a checklist
Person at the time doesn’t know what they should have known
http://www.bbc.co.uk/programmes/b04sv1s5
BUT, ISN’T FRAUD ABOUT FINDING THE DEVIATION?
Fraud
APPLYING THE ERROR / FRAUD SCORE
2. Trend Analysis – Multiple persective review of data (digital, textual, size, type, etc.) over time and by the key transaction subsets.
3. Material Score Review Manual/automated review of material transaction values to sizable score ratios
1. Specific Reports – Reports based on history or new hyphothesis to identify fraud
4. Low Score Stat Sample Statistical, stratified, or random sample of lower scored transactions
Keep Looking at the Data,
Test Samples, and Refine Logic
Doing More Analysis to Narrow the Bull’s-eye Selection
SPECIFIC RED FLAG REPORTS ALIGNED TO P2P
• Purchase Requisition and Approval Approver and enterer segregation of duties test
Purchase values are intently placed under approval limits
PO to non-PO spend and 2-way vs. 3-way matching
Purchase order pricing above average variance over time by item
Cataloging vendors into different business lines
Textual Analytics - Excel, Outlook, Word, and Text document analysis of buyers’ data
• Vendor Selection and Entry Sole vendors for a given category or too many
Bad vendor data (blank or inaccurate address, TIN, duplicates, etc.) Obtain and match vendor masterfiles between periods (get it quarterly)
Geomapping or match analysis of employee to vendor information Identify “bad” addresses or unusual locations for a business
Vendor to invoice entry segregation of duties test Vendor entry and approval – the next step to improved control
• Receiving Three way match testing Adjustment analysis by enterer, date, stratification, and time of day
• Invoice Processing Invoices by entry type (focus on manual vs. automated feeds with controls) Duplicate invoices (and payments) Incorrect invoice price to purchase order/contract pricing Adjustment analysis by enterer, date, stratification, and time of day Invoices right under an approval limit Vendors with a higher proportion of credits to invoices Bad invoice data (blank or inaccurate information)
Obtain and match invoices entered between periods (get it quarterly) Look for odd invoice average lengths and round dollar amounts
SPECIFIC RED FLAG REPORTS ALIGNED TO P2P
• Payment Processing Vendor paid to vendor on payment list in bank account and name Gaps in cheque sequence Numerous payments to the same vendor Payments = 0 Days payable outstanding averages by vendor for each quarter
Stratify each quarter by DPO and compare in a Pivot Invoices With Entry Dates After Payment Dates
• Accounting Reconcile the subledger data to the general ledger accounting Unrecorded liabilities
Invoices entered after with invoice dates prior to month end
Age the open invoice debits and credits http://bit.ly/1FzYA2r - Best Audit Finding in $$$ Terms
SPECIFIC REPORTS ALIGNED TO P2P
T&E FRAUD TASK TO REPORT MAPPING
COST RECOVERY OPPORTUNITIES
• Accounts Payable• Audit Fee Benchmarking• Advertising Agency• Document Fleet• Freight• Health Benefits• Lease• Media
• Order to Cash• Project Fraud• Real Estate Depreciation• VAT Tax• Strategic Sourcing• Telecom• Travel and Entertainment• Utilities
COST RECOVERY OPPORTUNITY TESTS
• Accounts that are sole sourced• Accounts that have too many vendors• Categories that map to the “recovery list”• Trend vendor spend over time • Trend volume/value by vendor (scatter graph)• Trend credits to debits in vendor accounts
USING THE 5W QUESTIONS In Your Data Query and Mining Efforts
5. Why (Transactional Score, Value, Type)
4. Where (Geomapping)
3. When (Time, Week, Period End, Month)
2. What (Digital, Textual, Value Strata, Type)
1. Who (Authorized, Buyer, Enterer)
BENFORD’S LAWTHE BASIS OF DIGITAL ANALYSIS
SAMPLE VENDOR RESEARCHFOR TOP SCORED VENDORS
• It works fast to quickly gain a perspective of the business process data: Look for deviations over a 3 year moving average to the current period Text is far richer in business value and providing a picture than simple looking at numbers The trends can be seen quickly to ask relevant questions and also to highlight fraud
TEXTUAL ANALYTICS SUMMARY
MAKING WORDLES WWW.WORLDE.NET
KEY WORD / TEXTUAL ANALYTICS
Opportunity
CHANNEL STUFFING
COOKIE JAR RESERVES
FRAUDULENT SHAM
QUID PRO QUO
SECRET ACCOUNT
Rationalization
DON’T KNOW WHAT ELSE TO DO
PIECE OF THE ACTION
TREAT ME THIS WAY
WORRY ABOUT IT LATER
THEYLL BE SORRY
Pressure
HAVE BILLS TO PAY
FROM PETER TO PAY PAUL
MANAGE EARNING
TICKING TIME BOMB
WALL STREET EXPECTATIONS
FIRST TWO LETTERSBRITBURN SONGS ANALYSIS
See Blog Article at: http://bit.ly/1jFD87b
CALCULATING SCORE RATIO
• Productivity of Report Scores to Transactions
Combined ScoreScores for each report run, which is prioritised in value by report
One TransactionTo be scored for selection
Each transaction has the chance of getting a
100% score
If the transaction shows up on all of the “concerning” reports
SEVERITY TO VALUE
www.basware.comwww.twitter.com/baswarewww.facebook.com/BaswareCorporationwww.linkedin.com/company/basware
THANK YOU
RICHARD B. [email protected]