One of the most common ways organizations are victimized is through vendor fraud.
Though frauds can be perpetrated in a variety of ways, vendor fraud is the most pervasive, and typically occurs through manipulation of a company’s accounts payable and payments systems for illegal personal gain. Billing schemes, check tampering, bribery and extortion are all examples of the crime that occurs all too frequently – sometimes, siphoning company funds for years without detection.
As with other forms of fraud, taking preventative measures is an effective deterrent to vendor fraud. Similarly, developing investigative protocols that can be implemented quickly when crisis strikes can minimize damage and help protect brand reputation.
Recently, Scott Moritz, Protiviti’s managing director and global leader of the Investigations and Fraud Risk Management practice, and Peter Grupe, a director in the same practice with more than 20 years of experience in the fraud division of the FBI, hosted a webinar discussing ways to investigate vendor fraud, including how to avoid tipping off the fraudsters and when to call in third-party help.
Fraud investigation teams are typically engaged under one of two scenarios: Either there’s a strong suspicion that an individual or a group is conducting illicit activity, or unusual transactions have been detected, warranting additional investigation.
The first step in identifying vendor fraud is reviewing vendor master files and scrutinizing business partners. For example:
- Look for unknown company names
- Compare mailing addresses against the employee address database
- Investigate vendors with PO boxes for addresses
These steps are critical in discovering “shell companies” that may have been created to divert and accept unwarranted payments. A vendor address that appears to be a residence may be a red flag indicating an illicit company formed to provide cover for perpetuating fraudulent schemes.
Indeed, proper maintenance and periodic reviews of the vendor master file are preventive measures that can go a long way toward curbing vendor fraud. Negligence on this front makes it all too easy for criminals to infiltrate a company and perpetrate fraud. Moritz recommends establishing a thorough vendor-acceptance process that includes vetting prospective business partners with background checks and confirming ownership with state business registration databases. He also advises segregation of duties between receipt of goods and payment of invoices.
Once suspicious activity is identified, companies often are too anxious to begin interviewing witnesses and suspects. But demonstrating restraint at this stage is critical to avoid giving fraudsters time to cover their tracks.
What you do in the first 48 hours is critical. Accurate and thorough documentation of any investigation is essential, especially if civil or criminal litigation is to follow. It is thus vital to have an investigation plan in place before the need for it arises.
An investigation plan should cover the following:vendor fraud,
- Defining the scope of the investigation
- Selecting investigation participants
- Establishing communication protocols for progress reports
- Preserving evidence
- Conducting interviews
- Documenting and providing deliverables
The planning process allows companies to assign internal investigative resources and identify external service providers for critical elements, such as forensic investigations, crisis communications and legal advice. Note that contracts with such providers should be negotiated in advance so they can be activated immediately.
The bottom line is, attempts at vendor fraud inside companies will not go away in any foreseeable future, however, proper preparation – from careful vendor approval to established investigation processes – is the best means companies have for thwarting vendor fraud and/or reducing its effects on the organization.