The Procure to Pay (P2P) process does not often get as much focus as it merits in the organization’s overall risk landscape - especially for organizations with significant supply chains (manufacturing, retail etc.). However, the key risks involved are around control failures and can lead to overpayments, discrepancies in rates, poor tracking of payments made vs. goods or services received and finally outright fraud. As per ACFE , 22.2 percent of all frauds involve employees submitting fake or inflated invoices or invoices for personal purchases, with a median loss of US$100,000. We have come across organizations who were confident of their P2P processes, only to later discover that it was a case of not looking at the context holistically and in a more structured fashion leading to leakages and frauds. Even today, there are leakages and violations that are not yet realized or not come to light - the ‘known unknowns’. While it is natural to have a feeling of optimism and presume that negative events are more likely to happen to your peers, we have seen situations where very large and well governed organizations falling prey to frauds. For instance, Citigroup’s Mexican unit, Banamex had frauds over US$400mn, and it is not just about the financial damage, but the appalling conduct of certain individuals, as their CEO puts it here.
It comes as no surprise that Procurement is ranked the highest among business processes that are most vulnerable to fraud, waste and errors. The good news is that these risks that can lead to leakages and reputational damage and can be managed proactively. Let us see how this can be achieved.
Principles to strengthen your P2P process
The organization needs a hawk eye to make accounts payable more robust - keeping a watch on every transaction at all times. You can achieve significant gains through the ability to correlate data across sources primarily to flag abnormalities, while prioritizing them to be taken up for investigation as per the risk score.
Go beyond structured rules
There is also a need to go beyond hard-coded rules and have intelligence around the bigger picture instead of scrutinizing a single record in isolation. Let us consider an example: An organization has an approval threshold of $1,000 per invoice. An insider could create fictitious vendors and bill the company for just under this amount, diverting payment to his account. The smart fraudster keeps evolving and businesses need to have mechanisms to beat them to it. Occupational fraud costs a typical organization 5% of its revenues; with employees who know the rules and processes posing the biggest insider threat. This is a challenge where we have seen a lift through use of machine learning techniques.
The longer a fraud lasts, the more financial damage it causes states the ACFE report. Proactive and continuous detection mechanisms are hence essential to nip such schemes in the bud, rather than wait for them to surface through audits and other passive means. In doing so, you would strive to maximize the number of transactions that attain straight through processing. It is obvious that obstructing every transaction can result in productivity loss and higher costs.
Learn and adapt
By identifying and investigating alerts you can significantly improve your chances of catching a fraud. Feedback from investigation provides valuable information - indeed there are cases where an anomaly is not fraud, but there are legitimate business reasons for deviation from established patterns. Incorporating this valuable information in the detection models will help you improve the performance in subsequent iterations. You would see a lift in accuracy as well as coverage, i.e., the ability to catch most of the anomalies - the system is trained continuously lest you make the same mistake twice.
In my next post, I will talk about the risk factors and how organizations can achieve high accuracy in detecting duplicate payments and other suspicious payment patterns.