So what we want to do is we want to see if we have any entities out there around the world where it would be really obvious for the SEC to find something to show that there’s a problem. We want to make sure that our general entry, our whole general ledger is safe and like everything in there looks normal. Okay, so and that’s something that we can do on a one-pager for the FCPA.
And so what we want to do is we’re going to gather up all of the information from around SAP and we want to find out, we’ll use that information to flag our general ledger and it’s going to help us to know if we have postings that are a bit strange. So for example, I’ve put some examples here like supplier posting for suppliers that are generic. So you can have generic suppliers like you know sometimes you see in the database it’s like supplier one, supplier two or generic or it could just be like fournisseur if it’s in French or or whatever it is like a generic it’s not a real name and sometimes it’s just called one-time vendor or vendor for office equipment or something like that.
So sometimes companies will put in these generic vendors and it’s just basically because they haven’t got time to write in all the tiny little vendors so just use one-time vendor account or something like that. Which is completely normal but what’s not completely normal is when you have those kind of vendors and then you’ve got like 20 million dollars for that particular vendor that would not be normal and the same is for customers. So for example customers, you can have generic customers as well and you might be doing rebates you know you might be paying out rebates to customers or you might have customer returns and there’s quite a lot of reasons actually why you might actually give money to a customer.
People always think customers there’s no risk in customers because there’s customer giving us money but actually quite a lot of the time we’re giving the customer back money. So we want to make sure that we are not giving a huge amount of money to the customer. That’s generic because if it’s generic it’s obviously not real and it means there’s no tax number, there’s no real address, and we can’t trace it back to a particular third party. So if the SEC show up and they see that you’ve got like 50 million dollar payment to a one-time vendor it’s going to be a huge red flag. They’re going to start digging and digging and digging and find out what that is all about because probably it’s not normal. Then maybe that’s something that’s being used for a bribe. So another thing that they’re going to do is material postings that are generic and it’s the same principle it’s like if you’ve got generic material posting it can be normal. But if it’s like maybe you’ve got a material code it’s just like consulting and all it says is consulting and then you’ve got like 100 million dollars buying consulting that’s not normal.
So you don’t want to have like really generic material codes and huge amounts to those ones so we want to be able to pick those up. It’s going to be quite tricky sometimes to be able to know like is that supplier a generic supplier one-time vendor is that customer generic or is it a one-time vendor and the same for materials. But actually in SAP we have ways of knowing and different ways of knowing. One way is that there is actually a flag on the supplier database that will tell us that it’s a one-time vendor and the same for the customer and the same for materials so materials there is also a flag to say it’s generic. But it might be quite tricky even if we have those flags. So sometimes we need to do other things. For example we might want to look in in the list of payments we want to see like do we have suppliers that lots of different supplier names but we have the same bank account. Or it might be that if you have supplier joe blogs and supplier joe blogs looks like a normal supplier like it doesn’t look like a one-time vendor, it doesn’t have the name generic, and it doesn’t have the flag generic in SAP because no one did anyone see that it’s generic but it’s called supplier blogs. And it is having a lot of different bank account numbers in the payment programme so actually what it means is that that is a name that is used as a generic supplier and that’s also another way that we can find out if we’ve got generic suppliers and the same for customers. For materials, if you’ve got a material number and that material number is used for a whole load of different prices huge ranges of values and different things then it’s probably something that’s generic. So there are ways official ways in SAP to know if it’s generic and then there are other like tricks that you can use to know if it’s generic.
Then we want to know obviously if something is manual. If something is manual it means basically that somebody is posting directly into the general letter. It means that they are not going through the purchasing module, they’re not going through the sales and distribution module, and they’re not going through payroll whatever it is. They’re just writing the journal entry directly into the general ledger. And if they do that then it means that they don’t have so much control. So for example, maybe you have a lot of purchase of raw material, for example you’re like buying a huge amount of raw material all the time, and there’s a process for that. So you’ve got your purchase order, you’ve got your approvals, you’ve got your goods receipts, you’ve got your invoices, all of that for raw materials. And you’re going through this process. In your process, your supply chain process, you have controls. You’ve got controls on the prices, you’ve got controls on the suppliers that you want to use, you’ve got approbation limits, you’ve got all of the delegation of authorities and the approbations that attract in SAP. Then when the goods arrive, you’ve got a three-way match control that’s done before you’re going to pay that invoice, you’ve got all these controls, and these controls are most for the most part they are happening in the materials management module of SAP. So it’s happening in materials management module . And these controls are not happening if you’re just going to enter the supply invoice straight into the general ledger.
If you bypass the materials management module and just enter that journal entry straight into the general ledger and that way you don’t have to go through all of the delegation of authorities, and you don’t have to care about the pricing or if the supplier is being blocked or cancelled or whatever it is . And the same goes for order to cash. So it can also be in order to cash. Maybe you want to bribe somebody by just giving them a whole lot of free products. So if you’re in fast moving consumer goods, it might want to be that like you can give an official a huge amount of free products. If that’s happening then it can be considered to be a bribe. Even if you’re in alcohol beverages, or it could be that you’re in clothes, or jewellery or or anything that’s to do with fast moving consumer goods, there’s a really huge risk of giving away too many free products and those free products being considered to be a bribe because you’re giving away and it could also be that you’re giving away stuff too cheaply. And if you’re doing that it’s also a problem. So people maybe don’t want to go through all of the customer pricing controls, and margin controls that we have the possibility to set up in the sales and distribution module of SAP. So if somebody doesn’t want to go through all of those controls what they can do is they can just enter a journal entry directly into the general ledger and this is manual journal this is why manual journal entries are so important. So we want to make sure that we know what all of our manual journal entries are about.
So on your FCPA one pager you want to be able to filter our manual journal entries and then you want to be able to see what people are posting that is manual. We’re going to show you later because we’re going to give you the free one-pager FCPA dashboard for SAP and in there you’re going to get all the logic so it’s like really exciting you know if you don’t know yet how to know if something is a manual journal, you’re going to find out because we put it in there. It takes so long to get all of this information it’s been like years and years and years over 20 years working on all this stuff and now we’ve got all this knowledge. It helps us to know all these things all these little little bits and pieces about SAP like how do you know if it’s a manual journal entry. And I’ve seen like people doing it in so many millions of different ways and after a while you know you do it, and then do it again, you test it, and you do it again, you test it, and do it again, and at the end of the day, you sort of work it out. There’s like maybe 20 or 30 different fields you have to take into consideration then you get to the correct result of like that’s a manual journal entry and pretty much in all SAP systems manual journal entry. So even if you have different SAP system in Germany compared to what you have in Africa, it’s still going to be manual journal entry pretty much.
So this really helpful like I think it’s going to really help you to see really quickly all your manual journal entries and obviously when you get a manual journal entry can be totally normal but if you’re having manual journal entries for things that are like raw materials and stuff like that then it’s not normal. So that’s kind of thing that you want to check out be like why am I actually having a manual journal entry for raw materials and it’s not going through materials management. Probably because somebody wants to get rid of the internal controls and this is the type of thing that the guys from SAP would want to have a look at so if they see manual journal entry for raw materials. And then they want to see like you know why was that done, and what happened, and is it because you’re giving them a way for for like or you’re buying them at a much higher rate than usual and so that’s maybe why someone wants to get around their internal control so they start looking at the prices and all that stuff. So looking at the prices is also a thing that we want to do in order to see what is going on in terms of FCPA and things like that.
