What are the risks related to the PP230 rule related to Create and Maintain Suppliers vs Approve AP Invoices?

Having access to both could allow a user to enter a fictitious supplier, create and approve a fictitious invoice then send the approved invoice into the AP department via intercompany mail or place it in a basket to be entered. This may allow the user to commit fraud.