Detecting Purchasing Fraud

I thought that we should look at purchasing fraud, which covers purchases made by employees on company credit card or company account. The risk here is that the items are purchased for personal use, rather than to benefit your organisation.

How does this type of fraud occur?

The fraudster gains access to the company account or credit card. They may be an authorised user of the account or card; they may forge a signature, steal a card, have a false one made, or add their name to the list of authorised users when cards are ordered.

Generally, this type of purchase does not require a purchase voucher, order or prior approval, for example, replenishing office supplies.

Once the purchase is made, it must be concealed, or the fraudster will be caught!

Very often the fraudster is also the person who approves accounts for payment. When the accounts come in, they simply approve the purchase and no one is the wiser.

If they are not the approver, the fraudster must conceal the purchase another way. Possibly the approving manager does not pay much attention to what they are signing, and non-genuine items are not picked up. This is somewhat risky, but the risk is reduced if the fraudster sticks to making a genuine purchase but keeps part of it for themselves (for example consumables for a worksite), or purchases services which are hard to prove have not been received.

Another method of concealment is to deal with the account directly. If the fraudster is in a suitable position they can code the purchases as being genuine business items, or code it to another cost centre or expense account before getting approval for payment. Alternatively, they can alter the statement so that the fraudulent purchase does not appear as a separate item, or destroy accounts as they are received (although eventually the supplier will complain about not being paid).

Who does this type of fraud affect?

Purchase fraud can affect any business where items are purchased on account or on company credit cards, particularly if there are no checks in place for good and services purchased.

Certain types of businesses can be more at risk than others, such as those in the building and construction industry where equipment and goods are purchased on company accounts and delivered to a worksite, possibly without ever being checked against an invoice, or in businesses with regionally based employees such as salespeople, who are allowed to purchase supplies locally.

How to reduce your risk

Mostly, purchases from suppliers go through an initiation, approval, order, receipt, approval and payment cycle, with each stage acting as a filter to prevent fraudulent purchases.

However, direct employee purchases on account or by company credit card are missing the first four possible control steps, because the one person initiates and orders the goods and receives them.

Particular attention must be paid to reviewing, approving and paying direct accounts and company credit card invoices, and systems and processes will need to be reviewed to ensure adequate segregation of duties, document cross-checking procedures, and frequency of senior management auditing. These should be integrated with other control processes, and should be fully documented with all staff made aware of the correct procedures.

The difficult thing for many businesses is both knowing what to do to upgrade systems, and implementing changes without causing embarrassment to staff. Most vital of all is that procedures are actually followed and are reviewed on a regular basis, preferably by an objective professional who may turn up some holes in your process or identify areas of risk you may not have seen.

Case Studies

  • In December 2004 the Sydney Morning Herald reported that an ABC Television employee was being investigated for alleged fraud, involving falsifying reporters’ credit card expense claims. It was only discovered when a colleague noticed items he had not purchased on his credit card statement. The amount involved is thought to be about $800,000. The Herald reported that “…those who know the employee describe him as a likeable man. ‘He is a really nice guy, really supportive’ said a former staffer…”
  • A Woolworths Supermarkets employee in Sydney was sentenced to 7 years jail for stealing $2.6 million dollars over 3 years from her employer. As a payroll clerk the employee was in charge of a safe containing a $20,000 float for the payroll department. When the cash ran low, she ordered more – on her signature alone. Because of poor separation of duties and lack of supervision and checking, she was able to falsify the accounts to cover up what she took. The money was spent mostly on gambling.
  • An accountant falsely added her name to a list of employees to whom company credit cards were to be issued and used her card to make fraudulent purchases, forging the signatures of authorised cardholders to cover her tracks and coding her purchases to various expense accounts. Since no one knew she even had a company card, she wasn’t a suspect even if someone questioned the purchases. For over five years this employee continued her scheme, racking up a six figure bill on her employer’s account.
  • An employee purchased airline tickets for herself and her family through her company’s travel budget. This employee was in a position to order the tickets, receive them, prepare payment vouchers and send out the payments. Her supervisor was uninterested in paperwork and approved everything put before him without checking. The fraudster obtained tickets worth more than $100,000 over two years.