sponsored by - ittoolboxhosteddocs.ittoolbox.com/28_avoid-overlooking-the-growing-fraud...3 avoid...

Avoid Overlookingthe Growing Fraud Threat

When Planning AP Automation

Prepared by Peter GoldmannPresident, White-Collar Crime 101 LLC

In Cooperation with Tom WalkerPortfolio Manager SAP Invoice Management, Open Text

IAPP/IARP615 East Colonial Drive, Orlando, FL 32803

407-351-3322 • www.TheIAPP.org

resource center/white paper series

Sponsored by

Copyright October 2009 International Accounts Payable Professionals, Inc. All rights reserved. The material and information contained herein are for personal use of IAPP/IARP members and other authorized persons only, and may not be used or reproduced for commercial or any other purposes without the express prior written permission of IAPP/IARP.

Avoid Overlooking the Growing Fraud Threat When Planning AP Automation • By Peter Goldmann • October 2009Copyright IAPP/IARP2

PART 1: INTRODUCTION ..................................................... PAGE 3Exhibit 1: Frequency of Occupational Fraud SchemesExhibit 2: Types of AP Fraud - Median Loss Per IncidentOptimize Before You AutomateBeyond Cost-ReductionAutomation Versus OptimizationExhibit 3: Benefits of Front-End Invoice Imaging

PART 2: HOW AP FRAUD OCCURS ...................................... PAGE 10External AP FraudInternal AP FraudThe Collusion FactorAP Fraud at the Top

PART 3: AP FRAUD RISK MITIGATION ................................ PAGE 16Automation for Fraud Risk MitigationThe SAP Invoice Management by Open Text Opportunity

SUMMARY .......................................................................... PAGE 18

TABLE OF CONTENTS

3Avoid Overlooking the Growing Fraud Threat When Planning AP Automation • By Peter Goldmann • October 2009

Copyright IAPP/IARP

These clichés are all too familiar to executives struggling to boost profits during tough economic times. And while clichés are often taken with a grain of salt, these three are deadly serious in the context of business process automation.

Moreover, they are more serious than ever in light of today’s immensely costly – and worsening – problem of fraud against large organizations of all kinds. Where does much of the fraud hit organizations hardest? Like legendary bank robber Willie Sutton said in a somewhat different context: “Where the money is.” In large corporations, a major portion of the money – primarily that being disbursed to either internal or external payees – involves accounts payable. AP personnel are often taken for granted as “just back-office staff,” but they’re challenged to a staggering degree by both internal and external fraudsters every day. That suggests their critical contribution to the safety and security of the organization’s financial assets deserves closer attention from management, which needs to be more aware of the processes and procedures involved in AP. According to the Association of Certified Fraud Examiners (ACFE), 7 percent of corporate revenue is lost to fraud every year. That translates into a total of $994 billion

annually. To put that into perspective, the cost of the Troubled Asset Relief Program (TARP) bailout of the U.S. banking system after the financial meltdown of 2008 was $700 billion. U.S. companies lose about 30 percent more than that every year to fraud.

PART 1: INTRODUCTION


Exhibit 1

In addition, as shown in Exhibit 1, billing schemes represent the second-most-common form of fraud against organizations, or an estimated 23.9 percent of all fraud cases. Other AP-related frauds such as check tampering, expense reimbursement, and payroll fraud are also major threats, albeit with less frequency. As for the cost of AP fraud, as Exhibit 2 shows, losses attributable to the AP-related frauds mentioned above are nothing to sneeze at. The median cost of the average billing scheme to the victim company is $130,000, and that number is rising, as the exhibit shows. The same applies to check fraud while, as you would expect, the costs of payroll fraud and expense reimbursement schemes are comparatively low and less likely to rise. For your organization, this means that while money is almost definitely being lost to fraud in accounts payable, those losses can be significantly reduced through implementation of stronger internal controls over the AP process.

SOURCE: Association of Certified Fraud Examiners, 2008 Report to the Nation onOccupational Fraud & Abuse


Copyright IAPP/IARP

Exhibit 2

This applies to both internal and external frauds affecting AP. External frauds include such common schemes as double billing by vendors, creation of shell vendor corporations, submission of bogus invoices, and overbilling on price or quantity or both. Internal AP fraud, by contrast, can occur when an AP associate creates a shell corporation and approves phony invoices from that “entity,” or alters dollar amounts or quantities on invoices from vendors owned by a friend or relative and splits the windfall, or falsifies purchase orders to match phony invoices created by the employee. A key problem with regard to most forms of AP fraud is that because so many of these misdeeds involve manual activity by dishonest employees – acting either alone or in collusion with dishonest outsiders – eliminating as many human “touch points” in the AP cycle as possible, and requiring adherence to stringent business rules when this is not possible, is critical to fraud risk mitigation. This is also a powerful way to streamline invoice data capture and management through release for payment by enhancing collaboration between an AP automation tool and the specific process participant whose input is needed to resolve errors, questioned data, or other technical problems efficiently. In short, the solution to most of today’s current AP fraud risks and processing inefficiencies involves implementation and proper management of automation tools.

SOURCE: Association of Certified Fraud Examiners, 2008 Report to the Nation on Occupational Fraud & Abuse


OPTIMIZE BEFORE YOU AUTOMATE

But which automation tools are best for your organization? There are numerous choices on the market. To help in making the best AP automation investment decision, it pays to look beyond simply automating. This means combining AP process optimization with automation. Doing so helps to avoid the mistake many large companies make: automating what they already do, which in many cases is neither the most efficient, nor the most secure from a fraud prevention perspective. (By implication, this also means that automating poor controls translates to automating non-compliance with Sarbanes-Oxley, which requires companies to implement, test, and monitor process controls that prevent fraudulent financial reporting.) Specifically, in a conventional manual AP function, enforcement of business rules is based on after-the-fact audits, whereas AP automation offers the opportunity to enforce these rules during the process. Taking it a technological step further, optimization of your AP business eliminates most of the non-value-adding manual activity that otherwise consumes time, which drives excessive invoice cost and can undermine vendor relationships and result in lost discounts. For example, communication with the company’s procurement function often involves contacting a central procurement representative who has no familiarity with the specific transaction in question. Thus, time must be taken to locate the specific procurement associate in order to obtain the necessary approval or to resolve a billing issue if required. Optimization eliminates this onerous sequence of steps. With optimization, customized algorithms can be built into your automation process that in a matter of seconds examines the source data related to the purchase order and determines the proper “owner” of the transaction. This person may be the originator of the purchase order, the requestor, or possibly a group of buyers related to specific organizational units. The result is circumvention of the inefficiencies inherent in most corporate procurement functions in which there are “strategic” buyers and “tactical” buyers as well as buyers in field locations where segregation of duties is difficult to enforce, thereby leaving the company vulnerable to fraud by dishonest purchasing employees or vendors – or both. When optimization is established to immediately route a specific invoice to a certain procurement associate, much of the vulnerability to fraud is eliminated. For example, this automated role resolution removes a weak link where an AP associate can determine whom to involve in the exception resolution process. In a manual system, for example, an AP processor could collude with a purchasing manager and route a questioned invoice to his cohort to perpetrate the fraud. With an automated system programmed to identify the problem with the invoice and then route it to a predetermined individual with authority to resolve the issue, you eliminate the possibility of having the invoice sent to a co-conspirator. In addition, resolution time is greatly reduced since the proper process participant is


Copyright IAPP/IARP

notified immediately. Analytics provide a clear picture as to who is involved when, and what actions are taken. It is also important to note that using an invoice image rather than the paper invoice preserves the accuracy and integrity of the original source document.

BEYOND COST-REDUCTION

It’s great to cut the cost of invoice processing by scanning paper invoices at the front end of the payment cycle and manually creating an SAP invoice from the image. The first step for many corporations is to eliminate the paper process by implementing document archiving, which involves scanning the paper invoice and storing it in a physical repository. The invoice image is typically linked to the SAP system using SAP’s late archive link functionality or, in some cases, early archiving. While this does remove the cost associated with storage and retrieval of the invoice, it still requires most manual back-office data entry and processing steps. This level of automation is typically referred to as basic AP automation, and companies that have it no doubt are saving money compared to when they used the older, mostly paper-based system. However, technology has progressed, and organizations with large volumes of invoices can now benefit from an even more cost-effective, efficient, Sarbanes Oxley-compliant and fraud-resistant system for managing the full receipt-to-pay invoice cycle.

AUTOMATION VERSUS OPTIMIZATION

According to payments technology consulting firm PayStream Advisors of Charlotte, N.C., “A significant shift is beginning to shake traditional AP operations, starting with the search for automation options that help them address the hassles inherent to people and paper-based activities. Our research indicates that imaging and workflow automation (IWA) solutions that streamline the invoice receipt-to-pay cycle have matured and become mainstream technology.” There are various levels of IWA, depending on what the company wants to achieve. As mentioned above, the most elementary level is called back-end or late archiving document capture and simply involves having AP employees scan and archive paper invoices in order to eliminate the need to store these invoices and to make it easier to access individual invoices once they’ve been scanned into the company’s ERP system. However, with late archiving, an AP employee must still manually link the scanned image to the invoice document that has been manually posted in SAP. This leaves the company open to fraud if, for example, the employee wants to alter the dollar or quantity


amounts on the invoice while inputting the data or linking the image to a phony invoice that subsequently gets approved for payment. In what PayStream aptly terms a “quantum leap” over back-end document capture because it uses SAP early archiving and optical character recognition (OCR) or intelligent document recognition (IDR) to capture the paper invoice data at the beginning of the receipt-to-pay cycle, front-end imaging enables the company to use the captured data to streamline the entire payment process (see Exhibit 3). In addition, the invoice image is available directly from the SAP invoice document at any point in the process. However, with most of these systems, an employee must still validate the accuracy of the data recognition, which still leaves a limited opportunity to manipulate the data for fraudulent purposes.

Exhibit 3

The third and most sophisticated level of IWA combines front-end OCR/IDR metadata input and early archiving with the company’s AP workflow automation technology. This extends the above-referenced system of semi-automating to automation of the full receipt-to-pay invoice cycle, which can yield attractive savings over pre-automation invoice processing. Ideally, through IDR, this system eliminates most of the human involvement in the data input process, thereby closing a loophole that could result in fraudulent activity.

SOURCE: PayStream Advisors


Copyright IAPP/IARP

However, there is still a potentially costly problem involved in all of these approaches to AP automation: When the company automates its existing invoice process cycle, it may inadvertently be automating control deficiencies “built in” to those processes as well. For example, if your company’s invoice approval process allows a single AP employee to receive and approve invoices, automating this process may save time, but it does not eliminate the possibility that the employee can still manipulate the electronic data by changing the vendor name and address and/or the amount of the invoice. This is, of course, especially risky in incidents where the invoice lacks a matching purchase order (PO). That vulnerability alone must be eliminated with your AP automation solution. Otherwise, the cost savings you gained by automating your systems can be lost to fraud because you’re building in poor anti-fraud controls. That’s where optimization comes in. It involves altering and fine-tuning the entire process flow, from scan through posting of the invoice, specifically to eliminate control deficiencies that may result in fraud. As will be discussed in the next section, you may be surprised at the large number and varieties of ways fraudsters can exploit your AP control weaknesses. To help companies cost-effectively remedy this problem, SAP has developed a solution to optimize and automate your AP processes in order to minimize the fraud risk – and enhance Sarbanes-Oxley compliance – while at the same time automating the entire process so as to generate unprecedented cost savings. That solution is SAP Invoice Management by Open Text.


