Quick Tips for Spotting Billing Schemes

by Kara M. Jungbluth, CPA, Senior Associate

Posted on April 6, 2016

Just because you have an invoice to match every expense, it does not mean your employees are not stealing money. In fact, the global study on fraud published by the Association of Certified Fraud Examiners has identified billing schemes, year after year, as the most common and most costly method perpetrated by fraudsters in small businesses.

What is a billing scheme? A billing scheme occurs when an organization pays invoices that were falsely created or altered by an employee for fictitious goods or services, for personal purchases, or for legitimate goods or services with inflated amounts.

Here are just some of the many ways billing schemes could occur:

  1. An employee creates a fictitious company with a bank account linked to the employee. The employee then creates fake invoices to this company and the victim business issues checks to this fictitious company.
  2. An employee purchases goods and then sells it to the victim business from their fictitious company at a marked up value.
  3. An employee could purposefully overpay a real vendor. When the vendor sends back the overpayment in the form of a refund, the employee keeps the check.
  4. An employee purchases items from real vendors for their own personal use or sells the items for cash.

Billing schemes are very attractive to fraudsters because they can easily go undetected. The employee does not need any access to cash and the regular approval process will not be interrupted because all supporting documentation is still available. Based on recent studies, billing schemes could last an average of 24 months before they are detected which could cost the organization an average of $100,000. If an organization already has proper segregation of duties and an adequate approval process, the only way to expose a billing scheme is to examine expenses more thoroughly.

Here are three major areas where oversight should be increased:

1. Vendor Names and Addresses. When vendors are created, an individual separate from purchasing should always approve the vendor before any payments are made. The vendor’s name and address should be confirmed by obtaining its corporate records through the state’s corporation commission (http://ecorp.azcc.gov/Search) to see how the vendor was set up and under what address. Further steps include checking its credit rating, confirming that it is listed in telephone directories, and contacting its references from clients and others. Some details on vendor information to look out for:

  • Unfamiliar vendors
  • Vendors with PO box addresses
  • Vendors with alternate or multiple addresses
  • Vendors with company names only consisting of initials
  • Vendors with company names similar to spouse’s or employee’s maiden name
  • Vendors similar to another common vendor with one small change
  • Vendor addresses that match employee addresses or employee’s spouse/relative addresses

2. Purchase Orders and Invoices.A separate individual should approve purchase orders and sign checks. During this process, the purchase description and expenditure amount should be thoroughly reviewed especially for the following:

  • Invoices for unspecified consulting or poorly defined services (services are easier to bill than goods)
  • Vendor billings more than once a month
  • Rapidly increasing purchases from one vendor
  • Multiple payments to single vendor on the same date
  • Unusually quick turnaround of invoices
  • Invoices to multiple vendors for same product
  • Invoices that do not appear to have been folded
  • Large billings broken into multiple smaller invoice (to not attract attention)
  • Unreasonable prices when compared with those charged by other sources

3. Higher than usual expenses. Management should run analytics on a monthly basis to identify any changes in expenses. Monthly expenses should be compared to budgets and projection. Line items should also be inspected to identify where specific expenses might be increasing.

If you can’t prevent it, you can at least try to detect it!