Go To Search
Click to Home
How to Address Fraud in Your Purchase-to-Pay Cycle
By John Verver

Government finance professionals constantly face the difficulties of fraud and errors in the procurement and vendor payment process. These issues can be caused both intentionally and unintentionally by vendors and employees.  

Funds flowing through government purchase-to-pay systems are so large that even a very low rate of error or fraud can mean eye-popping losses, which you are extremely likely to overlook if relying only on enterprise resource planning (ERP) enforced controls.

Vendor billing errors remain among the most common problems in purchase-to-pay systems. Many instances are simply process errors inadvertently made by vendor systems or employees. However, there can also be deliberate attempts to defraud, by vendors or by colluding employees, simply because they know that invoice errors can occur and remain undetected.


Duplicate data and poor-quality data are often a very expensive problem for organizations, both in terms of overpayments and time wasted in resolving issues. Clearly, if this is possible in your environment, performance is being affected.

ERPs will not allow the same invoice number for the same vendor to be entered twice, but what if the invoice number is accidentally or deliberately mis-keyed? What if there are actually two different accounts for the same vendor, with slightly different name spellings? This is definitely happening.

Another control weakness arises when vendors are set up more than once in the system. This often occurs because of variations in the spellings of corporate names when they are entered. An ERP system will normally prevent a duplicate vendor from being established if name and address information are identical. But if they differ sufficiently, the entries are accepted.


Data analysis is very effective at analyzing entire vendor databases and finding instances of data duplication and error. It uses sophisticated algorithms to find misspellings and data entry errors. In the case of vendor processes, it can be used to analyze all purchase and payment transactions over a period of time and look for combinations of variables that indicate a likely problem. Tests can identify an identical amount paid to a vendor within a given timeframe, or an identical invoice number and amount paid to two different vendors.

It is not unusual to apply up to 10 different variations of potential duplicate tests that can bring problems to light. Excessive numbers of false positives are managed by allowing the search parameters and combinations to be varied by an authorized user of the monitoring system.


John Verver, CPA CA, CISA, CMC is currently an Advisor to ACL. John is acknowledged as an expert authority and domain thought leader on the use of enterprise governance technology, particularly data analytics and data automation for audit, risk management, and compliance. To learn more about ACL's solution for local governments, visit www.acl.com.