Fraud Investigation > Purchase Fraud
Purchase fraud is probably the most common type of fraud in an organisation. It may be the simple submission of a dummy invoice, the reuse of another valid invoice, withholding of a credit note or a more complex arrangement. Many frauds involve the manipulation of the payments information on personal accounts within the accounts payable system. Examples include the creation in the ledger of a fictitious supplier, or branch of a genuine supplier, or reactivating a dormant account. Particularly vulnerable are miscellaneous accounts but the fraud perpetuated on a genuine suppliers account (with or without their connivance or knowledge) must not be overlooked. The cost must be charged somewhere and there are often accounts that are more loosely controlled than others and accounts with high levels of transactions (e.g., purchase of material) where a fictitious item can be buried.
Many purchasing systems are complex with automatic re-ordering so that once a supplier has been set-up and/or a requisition input, payment will be processed automatically.
IDEA can be used on a number of files: supplier master, purchase ledger, payments history or purchase invoices. It depends on the system, the available data and the nature of possible frauds as to which test is best.
The following are commonly used tests (grouped by type).
Supplier Master File
- Using the first 5 or 6 characters of the name, match supplier names against a list of employee surnames from a payroll or personnel file (use combinations of the @LTRIM, @ISINI, @MID, @STRIP and @SOUNDEX functions). (Europe only).
- Test for accounts without VAT numbers, duplicate VAT numbers or VAT numbers where the check digit is incorrect. (Generally, fraudulent accounts do not have valid VAT numbers and use either someone else's or a dummy number).
- Examine purchase ledger transactions for entries at or just below the approval level of managers. If the computer system captures the approving authority for a transaction examine the value distribution for each manager.
- Examine to see if amounts are being approved at or just below, break points in authority level by a value distribution across the whole ledger. If approval authority is not directly available, perform subsidiary analysis by types of supplier or approving department (e.g., marketing).
- Look for split invoices to enable approval to be kept by an individual
- Extract all invoices within 90% of an approved limit (preferably for a suspected manager or department) and search for all invoices from that supplier. Sort by approving manager, department and date to identify possible split invoices or summarise payments by invoice number to determine how many part-payments have been made for each invoice.
- Test for duplicated invoices using value and supplier code as the key fields for one test and purchase order number for another. The second processing of invoices can be used to establish a value on the purchase ledger to make a fraudulent payment. (This will also pick up accidental duplication)
- For organisations that are eligible to reclaim VAT on specific items (or from specific suppliers), ensure that the correct amount of VAT is being reclaimed
- Identify invoices without a valid purchase order
- Look for invoices from vendors not in approved vendor file
- Find invoices for more than one purchase order authorisation
- Identify multiple invoices with the same item description
- Extract vendors with duplicate invoice numbers
- Look for multiple invoices for the same amount on the same date
- Find invoice payments issued on non-business days (Saturdays and Sundays)
- Identify multiple invoices at or just under approval cut-off levels
- Identify the number and value of purchase journals, particularly those transferring amounts into minor accounts
- Search the payments file for payees without "Inc", "plc", "Ltd", etc. in their name to identify payments to individuals (using the @ISINI function)
- Stratify the size of payments and extract any exceptionally high payments
- If payments are made by electronic transfers extract lists of bank codes and account numbers from both the P/L payments files and the payroll. Compare to see if any accounts match.