Basic Billing Scheme Prevention
By Gary Lasker, CPA, CFE
The 2012 Report to the Nations by the Association of Certified Fraud Examiners has recently been released. This report, which is published every two years, surveys among other things, the methods, costs, people behind the frauds, and the various fraud schemes used. Among the findings in this year’s Report to the Nations is that “corruption and billing schemes pose the greatest risks to organizations throughout the world.” With billing schemes being one of the most significant threats of fraud to small businesses, it makes good sense for businesses to set up controls to decrease the likelihood of falling prey to this type of scheme. This article will offer a few suggestions to lessen the chance of becoming a victim organization to this type of fraud.
In a billing scheme, an employee writes a check or sends cash to him or herself via a shell corporation. The fraudster employee sends an unauthorized invoice to the company which appears legitimate and the company pays it. This type of disbursement fraud can come in many variations. In most instances, the fraudster creates a fictitious vendor and opens a bank account in the fictitious vendor’s name. The vendor invoice is processed by the company in the fictitious vendor’s name. The name of the fictitious company payee or shell entity could be a similar name of a real company or it could be legally created but not an active vendor. In some cases a check is made to a company that does not even exist.
To help avoid this scheme being pulled off at your company, an approved vendor list should be used. Only purchases from approved vendors should be made. Writing checks only to approved vendors requires strict controls of the accounts payable master file. Changes made to the accounts payable master file should be reviewed at least once a month. New vendors that are entered into the accounts payable system should require at least two signatures or approvals before they could be added. New vendors can be validated by using online search engines.
The tasks of purchase requisition, actual purchase of goods and services, purchase authorizations, payment approval, and receipt of goods should ideally be performed by different people. As this is not often possible in small businesses, the duties of administering the vendor file, invoice approval, and payment of the vendor invoice should be performed by different employees and always be separated. The same person should also not be authorized to sign and write a check.
Internal controls to guard against billing frauds also include the use of pre-numbered multi-part purchase orders, checks, and receiving reports. The numerical sequences for these documents should be periodically accounted for. Out of sequence numbers should be investigated. Vendor invoices should be compared to purchase orders and receiving reports and these documents should be attached to check requests.
Finally, the bank reconciliation should be prepared by a person who is not involved in the cash receipt and cash disbursement processes. The bank statement should first be sent unopened to an owner-manager for a review of questionable items.
A false billing scheme is often carried out in service account categories like consulting or professional fees because it is easier to conceal. It is harder to prove a service was or was not performed as opposed to trying to conceal a good that was never purchased or received. The service being falsely billed would be either nonexistent or unnecessary.
Often the person approving a service type invoice is the person that is supposed to receive and monitor the service. Use of an approved vendor list, appropriate support for all check requests, and review of the monthly bank statement and bank reconciliation are controls that will decrease the chance that a phony invoice would be processed in your system.