header background image

Combating INTERNAL FRAUD Within SAP: 3 Schemes Bad Actors Use (And How To Foil Their Plans)

July 26, 2023


Paul Dixon



Employees stealing from their employers is a global problem that hits companies deeply in the pocket. And although only a small minority take this illegal path, here is a startling statistic: 60% of employees would steal if they knew they could get away with it (according to the FBI).

And what does all this mean? It means some staff members operating within a company's SAP ERP or S/4HANA enterprise risk management system will do the same - if they believe they won't get caught.

Therefore, a fundamental job at the top of every internal controls team's priority list should be to enable processes fit for purpose in 2023 to detect, prevent, and mitigate employee fraud.

But what are the illegal schemes that internal fraudsters utilize? And what systems can your internal controls team implement to mitigate the risk within SAP?

Read on - because this VOQUZ Labs article reveals everything you need to know.

Scheme 1: Employee Payroll Fraud

Employees with criminal intentions who can access the payroll processing system can commit payroll fraud (more about how it works in a moment).

But first this: A staggering 27 percent of all businesses and organizations fall prey to payroll fraud. And according to the Association of Certified Fraud Examiners (ACFE), the typical duration of payroll fraud is around two and a half years - leading to an estimated loss of $63,000 for each incident.

However, the financial losses don't just stop there.

Companies may also face monetary penalties from regulatory authorities due to non-compliance with payroll regulations (depending on the jurisdiction) in payroll fraud cases. But now, let's turn our attention to how payroll fraud works. In practical terms, it manifests in various ways.

Here are the most common:

  • Ghost Employee Fraud
  • Timesheet Fraud
  • Sick Leave Fraud
  • Pay Rate Falsification

Many of you reading from the internal controls profession will be very aware of all these schemes and their associated risks. In this article, we can't go into detail for each one, but all of them have the following in common:

They exploit vulnerabilities within the organization's internal controls systems and processes.

And the question now is: How can companies strengthen their internal controls system to reduce workplace payroll fraud within their SAP ERP and S/4HANA environments?

WHITE PAPER – enhance your knowledge!

Reduce Fraud & Boost Cost Savings by Automating Internal Controls

Our White Paper explains how using robust controls and automation, organizations can better manage fraud risks, comply with regulations, improve operational efficiency, and save substantial costs.

Tablet showing the cover page of the document

How To Slash Employee Payroll Fraud Within SAP

The most common reason companies get stung for hundreds of thousands of dollars (and even more in some instances) with occupational fraud in 2023 is this: They haven't yet switched to internal controls automation for SAP.

You can learn more about internal controls automation in the VOQUZ Labs' guide.

But in a nutshell, the problem is that legacy, outdated manual internal control systems are no longer fit for purpose in a 24/7, digitalized world. For example, did you know that it takes an average of 18 months for companies with manual internal controls processes to discover employee fraud, such as nefarious payroll schemes?

For any CFO in 2023, this figure should be shocking and unacceptable. Why? Because of the incredible technology utilized in internal controls automation, red-flag alerts are now possible (for review by internal controls teams) on the same day suspicious activity occurs.

And the best way to mitigate payroll fraud within SAP is to embrace internal controls automation for real-time monitoring. For example, VOQUZ Labs' remQ Business Inspector is a best-in-class controls automation software add-on for SAP.

Scheme 2: Invoice Fraud

The next scheme that employers favor when stealing from the companies they work for involves manipulating invoices to funnel funds into their own pockets. And it's a crime that experts say is on the rise.

It's also a criminal act making headlines in the newspapers worldwide in 2023. How? Because middle-management workers from e-commerce behemoth Amazon defrauded the company of more than $9.4 million (invoice fraud is a central part of the case).

Recommended reading: If you'd like to read more about the Amazon case, our whitepaper will be of interest - Reduce Fraud & Boost Cost Savings by Automating Internal Controls.

But how does invoice fraud work? In its simplest form, here are the key steps:

  • Step 1: Creation of Bogus Invoices
  • Step 2: Manipulation of Approval Processes
  • Step 3: Diversion of Funds to the Internal Fraudster
  • Step 4: Covering Tracks (e.g. altering financial records)

In this article, we can't go into detail about each step. However, each stage has the following in common: It exploits weaknesses in the internal controls system.

No items found.
BROCHURE – the benefits of our products!

remQ - Stop losing your money to fraud!

remQ is a continuous monitoring software for SAP ERP and S/4HANA, with a large library of built-in controls that help check master data and business processes to avoid financial losses through errors and fraud. remQ can be set up in less than a day, works regardless of organization size and industry, requires no consulting project, and reduces the cost of compliance through automation.

Tablet showing the cover page of the document

How To Significantly Reduce Invoice Fraud Within SAP

We'll now examine the most effective way to battle invoice fraud committed by employees within SAP ERP and S/4HANA environments. But before that, it's important to remember that most bad actors always embrace the latest technology to help them beat the system they are against.

Therefore, battling employee invoice fraud using outdated manual controls systems in 2023 is like putting out a forest fire with a bucket of water (obviously, an approach destined to fail).

And remember the FBI statistic from the beginning of the article? Manual controls may encourage invoice fraud because employees with criminal intentions may feel the odds are in their favor of getting away with it.

The best way to put the odds back in your company's favor (like replacing that bucket of water with an air tanker plane) is to get started with internal controls automation.

For example, VOQUZ Labs' remQ Business Inspector is a SAP add-on that intelligently battles invoice fraud using technology such as automated Segregation of Duties (SoD) and real-time audit trails.

And the bottom line is this: Setting up internal controls automation within your SAP environment doesn't just detect invoice fraud (and many other types of fraud) committed by employees - it also deters them from even trying it.

Scheme 3: Expense Reimbursement Fraud

The next common way employees steal from their employees is through expense reimbursement fraud. And can internals controls automation software for SAP help reduce this global problem? Yes - absolutely.

More about how in a moment. But how does this type of fraud work? The Association of Certified Fraud Examiners (ACFE) defines expense reimbursement fraud as when employees make reimbursement claims for fictitious or inflated business expenses. Examples include meals that did not exist or were not business-related, overstated travel expenses, or receipts manipulated to a higher price.

How To Cut Expense Reimbursement Fraud Within SAP

This guide has revealed many tangible ways internal controls automation within a SAP environment can significantly reduce internal fraud. We examined the following:

  • Real-time monitoring with red-flag alerts
  • Real-time audit trails
  • Automated Segregation of Duties (SoD)

The ways listed above also help slash illegal expense reimbursement activity cases.

However, there are even more ways that automated internal controls software for SAP can further assist companies in cutting expense reimbursement fraud (and all types of internal fraud) within SAP ERP or S/4HANA environments. For example:

  • Automated Blocking Actions
  • Access Violation Management Tools
  • Case Management Audit Trails

Final Thoughts and How remQ Helps Companies Fight Internal Fraud in SAP

In this article, we revealed some of the most common schemes that employees seeking to enrich themselves illegally deploy to steal money from their companies. It's a massive problem that greatly contributes to the following statistic: Businesses, on average, lose 5% of their revenue to fraud and errors.

And how can companies and organizations who use SAP as their enterprise risk management (ERM) system make inroads in slashing this percentage?

By embracing internal controls automation solutions for SAP.

VOQUZ Labs remQ Business Inspector software is best-in-class automated internal controls software that operates as a SAP add-on with a library of 100+ pre-built shipped controls ready to run. You can click here to learn more about how remQ can assist your business with its goals to reduce fraud, cut audit errors, and stay compliant within your SAP ERP or S/4HANA environment.


Paul Dixon

Paul is a RegTech content writer & strategist with extensive experience in digital marketing and journalism. His work has appeared in the Guardian newspaper. He also holds a degree in International Relations, where he studied global sanctions compliance and cross-border finance.


Do you have any questions or something to add? Just leave us a message, please! Your message will be delivered by e-mail to us and will not be published.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Illustration of a woman editing documents

Register for our newsletter now!
Keep yourself up to date!

Thank you! Your successfully signed up for our newsletter.
Oops! Something went wrong while submitting the form.


Thumbnail that links to the post below

RISE with SAP: SAP's enticing offer for the cloud




Thumbnail that links to the post below

Duplicate Payments: Understand and prevent them!




Thumbnail that links to the post below

RISE with SAP: Can you move to the cloud without worries?