Show TOC

 Overview of Detection Methods in SAP Fraud Management

 

SAP provides over 50 detection methods as standard business content for detection and investigation of fraud scenarios in procurement, internal audit, and for anti-corruption compliance. The business content is ready to use, and provides an excellent starting point for additional content. The standard scenarios and detection methods are shown in the following tables.

Irregularities in Accounting Documents

Investigation object type: FRA_ACCDOC (Accounting Document)

Detection object types:

  • FRA_ACCDOC (Accounting Document)

  • FRA_PAYPRO (Payment Proposal Item)

Used to Find ...

Documentation Link

Accounting documents which were posted on exceptional dates

Detection Method: Accounting Documents Posted on Non-Working Day

Payments that are made to business partners who are located in high-risk countries

Detection Method: Business Partner Address in High-Risk Country

Irregularities in Outgoing Payments

Investigation object type: FRA_DOC_IT (Accounting Document Line Item for Outgoing Payment)

Detection object type: FRA_PAYPRO (Payment Proposal)

Used to Find ...

Documentation Link

Creditors that are located in high-risk countries

Detection Method: Payment to High-Risk Country

Creditors or debtors with a bank account that is located in a high-risk country

Detection Method: Bank Account in High-Risk Country

Large payments that were divided up into smaller payments (smurfing)

Detection Method: Accounting Document Line Item Smurfing

Irregularities in Customer Transactions and Master Data

Investigation object type: FRA_CUST (Customer)

Detection object types:

  • FRA_CUST (Customer Master Data)

  • FRA_CUBANK (Customer Bank Account)

  • FRA_CUINVI (Customer Invoice Item)

Used to Find ...

Documentation Link

Customers who are located in a high-risk country

Detection Method: Customer Located in a High-Risk Country

Any changes to customer master data

Detection Method: Changes to Customer Master Data

Customers who have bank account located in a high-risk country

Detection Method: Customer Bank Account in High-Risk Country

Customers whose bank location differs from their location

Detection Method: Customer and Bank Location Differ

Cases in which the paying customer is different from the invoiced customer

Detection Method: Paying Customer Differs from Invoiced Customer

Split-payments of invoices (also called smurfing)

Detection Method: Customer Invoice Irregularities (Split Invoice)

Suspicious terms in customer invoice items

Detection Method: Suspicious Terms Screening for Customer Invoice

Irregularities Concerning New Vendors

Investigation object type: FRA_NEWVEN (New Vendor)

Detection object type: FRA_NEWVEN (New Vendor Master Data)

Used to Find ...

Documentation Link

New vendors whose turnover in the first year exceeds a specific threshold

Detection Method: Turnover of New Vendor in First Year Exceeds Threshold

New vendors who have a suspiciously high turnover growth between the first and second years

Detection Method: Growth Between 1st and 2nd Year Exceeds Threshold

New vendors that have a large percentage of their turnover approved by a single employee

Detection Method: Percentage of Turnover Approved by a Single Person

One-Time Accounts (One-Time Vendor)

Investigation object type: FRA_ONETIM (One-Time Vendors)

Detection object type: FRA_ONETIM (One-Time Vendor Invoices)

Used to Find ...

Documentation Link

Bank accounts that were used multiple times in one-time accounts (OTA)

Detection Method: Multiple OTA Postings to Same Account

One-time bank accounts that also belong to a regular vendor

Detection Method: OTA Uses Bank Account of Regular Vendor

One-time accounts that already exist as regular vendors

Detection Method: Duplicate Regular Vendor and One-Time Vendor

Irregularities in Purchase Orders and Purchase Order Items

Investigation object type: FRA_PO (Purchase Order)

Detection object types:

  • FRA_POHEAD (Purchase Order Header)

  • FRA_POITEM (Purchase Order Item)

Used to Find ...

Documentation Link

Purchase orders that have had an excessive number of changes

Detection Method: Multiple Changes on Purchase Orders

Purchase orders containing addresses that are on sanctions or politically exposed persons (PEP) lists

Detection Method: Address Screening for Politically Exposed Persons

Purchase order items that have a vendor located in a high-risk country

Detection Method: Purchase Order Item with Vendor from High-Risk

When the invoice receipt quantity is greater than the goods received quantity

Detection Method: Purchase Invoice Greater Than Goods Received

When the amount paid in an invoice is greater than the amount shown in the relevant purchase order item

Detection Method: Purchase Order Overpaid

Irregularities in Vendor Data and Transactions

Investigation object type: FRA_VEND (Vendor)

Detection object types:

  • FRA_VMDCHG (Vendor Master Data Change)

  • FRA_VEND (Vendor Master Data)

  • FRA_VEBANK (Vendor Bank Account)

  • FRA_VEINVH (Vendor Invoice Header)

  • FRA_VEINVI (Vendor Invoice Item)

  • FRA_VEPAY (Payment Proposal)

Used to Find ...

Documentation Link

Vendors whose bank data has been changed and then reverted to the original data (flip-flop bank data)

Detection Method: Vendor Bank Data Change (Flip-Flop Vendor)

Vendors whose alternative payee field has been changed and then reverted to the original state (flip-flop payee)

Detection Method: Alternative Payee (Flip-Flop Payee) - Cross Company Code

Vendors whose alternative payee field has been changed and reversed within one single company code

Detection Method: Alternative Payee (Flip-Flop Payee) - Company-Code Specific

Employees who have the same bank data as regular vendors

Detection Method: Employees with Same Bank Data as Vendor

Vendors who have no banking details are recorded in the vendor master data

Detection Method: Vendor Without Bank Details

Vendors who are located in high-risk countries

Detection Method: Vendor Address in High-Risk or Embargo Country

Vendor invoice items with regular or one-time vendors who are located in a high-risk country

Detection Method: Vendor in Invoice Item in High-Risk Country

Vendors whose address is a post office box or incomplete

Detection Method: Vendor Address Suspicious

Vendors who have no phone number; or the phone number is located in another country

Detection Method: Vendor Telephone Number Suspicious

Vendors who are paid prematurely, relative to the average days sales outstanding (DSO)

Detection Method: Vendor DSO Shorter than Company Average DSO

Vendors whose bank account is located in a high-risk country

Detection Method: Vendor Bank Account Located in High-Risk Country

Vendors whose bank is located in a different country than they are

Detection Method: Vendor and Bank Countries Differ

Vendors with similar bank accounts

Detection Method: Vendors with Similar Bank Accounts

Duplicate invoice reference numbers for a single vendor

Detection Method: Duplicate Invoice with Same Approver 1

Duplicate invoices that were approved by the same person

Detection Method: Duplicate Invoices with Same Approver 2

Duplicate invoices that have the same vendor ID or VAT

Detection Method: Duplicate Invoices

Invoices that do not have a corresponding purchase orders

Detection Method: Invoice Without Purchase Order Reference

Invoice items that are split into smaller payments, whose sum exceeds a certain threshold

Detection Method: Split Invoices Exceed Limit

Vendors that have a high percentage of invoices with rounded amounts

Detection Method: Round Invoice Amounts Above Threshold for Vendor

New invoices for inactive vendors

Detection Method: New Invoices to Inactive Vendors

Payments that were made to banks in a country other than that of the vendor in the invoice

Detection Method: Divergent Vendor and Payment Country

Manual payments to a vendor

Detection Method: Manual Payment to a Vendor

When a vendor was paid too early

Detection Method: Vendor Payments Too Early

Payment proposals to which manual changes have been made

Detection Method: Manual Change to Payment Proposal

Vendor invoice items that have suspicious terms

Detection Method: Suspicious Term Screening for Vendor Invoice Items

Vendor invoice items that have similar amounts

Detection Method: Vendor Invoices with Similar Amounts

Blocked vendors that have active duplicates

Detection Method: Find Duplicates of Blocked Vendors

Vendors that have C/O in their address

Detection Method: Vendor with "Care Of" in Address

Vendors that have similar names

Detection Method: Vendors with Similar Names

Irregularities in Travel Expenses

Investigation object type: FRA_EMPL (Employee)

Detection object types:

  • FRA_TERCPT (Travel Expense Receipt)

  • FRA_TREND (Employee Travel Expense Trend)

Used to Find ...

Documentation Link

An employee who has submitted and reused receipts on more than one travel expense

Detection Method: Duplicate Travel Expense Claim Made by One Employee

An employee who has filed travel expenses with unusually rounded amounts above a certain threshold

Detection Method: Travel Expenses with Rounded Amounts

An employee who has suspicious trends in their trip expenses

Detection Method: Suspicious Trend in Trip Expenses