We specialize in Auditing the Security and Controls in many Applications, including those from Yardi. As we continue to survey customer's Environments, it is clear that many areas of the Application may provide opportunities for Fraud and Error if not configured and controlled effectively.

The dangers of Vendor/Supplier Risks in your applications.

In this post we will focus on a key Risk area not only in Yardi Applications, but in the management of effective Real Estate operations: Vendors/Suppliers.

Key areas of Fraud involve email compromise to change Vendor details, including Bank Account details to divert money fraudulently.

Alternatively, Fraud occurs where projects are over priced, materials replaced for cheaper items, projects over charged through the process, or in some cases fictitious projects created to obtain funds.

This last point might seem a little hard to believe, but one such attempted Fraud accounts for one of the largest ever attempted. It is perhaps the largest in Real Estate due to the asset at the center of the Fraud: a fictitious new Airport in Nigeria.


The scam involved a Con-man who convinced a Brazilian Bank to lend $242m.. The Fraud lasted from 1995 to 1998 and was only uncovered during due diligence for the Banks sale (hint it didn't happen and the Bank collapsed due to 2/5 of the Bank's reserves being tied up in the scam).

The promise of a $10m fee to the Bank and endorsement by the Nigerian Central Banks Governor (impersonated of course), got the loan approved and the money deposited in offshore accounts. This story represents numerous failings from an Internal Controls perspective with the Bank. Given the amount of money involved, more rigorous checks should have been in place, with more documentation (involving more parties) and more background checks with independent parties would have helped for s start!

You can read more about this story here.

It's highly likely given the Controls that you have in your Organization would prevent such an extraordinary theft, but if such an audacious scam can go as far and as long as this, how can we hope to catch the small opportunistic Frauds that occur every day in Real Estate and Construction?

A successful Third Party Risk program, involving effective a thorough due diligence on Suppliers and effective Internal Control go a long way.

However, around 45% of Fraud originates from within an Organization, with that in mind how can Employees perpetrate Fraud related to Vendors and Suppliers? And how do we control Fraud between internal Staff and Vendors/Suppliers? This type of Fraud involves collusion and like the Airport saga involves an 'inside job', kickbacks or bribes to allow transactions to take place that are out of place with your Organization's Policies.

A good practice is to implement Separation of Duties within your Applications and Processes, this way you can separate the key parts of:

  • Managing Vendors vs Entering and Maintaining AP Invoices

  • Vendors with Electronic Fund Transfers vs Entering and Maintaining AP Invoices

  • Managing Vendors Vs Maintain Vendor / Purchase Order Workflows

From these three examples (we have more) you can see that controls should not only be in place for transactions, but also for how transactions are configured, configurations could be changed to suit the process of a fraud and then put back again if not controlled and audited.

By implementing Separation of Duties the ability for Staff and Third Parties to collude becomes harder, and if you utilize your Application's Workflow functionality, this process is even more difficult with the added layers.

Whether you are a Publicly Traded Organization or not, tight controls around the many transactions across your Application portfolio is critical!

Effective Controls

We are offering a FREE assessment of your current position with your Risk Management in your Applications, this is beneficial if you are struggling to implement a program for effective Controls in your Applications. Seecuring provides a subscription based service that provides:

  • Segregation of Duties

  • Sensitive Access

  • User Access Reviews

  • Patch Impact Analysis & Configuration Changes

We have hundreds of 'Rules' that encompass analysis of many Risks in your Applications, taking into account Permissions all the way through to Menus, along with Users, Groups/Roles.

We have been working with ERP/HCM Applications since the early 2000's, and work with leading CPA's, Audit staff and Application specialists to deliver a complete solution.

Before you invest in expensive Software, why not look at GRC as a Service? Faster delivery, lower cost, and more than just reports on your issues - we help Organizations achieve their goals for Internal Controls.

To discuss your requirements, you can schedule a call with us: