Purchase to pay process, compliance controls, segregation of responsibilities – all things which to a business can, and are, seen as obstacles to just getting things done. But, they’re a necessary evil without which fraud would run rife.
So what are the most common purchase to pay frauds? We can’t necessarily know which are employed most often, but based on common knowledge and a bit of personal experience we think these are good candidates for the top six.
Hack the finance system
If someone can get administrator access to the finance system, it’s like having the keys to the safe. There’s lots of ways of persuading the IT team to give you admin access especially if you’re involved in system design and testing. Needing to set up new user accounts out of hours for testing has been known to do the trick. In an organisation that hasn’t buttoned down its IT security procedures, there is always a way. Once granted, new fictitious users, suppliers – even bank details are simple to add.
No PO – No Problem
This requires collusion with a supplier. A surprising number of companies will retrospectively create a purchase order to match an invoice in order to get it paid. If invoices are paid on the nod below a certain level, this loophole can easily be exploited. Let’s say for example that any invoice below £1,000 gets paid – even if there’s no purchase order – all that’s then required is to have a chat with a friendly supplier, get a few invoices submitted and split the proceeds.
Make friends and undermine Control
Segregation of responsibilities is all about preventing collusion and these controls are the enemy of the fraudster who will work hard to undermine them. The fraudster will make friends, do people favours and offer t o take workload off colleagues. When they need to call in a favour that involves compromising controls – it becomes easy.