Authored By: Huzeifa Unwala, Sr. Partner JHS & Associates
- Old scheme continues in a New Avatar
Invoice frauds are the most popular schemes amongst fraudsters. They are designed to generate false payments against: –
- false invoices or false entries in the books of accounts
- inflated invoices or duplicate invoices or
- fake invoices without underlying transactions of goods or services.
Since the rollout of GST, a large number of fraud cases involving the use of fake invoices for wrong availment of input tax credit (ITC), which is further used to pay GST on outward supply, have been detected. The malafide intent for such fake invoice schemes appears to be fraudulent availment/encashment of ITC credit. Often the unscrupulous entities engaged in this modus operandi also defraud other authorities such as Banks by inflating turnovers, laundering of money, etc.
Invoice fraud schemes are designed with ulterior motives such as inflation of expenses or turnover, availment of wrongful gains under law such as Input Tax Credit (GST), claim of illegal benefits/ refunds (zero-rated supply of goods), routing of invoices through a series of shell companies and transfer of input tax credit from one company to another, laundering of money, diversion of funds, etc.
- Preventive & Detective Measures to safeguard against Invoice Frauds
Invoice processing/ accounts payable teams face several process streamlining challenges that make a simple looking process very complicated. Record keeping is one of the biggest bottlenecks as, in the haste of processing invoices in a timely manner, the creditor is requested to submit duplicate invoices. Several other areas, such as manual data entry, invoices sent to wrong person/ e-mail id, missing information in invoices, etc., make the invoice processing cycle vulnerable to errors and frauds.
The Control Environment can be reinforced through sharp fraud risk assessments, targeted data analysis and re-visiting the traditional invoice processing cycle. Let us look at the key risks and internal design features that can be re-visited to strengthen the control environment as per Table below.
Sr. No. | Typical Risk Factors | Preventive Measures to Safeguard | Detective Measures to Unearth |
1. | Poor Obligation to Pay confirmation/ Provisioning practicesUnauthorised Invoices introduced into the accounting systems | Obtain e-mail confirmation from the Process or Business owner on the obligation to pay along with the payment estimateVerify pre-approval in the system before entry of invoice in the systemReceive Invoice only through a digital centralised system that generates a unique scroll number for each invoice | Trace Payable Report generation & Matching with the Obligation to Pay statementTrace all large value journal entries for justificationTrend analysis of purchases and accounts payable balances |
2. | Forged invoiceFake Invoice | Thorough visual scrutiny of invoice/ invoice image by multiple layers of scrutiny to detect any alterations or forgery.Scrutinise other information 3-way match of PO-GRN-Invoice New vendor approval checksAuthorised signature matchingCheck Goods/ Services Receipt report 3-way match of PO-GRN-Invoice Verify payments of previous period ITCMismatch between volume of goods supplied and e-way bill generated Incorrect or fake addresses on GST portalCompletion of Direct delivery form in case goods or services are received in non-warehousing locationsMatch invoice dates with Shipping dates | Budget or UnbudgetedInvoice Vendor Category Date, Item & Value matchingPayment on non-working dayExceeds PO valueMultiple invoice below the authority limitsCommon GSTin registrationsCommon GSTin registrationsSudden increase or decrease in business volumesCommon vendor master details such as PAN, Address, Mobile, Bank Account Numbers, etcSearch and identify invoices outside the accounting or payment processing period |
3. | Excess PaymentsUnauthorised work performed by vendors | Verify rate and quantity through multiple levels of scrutinyBlock invoices outside tolerance limits for quantity and valueVerify receipt of goods and services to against contract/ purchase order, running account and invoice information.Reconcile ledgers for accuracy of recorded transactions.3-way match PO-GRN-InvoiceEnsure segregation of duties of persons maintaining vendor masters, approving the payment and person making the payment Keep a chronological log of all cheque numbers/ payment transaction numbers | Duplicate payment searchSearch and identify payments to blacklisted or red flagged vendorsMatching authority for approvals with the authority matrix search and identify creditors with debit balances |
- Conclusion
Invoice frauds result in instant financial and reputational losses. Fraudsters are getting increasingly sophisticated with use of deep fake technology where they mimic the voice of the CEO or top boss and pass instructions for transfer of millions of dollars. Posing as legitimate vendors, cyber criminals carry out Invoice frauds through spamming attacks where business e-mails are compromised. They lure innocent targeted employees into processing large sums of money for services that were never rendered. Global statistics reveal that business e-mail compromise is rising at 20-30% annually and is emerging as one of the biggest fraud risks. To safeguard against invoice frauds, businesses and accounts payable processing vendors have started deploying smart AI technology to red flag invoice payment risks and block suspected vendors.
Indian Income-tax Act prescribes penal consequences for (a) forged or falsified documents such as a false invoice or, in general, a false piece of documentary evidence; or (b) invoice in respect of supply or receipt of goods or services or both issued by the person or any other person without actual supply or receipt of such goods or services or both; or (c) invoice in respect of supply or receipt of goods or services or both to or from a person who does not exist.
It may be noted that the Income-tax Act states that Penalty shall also be levied on any other person who causes any false entry etc. In such cases, it could be employees or accountants, or auditors as well where found guilty. The front line of defence against invoice frauds is to develop an employee training and awareness program, where employees are made aware of the typical invoice fraud risk factors, invoice processing dos & don’ts, and how to report unethical conduct. Further, businesses may design extended procedures internally and as well with third parties and bankers so that all electronic payments are secured, protected and relevant evidence is preserved for future references.