false invoices - would you detect them

Audit | Tax | Advisory | Financial Advice

False Invoices – Would you detect them? An Internal Auditor’s perspective

18 June 2014


Agenda: 1.  Our current environment – increased risk of fraud?

2.  Key types of procurement fraud

3.  Case study 1: The “Tahitian Prince”

4.  Warning signs for false invoices

5.  Case study 2: The “Sugar Daddy”

6.  Demonstration of falsifying invoices using freely available tools

7.  Case study 3: Try your luck…

8.  Controls to address fraud risk

9.  Data analytics


Our current environment – increased risk of fraud? •  Tightening economy and ‘Strong Choices’;

•  High levels of redundancies and reduced employment security;

•  Loss of promotion and new job opportunities creating financial pressures on

personnel;

•  Departmental restructure leading to process breakdowns / oversights.

•  Additional work pressures on those who remain, resulting in breakdowns in

checks and balances;

•  ‘Non-essential’ departments (i.e. Internal Audit, Risk, Quality) are being

scaled back.


Key Types of Procurement Fraud

•  Manipulation of the vendor master file;

•  Cheque forgery;

•  Collusion with suppliers;

•  Conflicts of interest;

•  Vendor kickbacks / bribery;

•  Bid rigging; and

•  False invoices.


Examples of common Invoice Fraud

•  Membership Dues – An invoice is received for yearly dues from a phony business

association.

•  Directory Listings – A bill is received for an ‘Internet Directory’ listing that wasn’t

needed or ordered.

•  Office Supplies – Either the products were never delivered and the invoice is totally

false or unordered products were received and have been invoiced at exorbitant rates.

•  Other Products and Services – Charges are received for repairs, labour or other

goods and services that were never provided.


Case study 1: The ‘Tahitian Prince’


Case study 1: The ‘Tahitian Prince’

“There appears to have been a loss of focus across the public sector on

maintaining basic financial controls with the number of agencies failing to

maintain these controls increasing.”

“Poor controls over vendor information can potentially expose departments to

significant losses if there is fraudulent manipulation of this information.”

Taken from the Criminal Misconduct Commission report to Parliament


Case study 1: The ‘Tahitian Prince’ •  Had a history of fraudulent activity that was not detected through background checks;

•  Used manual general purpose vouchers as they had lower levels of scrutiny (i.e.

bypassed the purchase requisition process);

•  Used an elaborate cover story, gifts, friendly personality and seniority to cover erratic

attendance record and bypass appropriate review processes;

•  Created multiple false vendors using forged documents;

“…it could easily have been found out and stopped…”

•  Significant organisational changes (restructure) resulted in oversight of the cost centre

being controlled by the fraudster;

•  28 payments were for the value $137,592.40 to the same vendor; and

•  Post balance adjustment to cover up $2.7M overspend on a $406K budget.


Warning Signs for False Invoices General signs:

•  Weak controls over the review and payment of invoices;

•  Discrepancies between contract or purchase order, receiving documents and

invoices;

•  Discrepancies between contractor’s billings and supporting documents;

•  Invoices in round dollar values;

•  Total payments exceed approved contract value or purchase order value;


Warning Signs for False Invoices False invoice signs:

•  No receiving report for goods or services;

•  Invoiced goods or services can not be located or accounted for; and

•  No purchase order for invoiced goods or services.

Inflated invoice signs:

•  Invoice prices, quantities, item descriptions or terms exceed or do not match:

•  Contract or purchase order terms;

•  Receiving orders;

•  Inventory usage records; and

•  Discrepancies between invoice amounts and supporting documents.


Warning Signs for False Invoices Duplicate invoice signs:

•  Multiple payments in the same time period;

•  In the same or similar amount to the same or related vendors;

•  On the same invoice or purchase order; and

•  For the same or similar goods or services.

•  Multiple invoices with the same:

•  Description of the goods or services;

•  Amount;

•  Invoice number;

•  Purchase order number; or

•  Date.


Case study 2: The ‘Sugar Daddy’


Case study 2: The ‘Sugar Daddy’

“A psychologist hired by Leighton Contractors told O’Carrigan’s wife the fraud

had started with dissatisfaction at work. He believed that he had been

overworked and overlooked and resented the salaries of younger staff with less

experience.

