Before the summer, EBG held a webinar together with OpusCapita focusing on risk and fraud within the procure to pay and cash management end-to-end flow. There are numerous research and studies highlighting that fraud is an increasing reality. The Association for financial professionals say that 62% of their study respondents claim they were targets of payment fraud in 2014. Deloitte conducted a live survey which indicated that one-third of the surveyed had faced supply chain fraud, waste or abuse in the past 12 months.
You may or may not have been the subject of one or several of these attempts to frame your organization. They may or may not put your organization at a high risk. You may or may not have holistic control that ensure you know when a fraud attempt is happening.
Survey findings mostly agree
A report from the World Economic Forum place fraud, theft and cyber crime at number 9 and 10 on a global risk ladder. PWC made a benchmark study called Global Economic Crime Survey where 36%, 1 out of 3, had experienced economic crime. In the Nordics that number was even 40%. These number must also be seen from the aspect of an actual understanding of attacks being made and a willingness to share that so is actually the case.
Risks are today more global due to many aspects. One being that more of doing business is global today, you may have centralized placing business in different parts of the world, you may have a more global supply chain.
OpusCapita place risks in different categories such as supplier risks – Vendor Master Data Management – Invoice Processing – Payment processing and Treasury risk. Creating a model where all aspects of the end-to-end flow is considered and mapped is increasingly important but not always the case. The models referred to here do not replace more extended models but give an interesting overview when all aspects of the entire flow is analyzed. No external factors are though considered affecting the supply chain (such as weather, conflicts etc).
The point of having a model is spotting the weakest link. Sub optimizing steps in the process without an overall view does seem risky. After all – this is the process where much of the company money flows.
Understanding the difference to internal and external risk is key. Internal risks – according to the PWC study – is an even bigger risk than external fraud. Internal risk being risks such as fake vendors, segregation of duties, supplier kickbacks and bribery, travel expenses falsification and payment anomalies. External risks are categorized as fictitious invoicing, non-compliant suppliers and CFO attacks.
Who owns the responsibility reducing risk and having overall control? When asking the webinar audience the response was quite clear.
You can be preventive or reactive. Being preventive mean doing risk assessments, defining processes, defining roles and responsibilities, controlling approval steps and automating as much as possible. A re-active approach would be same checks on transactions, audits and sample checks on master data.
Risks were scattered between the options given. The results may tell us there is a wide spread among the participants, knowing their part the best. Usually invoice and payment processing would have the highest numbers.
What is it then worth having control? Quantifying what fraud cost in relation to what prevention may cost is of course a valid question. That there is much to get control over seem to be a general understanding though.