Billing Schemes – Cash Frauds

What is occupational fraud?

Occupational fraud is fraud committed by an employee on an employer in the course of their employment. They are more common and cause more financial loss to businesses than frauds committed by third parties. As employees will continue to work at the business, they will generally try to hide these frauds permanently, meaning that occupational fraud can be committed over an extended period of time.

What is a billing scheme?

This is a fraud that attacks the payments system of a business. It is designed to cause the business to make a fraudulent payment to the employee, whilst recording the payment as a legitimate business expense.

The employee will usually submit a false bill for payment through the normal process, and manipulate that approval and payment process and use whatever influence he or she may have to get the bill approved for payment. This is how the fraud got the name ‘billing scheme’. Once the payment has been approved and recorded as a legitimate expense, it is effectively hidden in the business’s records.

Major Headings

Description of Billing Fraud

What are the benefits of this fraud to the fraudster?
How are billing schemes done?
Creating a False Entity
Creating a False Invoice
Getting false invoices approved

For Example
Lessons to be Learned
Prevention and Detection

Description of Billing Fraud

Most thefts require the thief to physically remove the stolen item from the victim’s premises. Frauds involve hiding the theft in the records. Fraud would be easier to commit if the victim would deliver the stolen item to the fradster. It would be even better if the victim would authorize the delivery of the item and recorded the delivery as a proper business transaction – thereby hiding the theft themselves.

This is what a billing fraud is designed to do. It aims to have a business make a payment to the employee and record that payment as a legitimate business expense. The result is no different from someone stealing money from the cash register. Payments made under a billing scheme are not legitimate business payments and the business does not receive any benefit for the payments. It is theft by deception.

What are the benefits of this fraud to the fraudster?

The benefits to the employee committing the fraud are:

  • they probably do not need to take anything off site, as the money is sent to them;
  • the payment does not need to be covertly converted to cash to be useable; and
  • the payment is recorded as a business expense, so the fraud should be hidden.

The greatest of the benefits is that the fraud is automatically hidden once it has been committed. The only real chance of the scheme being uncovered after the payment is made is during a detailed examination of financial statements that leads to these particular payments. This is not common in smaller businesses and generally not common unless someone actually suspects that fraud has been committed.

All billing schemes have one common purpose regardless of their form: to get the victim to voluntarily make a payment to or on behalf of the employee and record the payment as a legitimate business expense. If done correctly, the victim should never realize that they have been a victim of a fraud.

How are billing schemes done?

A billing scheme has three major parts:

1. the creation of a false entity to receive the payments. The employee may open a bank account in the name of the false entity, or they may decide to cash the cheques in some other manner and not have an account that can be traced if the fraud is discovered.

2. the creation of the false invoice submitted for payment. This is usually the easiest part of the fraud. This can be done on a cheap computer and printer.

3. the manipulation of the payments system so that the false invoice is approved and the payment is made. How this is done will depend on what position the employee has in the business and what influence they can have over the payment process.

Creating a False Entity

The employee must submit a false invoice to generate the payment. The invoice must be in the name of some entity that will be accepted as – or assumed to be – a legitimate supplier. The employee will not want to submit an invoice in their own name, so it is common to conduct a billing scheme through a fictitious or false entity, or through an accomplice.

It is safer for the employee to issue false invoices from an entity created for that purpose, rather than issuing false invoices under their own name; from a known supplier; or altering a legitimate invoice from a known supplier. Using your own name in a fraud is just plain stupid. Issuing or altering invoices from an innocent supplier may cause inquiries with or from that supplier, and that will uncover the fraud.

But the benefit of using a supplier known to the business is that the name will be recognized and there is less risk of anyone questioning the invoice. The problems are that the payment will have to be kept out of that supplier’s account – there is a risk that the fraudulent payment will be made to the real supplier – and the payment will have to be misdirected to the employee and converted.

Using a false entity with a name very close to a real supplier and its own bank account solves these problems. There is no need to create a company structure or business registration, a simple letterhead and invoice printed on a personal computer will suffice as it creates the illusion of a real entity. Australian Company Numbers and Australian Business Numbers can simply be invented. The invoice only has to look the part of a real invoice, especially if the employee is the person authorizing invoices for payment.

