23rd September, 2016
Is your business inadvertently handing over the keys to its safe to unscrupulous employees or even total strangers? The Association of Certified Fraud Examiners (ACFE) estimates that 5 per cent of all revenue is lost to occupational fraud every year, while research by the Purchase to Pay Network reports that 44 per cent of organisations have experienced some level of fraud in the last three years.
A trinity of factors known as the “fraud triangle” can align to push a usually law-abiding citizen to do something unethical (in fact, it’s often a seemingly model employee in collusion with a supplier). All it takes is pressure, such as personal debt, opportunity, and the rationalisation that the fraudulent act is somehow justifiable or “no big deal” in the grand scheme of things.
Fraud isn’t 100 per cent preventable – deception and opportunism are part of human nature. But there are steps you can take to deter and detect fraudulent attempts through continuous monitoring and surveillance. In fact, the ACFE found that companies could halve time to detection and reduce losses by two-thirds by adopting proactive fraud prevention measures rather than a reactive posture, such as an internal audit, accurate vendor master data or simply waiting for a tip-off.
Detecting fraud by the numbers
Fraudsters will always leave forensic clues behind, so P2P organisations are increasingly turning to data analysis to aid their detective work. For example, fraudsters often create fake invoices in rounded amounts (with no pennies or cents), companies can therefore rank vendors by those with a high percentage of rounded-value invoices. It’s also worth applying “fuzzy” matching to identify similar invoices as well as exact duplicates, such as those with values within a 5 per cent range, those where one value is exactly double the other, or those with amounts that start with the same four digits.
Another tell-tale clue is invoice values that are just conveniently below management approval thresholds, so businesses can run searches to identify invoices that are <3 per cent under the approval amount and flag them for investigation. Monitoring vendor invoice volumes can also alert companies to abnormal behaviour: a sharp uptick in invoices may be attributable to a legitimate increase in business, or an indication that a fraudster is getting more confident (or complacent) at stealing money.
Using fraud analytics to uncover suspicious activity
It can be labour-intensive to proactively carry out manual, spreadsheet-based analyses - that’s why organisations are adopting analytics solutions that use complex algorithms to do the heavy lifting of unearthing suspicious activity. For example, using a scoring system, it’s possible to identify abnormally large invoices for a given supplier by identifying the average and standard deviation of their values.
Another useful principle is Benford’s Law, also known as the ‘first-digit phenomenon’. This observes that certain numbers, such as 1 and 2, naturally occur more frequently as leading digits in data sets (about 30 per cent and 17 per cent of the time respectively) than those beginning with 8 and 9 (around 5 per cent ). If you’re too young to remember logarithmic tables or skipped stats class, it basically means that the first digits in data sets like invoice values aren’t distributed uniformly, as you might imagine, but along a curve. So if the first digit of invoices is say, eight, 50 per cent of the time rather than 5 per cent , something may be amiss. While any anomalies aren’t conclusive proof of fraudulent activities – it is possible to produce a false positive – it can suggest that deeper digging is called for.
By using multiple variables as check points and more sophisticated analysis, it’s possible to score suppliers, either individually or on aggregate for risk indicators, in much the same way as the now-familiar practice of credit-scoring quantifies lending risk.
An ounce of prevention is worth a pound of cure
While all of this detective work after the fact can be highly effective, it’s worth remembering that automation can have a dramatic impact on internal and external fraud prevention. Invoice fraud thrives in an environment with poor visibility into the invoice process and weak payment controls. Adopting purchase-to-pay analytics can provide the visibility to help everyone in an organisation to manage spend, remove waste, cut costs and optimise use of working capital all whilst preventing fraud.
Guest contribution by Jereme Pineda, Basware Analytics