Red Flags in Supplier Invoices

Red flags in supplier invoices are specific characteristics of an invoice -- its format, content, submission pattern, or relationship to other invoices and supplier records -- that indicate a higher probability of fraud, error, or compliance risk. Identifying red flags is not the same as identifying fraud: many invoices with red flag characteristics are legitimate, and many fraudulent invoices have no obvious red flags. Red flag detection is a tool for prioritising AP review effort toward the invoices most likely to require additional scrutiny.

Understanding which red flags matter requires distinguishing between characteristics that indicate process problems (late submission, missing ABN), characteristics that indicate possible fraud (round-number amounts, new supplier with no purchase order, bank account change request bundled with an invoice), and characteristics that indicate shell company or phantom vendor risk (supplier address matching an employee address, supplier ABN registered recently, GST registration status inconsistent with invoice value).

Invoice-level red flags

Invoices with round-number totals warrant attention, particularly when the amounts cluster just below approval thresholds. A real invoice for services rendered tends to produce an odd amount reflecting actual time or materials; an invoice for exactly AU$4,999 from a supplier the business has not used before should trigger a check against what was ordered and whether a purchase order exists.

Missing or invalid GST details are a compliance red flag. Australian suppliers registered for GST must include their ABN and GST amount on any invoice where the total supply is taxable. An invoice that claims to include GST but does not show the supplier's ABN, or where the claimed GST does not calculate correctly from the net amount, indicates either a formatting error or a false invoice. The ATO requires businesses to hold a valid tax invoice to claim GST credits -- processing an invalid invoice means the GST credit will be disallowed at audit.

Vague or generic service descriptions -- "consulting services," "management fees," "professional services" with no further detail -- make it impossible to verify whether the service was actually received. Legitimate professional service invoices from Australian providers typically include a description of the specific work performed, the engagement period, and the billing basis (hourly rate, fixed fee, or milestone). Generic descriptions are common in billing scheme invoices because the fraudster needs to avoid specifics that could be verified.

Supplier-level red flags

A new supplier with no corresponding purchase order or contract, particularly one submitting an invoice within weeks of being added to the vendor master, should be verified against the business relationship that justifies the payment. Who engaged this supplier? What did the business agree to pay for? Is there an approved budget for this expenditure?

Suppliers whose address, phone number, or email domain matches an employee's personal details are a strong indicator of an internal billing scheme. Most accounting systems do not automatically cross-reference vendor master data against HR records, but a periodic manual review of new suppliers against payroll data is a practical and inexpensive control.

ABN lookup checks can verify whether a supplier's ABN is genuine, whether it is registered for GST (required for suppliers with turnover above AU$75,000), and when it was registered. An ABN registered in the last 60 days for a supplier claiming to have provided ongoing services is worth investigating. The Australian Business Register ABN lookup is public and free to use.

Using red flags without creating bottlenecks

Red flag detection is only useful if it directs human attention toward the right invoices without slowing the processing of legitimate ones. The practical implementation is a risk scoring system -- either manual (a checklist applied to new suppliers and unusual invoices) or automated (a scoring rule in the AP system that applies thresholds to flag invoices for additional review). Invoices above a risk score threshold go into a hold queue; invoices below it proceed through normal approval. The hold queue should be reviewed daily and cleared within 24 to 48 hours to avoid creating payment delays that damage supplier relationships.