Also incorporating a company or business name could leave a trail leading to the employee. Having a completely fictitious entity removes that problem, but it does create the problem of presenting the cheques or opening bank accounts. Sometimes it is simpler to create a business name – using a false name and addresses – to be able to open a bank account. Otherwise the cheque will have to be converted. This may be overcome by using an accomplice with a bank account.

The employee can get the benefit of a name known to the business by creating a false entity with a name that is very similar to a known supplier. If the business already deals with a supplier called ABC Pty Ltd, a false entity with the name ABC (Aust) Pty Ltd may be created. The same A.B.N and A.C.N. as the real supplier can be used on the invoices. Anyone looking at the false invoice will recognize the name but may not realize that it is a slightly different. The cheque for the false entity is sent to another address – to the employee.

Creating a False Invoice

All billing schemes are similar in that, regardless of what entity receives the payment, the employee must create a false invoice and any other supporting documentation required to have that invoice paid. The fraud is built around getting this false invoice – the false bill – approved and paid.

The employee has to produce an invoice that will pass the scrutiny of the person who authorizes invoices for payment. This assumes that the person authorising the payments actually pays attention to the job and properly reviews the material for payment – or is not the fraudster himself. Therefore, the most obvious suspects for this fraud are the people that either authorize invoices for payment or make the payments. Authorising your own false invoice is easy.

The employee has a few options. They can:

(a) create a false invoice from a fictitious entity and have the payment sent to an address in that entity’s name where it can be collected;(b) create a false invoice from a supplier that already deals with the business, and redirect the payment of the false invoice to another address where it can be collected and converted to cash;

(c) issue a false invoice from an accomplice, whether a known supplier or not, and have the payment directed to that accomplice where the proceeds can be split;

(d) obtain a legitimate invoice from an innocent non business supplier for a personal purchase, and have the invoice approved for payment as a business expense – this is very similar to a false purchase fraud.

The aim of the first three options is obtaining money. The aim of the fourth option is obtaining some goods or services and having the business pay for them, although the end result is still the theft of monies.

Getting false invoices approved

The difficult part of the fraud – and it may not be difficult at all – is getting the invoice approved and paid. This may be easy if the dishonest employee is the person in charge of approving invoices, or the person that approves invoices is not always attentive to their job, particularly when they are being told that the invoice is fine for payment by a trusted employee. The employee may;

(a) have the invoice approved through the normal business system.

This is easy if the employee can approve the invoice themselves. If not the invoice will have to be submitted and go through the normal channels. The employee may be able to have it approved by someone that does not pay a lot of attention to the documents put in front of them. Dishonest employees target people that sign whatever they are told is alright to sign. Once the invoice has been approved in the appropriate department, the chances of it being questioned are greatly reduced.

(b) forge an approval on the invoice and send the invoice to the payments department.

The false invoice may be noticed if the approval person is paying attention, so the employee may wish to bypass the authorization process. In that case they can forge an authorization from that department and send the invoice to be paid. This is easier if the two process are conducted by different people. If the same people authorize and draw the cheques, the invoice may have to pass through the authorization process.

(c) draw the cheque for the approved invoice

The employee may be the person that draws cheques to pay approved invoices. They will then simply be able to include their false invoice in the bundle of invoices to be paid. This may entail having to forge an approval for recording purposes and attaching it to the cheque so that the documents look the part when it is to be signed. But as the invoice should have gone through the authorization process already, no one is likely to question the cheque drawn. The employee may have to target someone to sign the cheque that does not pay attention to what they are signing and assumes that all authorisations are legitimate.

(d) be able to sign the cheque

If the employee is the person that signs the cheques, they may bypass the approval process entirely – the same as above – but not run the risk of the person who signs cheques noticing something wrong. The employee will just include their false invoice into the list of payments, and draw and sign the cheques. The only problem may occur if, even though they can sign a cheque, they cannot get access to draw the cheque.

If the employee also draws the cheque for signing, issuing the cheque is easy, so only the facade of approval needs to be performed. The employee will have to decide whether to leave the invoice unapproved and hope no one notices, or forge the authorization and hope no one notices.

This assumes that different people undertake these tasks. In some small businesses, one person will receive the invoice, approve it, draw the cheque and possible sign the cheque. With complete control over the system, that one employee will be able to place an invoice in the system, approve it and have it paid.