So we we want to look for supplier postings that don’t have supporting purchasing documents that’s when we talk about manual journal entries, and the same with customer postings, and then also for fixed assets. If you have fixed assets, you have fixed asset write-up like maybe you got a fixed asset, it’s it’s going on over time and it’s depreciating as normal. And then somebody just writes it off . Or it could be like you get your fixed asset quite a huge value like maybe it’s a Maserati car, or something like that so it’s an expensive version of your asset class and it gets acquired and then it gets written off the next day now. If that happens, it’s obviously a huge red flag so what you want to look for in your general ledger is the fixed assets that arrive and then they disappear. And that could obviously also be in a fixed assets ledger and in the fixed assets module of SAP, or it can be a manual journal entry. So again if people are doing manual journal entries about fixed assets, then that’s also something that we want to look at. So if you’ve got fixed assets that are being written off and it’s being done by manual journal entry, and it’s for a big amount. It’s something you want to have a quick look at. Typically what you do is you you get that post and you’re like 10 million write-off fixed asset and then you go into SAP have a quick look . And you see when was the asset acquired and you know if it was last week and then just written off. Obviously, it got a big question.
Another thing is really typical when we’re talking about corruption. People always tell me, no you can’t do any data analytics for corruption, it doesn’t work because it’s under the table. It’s like the hidden envelope, it’s like the suitcase. You can’t actually see that with data analytics and actually what I always tell people in response to that is if you’re an employee and you want to bribe your customer because maybe you want to get a better commission or you want to help the company. Because you’re in a foreign country and you want to help the company and everyone’s doing that anyway and you want to help the company. So I get the foothold in that foreign country and like win all the deals and stuff and you’ve got to do it because your competitors are doing all the corruption as well.
So if you don’t do it then you’re not going to get anywhere. So you really want to help the company but you’re an employee it’s not your company so you’re not really gonna dig in your pockets and bring out 20 million dollars to give to a government official because first of all you probably haven’t got that much money, and secondly who’s that dedicated to their employer. Let’s face it so you’re not going to do that. But what you might do is find a way to get the money out of the company and give it to that government official.
There’s lots of different ways it can be like you know ghost employees, all these other things we’ll be talking about. Or it can also be travel and expense so if you’ve got fake travel expense there’s also a huge red flag. So typically we look at normally companies going to have a travel expense system such as Concur or something. And in the Concur system there’s going to be controls just like we’re talking about with the sales and distribution module, and materials management module for purchasing in SAP in the Concur travel expense system. You’re going to have all of your controls. You’ve got people working with that system as well. So when somebody goes on a trip, then they’re going to have a flight. Then they’re going to give the receipt to somebody. That admin person is going to enter it into Concur and they’re going to check that all the amounts are correct, there’s no duplicates, and there’s this and that. It’s like a specialised travel expense system and process to make sure that we don’t have any fraud going on, no duplication, and everything is normal and people are respecting the group guidelines for travel. They’re not taking like first class if they’re not supposed to take first class, and all this kind of stuff. So if you want to get around all of that stuff about travel and expense, what you’re going to do is you’re going to enter a manual journal entry for travel and expense. If you enter a manual journal entry for travelling expense, it’s not going to go through Concur it’s just a journal entry.
I was reading a book recently about fraud data analytics for SAP. In the book, they’re talking about journal entries like the part about journal entry testing. He says basically you can do whatever you like you know in the general ledger. You can do anything like you want to take money out the bank. All you got to do is make sure the general ledger is going to match the bank statement. So how do you do that? You just post a manual journal entry for bank out and that’s all you need to do. So we really need to check all of these flags and just talking about the one if somebody just wants to post something out of the bank. So what does that mean?
