Saturday, 29 April 2017

If Google and Facebook then ...

How on earth did Google and Facebook fall for such a basic and traditional scam that they have lost $100m by paying false invoices?  If they could, could you also be vulnerable?

I've discussed this type of fraud so often it almost makes me doubt reiterating, yet surely the evidence from both Google and Facebook is that the lessons are not being learnt? If they are being learnt is there a loophole which yet remains unplugged.

  1. There needs to be a clear separation of roles between Procurement, Finance and receipt of delivery;
  2. Procurement alone should have the responsibility for adding new vendors to the database of creditors;
  3. Ensure due diligence in validating creditors bank details;
  4. Every invoice needs to be cross-matched with a Purchase Order;
  5. Have a regular spend analysis which flags up where the money is going and use that to establish where there are strategic contract gaps;
  6. Have contracts on an integrated S2P system or at the very least linked to the P2P;
  7. Use the P2P matching to manage creditors payments;
  8. Have a strategic approach to procurement risk management.
Let face it, if it could happen to Google and Facebook, it could being happening to you.

You can read more about establishing vulnerability to fraud at the TCS blog or my article

No comments:

Post a Comment