For Example

Example One

The fraudster worked as an office manager and was a trusted long time employee. Part of the job was approving invoices for payment. His supervisor did not check the invoices properly before payment was made as they had already been approved.
ABC Pty Ltd was a regular supplier of computer services to the company. The employee generated invoices from ABC (Aust) Pty Ltd, a fictitious entity registered for the purpose of the fraud. The paper work contained the ACN and ABN of the real ABC Pty Ltd.
The employee created false invoices and approved them for payment. These were paid through the normal payments system. The payments were directed to a post office box set up for that purpose and deposited into a bank account opened in the name of ABC (Aust) Pty Ltd with the registration documents.

Example Two

XYZ Pty Ltd was a panel beater. The employees had the authority to order any parts required for their jobs. The invoices were sent for payment once the materials were received. Some employees ordered parts under the company name for their own personal use and submitted the invoices for payment, stating that the parts were for jobs. No formal approval process was required, so the invoices could not be tracked to any particular employee.
The business owner trusted his employees and did not keep sufficient records to be able to determine what the parts were to be used for, or what job they were ordered for. The employees kept the parts and the company paid for them. The lack of job controls did not allow detection of the fraud until the company failed.

Lessons to be Learned

1. Money in the bank is vulnerable to fraud. Money may be stolen directly from the bank account by submitting false invoices and having those invoices authorized for payment.

2. The theft of cash through a billing scheme does not need to be hidden. The fraud hides itself as a legitimate expense.

3. False invoices may be generated to look like they come from legitimate or known suppliers, or a completely fictitious entity.

4. Billing schemes rely on the authorization process not detecting that an invoice is not for goods or services supplied, or the employee bypassing the authorization process.

Prevention and Detection

Some things to look for

(i) Cash shortages or decreased profits when most costs are within budget. A billing scheme inflates expenses – usually one particular expense – and hence reduces profits and available cash. That particular expense will be larger than budgeted or expected.(ii) Increases in one or some expenses (in total or by percentage) above budgets or what is determined reasonable compared to turnover. That expense item may be used to record payments from billing schemes. Horizontal and vertical analysis of these items may highlight suspicious accounts for further examination.

(iii) Abnormal levels of purchases from a particular supplier. The supplier’s name may be being used by the fraudster to submit false invoices. Checking the details on the invoices may show that some of the invoices are different from the others or suspicious in some manner. Verifying invoices with the real supplier will highlight false invoices.

(iv) Suspicious details on invoices, including

  • Lack of detail. These may be details of the goods or services purchased, details of the supplier, missing incomplete or suspicious phone numbers or address.
  • Irregular invoice numbers from valid suppliers. This may occur when the fraudster is using a name that is very similar to a valid supplier.
  • Questionable amounts on invoices. Amounts that are always too regular should raise suspicion.

(v) Missing documentation. The employee may destroy the documentation used to generate a payment once the payment has been made. It may later be assumed that the document has just been lost. The lack of documents will frustrate investigations into suspicious payments.

(vi) Purchases delivered to offsite locations may indicate that the fraudster has purchased an item in the name of the business and is having it delivered to himself offsite.

Some basic controls

(i) Where possible the separation and rotation of duties between (1) the person making the orders and submitting the invoices for payment; (2) the person preparing the cheques and banking records; (3) the person recording the transactions in the businesses records; and (4) the person signing the cheque.(ii) Invoices should be approved by one person and that person should not draw the cheques or have the authority to order goods or services. This person should be completely independent to the other processes.

(iii) Purchases should be done with pre-numbered purchase orders. All suppliers should be given authorized orders and invoices should not be authorized for payment unless they match authorized orders.

(iv) Random checks on invoices may locate fictitious entities being used for billing schemes.

(v) Using pre-approved suppliers with pre-approved mailing addresses limits the opportunity of using a fictitious entity to conduct the fraud. Any invoice from a supplier that is not pre-approved should be verified before payment is made.

(vi) The use of electronic payments to pre-approved bank accounts will stop cheques being diverted to fraudulent entities.

(viii) Randomly check the name and addresses of suppliers, particularly when the only address on the invoices is a postal address.

(ix) Audit purchases with pre-approved suppliers to look for payments to similarly named suppliers. An approved supplier’s name, or a very similar name, may be used by a fraudster without their knowledge.