Discussion at the Cube

Fraudsters can use your transparency measures against you to pose as vendors and steal large sums of money. Here are a few tips to help protect your organization.

Reducing Risk

Five Ways to Fend off Electronic Vendor Fraud at Your Government Entity

  • Allison Slife
  • 1/25/2018

Fraud is perpetrated against organizations of all kinds, and state and local governments are no exception. In its most recent Report to the Nations on Occupational Fraud and Abuse, the Association of Certified Fraud Examiners (ACFE) reported that in cases involving government victims, the median reported losses were $194,000 (federal), $100,000 (state), and $80,000 (local). Nearly 19 percent of all organizational fraud victims are governments. The problem is real and costly.

Transparency measures expose governments to electronic vendor fraud

One of the most common types of fraud is committed by third parties through electronic payment methods, and governments are falling prey to these schemes for a variety of reasons. Chief among them, however, is your effort at greater transparency. Citizens are indeed entitled to a great deal of your governmental entity’s information, but that openness is also a weakness in the fight against fraud.

The public expects that your financial and contractual information is available to them, and in many localities its publication is mandated by law. Expenditure and payment listings, meeting minutes, copies of contracts, and detailed construction project information can all be readily accessible on your government’s website and often in local news stories, too. These items are also discussed openly during public meetings.

This depth of information opens you to risk from third parties that have become sophisticated in their schemes to defraud governments. This was all too apparent with Government Finance Officers Association (GFOA) recent advisory on electronic vendor fraud. The GFOA provides many tangible strategies to help address fraud schemes targeted at governments. It’s worth reading.

Five ways your government can prevent and detect electronic vendor fraud

While internal controls cannot completely prevent electronic vendor fraud, they do indeed help fend it off and can greatly reduce the time it takes to detect it once it has occurred. Here are five of the most effective things you can do to keep fraud at bay.

1. Cultivate suspicion

Provide information on email fraud scams for all employees and officials. Know the latest on phishing emails, ransomware, and malware, and be relentless in spreading the word about them with your people. Constantly give them examples of these scams and have policies and procedures in place to address suspicious activity. Perpetrators can be savvy in developing emails that appear to be from real vendors asking to change their banking information or needing payment details. These fraudsters also reach out via phone calls impersonating real vendors. It is important that employees and members of governance stay current on these risks and know how to handle potentially compromising situations. Teach them to always be suspicious and proceed through every transaction with caution.

2. Review your vendor protocols

Review your organization’s methods of updating vendor information, processing payment changes, accessing vendor change forms, verifying vendor contacts, and segregating duties within your systems. If you have outdated internal controls and policies that don’t address these areas, take the time internally or have an outside party conduct a review and offer ideas for mitigating risks.

3. Verify vendor payment information — but never by email

Make sure that changes in vendor payment information are verified independently. This could be a phone call or written letter to the vendor’s known contact number or address (as outlined in a contract or similar documentation) to verify the change. Do not send change verifications via email; always do this via phone call or regular mail. Consider processes to verify vendor information such as address and phone searches with reputable sources (like a secretary of state website) in order to validate vendor information. If you have a vendor self-service portal at your organization, review the methods for making changes and ensure there is an audit trail to document and report them.

4. Enlist your vendors’ cooperation

Make sure current vendors understand protocols that your governmental organization has in place to change payment methods and that email is not acceptable. Verify you have a process for vendors to notify your organization of any key staff changes at their company so you can properly update records.

5. Train your employees, and then train them again

Constantly provided employee training on the risks of fraud and your government’s policies and protocols for preventing it. When employees are first hired or change roles, you should seize the opportunity for training and retraining. And all employees should be routinely and periodically reminded of the gravity of these risks. Include real examples for employees to talk through, provide a venue for questions and answers, and have a protocol for employees to discuss questions or concerns about vendor payments.

How we can help

CLA’s state and local government professionals help organizations of all sizes to address their exposure to risk. We can work with you to provide effective strategies for mitigating vulnerabilities, including policy reviews, staff training, and consultations.