APEX Expert Blog

Show other internal stakeholders how they’ll benefit too
by John Brocar, CFI, Vice President, Fraud Risk Solutions, APEX Analytix

In these challenging economic times, you’d be hard-pressed to find a department in any organization that still has a “carte blanche” budget. In fact, the opposite is far more likely. From sales and marketing to IT, companies are taking a hard look at expenditures and ways to make every dollar count.

When it comes to spending dollars wisely, it makes sense to ensure that money does not slip through the cracks as a result of fraud — and to set aside the quaint but naive notion that “it can’t happen here.” There’s just too much evidence to the contrary. The Association of Certified Fraud Examiners annual report pegs losses due to fraud at 5 percent of revenue for most organizations — and that just covers what’s reported.

When accounts payable (A/P) considers fraud detection products and services to safeguard the company against losses, it makes good sense to look for ways that a project can benefit more internal groups than just the A/P department. APEX Analytix has found that the data collected and analyzed during a disbursement risk analysis — especially when it involves employee data — can provide real value to a number of other departments.

Reaching out to all stakeholders

In fact, for best results overall, even though A/P typically “owns” the disbursement risk analysis project, it’s best to get other stakeholders involved from the beginning. APEX Analytix recommends reaching out on the front end to two different kinds of stakeholders:

• Data owners or providers, including A/P, which provides the  vendor master file, invoice data and payment information; human resources (HR), which needs to provide employee data; and IT, which extracts the data. Purchasing may be involved if contract or approver information comes into the mix.
• Project or outcome influencers, who don’t supply data per se but play a role in the process or the outcome. For example, internal audit needs to be involved to share information about internal controls that should be in place. The general counsel’s office often must be involved to green-light data release, and corporate security should be aware that “red flags” may call for deeper investigation.

Let’s say the general counsel approves the release of information, HR and A/P provide the data, IT extracts it, and the analysis begins. When APEX Analytix gets about halfway through the analysis phase, we arrange for a “watermark” meeting.

Ranking risks during a watermark session

At that meeting, we review our preliminary results with the team and point out patterns that emerge in the data. For best results, companies should involve the entire team to provide insight and perspective that might be missing otherwise.

For example, in the publishing business, many checks go to freelance writers who work out of a home office and use their own names or initials, like JTH. An audit might show an inordinately high number of such items. But in publishing, a residential address does not pose the degree of risk that it might in, say, retailing or manufacturing. The watermark meeting gets attendees’ input and ensures that the weight given to all analyzed factors fits the industry profile.

When the meeting involves all the stakeholders, the project team gets the broadest possible perspective on the business and the weight to give various risk factors. With these factors settled on, the next step is to complete the analysis and identify the top 25, 50 or 100 “high-risk” vendors. APEX Analytix researches those vendors to determine the type of organization, surface any public domain information or negatives, and determine the degree of risk that organization represents to the client.

The vendors that rank highest and generate the most interest are those where an employee in the organization matches some characteristics. For example, employee John Smith and vendor Mike Jones share a home address, a cell phone number, bank account or some other common link. In some organizations, that can be perfectly legitimate; in some, it can be a violation of policy — and in others, it can be an indicator of some type of fraud, such as collusion.

We take those results back to the client and meet with the group of stakeholders, along with corporate investigations, and perhaps the executive team. As mentioned, there are four to 10 departments that should hear this. Consider the above Smith-Jones collusion example. Every one of these departments has probably been impacted by this fraud. And every one of them will play a role in the investigation.

