Financial supply chain software firm APEX Analytix is shedding light on a reality that many organizations probably don't want to hear: AP fraud is alive and well, and companies aren't fully protected.
This month, the company published its latest analysis, The Financial Leaders' Benchmarking Report, and the findings were "troubling," in the words of APEX Analytix.
More than half of accounts payable departments said they don’t partner closely with internal audit teams, while 82 percent have no connection to internal enterprise security teams. More than half (51 percent) said they do not require secondary review of high-value payments, and 79 percent admitted employee records aren’t cross-checked against supplier information to be sure employees aren’t trying to commit fraud by posing as a supplier.
Suppliers themselves can expose companies to the risk of fraud, too, with 65 percent of businesses noting they don’t authenticate their vendors. About a tenth of businesses said they conduct a review of their suppliers dubbed high-risk only once a year, while 15 percent said they don't conduct such reviews at all.
Perhaps the most troubling trend, however, is that APEX Analytix noted in the years it’s been conducting this research, it has noticed the gap between the high- and low-performing organizations growing.
In discussing these findings, Phil Beane, APEX Analytix senior vice president, told PYMNTS that this is a particularly concerning pattern.
“When we look at AP fraud specifically, the risks that these companies are facing is only increasing,” he said, “so it was very surprising how few of the global 1,000 companies had implemented a complete controls framework, leveraging technology to mitigate risk.”
In general, he said, companies are aware of the risk of fraud in their accounts payable departments.
“However,” noted Beane, “unless they have, through the normal course of business, identified a fraudulent issue, it is difficult for them to assign a value to the risk in any meaningful way.”
Businesses will often turn to manual supplier vetting practices, for example, or annual reviews to identify potential areas of risk exposure, a strategy he said “inevitably falls short.”
“The front-end process is manual, and data flows through too many hands,” he said. “Only a limited number of outside data sources are taken into account, and vendor master teams are pressured to push through the changes in order to meet processing SLAs [service level agreement].”
Annual reviews or internal audits may only take a sample of company data to try to identify a problem, another inadequate strategy, Beane noted, “due to the low frequency, high-impact nature of fraud cases.
"To be effective, fraud controls and reviews must evaluate every supplier transaction,” he said.
The consequences of AP fraud are numerous, but one of the most blaring effects is a significant loss of money. According to APEX Analytix’s report, more than a third of payments initiated in the AP department aren’t linked to a purchase order or contract. Beane said this could be the result of a few scenarios.
One is that the business is paying more for a good or service than it should be. Another is that a company could be paying a single invoice more than once, because invoices without a purchase order don’t demand the three-way match between purchase order, invoice and payment to ensure transactions are applied to the right bills. Or, Beane added, there is simply a lack of adequate controls within the enterprise, meaning businesses are exposing themselves to more risk.
“Electronic AP technologies, like online Supplier Information Management, eInvoicing, electronic payments and online invoice and payment tracking, help reduce fraud and errors by ensuring purchases are made from fully vetted suppliers, invoices are received from the authorized users, PO numbers are required and payments are sent to pre-authorized bank accounts,” the executive explained.
There isn’t a single solution to any of these issues, either.
According to Beane, learning from the top performers can give valuable insight about how to combat AP fraud, both from within and outside the organization.
“What we see in the top performers is that they have a comprehensive strategy to either reach or maintain best-in-class performance,” he said, adding that the strategy can include integrating sophisticated technologies like machine learning and artificial intelligence.
“Another characteristic of the leading companies is their focus on continuing education programs for team members, which is one part internal, learning about how things work within the organization, but also external,” Beane noted.
Paramount, though, is integrating measures that are quantifiable for businesses to understand their current positions and risk exposure, and to measure improvement.
“Visibility, benchmarking, and independent review,” the executive said, “as they say, 'You can’t manage what you don’t measure.’”