Can you find the Maximo security risk?

Play out the following scenario for your company:

It's Wednesday afternoon and a bunch of boxes have been dropped off at the loading dock from one of your suppliers. An employee comes down to inspect the boxes and packing slips. Looking over the boxes and packing slips, everything matches, so they load them up and take them to central storeroom to electronic receive the items into Maximo. Since this delivery is from one of your primary vendors, the delivery includes items from multiple purchases orders, there are some orders that are partial receipts. A couple of times the vendor will ship an extra item by mistake and this time they did. The extra item is over received and the paperwork is filed away.

A few weeks later the invoice comes in and is processed for payment. The A/P Dept notices that the invoice doesn't match the original purchase order. They call the vendor stating they over billed for an item and need the invoice corrected. The vendor states they got a revision to the PO and forward a copy of it back to the A/P Dept. The employee writes it off as another glitch in the integration between Maximo and ERP, so a miscellaneous voucher charge is made to get the invoice processed.

Could that happen at your company? Maybe, maybe not. But the situation above played out exactly at a company recently. As the company began the investigation, the company identified several gaps in their purchasing, receiving, and invoice payment processes, but the one they couldn't get around was the revised purchase order.

The Maximo admin and I were catching up and she gave the details of the situation and asked if I had any ideas on where the leak was coming from. I asked a few questions and she gave me the following:

  • The vendors they contacted were able to provide a copy of the revised PO with all the correct information.
  • The revised PO layout (field position, font, etc) matched the company's office PO print report.
  • The revised purchase orders were generally made towards the end of the week.
  • The items being stolen were generally modestly priced ($200-$500) and were commonly used by the plant.
  • There was no indication that the revision was being deleted/removed at the database level.
  • All the vendors used in the scheme had an automated method to process orders.

After about 2 months of investigating, they found the spot where the leak was occurring.

Can you guess how the employee(s) were creating the revised purchase order and what method they were using to steal the items from their company?