Subscribe by Email

Your email:

Most Popular

Browse By tag

Browse By Date

Technorati Profile

Blog - Kofax (formerly 170 Systems) Perspectives on AP

Current Articles | RSS Feed RSS Feed

Preventing Vendor AP Fraud
A Great Tip For Maintaining Your Vendor File

Posted by Steve Wilcox on Fri, Mar 06, 2009 @ 10:59 AM
Share on Twitter Twitter | Share on Facebook Facebook | Submit to Digg digg it |  Add to delicious  delicious |  Submit to StumbleUpon StumbleUpon |  Share on LinkedIn LinkedIn | Submit to Reddit reddit 

Yup, that's an outhouse. 

What if you used Google Maps to view a vendor address and it turned out to be an outhouse?!?  Alarm bells would probably go off in your head that an unscrupulous "vendor" was trying to swindle your company.

Nat Goodman used this outhouse example in this past week's webcast on preventing AP fraud.  As we discussed in the last blog entry and according to Nat:

"Every addition or change to the vendor master should be verified to approved documents  [such as updated W9s, contract amendments, verified correspondence, etc]. That means approval and support before keying AS WELL AS verification to file changes AFTER processing. In order to avoid duplicate vendors on file, be particularly careful about how the vendor name is keyed with consistent naming and keying conventions."

Vendor addresses should be treated particularly carefully.  Again, according to Nat:

"We need to guard against false addresses that can be used to embezzle funds.  However, we are not only concerned with phony vendors but we want to confirm that the vendor appears to be a business person with legitimate qualifications to perform the work or provide the goods.  Switchboard.com and Yellowpage.com have business and residential listings.  Mapquest.com is great way to view a property.  Many consultants/service providers work out of their home.  Here is an opportunity to view their home.  If they have an outhouse on the property you may think twice.  If a goods producer lists an address on a vacant lot, a red flag goes up and you may want to check further."

Bottomline ... all new vendor addresses or changes should be carefully verified.   With Google Maps or a similar tool, it's easy to check a vendor's office or location.

-Rakesh Shukla

Related White Papers

Related Blog Posts
Tags: , , , , , , , , , , , , , ,

Comments

Great post. I agree. There are two possible ways to 'audit' the data entry - via workflow approval or through a trigger or log-based auditing mechanism. Workflow is definitely a better route to go, where possible since it will automate the process and record the approvals in the system. 
 
Jeff
Posted @ Tuesday, August 11, 2009 4:38 PM by Jeffrey T. Hare, CPA CISA CIA
Yes, a robust workflow will maintain a comprehensive audit trail.
Posted @ Tuesday, August 11, 2009 4:45 PM by Rakesh Shukla
Reposted from LinkedIn: 
 
Using common sense is always the best policy before entereing into a business relationship with anyone including vendors.  
 
Some people prefer to do background checks and you can do something similar with vendors without hiring a service by doing a little research of your own.  
 
* Of course as you mentioned one can use geographic location service to look up addresses.  
 
* Search the vendor name, address or phone number by using various search engines by placing each of the above items as the keywords. You might be surprised what is returned. Don't forget about Google Cache which will return older result no longer listed in the main search engines but has been archived.  
 
* Use services like http://www.pipl.com which is the most comprehensive people search on the web and will return all kinds of searches.  
 
People or businesses having a bad experience will often post information on such persons or entities in blogs and related industry forums. In addition, if there are any outstanding law suits filed with a court system this will be listed.  
 
* Then you can always ask for references but keep in mind such information can be trumped up.  
 
A good rule is to get referrals from people who have already conducted business with a vendor where they have positive things to say.  
 
Lisa K  
 
Independent Consultant 
 
Posted @ Tuesday, September 15, 2009 2:31 PM by Rakesh Shukla
Reposted from LinkedIn: 
 
I think what Lisa is saying is about selection of vendor ,at times though vendor may be clean when one hires them but there has to be a on going process in place wherein vendor activities are monitoried or mystery shopping is done on the vendor to check whether they are still clean.I have seen mystery shopping on venbdors giving great results if managed properly  
 
Charanjeet Bhatia -CFE  
 
Fraud Prevention & Investigation Specialist 
 
Charanjeet Bhatia -CFE  
 
Fraud Prevention & Investigation Specialist 
 
Posted @ Tuesday, September 15, 2009 2:32 PM by Rakesh Shukla
Reposted from LinkedIn: 
 
I used to work for Nokia Networks before it became Nokia-Siemens. 
 