How other stakeholders benefit

Of course, identifying fraud risk is the core of the project and the primary deliverable. But each of the stakeholder departments can gain other benefits as well. For example, they can:

• Identify business risks. A thorough vendor risk analysis can surface many business risks that do not rise to the level of fraud but pose problems just the same. Recently, an audit found one client continued to spend millions with a supplier it had previously blocked, when the supplier was set up as a new vendor with a slightly different name.
• Dealing with prohibited entities. Perhaps a company unknowingly is doing business with an entity or individual on the government’s Office of Foreign Assets Control (OFAC) list. If “Bob’s Hardware” is set up in your system, you need a way to ensure that it’s not a front for Somali pirates.
• Detect internal control issues to address. Whether outright fraud or abuse is suspected or not, a thorough look at the data can often signal a weakness in internal control policies or procedures. For example, analysis may reveal that disbursement approval thresholds need attention, contract terms need improved scrutiny or a high percentage of data entry errors suggest the need for additional staff training.
• Recognize patterns through statistical analysis. As part of the report to management that flows from a vendor risk analysis project, APEX Analytix provides statistics that can be revealing. For example, 23 percent of vendor records may have missing 1099 information or 15 percent of e-payment records may have account numbers but no physical address on file. This is actionable information for A/P, since it indicates a vendor master file cleanup is overdue. Similarly, an analysis of employee data from HR may show missing information ranging from beneficiary data to emergency contact numbers.

Begin at the beginning

As simple as it sounds, the best way to get a high payoff from a disbursement risk analysis is to start by identifying key business partners to involve in the project and form the core of your project team.

Schedule time with the key stakeholders from HR, IT and internal audit to educate them on what’s involved, the data requirements and what you expect of them. It’s particularly important to review the underpinnings of the data analysis itself. That way all stakeholders will have confidence in the findings and be willing to take action on the resulting recommendations — or necessary further investigations.

John Brocar, vice president of Fraud Risk Solutions, is responsible for working with new and existing clients, developing strategic partnerships, coordinating the fraud benchmarking survey, and contributing to product design and development. He has conducted hundreds of internal and external fraud investigations for clients in industries including retail, distribution, telecommunications, health care and manufacturing.

Brocar has been instrumental in the design and implementation of internal control and loss prevention programs in the retail and commercial segments. He is a noted speaker and trainer on investigations, employee fraud detection, external fraud prevention, inventory shrinkage and operational excellence. Before joining APEX Analytix, Brocar was a national practice leader in the loss prevention practice with Kroll and Deloitte & Touche.

How accounts payable can rally to create a win

by Edward T. Arnold, Director of Vendor Risk Management, APEX Analytix

Even in the best of times, internal auditors have a full plate; however, ongoing economic uncertainty has put even more pressure on companies to get more done with less, and to scale back on budgets. That’s particularly true in the internal audit function at many Fortune 500 companies. On the plus side, it represents an opportunity for staff in accounts payable to step up to the plate and help everyone sleep better at night.

Here’s some solid evidence. According to a recent PriceWaterhouse Coopers (PwC) study of the internal audit function, some 85 percent of senior audit execs expect their budgets to remain flat or decline in 2011, while at the same time, internal auditors are being asked to take on non-traditional roles ranging from global risk management to forensic auditing.

For the last several years, audit staff resources have been stretched thin by the economy and down-sizing. Companies often use skeleton crews to perform operations that historically had much higher staffing volume. In addition, some individuals may lack updated skills needed to validate and verify information in the public domain, given the fact that much of the best information originates from paid sources.

Fraud gets overlooked

When it comes to uncovering fraud, only 17.6 percent surface as a result of internal audit at publicly held companies (11.6 percent at private companies) according to the 2010 Global Fraud Study by the Association of Certified Fraud Examiners (ACFE). Other eye-opening data from the ACFE:

• The typical organization loses 5 percent of its annual revenue to fraud, representing a total fraud loss of $2.9 trillion (using 2009 Gross World Product data as the measuring stick).
• The median loss from occupational fraud was $160,000, but nearly one in four frauds exceeds $1 million.
• Asset misappropriation schemes are the most common, at 90 percent of the cases uncovered. Thanks in part to Sarbanes Oxley, financial statement fraud is least common, at less than 5 percent — But as you might expect, it can cause the most damage, with a median loss of just over $4 million.

One reason internal auditors can miss signals that indicate possible fraud is that traditional internal audits focus on verifying that controls are in place and operations adhere to established policies and procedures.

