John Verver, CPA CA, CISA, CMC

Advisor to ACL


Fraud within accounts payable (AP) systems is one of the most common types of fraud, impacting a wide range of organizations. As many fraud risks are well known, it’s likely controls have been designed specifically within an AP application or the overall purchase-to-payments process to combat them.

However, just because an anti-fraud measure has been implemented doesn’t necessarily mean it’s effective. Fraudsters, whether employees or vendors, are often adept at finding gaps and ways around fraud controls.

So what can organizations do to find out if, despite implementing fraud controls, fraud is actually taking place? A good place to start is with data analytics. It can be a very effective way of uncovering multiple indicators of fraud buried within the data mass that supports an AP system.

Let’s look at 10 ways that data analytics can be used to detect fraud.

1. Duplicate payments

Fraudsters often know that processing a purposeful duplicate payment is a simple form of fraud, and that if caught, it’s easy to pass off as a simple error.

A vendor may know there are weaknesses in a customer’s payment controls and keep submitting the same invoices, hoping they will be processed twice. Another potentially fraudulent duplicate payment system is when an invoice payment is made both through a standard purchase order (PO) system, as well as a “one-time” vendor expense system.

Data analysis tests for duplicate payments typically look for combinations of duplicates related to invoice details (e.g., invoice number, vendor name, date, amount, etc.). For example, is there a transaction with matching data, but a different invoice number? Is there a transaction with the same invoice number, amount and date, but for a different vendor number? And so on …

2. Split purchase orders and split payment approvals

An individual responsible for processing POs or approving invoice payments may know there are no independent checks within their low authorization limits, any more significant amount needs the approval of a senior manager. So, in order to process a sizeable fraudulent PO or payment, they process a series of transactions just under their limit, circumventing the control.

This is easily detected with data analytics. Simply look for any series of PO approvals or payments within a given timeframe and that are within, say, 5% of an individual’s authorization limit.

3. “Phantom vendors”

“Phantom vendor” schemes occur when an employee sets up a fictitious or unauthorized vendor to fraudulently receive payments. An employee may set up a vendor account and submit invoices or process payments for non-existent or fraudulent goods and services.

Data analytics can uncover these schemes by looking for matches between data in separate systems, such as vendor and employee HR systems. Simple tests include looking for matches of employee data and vendor account data, such as addresses, bank account numbers, telephone numbers, and tax ID numbers.

4. Purchases of consumer items

Another common employee fraud involves a manager who is authorized to make and approve purchases of business-related items, but who orders materials or services that are used by the employee.

A simple data analysis test is to look for keywords associated with consumer or home-use items. This may mean creating a data table that includes a list of all suspicious words (e.g., a particular vendor name, such as “Home Depot” or an item description, such as “garage shelving”).

A related test can be performed if the vendor system includes a merchant category code (or equivalent). Data analytics can list any item involving suspect merchant codes such as those relating to home goods, vacations, or luxury items. Another test is to look for matches between a shipping address for something ordered from a vendor and an employee address.

5. “Flip flop” vendor master file changes

Fraud detection data analytics do not have to be applied solely to purchase and payment transactions themselves. For example, an employee could fraudulently access a vendor master and input their own bank account information. This may result in a payment being made directly to the employee’s account, who immediately accesses the vendor master file and reverses the change.

Data analytics can be run against vendor master change data to detect any change that is reversed within a given short timeframe.

6. Invoices with no matching receiving support

This occurs when an employee colludes with a vendor and submit invoices for non-existent or fraudulent goods and services. The payment is approved by the employee, the vendor is paid, and the employee gets a kick-back.

In organizations that track the receipt of goods through a goods received system, then a data analytic can be performed that identifies any failure to find a match between an invoice and the goods received system. This can be extended to check for three-way matches, when appropriate, between a PO, the goods received records, and the invoice.

7. Unusually high pricing for goods and services

An employee may collude with a vendor and approve purchases at inflated rates, in order to subsequently receive a kick-back from the vendor.

An analytic to detect this fraud risk can be performed by comparing the average prices paid for goods and services across a broad range of vendors providing basically similar items. The average cost calculation can be performed on unit cost data for specific items or, say, the average invoice cost from a range of vendors. These forms of analytics are often performed most effectively using visual analytic capabilities in which it becomes very obvious when an average is a statistical outlier.

8. Benford’s Law

Benford’s Law has been used for some time to detect numeric amounts that do not fit expected patterns. Benford’s Law is based on the observation that there is a statistical probability of the percentage of times that a given digit is in a given position in a string of numbers, such as amounts.

Audit analytic software such as ACL includes a Benford capability that automatically produces a graph of the expected distribution of numbers, highlighting any that are statistically unusual. The argument here is that a fraudster may generate payments for personal benefit through false invoices or other means—and that the amounts submitted may not be typical of actual payments.

It’s certainly not a given that an anomaly detected by Benford analysis is fraudulent—however, it could well be an indicator of something unusual, which could be related to fraud.

9. Round amounts

One of the basic assumptions of using analytics to detect fraud is that fraudsters sometimes do things that are not typical of legitimate transactions. For example, a fraudster may process an invoice or payment transaction that is “rounded.” Of course, perfectly legitimate transactions can be based on round amounts. However, in practice, round amounts in payment systems are typically not common, particularly when sales tax and other calculations are applied.

A “round amount” data analytic can be used to quickly detect any amount that ends in an unusually long string of zeroes. The calculation for this is often based on using a MOD() function to determine whether a remainder is a zero.

10. Sequential invoices

Another assumption about fraudsters is that, at some point, they will do something that is not very smart. An example of this would be an employee who sets up a “phantom vendor” account and submits invoices for fictitious goods and services—but fails to reflect the most likely way in which invoice numbers progress in the real world. For example, if the entire range of invoice numbers from Acme Cleaning over a two-year period is from “20101” to “20124,” it would indicate the vendor does not have any other business or customers. Of course, this could be valid in some circumstances, though unlikely.

A sequential invoice number test analyzes all the invoice numbers from each vendor over a given timeframe and indicates the average range between numbers. By focusing investigation on those vendors with the smallest range, it can be a relatively quick process to determine if there is something unusual and potentially fraudulent.

An ongoing process

The greatest value from using data analysis to detect any type of fraud, whether in AP or any other financial process, lies in a constant process of development and refinement.

The 10 AP fraud detection analytics described above are a good place to start for most organizations. After starting with a series of relatively basic analytics and reviewing the value of the results, the next step is often to tweak processes. Some analytics may not prove very useful in practice and may be replaced with others.

Within a relatively short time frame, it is realistic to expect to be able to use a suite of automated analytics on a regular basis and establish an important core element of an ongoing fraud detection program.

Read more on detecting and preventing fraud with analytics.

White paper: Automating fraud detection

White paper:
Automating fraud detection: The essential guide

This white paper identifies some of the key issues in implementing a fraud detection program and provides examples of fraud detection tests for common business process areas.

Download white paper

Share This