Accounts Payable Fraud Services
According to research conducted by the Association of Certified Fraud Examiners (ACFE), U.S. organizations lose an estimated 7 percent of annual revenues to fraud.1
In response to this growing problem, Automated Auditors, LLC (www.autoaudit.com) has developed a suite of algorithms that identifies potential Accounts Payable (A/P) fraud. Typically, we import various tables from your A/P system (A/P, vendor table, employee table) into our proprietary software suite, customize the algorithms to your data, run the algorithms, refine the output, and write a final recommendations report which highlights the vendors we feel are the most abnormal and in need of further research. The graph below depicts our process:
Description of Algorithms
Duplicate Payments
Duplicate payments are often mistakes in payment: perhaps an invoice was paid via check and wire, or via check and procurement card. But, sometimes duplicate payments can indicate fraud. A fraudulent employee may create a duplicate payment and alter the second check and cash it. We typically run the following duplicate payment algorithms, but if additional data is presented, we utilize it to maximize findings (such as service entry sheets).
We use FUZZY-MATCHING logic to remove false positives. Fuzzy-matching is a method of detecting if two text-strings are similar to each other. For example, our software can tell
that the following two invoices are similar because they have the same primary root number:
0012345 12345RE
Fuzzy-matching is also used to identify amounts that are similar. We identify if amounts are:
3% +/- one another half of one another
sum of 2 invoices = 1 other....for example:
Duplicate Vendors
Duplicate vendor numbers for the same vendor can exist legitimately in any A/P operation, i.e. when you have different locations or one is a billing address and the other is a
geographical address. Then there are the mistaken entries where an A/P staff member erroneously created a second (or third!) vendor number. Then there is FRAUD: when an employee purposely creates another vendor id to funnel payments to him or herself, using the same address or banking information. Or perhaps it's an outside job where the vendor is fictitious and they have set up multiple operations and are billing you from different directions.
Whatever the cause - we have the tools to find your duplicate vendors. Using the power of fuzzy-matching logic, we analyze the following fields (and more if you have more) to determine if vendors are duplicate records:
invoice 001234A $280,000 invoice 1234B $180,000 invoice 001234C $100,000
Procurement Card Analysis
Our staff has experience working with Procurement Card (P-Card) data and
specifically identifying overpayments and potential fraud perpetrated using P-Cards. Below is a list of the algorithms we typically run:
Duplicate payments within the Procurement Card data. We will run as many duplicate payment algorithms as is feasible with the data provided.
Duplicate payments: 1 from A/P and 1 from P-Card. Sometimes, purposely or mistakenly, an employee uses the P-Card and in addition, submits a reimbursement request such as for travel, resulting in a duplicate payment. Automated Auditors uses fuzzy-matching algorithms to compare transactional information, which is useful if there exists no real "link" between the A/P data base and the P-Card data base. We can merge by name or an ID if there is one (such as an employee ID) or also by date/amount combinations to identify potential duplicates.
Identification of sequential transactions to highlight split purchases ($5,000 over 5 days of $1,000 each to fly under the radar), both per employee and across multiple employees. Sometimes multiple employees will collude and purchase items that are above the maximum (i.e. $3,000 is a common max threshold) and "split" the purchase between them so it gets approved. They can then take turns purchasing things by this splitting method.
Summary information of Procurement Card data to aid management in making decisions, with specific focus on the highest and most frequent P-Card users. If data are sufficient, conduct detailed analysis on P-Card data, ideas include to
will often fold their receipts up before faxing in, so it appears they only purchased 1 item, when in fact, they have bought several personal items. It is easy to go undetected without a 100% data investigation.
Benford's Law
Benford's Law is a hot buzzword in the fraud-detection world. But what does it do? Benford's Law is a logarithmic phenomenon whereby the first digit of a continuous amount (such as invoice amount) is "1" a little over 30% of the time. We have personally tested this theory out with numerous large datasets and it always holds true. For fraud detection, this means we can identify vendors who are perhaps billing amounts that start with "8" or "9" a lot more frequently than their peer-groups.
Rounded Amounts
Another tool in our toolbox is to identify vendors who are consistently using rounded amount checks (no pennies). Our analysis identifies both low- and high-volume vendor behavior because sometimes the vendor is a hit-and-run fictitious vendor and will just submit a couple of $5,000 invoices and no more. Another scheme is the 'below the radar' scheme where an employee may use a fictitious vendor number to consistently bill for,
say, $300 per week. Our approach identifies both schemes and weeds out false positives by gauging how far from the average the vendor is.
