Purchase Orders (PO) are a key aspect of maintaining accurate, complete financial records. They serve as an internal control mechanism in the procure-to-pay (P2P) process, but organizations tend to over-rely on the control that a PO brings.
Risk to open purchase orders include, weaknesses in purchasing controls open the door to mistakes that lead to cash leakage and to billing schemes that allow fraudsters to steal significant amounts of funds over an extended period of time. In both cases, an unusual PO can be a red flag. The ability to detect a PO that is inconsistent with past transaction history is critical to reducing risk in P2P.
4 Unusual Purchase Order Indicators
Outlier Purchases: Any change in pricing and frequency by the buyer or vendor warrants a closer look. Outlier purchases can signal an error or potential fraud. Watch for:
- Sudden increases in purchases from one vendor
- Buyers processing POs for vendors outside their normal responsibilities
- POs for vague or poorly defined services including “blanket orders”
- Sequential purchases, particularly those that are followed by change orders
Order PO Splitting: Splitting large orders across multiple POs that will not attract attention is a red flag. Split purchases circumvent requisition and buyer approver controls in place to prevent out-of-compliance purchases and, in the worst cases, allow fraudsters to fly under the radar. Look for:
- Multiple POs to one vendor in the same or similar amounts from the same requesting group
- Identical items purchased in different amounts simultaneously or within short periods of time
- POs split by type of work (e.g., one purchase order for labor and another for material)
- Recurring purchases that fall just under review/authorization thresholds to avoid the scrutiny required for larger purchases
Shell Companies: A fake entity created by the fraudster is used to bill the organization for fake purchase order services. Fraudsters in this scheme rely heavily on phony POs to perpetrate the fraud. Watch for:
- Unfamiliar vendors or variations on an approved vendor’s name
- Vendors that only have a post box address
- Vendor addresses that match employee addresses
- Repeated use of a one-time-vendor record for the same address
After-the-fact PO: When a PO is being issued after the transaction occurred and the vendor has submitted an invoice, the transaction warrants further investigation. Typically, an after-the-fact PO indicates a requisitioner, buyer, or vendor that is operating out of policy, but not necessarily maliciously. Look for:
- Invoices that predate POs
- POs that have been amended after invoices have been submitted
- Vendors issuing invoices with missing or improper PO numbers, or verbal POs
Automated Data Analytics Improve P2P Risk Detection
The human eye can’t catch all these billing schemes. As part of an effective risk management program, data analytics provide a powerful fraud prevention and detection tool. According to the ACFE’s 2016 Report to the Nations, organizations using anti-fraud controls, such as proactive data analytics, reported that fraud schemes were detected up to 50% faster and fraud losses were up to 54% lower.
An automated analytics solution like Oversight uses artificial intelligence (AI) to stop procurement fraud, prevent cash leakage, and identify compliance violations in accounts payable (AP) payments. It detects the patterns behind improper transactions and resolves the underlying behavior. This enables organizations to optimize the P2P process by identifying their biggest payment risks so that training can take place to stop out-of-compliance spending.
To learn more, sign up for a demo of Oversight.
