Implementing Controls to Prevent Vendor Fraud

With new schemes emerging every week, information sharing and networking is critical

Posted by Dawn Lomer in on May 27th, 2015

A crafty CEO conspires with seven individuals outside the company to set up shell companies. They produce fictitious invoices, purchase orders and bills of lading and the CEO pockets a 90 per cent kickback from the payments over a 12-year period. It’s a classic vendor fraud scheme and, in this case, it resulted in a $25 million loss to the company.

A lot of vendor frauds are orchestrated in this way, with players both inside and outside the company, says Peter Grupe, Director of Investigations, Fraud and Risk Management at Protiviti. An investigator on the case, Grupe refers to it as a classic case of vendor fraud, albeit one with a very high price tag.

In many cases, the financial damage is irreparable.
“The consequences can be very severe in terms of losses, in terms of reputational risk to the company,” says Grupe. In many cases, the financial damage is irreparable. “Thankfully [this company] was able to withstand the losses and continue to be profitable, but the last vendor fraud investigation I was involved in, the company could not survive and filed for bankruptcy,” he says.

With such high stakes, it’s surprising that all companies haven’t implemented at least the basic due diligence and oversight measures that have been shown to prevent vendor fraud.

FREE Investigation Report Template

Prepare thorough, consistent investigation reports with our free report template.

Download Template


The scheme described is a classic vendor fraud, says Grupe, but it’s not the only one. “There are a number of different variations or deviations of the same scheme, but it all pertains to the processing of fraudulent invoices, purchase orders and bills of lading,” he says. So it makes sense that a set of controls to oversee these processes, should help in prevention and detection.

“The basic control with respect to vendor fraud is the creation of a master vendor list combined with periodic due diligence to maintain a high level of comfort and confidence in who you are doing business with,” says Grupe. And due diligence should be ongoing.

“Just because a company has been deemed to be approved to be on a master vendor list today doesn’t mean that a year from now [they should be]… A lot of companies enjoy 10, 15 or 20-year relationships with vendors, but principles change, financial conditions change, opportunities and rationalizations change,” says Grupe. “So it’s a matter of doing your due diligence on the front end and approving somebody to be an approved vendor for the company, and then doing it on the processing on the back end.”

Failure to produce one of the three items could indicate that something is amiss and requires investigation.
One of the due diligence measures Grupe refers to is the three-way match, a control that companies use when they make payments. “They’re looking to combine the purchase order, the invoice and a bill of lading. It’s designed to ensure that a purchase order was created, an invoice was received and, most importantly, that the goods were shipped.” Failure to produce one of the three items could indicate that something is amiss and requires investigation.

Information Sharing

But it’s not enough to implement the standard controls and then assume your company is safe. “There are new schemes coming out each and every day,” says Grupe. “A lot of it has to do with changes in technology, improvements in technology, new and innovative ways to conduct that same basic scheme I described.”

Taking a proactive approach to fraud prevention is a matter of staying in touch with the industry, staying in close contact with peers and networking to share information and intelligence amongst the investigative network of professionals, says Grupe. Continual sharing of information on new schemes as they are discovered is the only way to stem the steady tide of vendor fraud.


Dawn Lomer
Dawn Lomer

Managing Editor

Dawn Lomer is the managing editor at i-Sight Software and a Certified Fraud Examiner (CFE). She writes about topics related to workplace investigations, ethics and compliance, data security and e-discovery, and hosts i-Sight webinars.

Want to conduct better investigations?

Sign up for i-Sight’s newsletter and get new articles, templates, CE eligible webinars and more delivered to your inbox every week.