I’ve got my whiteboard over here I’m going to show you something over here. What we want to check is if we’ve got some strange accounting schemes. So maybe you’ve got some strange accounting schemes, and there’s typically some of the things that the SEC would check for immediately. It is like what kind of accounting schemes they got in the general ledger, and if they’ve got anything looks really weird. So typically if you’re going to have a normal supplier invoice, what you’re going to do. They’ve got debit and credit here. And what you’re going to do is you’re going to say I’m going to have a normal supplier invoice so my supplier invoice. So my supplier invoice is going to be credit the supplier, and then I’m going to debit cost and tax. That’s my supplier invoice. And then when I’m going to pay my supplier, what I’m going to do is I’m going to debit the supplier and then I’m going to credit the bank. And this over here is going to be my bank out this is when I’m actually paying the guy over here. So we got two nice normal journal entries. First one it’s our invoice and the second one it’s our bank out. These two things are going to be linked together and they’re going to be linked together by a clearing document number. So if I’m the SEC and I come along and I want to check all your bank out. So maybe I go into your general ledger, and I’m going to get all of the journal entries that for bank out. That’s really easy because in SAP you can easily see if the general ledger account has got something to do with the bank so you get all your bank out and then you see what’s got on the other side like who am I doing bank out to, and also can see is all of my bank out cleared means like is it matched to something. If it’s matched to something then I know that there is a reason for the bank out and it makes sense. But obviously I look into it in more detail but I’m going to look for the really odd things. What about if I had a bank out, first thing that might look for is like bank out but there’s no clearing document. That’s going to be a problem if your clearing document number is blank even though you’re talking about a bank out. That’s a big red flag. But so now the big red flag is our accounting scheme.
So what we want to make sure is like on the debit side what do we have so instead of having a supplier maybe we have something a bit strange like cost. Now you might be thinking. Well I don’t care because I was in Bolivia recently and we’re doing this audit and and we had loads of these bank out cost transactions and I was like oh that looks interesting, I’m really excited about that one because maybe that’s a huge audit finding for Bolivia. Actually, what it turned out to be is like all of these cost accounts were actually foreign exchange and so the CFO was like “No, I don’t care about that. That’s just foreign exchange adjustments.” I was like wow you’ve got a huge amount of foreign exchange adjustments on the bank. Unfortunately we didn’t have the time to actually go through all those foreign exchange adjustments and check that they are real foreign exchange adjustments because that would have taken too long and only had like a week to to to do the project. So we couldn’t go in and recalculate all the foreign exchange justice but they would basically like we have credit bank and debit cost but it’s all foreign exchange adjustments so we don’t care. But if it’s not foreign exchange adjustments and this is something that I’ve seen other places is actually just cost, for example cost sundry. So what does that mean? Cost to sundry or sundry cost account, it basically means it’s like like generic or sort of cost but we don’t know what it’s about. It’s just random costs let’s say random costs. So if you’ve got random costs and you’ve got bank out. In that case it’s really suspicious. You see something like that, you want to get really excited about it because it could be a huge audit finding. So this one I get a huge great big question mark. This is the kind of thing I’m really excited about if I’m doing an audit. And I want to see that they’re not compliant with FCPA or I’m going to find out if they’re compliant with FCPA. I want to help them to know that if the SEC comes and they see this kind of thing, they might have a problem. So we’re helping them. So anyway you see something like that, you’re really excited because it’s probably something you can put on your report. And also another thing if you see something where it’s like 10 million all around amount and you’ve got these kind of things going on. So what is that? This is an accounting scheme. It’s like credit bank debit cost sundry.
This is what we call a general ledger accounting scheme. Basically what it means is it’s the pattern a general ledger accounting scheme. It’s like what do. We debit what do, we credit in terms of accounts. If we have dodgy patterns like that, that’s the kind of thing we want to flag so in our FCPA one pager for data analytics for the audit team. What we want to do is we want to see all of the journal entry patterns. We want to be able to filter on them, and want to be able to see straight away. Whether or not I have bank out with cost. And if I do, then that’s something I want to have a look at and I want to see all the detail for those kind of things straight away.
There’s lots of other things you want to see as well like you might want to see maybe I credit the customer and I have cost sundry that would also be very strange same with assets. Maybe you credit the asset and you cost of sundry like it could be that you have a state-owned enterprise that’s a customer you want to do them a favour because you want to get some strategic advantage or something like that. So you just write off their debt. Writing off a customer debt is kind of the same thing as giving them a whole lot of cash and it can be considered as a bribe as well. So we want to be careful about these journal entry accounting schemes and it’s the journal entry accounting schemes that we want to be able to check.
© 2024 All rights reserved