There are countless ways fraud can target your organization’s AP operation. That’s because as AP processes and procedures change, so do the opportunities for fraudsters to exploit them. Fortunately, this does not mean you can’t minimize the risks of being victimized by AP fraudsters. Doing so, as mentioned above, involves implementing optimal anti-fraud controls so fraudsters are either deterred from attempting specific schemes or, if they do try, their attempts meet with failure. Once your AP processes are optimized in a way that results in this reduced fraud risk, as well as enhanced efficiency, automating those processes will produce the best possible results. Luckily, most types of AP fraud, whether they are new or old, fall into one of two main categories: external and internal fraud. Understanding the main types of AP fraud in each of these areas is key to building an effective anti-fraud control system prior to automation. Here is a summary of the common AP fraud types in each category:

EXTERNAL AP FRAUD

As you might suspect, the most common forms of external AP fraud are those committed by dishonest vendors or by individuals or organized crime rings posing as vendors. Billing schemes are the key “weapon” in the arsenals of vendor fraud perpetrators. These schemes typically take the form of: • Double billing. These crimes are committed exactly as their name suggests: Dishonest vendors submit a duplicate invoice a month or two after the initial – legitimate – one was submitted and paid. Sometimes the invoice will have a different date or a consecutive number, a clear red flag of fraud. But the ploy is based on the vendor’s expectation that your organization’s AP processes lack controls to screen for duplicate billing and that the second – fraudulent – invoice will therefore be approved and paid without being questioned. • Creating phony vendors. The basic idea behind most external phony vendor schemes is simple: Create a fictitious company name, such as J.J. Johnson & Co. Register it with the proper state agencies, give it a phony address – either that of the fraudster himself or a friend or relative, or a P.O. Box – and use a home PC to create phony invoices with all of this vendor information plus a description of the items or service being billed for. Set up a bank account in the “company’s” name and then sit back and wait for the checks to arrive. If the targeted company has strong internal AP process controls, the phony invoices will be flagged and rejected as fraudulent before payment. If not, the fraudster gets the payment and, encouraged by this success, will probably repeat the process using the same or a different vendor name. Unfortunately, many of these frauds go undetected for

PART 2: HOW AP FRAUD OCCURS


Copyright IAPP/IARP

long periods of time, sometimes up to several years. That’s why AP automation which incorporates optimized preventive controls is such a potentially powerful anti-fraud solution. • Delivery of substandard goods at full price. Some of the goods and services your organization orders for completion of projects for clients, for its own operations, or both are ordered from vendors with which the organization has had a longstanding relationship due to good service, quality products, and favorable pricing. Other orders may be made based on competitive bidding. Either way, it’s risky to assume that every vendor you do business with is completely honest. There are usually a handful that take advantage of lax controls in your procurement or accounts payable processes to deliver products that are below the quality specified in a contract or purchase order and then bill your organization for the higher-quality – and higher-priced – goods. The difference in price, of course, goes straight into the dishonest vendor’s pocket.

INTERNAL AP FRAUD

Unfortunately, statistics show that the majority of fraud against large organizations is committed by their own employees. According to PricewaterhouseCoopers, for example, 61 percent of all fraud is committed by insiders. AP is no exception. Therefore, AP managers and senior executives must be familiar with the common and costly forms of internal AP fraud, such as: • Billing schemes. The types of billing schemes commonly committed by outsiders as described earlier are also a serious threat inside the organization. In fact, because procurement and AP staffers or “higher-ups” generally are more familiar with the company’s AP processes and procedures – and their weaknesses – can often be easier for them to abuse their payment-approval authority to carry out these schemes. If an employee isn’t in a job with the authority to approve phony invoices, he or she may try to initiate a collusive scheme with a co-worker who does have the requisite authority. Another fraud to be aware of is employee creation of phony purchase orders (POs) for goods or services the company buys on a regular basis. The only difference is that the “vendor” is a shell company set up by the employee rather than an outside fraudster. Once the PO is successfully falsified – with the use of basic home computing equipment – the employee simply forges an authorized manager’s signature. He or she then generates the matching phony invoices for the shell company and awaits payment. One of the most common internal forms of phony vendor fraud involves creating a shell company with a name very similar to a legitimate vendor the organization regularly issues payments – but with a different address. For example, a phony vendor with the


