PDF

Transcription

PDF
Preventing and Detecting
Procurement Fraud
 Stanley Mwangi Chege
 CISA, CISM, CISSP, CRISC, CGEIT
Pressures and incentives, opportunity,
and rationalization – it’s the recipe for
fraud, any type of fraud. Abuse within the
procurement cycle is common and can be
damaging, from the magnitude of
potential monetary losses to the
reputational damage that can come from
a loss of trust of important stakeholders
such as investors, customers, and other
suppliers.
Consider a long time employee who is suddenly
struggling with making ends meet at home.
Through many years of service in the procurement
department, he has gained the trust of coworkers, established personal relationships with
vendors, and has an intimate knowledge of the
controls system and any gaps that may exist.
Almost effortlessly, he could approach a vendor to
inflate invoices and direct surplus payments to his
personal bank account. Such collusion is common
in procurement frauds.
Phantom vendors or other manipulation of the vendor master file – by creating a
record in the vendor master file that directs payment to a fictitious company or a
legitimate company that does not provide services to the organization, an
opportunity is created to generate a payment record and transfer money to a
recipient that may be controlled by an employee or a third party in collusion with
procurement personnel. Detection may be challenged where the magnitude of
such payments are designed to fly under the radar of more senior approval
authorities. A variation on this basic approach involves changing address and
bank details of a legitimate but inactive vendor of the company, essentially
hijacking a company's identity to facilitate illicit payments.
Cheque forgery – perhaps easily lost in the volume of transactions, a manual
cheque can be transacted through forgery of the designated approval authority.
Fictitious invoicing and inflated billing rates – invoices could be generated for
processing through Accounts Payable that do not relate to goods received or
services rendered. Consider that an employee may generate an invoice payable to
a vendor using their home address. Alternatively, unannounced to your diligent
procurement staff, a vendor, even one that is regularly providing legitimate
services to your organization, may submit an invoice for services that were not
provided or at rates that are above those agreed upon.
Conflicts of interest – where procurement personnel have a financial interest in
the success of a supplier entity, their purchasing decisions may be biased
towards that entity to the detriment of your organization.
Vendor kickbacks and bribery – almost innocently, vendors may send gifts to
procurement personnel because of long-term relationships. This can create a
conflict where a personal relationship between the buyer and vendor is
established that may put pressure on the buyer's efforts to act in the company's
best interest. Less innocently, vendors may collude with procurement staff in
order to 'work around' established procurement controls and fraudulently
withdraw money from your organization. Suppliers may bribe a buyer in your
organization to purchase from them despite above-market rates or poor product
quality. In another scenario, bribes or kickbacks may be offered to procurement
personnel to approve fictitious charges.
Bid rigging – through collusion between procurement personnel involved in the
vendor selection process and outside vendors, or between outside vendors
participating in the bidding process, inflated rates may be contracted for
projects.
The foundation of any fraud prevention program is the 'tone at
the top', the message that management is conveying to guide
how business is to be conducted. If staff see management
abusing authority or promoting unethical activities, the flood
gates are forced wide open for all staff to demonstrate the same
abuse. Communication of behavior expectations should be
formalized in a code of conduct that addresses such matters as
avoiding potential conflicts of interest and reporting suspected
fraudulent activity. Formalizing the documentation alone is
insufficient. It must be ingrained in the way business is
conducted in a clear and unambiguous manner through active
enforcement of its principles.
Fraud awareness training is also an effective tool in empowering
frontline personnel to minimize inappropriate behavior; but, it
also sends the message to potential fraudsters that 'detection' is
a priority and there are many eyes watching to minimize fraud
opportunities.
Perpetrating these types of frauds often involves the 'side
stepping' or overriding of controls that are designed to detect
inappropriate spending. In these scenarios, it is important to be
aware of the red flags that may raise suspicion before too much
loss is suffered.
Many business information systems contain the facts that can
point a finger at impropriety if the right lens is applied to the
data. Data analytics tools can be used to focus detection efforts.
Whether analyzing spending trends, irregular transactions, or
potential buyer and supplier relationship indicators, these tools
have the capacity to filter large volumes of information. Efforts
to implement a continuous monitoring program with these
tools, or response to a suspected fraud are two avenues for
leveraging the vast capabilities of data analytics.














Round value invoices
Lack of control around the bidding process including poor
documentation, absence of appropriate competition
Poor documentation of expenditures or failure to complete a match of
invoices to receiving and order documentation
Consistent use of a vendor who is delivering poor quality goods,
particularly where this issue is concentrated with one buyer
Duplicate invoice payments
Excessive entertaining of procurement staff by suppliers
Vendors with a post office box as the sole address
Absence of a legitimate company registration number
Off-hour transactions
Out-of-sequence invoice numbers for a particular vendor
Payments to inactive vendors
Low initial bids followed by excessive change orders
Poor cash management practices (i.e., paying invoices right away despite
the accepted practice of 30 to 60 day payment terms in a particular
industry)
Cheques set aside for pick-up
Irregular Transactions
 Duplicate invoices
 Unusual invoice sequencing
 Inactive vendors receiving payments
 Off-hour transactions
 Transactions exceeding approval authority or invoice splitting to bypass
authority
 Vendors with fake registration numbers
 Invoices received after payments are made
Trends & Summary Reporting



Top vendors by payment type
Top vendors with quality
issues (e.g., returns)Top vendors with the highest short shipment rat
Relationship Indicators



Vendor address or phone numbers vs. payroll records
Vendor directors vs. procurement personnel
Multiple vendors with same contact coordinates (address, phone numbers,
PO boxes, etc.)
The procurement cycle is fundamental to the
profitability of an organization, especially in
times when top line growth is
challenged. Increasing focus on this cost centre,
controls and financial results can help avoid
unnecessary cash flow leakage from fraud. While
the cost of obtaining this business intelligence
may seem to outweigh the probability of losses
from such a theft, consider for a moment the
other repercussions of such a breach of
trust: loss of public trust, legal fines or sanctions,
or damaged share price