Key risks for your AP department
For small businesses and large companies alike, accounts payable are ground zero for potential fraud. It’s easy to see why: There’s a constant flow of vendor and supplier payments, but there may not be enough oversight.
This creates opportunities for a thief to hide fraudulent transactions among the department’s many legitimate ones.
Without enough control or visibility into your AP process, this type of fraud can go on for months or even years. Risks such as billing fraud and check fraud are two to four times higher for small businesses, according to the Association of Certified Fraud Examiners (ACFE).
Internal Fraud
For a dishonest employee, there are a number of ways to steal through the AP process. An employee could add a fictitious company to the AP system and start collecting payments for nonexistent services, initiate purchase orders for their own benefit, or create phony invoices for inactive vendors and then pay themselves.
Other risks include the possibility of a worker altering and cashing checks or setting up ACH payments to themselves.
It’s also important to watch for employees padding their expense reimbursement reports or misusing the company credit card to make purchases for themselves.
External Fraud
Businesses should also be alert for risks outside the AP department. Criminals have tricked workers into sending payments by using business email compromise (BEC) schemes, and they’ve also stolen payment information through phishing emails and malware installed on company computers.
Also, be on the lookout for possible kickback schemes involving a crooked vendor and an employee.
While there are many ways to commit accounts payable fraud, you can help protect your business by following best practices within your AP department.
In particular, it is important to maintain a strict separation of duties in the purchasing process, with different employees responsible for entering invoices, completing payments and reviewing ledger transactions (when feasible based on the size of the business). It’s also important to know about red flags that could point to potential AP fraud within your company.
Signs of Potential AP Fraud
- Irregular or unapproved vendor accounts
- Incomplete documentation or suspicious-looking invoices
- Invoices that regularly fall just below an amount requiring authorization
- Rounded dollar amounts
- Vendor emails from non-business email addresses (such as Gmail)
- Vendor addresses that appear to be residential
- Implement dual control procedures for the initiation of payments.
- Perform regular and unscheduled audits to ensure invoices are paid correctly.
- Verify new vendors or any changes from existing vendors.
- Implement a “two-signature policy” to require two separate parties to sign off on payments over a specific amount.
- Monitor authorized credit card users and regulate purchase amounts and merchant categories.
- Review account transactions and reconcile daily.
- Use Check or ACH Positive Pay to help prevent unauthorized payments.