Is your business inadvertently handing over the keys to its safe to unscrupulous employees or even total strangers? The Association of Certified Fraud Examiners (ACFE) estimates that 5% of all revenue is lost to occupational fraud every year, while research by the Accounts Payable Network reports that 44% of organisations have experienced some level of fraud in the last three years.
A trinity of factors known as the “fraud triangle” can align to push a usually law-abiding citizen to do something unethical (in fact, it’s often a seemingly model employee in collusion with a supplier). All it takes is pressure, such as personal debt, opportunity, and the rationalisation that the fraudulent act is somehow justifiable or “no big deal” in the grand scheme of things.
Fraud isn’t 100% preventable – deception and opportunism are part of human nature. But there are steps you can take to deter and detect fraudulent attempts through continuous monitoring and surveillance. In fact, the ACFE found that companies could halve time to detection and reduce losses by two-thirds by adopting proactive fraud prevention measures rather than a reactive posture, such as an internal audit, accurate vendor master data or simply waiting for a tip-off.
Detecting fraud by the numbers
Fraudsters are not always the sharpest tools in the box, and tend to leave forensic clues to their shady exploits, so purchase-to-pay (P2P) organisations are increasingly turning to data analysis to aid their detective work. For example, fraudsters often create fake invoices in rounded amounts (with no pennies or cents), so you may wish to try and rank your vendors by those with a high percentage of rounded-value invoices. It’s also worth applying “fuzzy” matching to identify similar invoices as well as exact duplicates, such as those with values within a 5% range, those where one value is exactly double the other, or those with amounts that start with the same four digits.
Another tell-tale clue is invoice values that are just conveniently below management approval thresholds, so run a search to identify invoices that are <3% under the approval amount and flag them for investigation. Monitoring vendor invoice volumes can also alert you to abnormal behaviour: a sharp uptick in invoices may be attributable to a legitimate increase in business, or an indication that a fraudster is getting more confident (or complacent) at stealing your money.
Using fraud analytics to uncover suspicious activity
It can be labour-intensive to proactively carry out manual, spreadsheet-based analyses, or you may find your techniques aren’t sophisticated enough for less clumsy and conspicuous forms of fraud. That’s why organisations are adopting analytics solutions that use complex algorithms to do the heavy lifting of unearthing suspicious activity. For example, using a scoring system, it’s possible to identify abnormally large invoices for a given supplier by identifying the average and standard deviation of their values.
Another useful principle is Benford’s Law, also known as the ‘first-digit phenomenon’. This observes that certain numbers, such as 1 and 2, naturally occur more frequently as leading digits in data sets (about 30% and 17% of the time respectively) than those beginning with 8 and 9 (around 5%). If you’re too young to remember logarithmic tables or skipped stats class, it basically means that the first digits in data sets like invoice values aren’t distributed uniformly, as you might imagine, but along a curve. So if the first digit of invoices is say, eight, 50% of the time rather than 5%, something may be amiss. While any anomalies aren’t conclusive proof of fraudulent activities – it is possible to produce a false positive – it can suggest that deeper digging is called for.
By using multiple variables as check points and more sophisticated analysis, it’s possible to score suppliers, either individually or on aggregate for risk indicators, in much the same way as the now-familiar practice of credit-scoring quantifies lending risk.
An ounce of prevention is worth a pound of cure
While all of this detective work after the fact can be highly effective, it’s worth remembering that automation can have a dramatic impact on internal and external fraud prevention. Invoice fraud thrives in an environment with poor visibility into the invoice process and weak payment controls. Adopting purchase-to-pay analytics such as Basware’s can provide the visibility to help everyone in your organization to manage spend, remove waste, cut costs and optimise use of working capital all whilst preventing fraud.