- About Us
- News & Events
- Locations
- Career Opportunities
- Rea Strategic Solutions
- Investment Partners Ltd
- Contact Us
- Press Room
Fraud Watch: Use Your Computer to Help Detect Fraud
Fraud Watch: Use Your Computer to Help Detect Fraud
31 January, 2008
This is the first of a four-part series discussing areas of your business you can examine to determine whether fraud is taking place.
The use of computers in business continues to grow. With the help of ever-improving technologies, companies across the globe enjoy better efficiencies and business processes, and often an increased competitive advantage.
But the technology you love could hurt you. As computer systems grow more complex, fraud may be just a click away. Whether you have added new computer systems to integrate business processes, improve sales, streamline supply chain or enhance overall business reporting effectiveness, there are some potential areas within your system that lend themselves to fraud.
Vendor Master
Does your IT system use a vendor master file to process all check and electronic cash disbursements? While this is a best practice many companies implement, there are some key areas where there is fraud risk. Be sure to check this master twice a year to ensure it is up-to-date. Some red flags you want to look out for include:
- Vendors using post office boxes as addresses
- Dormant vendors with no activity for two or more years
- Vendors with the same address or telephone numbers as employees
- Multiple vendors with same address or phone number
- Vendors with different mailing and check addresses
Of all of the computer-related fraud risks discussed in this article, this area puts you at most risk because it is easiest to perpetrate – and if you don’t know which vendors are legitimate, you could pay a phony invoice and never be the wiser.
Employee Master
The employee master file could also tip off potential fraud. Look for multiple employees with the same address, phone numbers or bank account and employees with invalid Social Security numbers. They may not be legitimate employees – or it could mean that an ex-employee is still receiving a paycheck.
Payroll Expenses
If you have multiple employee master files, for example one in human resources and one with your payroll provider, the potential for an exited employee to continue receiving payroll checks after their departure date increases.
Payroll fraud can and does happen – so watch to make sure no employee receives more than one paycheck per pay period and check that no one is being paid more vacation than allowed. Finally, look at the pay amounts and check for consistency. If an employee is being paid higher now than in prior periods – without a raise or change in benefits – something is fishy.
Accounts Payable Processes
Cash disbursements within your accounts payable program is also an area for fraud. If you see duplicate invoice numbers, dates or dollar amounts from the same vendor, something may be wrong. Also, if the invoiced amounts do not agree with the purchase order amount or the amount received is in excess of the amount ordered, fraud may be occurring.
And keep an eye on company-issued credit cards and their payment processes. This is an easy, easy way for a malicious employee to take from the company.
Customer Billing & Collection Processes
The following signs may mean that fraud is happening right underneath your nose:
- Frequent underpayments by customers to clear outstanding invoices, with the underpayments charged to “miscellaneous expenses”
- Gaps in sale invoice sequences or duplicate sale invoices
- Customers with billings subsequent to a bad debt write-off
- Customers with credit balances cleared by a refund
Security Profiles
IT systems today allow you to develop role-based security profiles that limit access to certain programs. These profiles are assigned to users to limit the key business systems they can access. While that is a great step to prevent fraud, there are still risk areas within each user profile.
Watch those users who have unlimited access as well as those users who are assigned a profile that does not correspond to job responsibilities. Also, look for users assigned multiple profiles that create segregation of duties conflicts. You don’t want one user to have the ability to create a purchase order, receive merchandise ordered, set-up a vendor, issue a check and reconcile the bank statement.
An IT business system is a must-have. All IT systems, though, are not created equal or implemented in the exact same way, but nonetheless all can be improved to reduce risk. Share this information with your internal IT director and/or external service provider to gauge your potential exposure to computer-transacted fraud. Then develop an action plan to mitigate risk areas.