A Virginia man was recently indicted on 60 felony charges related to his alleged embezzlement of nearly $3.3 million from his employer. The foundation for this alleged scheme was a fictitious vendor—one that received nearly a quarter million dollars a year for more than a decade. These schemes often are simple and may include distinct red flags. Some of the key red flags related to the vendor in this alleged embezzlement included:
- Post office box address only
- Phone numbers “no longer in service”
- No taxpayer identification number (TIN) on file
- Business does not show up in a Secretary of State search
Despite these red flags, it was an inventory discrepancy that uncovered the alleged scheme. The materials contained on the fake invoices were added to inventory, then added to invoices for jobs that didn’t use the materials. This led to an overstated inventory balance when compared to physical inventory on hand, which tied back to the invoices for this particular vendor.
These types of schemes are becoming more common. To help reverse that trend—and protect your organization—it’s important to learn from these examples. Here are some key points to remember:
- Vendor setup is a critical first line of defense against fictitious vendor schemes. If possible, collect a physical address, phone and TIN for all new vendors. Then, use the information to verify the existence of the vendor. For example, use Google Maps street view to check out the physical address, especially if the mailing address is a P.O. Box.
- A three-way match (purchase order to invoice to receiving documents) can help identify invoices for materials or services not received.
- Trend analysis of vendor activity may help identify unusual trends or patterns. While this article doesn’t specifically mention the vendor’s activity trends, it’s common for these types of schemes to start small and grow over time.
Give the news account of this alleged embezzlement a read and think about whether something similar could happen in your organization. Do you have controls in place to catch a fictitious vendor?