The Top P2P Segregation of Duties Violations

by Craig Abramson, Pathlock Technologies

According to the Association of Certified Fraud Examiners’ Report to the Nations on Occupation Fraud and Abuse, “the most prominent organizational weakness that contributed to the frauds in our study was a lack of internal controls, which was cited in 29.3% of cases, followed by an override of existing internal controls, which contributed to just over 20% of cases.”

The lack of internal controls makes it much easier for employees to commit fraud. An issue is that eliminating all Segregation of Duties (SoD) violations is nearly impossible and can be counterproductive. This is why businesses must put stronger controls in place to mitigate risks. The problem is that these controls are often manual and time consuming, which can prevent risks from being reported. With this in mind, let’s take a look at common Procurement SOD risks.

• Enter fictitious vendor payments to real vendors in order to cover up fraudulent checks made to an employee: An office manager embezzled over $1.3 million by stealing company checks, removing the negotiated checks when they were returned by the bank, and then falsifying entries to look as if the checks were used to pay legitimate vendors. Click here to read more about this story.
• Create a fictitious vendor or change existing vendor master data and approve purchases to this vendor: While working at ING, Nathan Mueller was accidentally given the authority to approve checks up to $250,000. He started small, requesting checks to pay off his credit card that had a similar name as an approved vendor. He then created a fake vendor, Ace Business Consulting, and began paying that vendor. The payments continued for several years until he was finally caught after stealing $8.5 million. Click here to read more about this story.
• Create and release purchase orders: Altran uncovered $10 million in fraudulent purchase orders at recently acquired business Aricent. An employee forged the orders to inflate Aricent’s reported revenue and profit. Altran’s shares dropped over 18% over the news.Click here to read more about this story.
• Maintain purchase orders, post a fictitious goods receipt and work with third parties to cover up payments: Oh Myeong-se was Treasurer and Head of Compliance at ABB in South Korea where the company claimed he embezzled $31 million. He is suspected of forging documentation as well as colluding with third parties to steal from the company. ABB took a pre-tax charge of $100 million for this. Click here to read more about this story.

With these headlines, it’s clear that the internal threat is real. But the good news is that an automated solution can perform 100% transaction monitoring, ensuring a consistent review using the same criteria across the organization. This allows you to view only true SoD violations that merit actual investigation. Find out more by visiting http://pathlock.com/financial-impact-of-risk/.