Fraud in Accounts Payable: How to Add the Appropriate Controls

September 9, 2016 Chris Doxey

With the ease and accessibility of today’s technology, fraudsters anywhere can replicate checks with ease. It’s no stretch, then, to say that it’s become easier than ever before to forge a check.

And it’s check fraud, with a whopping 77 percent of actual and attempted instances of fraud that makes up a majority of fraud among companies.

What are Some Examples of Payments Fraud?

Check forgery is one of the most familiar forms of payments fraud. It involves legitimate checks falsely imprinted with the payer’s signature. Counterfeit checks are also a tactic fraudsters use by digitally altering a document and printing it to appear as a valid check.

The Association for Financial Professionals 2016 Payments Fraud and Control Survey states that “after checks, wire transfers were the second most popular vehicle for payments fraud, with 48% of organizations exposed.”

Electronic Fraud happens when ACH transactions or other digital transfers are initiated from an unauthorized source.

What Are 3 Types of Fraud that Impact the Accounts Payable Process?

  1. Internal Fraud: Internal fraud is initiated by one or several employees who have access to company assets such as cash, check stock, and bank account numbers. The perpetrator often hides this fraudulent account activity by making false entries in the accounting system to cover their trail.
  2. External Fraud: External fraud is committed by someone outside the organization. Those who can gain access to company accounts and solicit unauthorized transactions.
  3. Conspiracy Fraud or Collusion: Conspiracy or collusion can combine both internal and external actors where an employee works in tandem with someone outside the company to divert resources.

What are ways AP can combat payment fraud?

Positive Pay and Positive Payee: Positive Pay is a service banks provide to match the account number, check number, and dollar amount of each business’s check against a statement of checks previously issued by that business. It’s kind of like having fraud prevention insurance on each check.

A check that does not match the file a business provides to the bank is flagged as an exception and the business is notified for approval before it is released.

Payee Positive Pay works almost exactly like Positive Pay with one exception: the customer’s name (payee) is matched on the statement file with the issued check.

Check Controls: Controlling who has physical access to unprinted check stock is of paramount importance to keeping the integrity of check payments intact. Check printing and handling provides a huge invitation for fraud, dependant on the existing controls in place to prevent it.

A world without checks would be ideal, yet, it’s still the most common form of payment for businesses. This is why restricting access to check stock is crucial. Applying physical locks on check stock cabinets with dual access provides a level of accountability.

Other types of controls over physical check stock

Physical Controls: One technique used by large organizations to prevent check fraud is to separate the signature plates from the check stock itself. This means two separate keyholders are required to produce a check.

Check Limits: Some Enterprise Resource Planning (ERP) programs have the ability to set a dollar amount threshold for a check, flagging it for additional approval, before it’s sent along to the payee.

ACH Blocks and Filters

ACH debit block: This type of debit block prevents all transactions from posting except those that are previously authorized. There are specifications included in this feature for pre-approved recurring payments or maximum daily dollar amounts.

Debit filter: This filter screens ACH transactions to match only with pre-approved businesses. It’s similar to a bank’s Positive Pay services but specifically for ACH transactions. The filter ensures that ACH debits fulfill the right criteria against a list of approved vendors. Only transactions that meet all criteria post as successful transactions.

Reconcile All Bank Accounts within 30 Days

Reconciling bank statements within a 30-day window is a best practice in accounting departments. This allows for quick discovery of any suspiciously posted transactions.This step cannot be stressed enough for its importance in good fraud management.

Reconciling bank statements also reveals the following:

  • Bank errors in the accounting process
  • Unauthorized payments that require investigation
  • Outstanding or expired checks

These control practices, used simultaneously, can do wonders for improving your payment process. It may even cause you to consider moving to an electronic payment processor to outsource a piece of your AP department. Most importantly, these practices will help shield your business against fraud.


About the Author

Chris Doxey

Chris Doxey, CAPP, CCSA, CICA is an independent management consultant providing Internal Controls and Business Process Best Practice Solutions. She has extensive experience in procurement, accounts payable, internal auditing, internal controls, Sarbanes-Oxley compliance, payroll, logistics, financial systems strategy, and financial integration at Digital, Compaq, Hewlett Packard, MCI, APEX Analytix, and Business Strategy, Inc. She was recruited to assist MCI (formally WorldCom) recover from their internal control challenges. She has a bachelor's degree in English, a bachelor's in accounting, a master's in business administration, and a graduate certificate in project management. Chris has written numerous articles and published two handbooks: AP Leadership Skills and Implementing a Controls Self Assessment Program for Your Accounts Payable Department.

More Content by Chris Doxey
Previous Article
Ace Your Next Audit With Electronic Payment Automation Software
Ace Your Next Audit With Electronic Payment Automation Software

Up until the last decade or so, audits were just about the worst thing that could happen to you ...

Next Article
An Executive's Guide to Cloud Security and Compliance
An Executive's Guide to Cloud Security and Compliance

Even as the cloud industry grows and adoption becomes more widespread, worries about whether the...