The risks with supplier fraud are often not just one time events.

Confidence builds if a fraudster is not caught, allowing for the activities to continue.

The average time to catch up with the fraud is 12 months, down from 18 months in the years prior. The top industry affected by internal fraud is now Mining (unexpected) with Real Estate in the top five: the average fraud standing at $200,000.

One such common and recurring fraud is related to the payments to suppliers, be they fictitious or as a result of collusion with the supplier.

The ACFE report discusses how behaviors such as unusually close relationships between employees and suppliers has been a key flag for investigating fraudulent activity, alongside tips and other reporting methods. *

What about risks in our ERP Applications?

In our analysis one Segregation of Duty rule that we evaluate your ERP applications against are users who can maintain the Vendor Master Data Vs Make Payments/Recurring Payments to Suppliers.

The risk is the establishment of a fictitious suppliers and entry of a blanket purchase order against that supplier. Once the PO is established, the user could potentially create an invoice referencing the PO and mail it into the AP department. If the invoice is approved, the user would receive a fraudulent payment through the fraudulent vendor they established. Because the PO would be recurring, if they were weak controls over goods receipts, could enable a user to commit ongoing fraud.

How can these problems be solved?

Risk can be mitigated through a vendor workflow / review control, a three-way or four-way match control, periodic manual review and sign off on the vendor record audit trail, or a recurring purchase order workflow.

The solutions mentioned above are the result of an effective review of these processes, including who has access to the functions. This is a challenge all by itself: Who has access to maintain suppliers? Who can make payments?

Seecuring

* ACFE Report to the Nations source.

The Seecuring Solution


Seecuring provides the ability to identify those individuals with access and control issues that may set your organization up for fraud and error, specifically:

  • * Segregation of Duties.

  • * Sensitive Access.

  • * User Access Reviews.

  • * Patch Impact Analysis & Configuration Changes.

If you need to solve your security and access problems, get in touch to discuss your needs: