Accounts Payable Fraud: How to Add the Appropriate Controls

September 9, 2016 Chris Doxey

With the ease and accessibility of today’s technology, fraudsters anywhere can replicate checks with ease. It’s no stretch, then, to say that it’s become easier than ever before to forge a check.

And it’s check fraud, with a whopping 77 percent of actual and attempted instances of fraud to make up a majority of fraud among companies.

tools to prevent AP fraud

What are some examples of payment fraud?

Check forgery is one of the most familiar forms of payments fraud. It involves legitimate checks falsely imprinted with the payer’s signature. Counterfeit checks are also a tactic fraudsters use by digitally altering a document and printing it to appear as a genuine check.

The Association for Financial Professionals 2016 Payments Fraud and Control Survey states that, “after checks, wire transfers were the second most popular vehicle for payments fraud, with 48% of organizations exposed.”

Electronic fraud happens when ACH transactions or other digital transfers are initiated from an unauthorized source.

What are 3 types of fraud that impact the accounts payable process?

  1. Internal Fraud:  Internal fraud is initiated by one or several employees who have access to key company assets such as cash, check stock, and bank account numbers. The perpetrator often hides this fraudulent account activity by making false entries in the accounting system to cover their trail.
  2. External Fraud: External fraud is committed by someone outside the organization. They are able to gain access to company accounts and solicit unauthorized transactions.
  3. Conspiracy Fraud or Collusion: Conspiracy or collusion can combine both internal and external actors where an employee works in tandem with someone outside the company to divert resources.

What are ways AP can combat payment fraud?

Positive Pay and Positive Payee: Positive Pay is a service banks provide to match the account number, check number, and dollar amount of each business’s check against a statement of checks previously issued by that business. It’s kind of like having fraud prevention insurance on each check.

A check that does not match the file a business provides to the bank is flagged as an exception and the business is notified for approval before it is released.

Payee Positive Pay works almost exactly like Positive Pay with one exception: the customer’s name (payee) is also matched on the statement file with the issued check.

Check Controls: Controlling who has physical access to unprinted check stock is of paramount importance to keeping the integrity of check payments intact. Check printing and handling provides a huge invitation for fraud, dependant on the existing controls in place to prevent it.

A world without checks would be ideal, yet, it’s still the most common form of payment for businesses. This is why restricting access to check stock is crucial. Applying physical locks on check stock cabinets with dual access provides a good level of accountability.

Other types of controls over physical check stock

Physical Controls: One technique used by large organizations to prevent check fraud is to separate the signature plates from the check stock itself. This means two separate keyholders are required to produce a check.

Check Limits: Some Enterprise Resource Planning (ERP) programs have the ability to set a dollar-amount threshold for a check, flagging it for additional approval, before it’s sent along to the payee.

ACH blocks and filters

ACH debit block: This type of debit block prevents all transactions from posting except those that are previously authorized. There are specifications included in this feature for pre-approved recurring payments or maximum daily dollar amounts.

Debit filter: This filter screens ACH transactions to match only with pre-approved businesses. It’s similar to a bank’s Positive Pay services but specifically for ACH transactions. The filter ensures that ACH debits fulfill the right criteria against a list of approved vendors. Only transactions that meet all criteria are posted as successful transactions.

Reconcile all bank accounts within 30 days

Reconciling bank statements within a 30-day window is a best practice in accounting departments. This allows for quick discovery of any suspiciously posted transactions.This step cannot be stressed enough for its importance in good fraud management.

Reconciling bank statements also reveals the following:

  • Bank errors in the accounting process
  • Unauthorized payments that require investigation
  • Outstanding or expired checks

These control practices, used simultaneously, can do wonders for improving your payment process. It may even cause you to consider moving to an electronic payment process or to outsource a piece of your AP department. Most importantly, these practices will help shield you from accounts payable fraud.

About the Author

Chris Doxey

Chris Doxey, CAPP, CCSA, CICA is an independent management consultant providing Internal Controls and Business Process Best Practice Solutions. She has extensive experience in procurement, accounts payable, internal auditing, internal controls, Sarbanes-Oxley compliance, payroll, logistics, financial systems strategy, and financial integration at Digital, Compaq, Hewlett Packard, MCI, APEX Analytix, and Business Strategy, Inc. She was recruited to assist MCI (formally WorldCom) recover from their internal control challenges. She has a bachelor's degree in English, a bachelor's in accounting, a master's in business administration, and a graduate certificate in project management. Chris has written numerous articles and published two handbooks: AP Leadership Skills and Implementing a Controls Self Assessment Program for Your Accounts Payable Department.

Follow on Linkedin Visit Website More Content by Chris Doxey
Previous Article
Check Fraud Explained by One of Hollywood's Most Infamous Conmen
Check Fraud Explained by One of Hollywood's Most Infamous Conmen

The internet has made paper check fraud through forgery easier. Payment automation software not only helps ...

Next Article
An Executive's Guide to Cloud Security and Compliance
An Executive's Guide to Cloud Security and Compliance

As cloud technology takes hold, some companies are quick to adopt new processes, but many others are hesita...


AP & Finance Professionals:
Sign up for
our weekly newsletter

First Name
Last Name
Thank you for subscribing!
Error - something went wrong!