Skip to main content
Abstract network wave and a glowing blue and orange particle data on dark background.

The Power of Data Analytics – Fraud & Collusion

While employee collusion can make fraud hard to detect, strong preventive and detective controls can help organizations deter it.

It seems that almost every week, there is a new headline about someone committing fraud and stealing from their employer. While every fraud is unique, identifying patterns can help organizations better understand how and why fraud happens. There are several fact patterns that professionals at Forvis Mazars have noticed recently in frauds involving accounts payable:

  1. Employees working together to circumvent internal controls
  2. Depositing stolen funds into accounts controlled by the perpetrator(s)
  3. Fictitious vendors and invoices

Organizations with proper separation of duties and other preventive internal controls still need detective internal controls (which aim to detect fraud that already occurred)1 due to potential collusion. Here, we lay out the impact of collusion on fraud and how data analytics can help.

Collusion Muddies the Waters

Employees collaborating to circumvent internal controls—also known as collusion—can make fraudulent activity difficult to detect. Even the most well-rounded internal control system with proper separation of duties in place must, at some point, rely on employees to be honest.2 In the 2022 Report to the Nations, the Association of Certified Fraud Examiners (ACFE) found that a higher number of perpetrators increases the median losses suffered by organizations.3

Infographic about the number of perpetrators involved in fraud
Source: Report to the Nations. Association of Certified Fraud Examiners.2

A proper separation of duties introduces a monitoring function, as another person verifies each person’s actions. However, if collusion exists among those persons, a company will be vulnerable to fraud. We have seen cases where employees have colluded by having one employee prepare checks written to fake vendors with fake addresses and another employee intercept those checks once they are signed. This second step was crucial as the checks would have been undeliverable with a fake address. In this situation, the employee who intercepted the checks then deposited the checks into a bank account they controlled. The profits were then shared between the perpetrators.

The threat of collusion shows us that the perception of strong internal controls and constant monitoring can be an effective strategy to discourage potential fraudsters’ perception of opportunity. However, this perception means little without effective detective and preventive measures in place.

Accounts Payable Data Analytics

Data analytics is an effective detective control to help identify potential fraud in accounts payable. According to the ACFE’s 2022 Report to the Nations, automated transition/data monitoring can help reduce fraud duration to six months.

Graphical representation of "How Does the Presence of Anti-Fraud Controls Relate to the Duration of Fraud?"
Source: Report to the Nations. Association of Certified Fraud Examiners.2

There are several different data analytics techniques that can be used to help identify fictitious vendors and invoices to help implement proactive data monitoring:

  1. Searching for potential duplicate invoices
  2. Graphing payments to vendors over time to help identify payment trends
  3. Looking for shared attributes between employees and vendors

When looking for potential duplicate invoices, it is important to look for things that are similar, but not exactly the same. Depending on the accounting system, there may be configurations to prevent an exact duplicate from being entered, which enforces the need to look for items that are similar. Something to look for are invoices from vendors with slightly different names—sometimes fraudsters will create a fictious vendor that is a slight variation of a legitimate vendor. Another common pattern to look for is similar invoice numbers—sometimes an additional character will be added to an invoice number to mirror a legitimate invoice.

Graphing payments to vendors over time provides great operational insights and visibility into unusual payment patterns to vendors. A common pattern to see in a fraud investigation is an acceleration pattern. In this pattern, a vendor utilized for fraudulent activity will initially receive small payments. If these small payments go unnoticed, the perpetrator(s) will increase payments over time. This pattern can be seen visually in a graph. 

Depending on the sophistication level of the perpetrator(s), they may create a fictitious vendor that shares some of their personal attributes such as address or bank account information. Looking for employees who share attributes with vendors can help identify potential fictitious vendors or undisclosed relationships between employees and vendors. When performing a procedure like this, it is important to standardize data as much as possible prior to matching because there can be variations in the data that make matching difficult. Another technique to consider using is a fuzzy matching process to identify similar matches.

These are just a few examples of data analytics techniques to help identify fraud in accounts payable. Implementing these procedures—or similar analytics procedures—on a recurring basis can be an effective detective control. Through our experience, a combination of strong preventive and detective controls creates a more robust environment to help fight fraud.

If you have any questions or need assistance, please reach out to a professional at Forvis Mazars.

  • 1“Auditing Standard No. 5, An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements, Appendix A - Definitions,” pcaob.org, 2023.
  • 2 a b c “Fraud Examiners Manual,” 1.441, acfe.com, 2022.
  • 3“Occupational Fraud 2022: A Report to the Nations®,” legacy.acfe.com, 2023.

Related FORsights

Like what you see?
Subscribe to receive tailored insights directly to your inbox.