Are you harboring fictitious vendors in your accounting system? These are vendors invented by an employee — usually someone with the authority to approve invoices — to embezzle from the company. Thieves fabricate invoices and deposit payments to the fictitious vendor in their own bank accounts.
This scam is easier to perpetrate in companies with a large number of vendors because fictitious accounts simply get lost in the sheer volume of paperwork. However, small companies are also vulnerable to the scheme because they often lack internal controls, such as segregation of duties.
Spotting the fake
Regardless of the size of your company, there are likely to be tracks for you to follow:
Missing information. You expect to find phone numbers, taxpayer identification numbers, contact names and specific street addresses (not P.O. box numbers) in your vendors’ files. When such routine data is missing, investigate.
Vendor names. Embezzlers may create a company name that is similar to that of a legitimate vendor, or may use their own initials. But a fraudulent vendor won’t be called Microsoft, Wal-Mart or any other widely known corporate name.
Account activity. A fictitious vendor will probably be active. Because the payoffs are proportional to the effort, fictitious vendors usually don’t send invoices for small amounts. The risk of discovery increases with every transaction, so fake accounts are more likely to involve fewer invoices for larger amounts.
Services vs. goods. Most often, fictitious vendors will supply services rather than goods, simply because it’s easier. But occasionally someone — most often a purchasing agent — establishes a fake company from which to order products. This scam usually requires an accomplice on the receiving dock to record receipt of the goods and simultaneously alter inventory records.
More red flags
Also look for:
- The absence of credit memos, because there won’t be any billing errors,
- Prompt payments, because the perpetrator wants each transaction completed as quickly as possible,
- Similar invoice amounts, which will probably be just below the fraudster’s authorization limit, and
- One invoice listing per check, rather than the more customary bundling of invoices for payment.
Finally, if only one employee is requesting the company’s services, that’s a sign the vendor may not be legitimate.
They can’t hide
If you sense something isn’t right in your vendor records, don’t let it slide. Although the perpetrator may be devious and the scheme may be elaborate, good internal controls can help prevent and detect fraud.