Vendor/Employee Cross-Check
This test is extremely useful for identifying employees who have created a vendor using their personal information. It is very similar to our duplicate vendor check, although we use the employee's information and cross-reference it with the vendor information. We typically compare the vendor and employee by address, phone, banking information, and weed out false positives where there was a valid travel and expense voucher for an employee. We also focus on situations where the vendor appears to be a Corporate Entity, with the same address or other information as the employee. This suggests that perhaps the employee created a fictitious vendor and is funneling funds to him/herself.
Sequential Invoice Numbering
Sequential invoice number is an abnormality because it indicates that the vendor does business with ONLY YOU. If they are legitimate, they most likely will
have other clients. So we use this algorithm to determine if a vendor is billing with sequential invoice numbers, usually they start with "001", "002" and very low numbers and never have a gap. True, this can be legitimate, especially if the vendor tacks on some letters in front or after the number, perhaps meaning the invoice numbers are
sequential just for your company and they have a separate scheme for
other customers. Nevertheless, this is a great tool for identifying vendors that stray from the normal!
Missing Checks
This algorithm is used to identify missing checks/gaps in your check numbering. If checks are stolen, the gap may show up on this report and be invaluable to catching fraud as soon as it occurs.
In this age of "24/7" it is more common to work on the weekends. But to CUT CHECKS on the weekend is still rare, and even more rare on holidays. This algorithm identifies any checks cut on a Saturday or Sunday or a holiday in that year (we have a list of Federal Holidays recognized by the United States government and their dates in the past).
Above Average Payments
Using this algorithm, we identify way above-average payments per vendor by using a 'z-score' outlier detection method. The z-score is just a measure of how many standard deviations away from the vendor payment mean that a single payment is. This algorithm is most useful when combining it with some of the other algorithms, such as the Rounded Amount algorithm. Ask us how we found real fraud using this technique!
P.O. Box
It is common for a vendor to have a P.O. Box as their address, but somewhat less common for that to be the ONLY address you have on record for them. This program identifies vendors for which you only have a P.O. Box (no geographical location). To weed out false positives from this report, we split the report into how many digits are in the P.O. Box number. Why is this useful, you might ask? Large P.O. box numbers, such as "P.O. Box 123456" are usually very large - and legitimate - commercial mail distribution centers, many of which are in Atlanta, GA. If we can isolate the vendors who have
P.O. Boxes with, say, 2 or 3 digits, we are more likely to isolate the abnormal and potentially fictitious vendors.
Mail Drop as Address
Developed by Certified Fraud Examiner, Craig Greene (www.mcgoverngreene.com), this algorithm compares the vendor file with our proprietary and CURRENT list of mail drops across the United States. Our list includes:
the UPS Store
Mail Boxes, Etc (purchased by the UPS Store)
PakMail
any other business categorized as a mail drop / mail box service This algorithm is instrumental in identifying potential fictitious vendors, because fraudsters may often use a mail drop as their "store-front" and have no actual physical location. Again - this behavior might be legitimate and the way we weed out false positives is to cross-check our findings on this report with all of the other reports (See Master Vendor List at the end of this document).
Just Below Approval Levels
This is the algorithm we nick-named "Flying Below the Radar" because that is exactly what the fraudster wants to do. Either by themselves, or via collusion with a manager with approval privileges, an employee may submit invoices that are just below common approval thresholds, such as $5,000, $10,000 and beyond. What are your approval thresholds? We will customize this algorithm to fit your approval thresholds and look for any payments that fall just beneath them. In addition - we look for vendors who exhibit this behavior CONSISTENTLY.
Employee Travel and Expense (T&E) Analysis
In this analysis, we focus on employees who exhibit strange travel and expense voucher/reimbursement behavior. By "strange", we mean:
employees with an unusually high dollar amount total or per-event expense employees with unusually high frequency of T&Es
employees with T&Es dated on weekends frequently
employees with duplicate T&Es (especially duped with a procurement card) employees with T&E totals that violate any known policies at your company
Master Vendor List
Automated Auditors has been doing this business long enough to know that it does no good to give you a pile of lists, from which you have to cull out the good fraud leads. That is why we have developed the idea of a "Master Vendor List". The master vendor list
combines all of the alert lists into one. We do this several ways, but the easiest and most straight-forward is to just add up the number of lists that a vendor appears on. We typically "weight" some lists more than others, though. For example, we weight the "vendor/employee cross-check" list twice as heavily as other lists because this is a very good indicator of fraud. Below is a sample master vendor list, giving you an idea of how we combine the various lists into one shorter list:
Vendor Name Rounded amounts? Vendor/Employee Cross-Check? Mail Drop? Approval Levels? Total # of Lists
ABC, Inc. YES YES YES YES 4
The AA Express YES YES YES 3
Ward & Long, PLC YES YES 2
MailServ Depot YES YES 2
The master vendor list will be easier to manage, and will help us and you identify suspect vendors more quickly.