name of W.B. Office Supplies Co. may be completely phony, but its bogus invoices may get paid and credited to the organization’s legitimate vendor, W.B. Office Supplies Inc., despite the latter’s different address. This is a perfect example of how failing to optimize your AP function prior to automating it can result in ongoing fraud losses that can negate the savings gained from basic automation. If you automate the process of approving invoices without first checking for duplicate vendor names, you simply automate the process of issuing checks to the sham corporation – in our example above, W.B. Office Supplies Co. As you’ll learn in the next section, this control deficiency can be eliminated with proper process optimization and automation. Another common form of the billing scheme involves employees making unauthorized purchases and diverting the goods. These schemes are often easy to pull off if the employee is a professional in a specialized area such as computers or telecommunications and the manager approving purchase requests is not familiar with the nature of the goods being ordered – or is the actual perpetrator. An especially crafty employee billing fraud is the so-called “straw vendor” scheme. Also known as “pass-through vendor” schemes, these crimes occur when an employee with invoice approval authority sets up a sham company and has that entity order goods from a legitimate vendor that his or her employer actually needs. Once received and paid for by the dishonest employee, the goods are sold to the employer at inflated prices. The fraudulent invoices are approved by the fraudster. He or she may even be able to generate bogus refunds or rebates to the straw vendor, which he or she controls. This is one of numerous examples of the trap management often falls into by assuming the AP team will always catch attempted billing fraud. In reality, it is impossible for AP personnel in large companies to know everyone’s spend authority, and in the case of paper invoices where approval is already “written” on the invoice, to be able to recognize suspicious handwriting. In some companies, an AP employee with a long tenure may “just know” when an invoice “looks funny.” But if you assume that temps or new recruits in the AP function possess the same skills, you’re pretty much guaranteed of having fraudulent payments make it through the system. The latest state-of-the-art AP automation technology eliminates this risk by automatically flagging potentially erroneous or fraudulent invoice information and routing it to an appropriate remediator. • Purchasing card fraud. If your organization uses procurement cards, commonly referred to as p-cards, or corporate credit cards, it is probably not news to you that these are all too often abused for personal benefit. Of course, the key reason that organizations initiate p-card programs is to save money on the cost of processing business-related purchases. Because it costs as much to process a $250,000 order as it does a $250 order using the organization’s normal procurement


Copyright IAPP/IARP

system, consolidating numerous small orders through the use of p-cards can save more than 50 percent in processing costs, according to the National Association of Purchasing Card Professionals (NAPCP). The most common types of internal p-card fraud are: o Making personal purchases and disguising them as business-related transactions by submitting falsified receipts. o Split-purchasing, or buying something with more than one payment to avoid triggering scrutiny of purchases over a company-set amount requiring review and approval. o Purchasing gifts for lists of clients and including one’s own address (with a phony name) among the list. • Vendor Master File Fraud. Any organization’s vendor master file (VMF) is a potentially ideal launch site for numerous insider frauds. As you’d expect, many of these crimes ultimately fall into the category of vendor or billing fraud. But with access to the VMF, dishonest employees – or outsiders, for that matter — have a much easier job of fabricating bogus vendors, generating fraudulent invoices, and obtaining approval of fraudulent transactions. For example, an employee who has authorization to add new vendors to the VMF or make changes to existing ones can: o Add phony vendors and submit invoices as if the vendor were legitimate. o Alter the mailing address of an inactive vendor and generate bogus invoices with his or her own address or that of an accomplice. Important: As your organization’s business changes, so does the list of vendors it uses. However, too many organizations fail to regularly purge their vendor master file of inactive vendors. When these dormant vendor accounts remain on the vendor list, dishonest employees with access to the VMF have the opportunity to abuse them. If nothing else, your AP control system should flag any payments to vendors with similar names but different addresses. • T&E fraud. If your AP department is in charge of processing travel and entertainment reimbursement claims, chances are it has seen its fair share of T&E fraud. Here are examples of the most common T&E schemes affecting large organizations: o Falsifying receipts. Receipts for transportation, hotel, restaurant, and other business travel expenses are easily obtained and “recycled” by employees either by forgery or alteration. It is all too easy, for example, to alter the date or amount on a “business meal” or hotel receipt before it is faxed or scanned. o Making multiple expense submissions. When two or more employees dine together while on the road, they may each submit a claim for reimbursement for their own meals even though the entire bill was paid by a single member of the group. Similar practices often occur with shared taxis, airport shuttle services, and other expenses.


o Claiming expenses just below the minimum for which receipts must be submitted. If receipts are required for all expenses over $25 for meals, an employee may fraudulently submit undocumented claims for amounts for $24.99 or $24.95. o Falsifying automobile mileage expenses. Since most companies do not require receipts for use of an employee’s own car for business purposes, the accuracy of these claims is difficult to audit. o Falsifying approvals. It’s often easy for employees to forge their manager’s signature on an automobile mileage reimbursement claim or other low-dollar claim that is difficult to verify. o Claiming for “out-of-policy” expenses. A dishonest employee may “test the waters” by submitting a receipt for a personal expense incurred during a business trip. If the expense claim form is complicated, the processor may overlook an improper expense and unknowingly reimburse the employee for it. o Exploiting weak T&E anti-fraud controls. Improperly established segregation of duties for processing T&E claims can enable employees who process these items to falsify expense submissions by changing amounts or payees. They may either pocket the unauthorized reimbursement amount themselves, or collude with the actual traveler to exploit these control weaknesses. o Using multiple methods of expense submission. Some employees have exploited control weaknesses in T&E, procurement card, and accounts payable processes by submitting the same expense claims numerous times, posing one or more times as a legitimate employee and at others as a vendor. o Making “honest” mistakes. An employee who always makes mistakes on his or her expense submission because “the spreadsheet didn’t work properly” is a prime candidate for extra scrutiny by management. In some cases, these “honest” mistakes can result in hundreds of dollars in fraudulent T&E reimbursements if not detected.


Copyright IAPP/IARP

THE COLLUSION FACTOR

In many large organizations, management makes the assumption that AP staffers can’t or aren’t in a position to take bribes or kickbacks. And in some organizations, this is true. In these companies, AP lacks the authorization to engage in such corruption schemes, or the organization has adequate segregation of duties in place to prevent these frauds. However, AP can be indirectly involved in these schemes when they involve procurement personnel who do have the authority to give or accept bribes or kickbacks from corrupt vendors. When a vendor pays off a purchasing manager to award him a piece of business he might otherwise not get, or to submit invoices with prices in excess of what he’d normally charge, AP ends up processing the payments. This and other AP process-related factors can make AP personnel unknowing collaborators in fraud. If the internal controls governing the payment process are flawed by, for example, telling AP to pay an invoice that has the required approval and three-way matches, but the approval is falsified by a dishonest manager who may have an illegal arrangement with the vendor, the AP processor is doing nothing wrong. Nevertheless, once the payment is issued, a fraud has occurred.

AP FRAUD AT THE TOP

On a more costly and disturbing note, management’s authority to override AP anti-fraud controls can be abused to commit crimes. This is sometimes referred to as “fraud by intimidation.” A senior executive instructs an AP manager to cut a check made out to cash or to “XYZ Corporation” for a significant amount, usually multiple thousands of dollars and sometimes even six figures. The rules say that any check request for more than $10,000 requires the written approval of two senior managers as well as full documentation of the payment, which might include an invoice, a purchase order, and charitable gift forms. The AP manager, concerned about being hauled on the carpet for insubordination, musters the courage to meekly inform the executive that the rules require documentation prior to cutting the check. Unsurprisingly, the executive barks at the AP manager to mind his own business and just cut the check and deliver it to his desk within an hour.


The good news is that the risk of all of the AP-related frauds described above can be substantially reduced with basic anti-fraud controls such as segregation of duties, delegation of authority, surprise audits, rotation of duties, mandatory vacation policy, thorough employee and applicant background checking, financial ratio analysis, and proper documentation of controls over financial reporting. Implementing and monitoring these and other essential controls is often enough to bring the organization into compliance with the provisions of the Sarbanes-Oxley Act (SOX), which require that all publicly traded companies maintain adequate anti-fraud controls to mitigate the risk of a material misstatement of financial records. Companies are also required under SOX to regularly assess the effectiveness of their internal controls and to publicly report significant deficiencies.

AUTOMATION FOR FRAUD RISK MITIGATION

Since SOX was enacted in 2002, numerous technology-based tools for streamlining the process of SOX compliance and fraud risk reduction have come onto the market. In fact, the variety of such tools is so great that choosing which one or ones to use is a daunting challenge for corporate financial executives. One group of anti-fraud software tools is categorized as “data analytics.” These programs, including ACL, IDEA, and various internally developed applications, are used primarily for transaction monitoring. With regard to AP fraud, they are used to screen for suspicious patterns in vendor invoicing, payments, amounts charged, quantities purchased and other areas. They don’t necessarily uncover fraud, but rather provide the user – typically your internal audit team – with red flags of potential fraud that can then be examined for further evidence. These programs can be highly effective in discovering fraud before it results in substantial losses. However, they are not designed to prevent fraud. Other programs claim to help prevent fraud by monitoring transactions in “real time” to give AP staff the opportunity to question an invoice or PO or a problem in matching the two along with shipping documentation and contract compliance before processing the payment. A third category of anti-fraud technology tools is called “audit recovery software.” These applications are designed to detect both honest errors in duplicate payment of vendor invoices as well as overpayment of fraudulent invoices through detection of anomalies in payment transactions. All of these automation offerings are useful to varying degrees in detecting or preventing AP fraud and in thereby reducing fraud losses. However, they all lack the ability to optimize the underlying process and procedures

PART 3: AP FRAUD RISK MITIGATION


Copyright IAPP/IARP

of accounts payable. They do not solve the costly problems of manual entry of invoice data, resolving errors, routing invoices to the proper approver, and efficiently resolving lost or missing invoices. They are, in this sense, a kind of Band-Aid to stop the bleeding caused by inadequate anti-fraud controls. They don’t address the problem of costly manual processing of massive stacks of paperwork. For large organizations, these are therefore proving to be inadequate solutions to the lingering problem of AP process inefficiency, fraud vulnerability, and high cost. As such, these organizations are increasingly looking to incorporate more sophisticated and comprehensive AP technology into their enterprise resource planning (ERP) environments. That’s where the SAP Invoice Management by Open Text solution comes in.

THE SAP INVOICE MANAGEMENT BY OPEN TEXT OPPORTUNITY

As discussed in the introduction, there are varying levels of AP automation technology. The one with the biggest bang for the buck is the one that will: • Capture invoice data automatically using a sophisticated technology such as OCR/IDR, thereby eliminating manual typing of invoice metadata into the accounting system. This speeds the data entry process and eliminates the opportunity for a dishonest employee to type fraudulent invoice data into the system. • Automatically link the invoice image to the SAP invoice document number, again eliminating a human opportunity to fraudulently manipulate invoices. • Validate all invoice data, including characters that might otherwise have to be manually verified using less-sophisticated automation solutions. • Flag invoices as exceptions if they contain data that do not fit into specific “business rules” that incorporate AP streamlining and anti-fraud control criteria. Such exception invoices are then automatically routed to the appropriate individual for examination. • Automate all basic workflow processes such as two- and three-way matching, data and image archiving, posting to the general ledger, and downloading to customized reports as required by management.


With this solution, the human “touch points” involved in invoice processing are minimized, in turn minimizing the opportunity for dishonest employees to falsify invoice data or otherwise manipulate the AP process for personal gain. At the same time, the entire invoice receipt-to-pay process is streamlined, reducing the time to process individual invoices, improving relationships with vendors, and, of course, reducing overall AP processing costs. Using SAP Invoice Management by Open Text provides a comprehensive view of the complete process from scan to release for payment. This information not only enables continual process improvement, it also provides an immediate and detailed audit report both during and after process completion. If the information demonstrates a need for changes in the process flow, SAP Invoice Management by Open Text can be easily configured to incorporate the changes. Although SAP Invoice Management by Open Text will not eliminate all fraudulent activity, it will certainly be a powerful tool for catching fraud before it happens.

SUMMARY

sponsored by - ittoolboxhosteddocs.ittoolbox.com/28_avoid-overlooking-the-growing-fraud...3 avoid...

Documents