They used a five level syste4m from S1 to S5 for least known / trusted suppliers to the most trusted. Large or critical contracts only being awarded to the most trusted suppliers that have consistently proven themselves over time. 
 
They of course also had a comprehensive vendor checking and selection process when considering new vendors, much as most companies would or should do when recruiting new employees. In principle vendor / supplier selection and contracting is no different to selection and recruitment of employees, so the same types of processes, proceedures and due dilligence are required.  
 
Chris Spencer  
 
Security, Fraud & Risk Management 
 
Posted @ Wednesday, September 16, 2009 6:31 AM by Rakesh Shukla
Reposted from LinkedIn: 
 
* Thorough background investigation and vetting of new/potential vendors. This should include traditional resources (criminal record check, pedigree, credit history, etc.) and open source intelligence (blogs, news articles, reviews, testimonials, lawsuits, etc.).  
 
* Independent verification of required licensing (if applicable) and insurance.  
 
* Regularly update background check and verifications (e.g. annually or more frequently, depending on the risk)  
 
* Research financial stakeholders in the vendor company and proactively identify any potential conflicts of interest.  
 
* Allow multiple individuals to review results of vendor background investigation and seek input.  
 
* Conduct routine audits to ensure compliance with contractual requirements and Service Level Agreements.  
 
James D. Ruotolo, CFS  
 
Director of SIU Strategic Operations at The Hartford 
 
Posted @ Wednesday, September 16, 2009 7:11 AM by Rakesh Shukla
Reposted from LinkedIn: 
 
When the vendor is using an outhouse as their physical address I think it is fair to say that they are full of ...  
 
By Tom Flynn VP Account Management at Lavante, Inc. 
 
Posted @ Thursday, September 17, 2009 6:49 AM by Rakesh Shukla
Reposted from LinkedIn: 
 
Run a credit check on the person operating the business. Sometimes vendors/merchants will use another person's or employee's name to open the account with you. Run a credit check on the person who is actually operating the business. This tells all.  
 
M Cervantes  
 
Sr. Fraud Investigator at eBay/PayPal Inc
Posted @ Thursday, September 17, 2009 7:00 AM by Rakesh Shukla
Reposted from LinkedIn: 
 
Your company should compose a questionnaire to be completed by all vendors. These questionnaires should include who and where as well corporate references and liens and judgments. If they do not wish to provide the information, you are better off using another vendor. If you wish I could forward one to you. 
 
John Patwell  
 
Experienced Fraud Investigator 
 
Posted @ Thursday, September 17, 2009 9:49 PM by Rakesh Shukla
Reposted from LinkedIn: 
 
Vendor Assessment should be established. For critical vendors quality and financial review/audit should be performed yearly. It's part of the risk assessment we are performing during SOX reviews. For the others a questionnaire ( self assessment) could or should be used.  
 
Arnaud VIGNE  
 
Consultant at Resources Global Professionals
Posted @ Friday, September 18, 2009 10:20 AM by Rakesh Shukla
Reposted from LinkedIn: 
 
Following on Arnaud Vigne's point, There is a "right to audit" clause (Albrecht, W. S. et al, 2006) that could be put into the contracting requirements or back of the receipt. In simple terms it gives companies the right to audit their vendor's books at any time.  
 
Companies with missing/suspicious addresses, phone numbers, or payments being made to P.O. Boxes, duplicate invoices all of which could be classified under "paying attention to detail" matters. Education, creating a list of examples affecting your company included what triggered the event is an important approach. 
 
Conrad DaCosta, MS, CFE  
 
Analyst 
 
Posted @ Friday, September 18, 2009 10:22 AM by Rakesh Shukla
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics