For too long, businesses have held auditors responsible for finding financial red flags. But with only 4% of fraud cases being detected by auditors, it may be time for organizations to shift gears and focus on internal controls instead – especially when over 43% of accounting scams are reported by tip-offs from employees, vendors and other sources.
COVID-19 may have amplified the situation by exposing loose financial controls of remote or hybrid teams. Payment and invoice fraud attacks increased 112% in the second quarter of 2020, during the pandemic’s first wave, compared with the first quarter, according to a report. That’s not all. Business email compromise (BEC) attacks rose by 11% over the same period. As cybercrime tools become more and more sophisticated, accounting fraud is getting much harder to detect.
Let’s look at a few of the most recent accounting scandals, and the measures you can take to protect your business from experiencing a similar fate.
Obinwanne Okeke, a Nigerian businessman who once appeared on the cover of Forbes magazine, is facing jail time over a cyber fraud scam of about USD $11 million. Okeke’s companies used phishing emails to rob funds from US and Europe-based firms. In 2018, Unatrac Holding Limited, a British company became a victim of Okeke and his team’s scam, which illicitly gained their login details. “In April 2018, a Unatrac executive fell prey to a phishing email that allowed conspirators to capture login credentials,” the US justice department mentioned in a press release. “The conspirators sent fraudulent wire transfer requests and attached fake invoices.”
How to avoid this: Try outsourcing payments to a third-party provider, putting them in charge of collecting and updating vendor payment data. When digitizing payments, look for a company that offers SOC compliance, which is considered the highest standard in the industry –and make sure they will assume 100% liability for paying vendors.
Personal shopping spree
A former office manager at a senior care organization in Tennessee, USA, was arrested in April for theft and forgery. An investigation into Priority Senior Care LLC’s finances found that Tonya Lindsey paid herself an extra USD $44,104 by issuing 66 fraudulent payroll payments to herself. Other records of dubious expenditure included business funds spent on personal items like clothes, accessories, and vaping paraphernalia, all worth an additional USD $8,428.
Officials said that Lindsey exploited payroll data and records to cover her theft. For example, some payments made to a fictitious employee were actually directed to Lindsey’s personal account.
How to avoid this: Automate your payroll so you have a digital trail of all records. To keep track of employee expenses, digitize receipt submission and move expense submission, approval and reimbursement into the cloud.
The art of diversion
Irish officials investigating an international BEC fraud ring, arrested multiple individuals including teenagers for stealing over USD $1.3 million from a Dublin-based company. The organization reportedly received a sham email which appeared to come from a trading company, asking them to send payments to a new bank account. The payment was made without looking into the request. Officials eventually took more than 19 people into custody regarding the same case.
How to avoid this: Invoice redirect fraud or BEC scams involve fraudsters sending an email to a business posing as a legitimate company and asking for immediate payment of an invoice. To mitigate this type of fraud, we recommend installing a process to manage requests for changes to vendor payment details. For example, you could use a bank change form to initiate alterations in vendor banking details. Always cross-check the information to confirm the validity of the new details by asking questions such as last payment date, or the last invoice amount.
A team effort
Joseph Spaccavento, an AP manager and assistant controller in New Jersey, USA, directed USD $516,000 of the company’s money to personal accounts with the help of a co-worker. The duo allegedly diverted money owed to the company to their PayPal account for personal expenses, including purchases from eBay, Best Buy, Louis Vuitton, Bloomingdales and GrubHub. These items would often be shipped to their homes. According to the FBI, they covered their tracks using bogus customer statements and internal accounting records.
How to avoid this: Set up at least two levels of approval for all purchases and use an electronic expense management system to set up controls for employee expenses. An AP automation software will notify approvers online as soon as expense reports are submitted, and they can accept or reject the claim – even through their phone.
Steep vet bills
A former employee at a veterinarian clinic in Georgia, USA, was charged for embezzling more than USD $250,000 over a period of seven years, according to reports. As an office manager, Meleah Landers handled accounts payable (AP) for the clinic and falsified bills from vendors, and payments for the clinic’s owner, including mortgage and personal card payments. The fraud unraveled after the owner was notified of an outstanding bill of USD $150,000 by an existing vendor. The full extent of the scam was exposed after an audit was launched, discovering Landers exploited business funds for personal expenses such as country club membership.
How to avoid this: By managing your payments through an AP automation provider, your invoices will have to pass through several layers of approvals before they are released. Your business can customize the approval matrix based on budget, department, location and other features.
Improve your AP controls and mitigate the risk of accounting fraud