Strong Vendor Recordkeeping Can Help Protect Higher Ed Orgs From Fraud
Organizations of all varieties are plagued by fraud, and though it’s a truth universally acknowledged that strong internal controls are the best defense against it, only 23 percent of higher education institutions have proactive data monitoring and analysis programs in place (according to the ACFE’s Report to the Nations).
One of the simplest and most effective ways you can guard your college or university against both internal and external fraud is to be vigilant about creating and maintaining an accurate vendor file. Missing, excessive, and outdated vendor information can leave your school vulnerable to theft by your own staff members, those you do business with, and fraudsters posing as legitimate vendors. By constantly monitoring and controlling your vendor database, you can help reduce your school’s exposure to fraud.
Accounts payable is a risk-rich department
Money flows out of your AP department, so this is obviously a hot spot for fraud. Nothing illustrates this weakness like a good example, so consider an institution we once worked with that had fallen prey to several instances of external vendor fraud.
We reviewed the vendor database for duplicates, missing vendor taxpayer identification numbers (TINs), and overall activity. We counted more than 95,000 vendors in the university’s list. Of those, only about 16,000 were active vendors (over a two-year period). More than 5,000 vendor names were duplicates, and hundreds more TINs were repeated. As shocking as this may seem, it’s not uncommon, and it leaves an organization wide open to vendor fraud. The enormity of the list made it fairly easy for fraudsters to perpetrate and hide in the sea of irrelevant information.
This case also exposed a disconnection between finance and operations that is not uncommon at many institutions. In this particular instance, the controller didn’t recognize any vendors from among the list of the university’s top ten. It’s clear that proper checks and balances weren’t in place, potentially allowing perpetrators to get away with all kinds of theft, from AP staff members issuing checks to phony accounts (paying themselves) to fake vendors sending invoices that inadvertently get paid amid all the unmonitored clutter.
Prevention and detection techniques should ideally work together to deter and catch fraudulent activities, but detection shouldn’t be passive. The ACFE’s report shows that in the higher education industry, a mere 6 percent of fraud is found by external auditors, only another one percent lower than by accident. The responsibility for developing a system of fraud controls to best detect and deter fraud rests with the organization. Proactive data monitoring, such as a properly maintained vendor file can help.
Common errors in vendor file maintenance
For example, a school may collect data such as names and addresses of vendors but fail to collect their TINs. Or the college or university will repeatedly collect the same data on a vendor, causing duplicate records. Sometimes an institution will fail to collect any information on a vendor at all.
It is important to note that when assessing vendor databases, all “vendors” may not be true vendors but may in fact be accounts to which refunds of student aid or employee reimbursements were issued. For purposes of the disbursement process, many institutions will add these individuals to the listing, further complicating the existing mess of data. The presence of confidential student and employee information adds more risk exposure, making proactive monitoring even more imperative.
Tips for creating and maintaining a strong vendor database
The mere existence of a vendor maintenance file is not enough to reduce risk. Regularly performing proactive data monitoring can help reveal trends and patterns within the data that allow you to interpret abnormalities and cultivate suspicion. Several proactive measures may include:
- Implementing SQL or automated processes
- Performing semi-annual audits of vendor file information
- Require W-9s, SSNs, or TINs before disbursements are made to vendors
- Maintain student and employee information in separate databases
How we can help
Once a vendor maintenance file assessment has been performed, future assessments become easier. CLA’s higher education professionals can help you establish protocols and procedures that may reduce your exposure to internal procurement fraud, as well as provide end-users with better data quality to deter and detect external vendor fraud.