#
SAPCompliance
Here's a jaw-dropping statistic enough to knock the wind out of any CFO: In the last three years, invoice fraud has skyrocketed by 75%. Why? One reason is that it's become easier for external and internal nefarious actors to scam companies in the post-pandemic world.
In this VOQUZ Labs article, we discuss how the invoice fraud problem manifests within your SAP ERP and S/4HANA environment - and crucially, we also reveal ways to thwart it.
Before we delve into how to combat the problem within SAP, let's quickly remind ourselves what it is. Put simply, it's when a company or organization (the victim of the crime) pays invoices that are:
The list could go on and on - but you get the gist. Essentially, what's happening is either an external actor (such as a vendor) or an internal individual (like an employee), or both working together, rip off a company by getting them to pay invoices with the abovementioned characteristics.
And do you know what these criminals often have on their side? Time. Lots of time.
Astonishingly, it takes 18 months for companies to discover these fraudulent schemes on average. And according to a study by the Association of Certified Fraud Examiners (ACFE), 50% of all fraud attempts were due to poor internal systems and controls.
But now for the good news.
SAP users can prevent and detect invoice fraud highly effectively. How? By moving away from antiquated manual internal controls - which fraudsters and scammers love - towards automated ones with continuous monitoring.
In the following sections, we will reveal all you need to know. And to make it easier and more illustrative, we'll examine a real-life invoice fraud example that hit the headlines in recent years.
remQ ist eine Software zur kontinuierlichen Überwachung von SAP-ERP und S/4HANA mit einer großen Bibliothek an integrierten Kontrollen, die bei der Überprüfung von Stammdaten und Geschäftsprozessen hilft, um finanzielle Verluste durch Fehler und Betrug zu vermeiden. remQ kann in weniger als einem Tag eingerichtet werden, funktioniert unabhängig von der Größe und Branche des Unternehmens, erfordert kein Beratungsprojekt und reduziert die Kosten für die Einhaltung von Compliance-Regeln durch Automatisierung.
This real-world example of invoice fraud comes from one of the world's financial capitals: London.
The victim was the NEX Group, an inter-broker dealer in the UK whose parent company, the Nasdaq-listed CME Group, has more than 3000 employees and revenues of around $5 Billion (2022). So what happened? In 2017, a NEX employee in London processed 29 fake invoices totaling £668,000 (around $830,000).
But the employee wasn't working alone.
The accomplice in the fraud, whom the company did not employ, submitted fake invoices to the NEX Group from companies that weren't legitimate.
Digging into the details of the crime, it reportedly worked like this:
After recovering what they could, the total loss to the NEX Group was, according to the City of London Police, calculated at around £365,000 (around $450,000). The offenders were sentenced in 2021 and 2023 - both were sent to jail.
Firstly, it's important to remember this: We don't have access to the exact circumstances at the NEX Group - or if they use SAP. However, according to reports, the company discovered the fraud within a month.
Considering the statistic mentioned earlier (it takes, on average, companies 18 months to discover fraud) this one-month time frame was fast.
Again, we don't know the details of the case. But we can share with you how companies that use SAP as their enterprise resource planning (ERP) system can achieve even better results when battling the foe that is invoice fraud.
And what do they do?
They arm their internal controls toolkit with real-time auditing and monitoring of master and business process data within SAP.
You can learn more about this system in our guide. But in a nutshell, automated and continuous data monitoring means suspicious activity red flags are created when potentially fraudulent action occurs.
Instead of waiting months (even more than a year) in a manual audit to discover something is wrong, an internal controls officer will receive a red flag alert to check the suspicious activity immediately - increasing the likelihood of recovering stolen money and halting the actions of the bad actors.
For example, VOQUZ Labs remQ Business Inspector software operates as a SAP add-on, and in situations like invoice fraud, it can do the following:
And the bottom line is this: If your internal controls toolkit within SAP has yet to deploy the above systems, you may be leaving your organization vulnerable to the persistent threat of invoice fraud.
This article explored an invoice fraud case involving hundreds of thousands of dollars at the NEX Group.
But here is another shocking case involving e-commerce giant Amazon. In 2023, an ex-Amazon employee was jailed for 16 years for masterminding a $10 million Amazon fraud scheme. And you guessed it: Fake invoices were at the heart of the scam. If you'd like to read more about how it worked, our white paper is highly recommended: Reduce Fraud & Boost Cost Savings by Automating Internal Controls.
The white paper dives deep into the Amazon case and reveals how automating internal control processes helps reduce fraud, such as invoice scams.
In the last three years, invoice fraud has increased by 75% - with companies globally getting stung. If your business or organization uses SAP ERP or S/4HANA and is concerned about the growing threat of invoice fraud, you have a tremendous opportunity to set up a system that detects the problem in real-time through automated continuous monitoring.
This is where remQ can help you.
VOQUZ Labs remQ Business Inspector software operates as a SAP add-on with a library of 100+ pre-built shipped controls ready to run. You can click here to learn more about how remQ can assist your business with its goals to cut audit errors, reduce fraud, and stay compliant within your SAP ERP or S/4HANA environment.
Recommended reading: Enjoyed this article? Now read: Is Ghost Employee Fraud Draining Money From Your Business? How To Detect and Prevent It in SAP
Paul ist Autor und Stratege für RegTech-Inhalte und verfügt über umfangreiche Erfahrungen im digitalen Marketing und Journalismus. Seine Arbeiten sind in der Zeitung „Guardian“ erschienen. Er hat einen Abschluss in „International Relations“, wo er die Einhaltung globaler Sanktionen und grenzüberschreitende Finanzen studierte.
Hast Du Fragen oder möchtest Du etwas hinzufügen? Hinterlasse uns bitte eine Nachricht! Deine Nachricht wird per E-Mail an uns übermittelt und nicht veröffentlicht.
