Professional services organizations are most at risk to be negatively impacted by expense reimbursement schemes, billing schemes and check and payment tampering schemes, according to the 2018 ACFE Report to the Nations on Occupational Fraud and Abuse. In a previous Our Thoughts On article, Brian Webster talked about how utilizing system-wide and manual controls can help detect billing schemes. This time, we’ll take a look at data analytic procedures that can be used to identify check and payment tampering schemes.
Check and payment tampering occurs when an employee alters a payment intended for a third party to his or her benefit. Common tests to detect tampering schemes include:
Identifying out-of-range checks
Following up on checks made out to “cash”
Reviewing transactions for round dollar payments
Identifying checks issued to vendors with names that are similar to known vendors
The first three tests can be accomplished in a relatively simple fashion using the basic features of any spreadsheet program. An analyst could also perform the fourth test manually by scanning a disbursement listing or spreadsheet for variations of vendor names, but it’s a task better and more accurately performed through use of a specialized tool.
Here’s how the vendor name test would work. The analyst begins by using software to look for small variations in how a vendor is named. For example, a fraudster could pull off a check tampering scheme by changing the letter “I” in “Initech” to a “1” (one). Identifying these inconsistencies is accomplished by employing a technique known as fuzzy matching, a feature present within software programs like IDEA or the open-source “FuzzyWuzzy” Python Library (originally developed by SeatGeek to compare event-naming conventions across different ticketing sites). In each case, an algorithm is applied to assign a “score” of likeness to a subject text string for a population of text strings. Text strings from the population with scores meeting a desired threshold can then be investigated further.
Remember, as fraudsters get more resourceful, it is imperative to have these types of tools at your disposal to detect malicious activity. If you have any questions regarding potential fraud schemes, internal controls, or the use of data analytics to detect fraud at your professional services organization, please contact the Business Advisory group at Schneider Downs.
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.