Paper‑Supplier Fraud Warning

Procurement teams can lose real money when a “supplier” exists only on paper and gets paid before basic checks are done. (theiia.org) The control failure usually starts in vendor onboarding, the step where a company verifies a supplier’s legal identity, bank account, tax details, and business purpose before it can be used in accounts payable. The Association of Certified Fraud Examiners has published cases in which weak approval controls let staff set up fictitious vendors and submit dozens of fake invoices over multiple years. (acfe.com) A second weak point is retrospective approval, when a manager signs off after goods or services were supposedly bought instead of before the order was placed. The Institute of Internal Auditors says procurement audits should test each phase of the buying process because control gaps can appear at onboarding, purchasing, invoice review, and payment. (theiia.org) Anti-fraud groups frame this as an internal-control problem, not just a bad-actor problem. The Committee of Sponsoring Organizations of the Treadway Commission says effective internal control depends on design and operation across the whole system, not a single signoff. (coso.org) That is why internal audit is usually pulled in before losses become visible in financial statements. The Institute of Internal Auditors says audit teams should assess fraud risk periodically, include fraud in audit plans, and review how controls failed when fraud is found. (theiia.org) The warning also fits a broader enforcement pattern: procurement fraud cases often involve fake documentation, sham vendors, substituted goods, or manipulated approvals. The United States Department of Justice says its procurement-fraud work covers schemes involving contracts with federal agencies, while separate cases have alleged millions of dollars in losses from false purchasing activity. (justice.gov) One federal case in California showed how ordinary office-supply purchasing can be exploited at scale. Prosecutors said Jim A. Meron used two office-supply businesses between May 2011 and July 2017 to defraud government agencies out of as much as $3.5 million by delivering cheaper products than customers ordered. (justice.gov) Another enforcement action tied procurement misconduct directly to ignored warning signs inside a large company. The Securities and Exchange Commission said former Kraft Heinz procurement executives approved improper supplier contracts while employees were circumventing internal controls. (sec.gov) The practical fix is mundane and specific: verify the supplier before the first payment, separate who creates vendors from who approves invoices, and use audit testing to look for duplicate bank accounts, round-dollar invoices, and payments just below approval thresholds. Fraud-risk guidance from the Association of Certified Fraud Examiners and the Institute of Internal Auditors points to data analytics and vendor audits as standard tools for that work. (acfe.com) The thread running through these cases is simple: once a fake or compromised supplier gets into the system, every later approval becomes easier to fake too. By the time finance spots the pattern, the losses can already be booked, paid, and hard to recover. (theiia.org)