It seems like tedious paperwork exercises would make it easier for scams like this to happen, since there’s no one person with the responsibility to say yes or no to specific purchases/invoices. If the responsibility is placed on the bureaucratic process rather than specific people, surely that’s going to make it easier for bad stuff to slip through (while also making it more challenging to get legitimate requests through).

What is intended to happen is someone fills out a vendor creation form (to guard against paying the wrong vendor/bank account), fills out a PO, later someone agrees they received goods or services against that PO, later AP receives an invoice, AP checks against the PO that goods/services have been received in the amount of the invoice, and pays the invoice to the previously setup vendor information.

When properly followed, the process makes scams harder, not easier. If people don't follow the process...

(You can look at this as the process having one person responsible for each step in the process, with the system recording each step.)

In my experience, it’s just motivation to spend your own money on it. Much less frustrating.

I spent too much time trying to get that 25’ RJ-11 cable to avoid that tripping hazard. Best $2 I ever spent.

Most sensible places have an expedited process for employees for things under some trivial amount (ours is $25).

Maybe in private sector.

In public sector... “telecom expenses must go through telecom”, and they may not be willing to bother with the paperwork.

And god help you if you’re working in some kind of private-public partnership where that $9 expense is -$9 profit.

Sometimes you can get around it if you can find what you need from Staples and order it as an office supply.

Even 20 years ago the public sector was perfectly on-board with so-called "catalog purchases" using approved retailers, and "payment card" (e.g., company credit card) without prior approval. I don't know where your experience may have occurred but purchasing and supplier management process actually helps most places get what they need rather than hindering it.

Isn’t a $9 expense always -$9 profit in any business?

Some businesses can hand the expense straight on to the customer.

Government 'cost plus' contracts are that for example. If you are contracted to build a bridge, the concernment will pay for all the hours your employees worked on it, and all the concrete and steel they bought for it, and some profit percentage.

Unless that $9 expense was facilitating a $400,000 sale. I’ve had a number of those $9 expenses over the years.

Sometimes the $9 expense lead to a +$100 value, but not for the private partner operator of the facility.

Are you saying Google didn’t follow such a process and that is the solution?

Not at all. I'm saying that those annoying processes are intended to provide enough information to match up legitimate purchase orders to goods/services receipt to invoices.

Whether AP uses that information is a related but distinct matter. The processes are a necessary, but not sufficient, condition.