In reality, however, many fraudsters circumvent controls and bypass the scrutiny of a designated reviewer. Complex business practices, unique general ledger account design and other factors also make it difficult to cull atypical transactions from a large subset of “sampled” data.

Here are two recent situations that escaped detection by internal audit, but surfaced after a more detailed Vendor Risk Analysis by APEX Analytix:

• A client engaged a supplier to handle janitorial and maintenance work only to find out later that over $1 million in disbursements were mailed to the residence of an “owner” previously employed by the client.
• A client’s supplier, although previously validated through Dun & Bradstreet, Hoovers and Lexis-Nexis, turned out to be involved in a clever kickback scheme. This surfaced through a Benford’s evaluation, performed to highlight irregularities in the frequency distribution of numbers, that identified manipulation of billed amounts.

When it comes to auditing accounts payable, just analyzing the vendor master file and understanding the company’s third-party relationships can consume significant audit resources. After all, the typical vendor master may contain thousands of records. That can eat up a lot of time and money quickly.

Technology can help

Half the companies PwC studied admitted less than 25 percent of their non-IT auditors have experience with the company’s enterprise resource planning system, and only 28 percent reported using data-mining and data-analysis tools for more than 25 percent of their audit work. That’s a significant technology skills gap that accounts payable can help address by recommending its own technology solutions.

An alternative to consider is outsourcing a risk assessment to APEX Analytix. That minimizes the front-end effort required to root out risk and allows internal audit or corporate security to focus on back-end research and validation to evaluate conflicts of interest, questionable business practices or outright fraud.

A vendor risk analysis involves a much deeper dive into the data compared to standard audit sampling approaches. An APEX Analytix Vendor Risk Analysis examines 100 percent of historical transactions, looking for payments to fictitious companies, vendors with conflicts of interest, kickback deals or “bad actors” on the Treasury Department’s Office of Foreign Asset Control (OFAC) list. Retailers and companies with multiple locations or global-sourced vendors are particularly at risk.

APEX’s FirstStrike^® and Vendor Risk Analysis tools have been refined and polished over the years, so that in addition to checking employee addresses and government watch lists, dozens of other suspect transaction items are flagged, including:

• Private mail service addresses.
• Prison addresses.
• Inconsistencies with Benford’s Law (a mathematical test proven to identify expected distribution anomalies)
• Even dollar amounts.
• Consecutive invoice numbering.

Outsourcing a vendor risk analysis project saves audit resources and costs, compared to developing an in-house approach that may or may not be thorough enough. APEX Analytix has refined and tested its process across numerous commercial manufacturing, retail and Fortune 100 clients and proven the process to be a cost-effective alternative approach.

Although the data capture, algorithms and reporting benefit from standardization, the software is flexible enough to allow “slicing and dicing” the data in a variety of ways to identify and score risks according to magnitude or materiality. That approach allows internal audit to zero-in on high-risk situations that call for staff expertise, while minimizing time spent on low-value activities like data manipulation and formatting. Among the benefits:

• Independent, proactive data mining to isolate fraud and identify other risks to the organization, based on user-defined parameters and composite scoring.
• An automated review and evaluation of 100 percent of two or three prior years of historical transactions and vendors, compared to the random sampling conducted by internal or external auditors.
• A comprehensive back-end effort to pursue risk areas identified from automated analysis.
• The ability to conduct different types of risk analysis based on transaction type (for example, evaluating Travel & Entertainment differently from standard transactions).
• Vendor master assessment and clean-up can be included in the engagement, to identify and eliminate the risk of duplicate payments or overpayments or other errors common in a consolidated vendor master file.
• A comprehensive report summarizing risk concerns, which often extend beyond outright fraud to include legal, environmental or reputational risks as well.

Accounts payable can add value

Partnering with internal audit gives accounts payable the opportunity to add value to the organization and step out of its traditional service function. And, since many schemes or frauds touch accounts payable directly — check tampering, billing schemes, T&E abuses — it makes sense for accounts payable to help internal audit build a case for implementing a cost-effective technology solution.

Internal auditors are bound to see the value in allocating resources to something else on their priority list. And of course accounts payable leadership benefits from the sleep-at-night assurance of knowing that they’ve done all they can to combat fraud and waste.

Once the annual audit project is complete, the next step to maximize efficiency and minimize losses is to flag suspect transactions as early in the process as possible. After all, it is much easier to detect and prevent fraud before a payment goes out the door than to recover an amount shelled out in error after the fact.

The most effective way to detect high-risk activity early is through automated monitoring of data in a company’s accounts payable system. Even solid internal controls can fall short, because they are grounded in traditional, manual approaches that examine processes after the fact.

Many people think they are in the clear because they have internal controls in place. These certainly help — but spot-checking invoices or payments periodically often allows fraud to fly under the radar, compared to examining every transaction as it occurs in real time. In effect, ongoing monitoring with a system like FirstStrike^® is like being vaccinated against a disease … find it and prevent it fast.

Edward T. Arnold, director of vendor risk management at APEX Analytix, has over 17 years of experience in the recovery audit industry, with a “hands-on” background in data acquisition and analysis, audit management and contract compliance. His earlier experience includes seven years in corporate accounting at Texaco, a Fortune 50 company. He holds a degree in accounting information systems from Pace University.

Economic woes trigger more scams

by Edward T. Arnold, Director of Vendor Risk Management, APEX Analytix

In recent months, several stories involving travel and entertainment (T&E) or expense account fraud support the idea that T&E scamming is on the rise. The shaky economic environment may give rise to a sense of entitlement, the feeling that “no one will miss it,” or that “I deserve it for what ‘they’ did to me.”

Some eye-popping examples:

• In Washington, D.C., press reports say the U.S. Postmaster submitted charges for an online dating service, State department officials purchased lingerie, and Veteran’s Affairs employees spent funds at casino and luxury hotels.
• In a Silicon Valley courtroom, a federal judge sentenced a travel manager on a wire fraud conviction for illegally using her corporate credit card to pay for $70,000 of personal expenses, including her son’s private school tuition.
• In New York, a Consumers Union employee pleaded guilty to grand larceny and false tax return charges. According to published reports, she submitted about $500,000 worth of false expense reports.
• An office manager for “the design division of a multibillion-dollar retail corporation” served three months in jail on a grand larceny conviction for $275,000 worth of fraudulent expense reports he submitted over two years.

By far, the largest case in recent memory involves Milwaukee-based headphone manufacturer Koss Corp., where confessed “shopaholic” and indicted former Vice President of Finance Sue Sachdeva is accused of making off with a whopping $31 million over a five-year period. She spent the bulk of the money on furs, jewelry and lavish vacations.

More common than many think

Koss fired its outside auditing firm in the wake of the scandal, but the fact is, outside auditors uncover only 4.6 percent of fraud, according to the Association of Certified Fraud Examiners (ACFE) 2010 Report to the Nation. ACFE research indicates that 16.8 percent of frauds  involve expense reimbursement scams, and the median loss is $33,000.

That may not seem like much, but experts advise focusing on T&E since it can serve as “the canary in the coal mine” pointing to larger corporate fraud — because the employee could not resist cheating on his or her expense report.

Here’s further evidence: In a recent Accounts Payable Now & Tomorrow fraud survey, accounts payable managers were asked about T&E fraud in their organizations. During the last three years, some 38 percent found fraud in their own organizations.

Five best-practice strategies

Here are five ways your organization can minimize the risk that T&E fraud will drain away profit. Overall, the best approach involves a combination of strategies, policies and procedures aimed at early detection.

