Business and accounting fraud is high on the agenda for 2020 as the level of risk of failing to detect the fraud has increased with COVID-19.
Many finance departments that have predominately manual or paper-based processes have been forced to introduce “workarounds” to be able to function with staff working from home, or being furloughed and fraudsters are taking full advantage to exploit these weaknesses.
You probably heard about the controversy surrounding Patisserie Valerie and the suspected £40m fraud involving finance staff and a supplier.
But while business and accounting fraud is a serious problem across the country, you have to question how many businesses are setting themselves up to be victims.
We ask this because in our recent research report 20% of finance workers in UK businesses strongly agreed with the statement that their payment and procurement processes were putting them at risk of fraud.
Think about that: one in five finance staff believe their company is putting itself at risk of fraud.
Overall, 37% agreed their company was at least vulnerable to business and accounting fraud.
That might sound like a lot, but it is likely that the remaining 60+% are actually greatly underestimating how much danger they are in.
Talk to anyone in a finance team – especially one still relying on manual processes – and they will tell you staff are under pressure to deal with hundreds of invoices a day (and are expected to spot fraudulent invoices on sight).
That’s an incredible undertaking but even so, especially with the technology available today, how can so many businesses be at risk of this type of fraud?
Business and accounting fraud is much easier than you’d think
Despite what you might think, business and accounting fraud is much easier than you’d imagine.
All you need is a duplicate invoice with a unique invoice number sent a week or two after the original. If no-one spots it, the invoice gets passed through and paid.
If anyone questions it, just say it was a mistake.
Duplicate invoices is also an increasing problem during the COVID-19 lockdown, as many suppliers are sending duplicate invoices as part of their credit control activities (presumably to shortcut the “we have not received it”) and many organisations are then processing these and paying them.
But how could you not spot a fraudulent invoice you ask?
Imagine this – because it is common:
A fraudster emails you or your finance team that looks like it has been sent by a director or CEO with an attached invoice and instruction to make an immediate payment. Finance jumps into action and make the payment as requested. If the payment is large enough to subsequently draw attention, a very close inspection might show that the email address is being spoofed, or has a single character changed, but it is too late, the damage has been done.
Given that finance workers and the approvers are human (yes, they really are) they could very easily miss something that looks innocent.
And that’s just threats from outside your business.
Online payments and credit cards create the opportunity for employee fraud
According to the three points of the Fraud Triangle, introduced by Joseph T. Wells in 1997, people (even good people) would likely commit fraud if presented with the following:
- The ability to Rationalise their actions
While pressure and rationalisation might not be coming from the company, the opportunity certainly is.
For one, 68% of finance workers in our survey said that their company’s processes were so inefficient and convoluted that they had to work around them to get anything done.
Working outside of normal working processes to get anything done. This in itself presents the opportunity to bend the rules and try your luck.
And many employees are, so it seems.
UK businesses lose £190m a year according to research from NatWest – with 40% of that involving employees – and, in 2018, businesses reported £88m of insider fraud, according to Action Fraud.
Hundreds of millions of pounds in fraud – and that’s just what was discovered.
However, there is another emerging business practice which is presenting even more potential for employees to commit fraud undetected. This risk comes from the rising popularity of using business credit cards and making purchases online through the likes of Amazon, or Office Depot.
Unlike a company’s “official” suppliers, these sites don’t issue invoices. Employees just pick and pay for the item they want. The only evidence of any payment is the debit on the credit card. No-one knows what was bought, who bought it, or even where it was delivered to. Unless there is an accurate audit of who had the card when the purchase was made – there is no way of knowing who it was.
All of this should mean that businesses are creating stricter rules for approvals, or investing in automated technology that can either remove the risk by controlling these purchases before they are made, or capture and identify them for review and audit after the event.
Why aren’t companies investing in business and accounting fraud prevention?
We don’t know.
But if companies are failing to invest in preventative measures, and help finance teams do their jobs, then they have to share the blame when they fall victim to business and accounting fraud – it can’t all sit with the employee (unless it was the employee committing the fraud).
How can automated Accounts Payable help prevent business and accounting fraud?
Is the invoice really from your supplier or has it been “spoofed”? Have you ever paid a supplier invoice twice – paying the original and then the duplicate you requested because the first one got “lost”? Are you sure that a “regular” supplier for small values each month is really a supplier at all and not an ongoing fraud?
These are all things that an automated AP system can detect (as well as confirming where the invoice came from, is it formatted correctly, is the bank or corporation number correct).
Try as they might, under pressure finance teams simply cannot be expected to stay on top of all this. They need help and businesses have a responsibility to give teams the tools they need to do their jobs.
If they don’t and the business becomes a victim of business and/or accounting fraud, they need to look at themselves before taking aim at their finance team.