“Once having experienced the lifestyle that accompanied the fraud it became

like an addiction”


Case study 2: The ‘Sugar Daddy’ •  Created a company, of which he was a Director;

•  Was able to approve and establish the company as a vendor without

segregation of duties;

•  Created 308 false invoices from the company ranging from $10,000 to

$205,000 and totalling $20.7M. He was able to approve and process the

transactions himself;

•  Directed a portion of project revenue into a corporate account which he used

to fund the fraud; and

•  He was on a salary of about $200,000 and had worked for the company for

30 years when arrested in November.


Demonstration of falsifying invoices using freely available tools. •  Free software tools are readily available and make invoice preparation simple

with a professional finish

•  Editing of vendor invoices, approval documents and employment documents

is simple with the standard tools available in Adobe Acrobat

•  We will do a quick demonstration now.


Case study 3: Try your luck…

“A phony media tycoon has relaunched a ficticious publishing empire and

fleeced Australian mining companies out of hundreds of thousands of dollars,

just months after he was convicted over the same scam.”

“The conman has been caught operating the same criminal enterprise, under a

different business name – Mining & Resource Media. After casting his net across

another 100 mining firms, more than $300,000 rolled in.”


Case study 3: Try your luck… •  Created a false media organisation (Commerce and Resource Productions);

•  Distributed hundreds of false invoices to mining companies claiming

advertising revenue associated with 20 fake publications;

•  Prosecuted by only 5 affected organisations on 32 counts of “asserting right

for payment for unsolicited services” fined $40,000 and ordered to pay

$96,600 in compensation;

•  Within 8 months of this he created another false media organisation (Mining &

Resource Media) and repeated the same fraud obtaining in excess of

$300,000 in payments.


Controls to address fraud risk •  Tone at the Top – code of conduct, fraud awareness training and building a

culture of awareness across the organisation;

•  Having procurement policies and procedures in place;

•  Ensure that the risk of procurement fraud is recorded in your organisation’s

risk register and risk assessments are performed regularly;

•  Whistleblower scheme to encourage reporting of suspected fraud;

•  Ensure that staff that are involved in financial decision making for

procurement are trained in how to identify fraud;

•  Ensure a three way match is carried out;

•  Ensure that segregation of duties is in place and enforced;


Controls to address fraud risk cont. •  Implement a variation limit on projects and contracts and require justification

for when these limits are exceeded;

•  Pre-employment screening that is comprehensive and completed prior to

commencement of employment;

•  Comprehensive Vendor and Customer vetting performed by an independent

individual to the procurement process;

•  Strict processes around changes to vendor details, review of dormant

vendors

•  Staff rotation for ‘at risk’ positions (e.g. procurement and finance). In the

banking industry this has lead to reduced insurance premiums where staff are

required to take 2 weeks of continuous leave;


Controls to address fraud risk cont. •  Budget to actual and variance analysis;

•  Data analytics and continuous monitoring; and

•  Having strict processes around the payment of ‘emergency’ invoices or

changes to payment terms.


Data analytics •  Data analytics can be useful in identifying transactions, trends or relationships

that could be an indicator of fraud.

•  Irregular Transactions:

•  Duplicate invoices, unusual invoice sequencing (Benford’s Law), inactive

vendors receiving payments, out of business hours transactions,

transactions exceeding approval limits / invoice splitting, invoices

received after payments made

•  Trends and Summary Reporting:

•  Top vendors by payments made, top vendors with quality issues, top

vendors for short shipments, vendors with consistent transaction values,

vendors with multiple transactions per period.


Data analytics cont. •  Relationship indicators:

•  Vendor address / phone number vs. payroll records, Vendor directors vs.

procurement personnel, multiple vendors with the same details (e.g.

address, phone number, PO box, etc.)

•  Use tools that support fuzzy logic:

•  (07) 3233 0000

•  +61 7 3233 0000

•  0732330000


Robyn Cooper Internal Audit Principal Brisbane

Tel +61 7 3233 3496 au.linkedin.com/in/robyngcooper

[email protected]

Mark Scales Senior Manager Brisbane

Tel +61 7 3233 3500 au.linkedin.com/in/mwscales

[email protected]

false invoices - would you detect them

Documents