1. Automate T&E and include exception-based reporting. Many large organizations already have systems that streamline expense reporting and processing. For best results, such systems should include exception-based reporting that quickly highlights anomalies for fast problem resolution. These systems allow you to pre-define acceptable parameters and flag outliers for closer examination. For example, what does someone on the road spend for two business days vs. five business days? What is the acceptable per diem?
2. Establish parameters for corporate cards. In the Koss case, American Express first alerted company officials to excessive personal charges. It’s important to work with card providers to establish controls over spending limits, as well as merchant codes that can prevent out-of-bounds purchases (i.e., tattoo parlors or “gentlemen’s clubs”). In a recent case, someone with a $1,000 per-transaction limit wanted to buy a $60,000 item and submitted the transaction in thousand-dollar increments. Make sure that card providers inform you of any attempt to circumvent limits.
3. Have a detailed T&E policy in place. Make sure management updates the policy annually and get “sign-offs” so employees at all levels are aware of your policy, especially the consequences of violations. Enforce the policy uniformly, from top to bottom in the organization. Terminate employees who clearly cross the line. Spell this out clearly in the policy, and don’t hide your actions. A single dismissal can send a loud and clear message. Have managers review reports they approve, and hold managers personally responsible for any expenses they approve that the company later disallows over a serious policy violation.
4. Allow processors to question transactions. Even in cases where managers must approve expenses, this often becomes a “rubber stamp” exercise. An effective deterrent is to give accounts payable (A/P) processors the right to question unusual purchase transactions, regardless of the rank of the person submitting the reimbursement request. At the executive or managerial level, admins may take on some day-to-day responsibilities for bosses, prepare their expense reports and become aware of passwords and approval thresholds. As a result, they may have the skills to circumvent T&E controls — and even submit their own expenses fraudulently. Careful scrutiny by A/P processors can minimize this risk.
5. Conduct surprise audits. Many companies conduct periodic self-audits aimed at strengthening internal controls. Section 404 of Sarbanes-Oxley mandates this for large publicly traded companies, but even private companies follow Section 404 guidelines as a best practice. Surprise audits can be particularly effective as a deterrent, since people do not want to be caught with their hand in the corporate cookie jar.

How the FirstStrike^® Peformance Platform can help

One reason the T&E area is vulnerable to fraud is the sheer volume of transactions. Of course, the larger the organization, the tougher the challenge becomes. When it comes to tracking down irregular T&E transactions, FirstStrike^® can help identify exceptions that call for further investigation. You can:

1. Run T&E spending/transaction reports within minutes to identify and prioritize leading candidates receiving T&E reimbursement for a designated period (month, quarter or year). Further analysis can compute the average invoice amount and compare that amount against typical or standard (average/median) reimbursement amounts/volume across the rest of the employee population.
2. Evaluate T&E reports based on a comparative analysis to develop candidates that have higher than normal period-over-period increases. Taken together with the number of trips and/or position changes, you can use this information to spot irregularities.
3. Load corporate card details with the ability to integrate commodity codes to card merchants for isolating potential violations of business card policies (use in bars, clubs, tattoo parlors, etc.).

A final word

T&E fraud is unfortunately among the most frequent and toughest employee crimes to detect. Taking steps to deter fraud and uncover it early on can have a high payoff, since the cost in dollars — and company reputation — can add up over time.

If controls are weak or employees know their managers are too busy to thoroughly review expense claims, the opportunities for fraud are almost limitless. That is especially true when it comes to “trusted” employees, many of whom don’t deserve that designation. Top management needs to be aware of this reality at all times.

Edward T. Arnold, director of vendor risk management at APEX Analytix, has over 17 years of experience in the recovery audit industry, with a “hands-on” background in data acquisition and analysis, audit management and contract compliance. His earlier experience includes seven years in corporate accounting at Texaco, a Fortune 50 company. He holds a degree in accounting information systems from Pace University.

U.S. businesses lose $200 million per year or more

by Tasha Bailey, Manager, Vendor Risk Analysis

How much are you paying for toner cartridges, copier paper, maintenance supplies and other routine consumables? Unless your organization is above average when it comes to employee education and internal controls, there’s a good chance you’re paying for supplies you didn’t order, paying way too much or paying a lot more than you agreed to.

That’s because businesses large and small are being scammed right and left by bogus office supply firms, or paying for phony Yellow Page ads or classified listings in useless business directories. The Federal Trade Commission (FTC) estimates that office supply fraud alone costs U.S. businesses $200 million per year — and cheats legitimate office supply companies out of another $125 million in lost revenue.

In a recent Missouri case, the Better Business Bureau issued a warning on March 26 about a Columbia, Mo. company, SVT, Inc. Its telemarketers would typically call a company purchasing agent, claiming to have already spoken to the company’s chief financial officer who, the caller claimed, green-lighted the purchase of office supplies at a discount. “We’re moving our business and need to unload inventory” was the sales claim.

The purchasing agent would agree to buy a small quantity of office supplies at half off or more. But the buyer was typically surprised later by a delivery with large quantities of supplies and an invoice in the thousands of dollars.

Common types of scams

Fraudsters take advantage of weaknesses in a company’s purchasing policies and procedures, or employees who think they’re saving the company money through bargain prices. The telemarketing scams fall into four broad categories:

1. The phony invoice scam. Smooth-talking telemarketers use nearly any ruse to get the name of an “authorized” employee. They may just ask a receptionist for the name of the person in charge of buying copier toner, to “help complete an order.” Then they’ll ship unordered merchandise, followed by an invoice a couple of weeks later — usually with an inflated price.

2. The pretender scam. In this case, the con artist calls, pretending to be a current, prior or “authorized” supplier, saying that it’s time to re-order “at the standard price.” For example, someone will call and say he or she is with Xerox, and it’s time to order toner cartridges. If you inform the person you have Okidata machines, the “supplier” will call back later, ask for someone else, and claim to be with Okidata.

If you insist on a price quote, you may get a carton price that sounds reasonable but turns out to be the unit price when you get the invoice. For example, $19.95 turns out to be $199.50 for a carton of ten.

In a variation on this ploy, fraudsters may misrepresent the purpose of the call, saying that they’re calling to send a promotional item such as a cordless screwdriver, free samples or a catalog so you’ll “think of them next time you order.” Alternatively, telemarketers may claim that they’re conducting a survey or updating their records, again suggesting they are a regular supplier.

3. The gift horse scam. The caller may offer an incentive or personal gift to the purchaser, betting that if the buyer questions the purchase later, the employee will be too nervous about having accepted a gift, and approve the inflated invoice. The caller focuses on the gift and, in passing, mentions a merchandise order. The employee ends up feeling obligated because he or she has accepted a gift, and the organization may feel obligated to pay because the employee accepted a gift.

4. The directory scam. A telemarketer will call “just to verify information” for a listing in the Yellow Pages or some other type of directory, and later send an invoice for, say, $500 to cover the cost of the listing. The person may send a copy of the actual directory, but usually not. If an accounts payable (A/P) clerk gets an invoice with an actual ad, and it seems reasonable, the clerk may just let it go through.

When the invoice arrives

There’s another reason large, Fortune 500 companies are exposed to scams that “fly under the radar” — the sheer volume of transactions flowing through A/P. Employees often “rubber stamp” smaller invoices in the $200 to $500 range because they’re not viewed as material amounts. Of course $100 here and $100 there can add up over time.

What’s more, internal audit procedures may not call for examining small invoice amounts from a specific vendor until the total dollar amount of transactions reaches a certain threshold. A fraudster may submit invoices for $50, $100 or $200, but the threshold for reviewing that account may be $25,000 or more.

Scammers may also target or “reload” an organization that routinely pays for unordered goods or services for additional scams. For example, the seller may send a second shipment of “back ordered” merchandise and another bill, or bills, for service upgrades.

Additional invoices follow as long as you continue to pay. The con artist also may sell your organization’s name to other scam operators, or convert to another bogus operation and target you with a new scheme before it hits the radar.

Bullying tactics

If you complain about unordered merchandise, or that the price is too high, scammers react in predictable ways, mostly involving manipulation:

• Threatening legal action. The fraudsters will tell you that they have a tape-recorded conversation in which “Mr. Jones ordered this merchandise,” that they can use in court if necessary.
• Negotiating a better deal. Using this ploy, they will agree to accept a lower price “because of a computer error,” or “we forgot to apply your discount.” (Since the goods were grossly overpriced to begin with, they are still making a killing.)
• Charging for returns. Fraudsters often charge a “restocking fee” for returned merchandise, or require you to pay shipping charges for returns. In both cases, the amount is often more than what the goods are worth.

What you can do

Because the dollar amounts involved are so small, companies do not report a lot of these losses or write them off as waste. But that’s money that could go directly to the bottom line. And the way the economy is these days, companies are trying to find every last dollar of savings available. So this is a perfect time to take positive action to prevent these kinds of scams from draining away profit margins. Here are some action steps to take:

• Educate your employees or associates. These office supply scams have been around for several years, but as the saying goes, “everything old is new again,” and whole generations of newer workers may not be aware of them. So take the time to educate your employees about what to watch for, and train them to raise their hand if they see anything suspicious going on that’s eating away at profits.
• Review documentation requirements and policies. In particular, make sure that staff does not simply rubber stamp small-dollar invoices. Before paying office supply bills, match the bill of lading with a purchase order, paying special attention to brands and quality. Note: Under federal law it is illegal for a seller to send you bills or dunning notices for unordered merchandise, or to ask you to return it, even if the seller offers to pay for shipping. What’s more, if the seller sends you items that differ from your order, you may treat the substitutions as unordered merchandise. Treat unordered services the same way.
• Assign purchasing to a specific person or group. Make sure to refer office supply sellers to a specific person or group, and train employees not to buy from office supply telemarketers on their own. That is particularly useful at large companies with multiple locations. Even companies with shared service centers will have exceptions in which people in the field can buy things and submit the bill to the central office for payment.
• Periodically review vendors and transactions for “red flags.” Many companies now conduct internal self-audits, and one option is to examine vendors and transactions for potentially fraudulent transactions. Examples include a series of payments in even dollar amounts to the same vendor, multiple vendors with a common mailing address or a common contact phone number. (Note: APEX Analytix offers a Vendor Risk Analysis service that can examine prior-period transactions in detail to surface suspicious transactions, and First Strike software that can flag out-of-norm transactions before you even cut the checks.)
• Drop the material threshold during internal audits. Auditors can set a smaller threshold dollar amount as part of invoice sampling, or specifically target the office supply area for examination.
• Establish vendor hotlines. Most large companies already have employee hotlines for anonymous reports of potential frauds. But consider opening the hotline to vendors as well, so that vendors can contact you and alert you to suspicious activity.

Chances of recovery are slim

Occasionally, the FTC successfully closes down office supply scammers. Its most recent enforcement sweep, called “Operation Misprint,” resulted in $4.2 million in court-ordered redress. Trouble is, these wolves shut down, move on and surface again wearing sheep’s clothing somewhere else. So even if you do uncover a fraud that’s cost you money, chances of recovery are slim. That’s why it’s so important to educate your staff and to implement continuous monitoring procedures up front that prevent you from getting taken.

Tasha Bailey, Manager, Vendor Risk Analysis, APEX Analytix

Having been with APEX Analytix for 10 years, Tasha manages the Vendor Risk Analysis team in identifying “at risk” vendors for Fortune 500 companies and training clients on the use of FirstStrike^® software and investigative research tools. During her career she has identified hundreds of cases of actual frauds and operational risks. Her drive for excellent customer service and high-quality deliverables has resulted in a continuous focus on thorough data analysis, development of new methods to detect and prevent potential vendor fraud and mitigating other economic risk. As an advocate in fraud detection and prevention, Tasha’s personal mission has been to equip internal and external clients with the tools and skills necessary to mitigate risk of AP fraud. Prior to her working at APEX, Tasha’s background included metrics development as well as audit experience in both accounts payable and accounts receivable. Tasha is a Certified Fraud Examiner and holds a bachelor of science in accounting, from the University of North Carolina at Greensboro. In addition she is currently working towards her executive master of science degree in economic crime management at Utica College.