Financial Management Blogs by SAP
Get financial management insights from blog posts by SAP experts. Find and share tips on how to increase efficiency, reduce risk, and optimize working capital.
Showing results for 
Search instead for 
Did you mean: 
Product and Topic Expert
Product and Topic Expert

If you have been following this GRC Tuesdays blog space, you will already know that I have recently discussed anti-fraud and anti-bribery & corruption programs, including how to automate them. You will also have noticed that, on a separate note, I tried to list some content that you can already leverage for other internal control and compliance initiatives.

Today, I’d like to bring the 2 topics together: fraud detection and pre-packaged content to provide some input as to how you could fast track your fraud detection program and get it up and running rapidly.

As per the Association of Fraud Examiners’ (ACFE) 2020 Report to the Nations - Global Study on Occupational Fraud and Abuse, organizations lose an estimated 5% of revenue to fraud… Each year! With an average loss per case of $1,509,000, this is not negligible by any standard.

What I found more worrying in this study is that the report highlights that a typical fraud lasts for over a year - 14 months to be precise - before being detected and that 43% of schemes are detected thanks to a tip-off. Detection by surveillance/monitoring only accounts for 3% of the detected cases... Clearly, (preventative) fraud management still has a long way to go.

As you may already know, within the Three Lines of Defense solution portfolio, SAP Business Integrity Screening (previously known as SAP Fraud Management) has been built to help companies detect fraud and investigate suspicious patterns faster. It works by screening large volumes of transactions in real time based on predictive and behavioural analyses and flexible rule sets that uncover anomalies. One of the misconceptions that I am often confronted with, is the thought that a lengthy and complex program of “business rules building” is required to be able to roll-out the detection patterns and start benefiting from the automation.

But, did you know that some business scenarios are already available and can be leveraged directly?

As per the report, the most common operational fraud types are Corruption, Asset Misappropriation and Financial Statement Fraud:

Source: Occupational Fraud and Abuse Classification System (the Fraud Tree), Association of Fraud Examiners 2020 Report to the Nations - Global Study on Occupational Fraud and Abuse




Here the perpetrator “misuses their influence in a business transaction in a way that violates their duty to the employer in order to gain a direct or indirect benefit (e.g. schemes involving bribery or conflicts of interest)”.

To address this scenario, the following detection methods might be useful:

* Business Partner Address or Bank Account in High-Risk Country where payment proposals to debtors or creditors will be marked as suspicious if the country of the partner or their bank account information matches an entry in the high-risk country list.
Note: this requires that a list of high-risk countries, such as the one defined by Transparency International in its Corruption Perception Index, is created or uploaded in the solution before the screening occurs.

* Suspicious Terms/Keywords Screening for Customer or Vendor Invoice Items screens the text of invoice items for specific terms such as “gift”, “secret”, “clearing”, “special fee”, etc. In short, terms that are thought to be suspicious when mentioned on an invoice.
Note: as for high-risk countries, this requires that a list of predefined suspicious terms that will be screened is recorded in the solution first – including in the various languages that apply.

* Growth Between 1st and 2nd Year Exceeds Threshold compares the turnover in the first and second years of business to find new vendors where the growth is suspiciously high.

* Percentage of Turnover Approved by a Single Person detects cases in which a large percentage of the turnover by a new vendor is approved by a single person.

* Vendor DSO Shorter than Company Average DSO finds cases in which the days sales outstanding (DSO) is much less than the company average DSO. A low DSO could indeed suggest that a vendor might be getting favourable treatment in payments.

* Vendor Without Bank Details finds vendors that have no bank details recorded in the vendor master data.


Asset misappropriation


This is when the perpetrator “steals or misuses the employing organization’s resources (e.g. theft of company cash, false billing schemes, or inflated expense reports)”.

To address this scenario, the following detection methods might be useful:

* Invoices Without Purchase Order Reference examines the invoice items of a vendor to verify that all invoices whose amount exceeds a user-specified threshold reference a purchase order. If an invoice item has no reference to a purchase order, then this invoice item will be deemed suspicious.

* Customer Invoice Irregularities (Split Invoice) detects smurfing patterns, that is, split-payments of invoices. In this case, payments are broken up into several smaller amounts – a technique often used by fraudsters to “fly under the radar” sort of say since smaller payments are less likely to be scrutinized.

* Changes to Customer Master Data finds customers whose address master data has changed more frequently within the last 12 months than a specified threshold.

* Customer and Bank Location Differ where an alert is raised in case the customers’ bank account is located in a different country to its home country.

* Paying Customer Differs from Invoiced Customer finds cases of customer payments made by an alternative payer than specified in the invoice or when the alternative payer is not recorded in the customer master data.

* Purchase Invoice Greater Than Goods Received detects cases in which the invoice receipt quantity is greater than the goods received quantity since, in purchasing, it is possible to defraud by invoicing a higher quantity than is actually received.

* Purchase Order Overpaid that finds cases in which the amount paid in an invoice is greater than the amount shown in the relevant purchase order item.

* Duplicate Invoice with Same Approver finds document/invoice reference numbers that have been used more than once for the same vendor and were approved by the same person.

* Duplicate Travel Expense Claim Made by One Employee determines if an employee has submitted and reused receipts on more than one travel expense report.


Financial Statement Fraud


In this last scheme, the perpetrator “intentionally causes a misstatement or omission of material information in the organization’s financial reports (e.g. recording fictitious revenues, understating reported expenses, or artificially inflating reported assets)”.

Once again, going back to the ACFE report, the primary risk factors for all financial statement frauds was a “poor tone at the top”. In my opinion, if an organization decides to roll-out an anti-fraud program, then it clearly already acknowledges and tackles this root cause.

For a programmatic approach, I would actually argue that monitored policies and procedures – especially Internal Control over Financial Reporting (ICFR) - would address this issue directly.

Nevertheless, to further prevent this scenario and highlight outliers, the following detection methods might also be useful:

* Reversed Invoices identifies similar invoices of a specific vendor that have been reversed based on same document type, company code, reference number, vendor ID, etc.

* Accounting Documents Posted on Non-Working Days to find accounting documents that were posted on non-working days as per specified calendar either for all documents of a company code or for particular users in company codes.

Should you be interested in reading more about these detection methods and the others available, you’ll find them in the dedicated page of the Help Portal: Business Content for SAP Business Integrity Screening



There is no doubt that not all the above content will fully apply to your organization, its structure, industry specifics, etc. But it will most likely help in knowing what is already available and what you can then adapt to your requirements instead of starting from scratch.

As a result, this blog is not an end in itself, merely a suggestion of where to begin!

What about you, where did you start on your fraud detection initiative? I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard