Preventing and Detecting Procurement Fraud Stanley Mwangi Chege

CISA, CISM, CISSP, CRISC, CGEIT

Pressures and incentives, opportunity, and rationalization – it’s the recipe for fraud, any type of fraud. Abuse within the procurement cycle is common and can be damaging, from the magnitude of potential monetary losses to the reputational damage that can come from a loss of trust of important stakeholders such as investors, customers, and other suppliers.

Consider a long time employee who is suddenly struggling with making ends meet at home. Through many years of service in the procurement department, he has gained the trust of co-workers, established personal relationships with vendors, and has an intimate knowledge of the controls system and any gaps that may exist. Almost effortlessly, he could approach a vendor to inflate invoices and direct surplus payments to his personal bank account. Such collusion is common in procurement frauds.

Phantom vendors or other manipulation of the vendor master file – by creating a record in the vendor master file that directs payment to a fictitious company or a legitimate company that does not provide services to the organization, an opportunity is created to generate a payment record and transfer money to a recipient that may be controlled by an employee or a third party in collusion with procurement personnel. Detection may be challenged where the magnitude of such payments are designed to fly under the radar of more senior approval authorities. A variation on this basic approach involves changing address and bank details of a legitimate but inactive vendor of the company, essentially hijacking a company's identity to facilitate illicit payments.Cheque forgery – perhaps easily lost in the volume of transactions, a manual cheque can be transacted through forgery of the designated approval authority.Fictitious invoicing and inflated billing rates – invoices could be generated for processing through Accounts Payable that do not relate to goods received or services rendered. Consider that an employee may generate an invoice payable to a vendor using their home address. Alternatively, unannounced to your diligent procurement staff, a vendor, even one that is regularly providing legitimate services to your organization, may submit an invoice for services that were not provided or at rates that are above those agreed upon.

Conflicts of interest – where procurement personnel have a financial interest in the success of a supplier entity, their purchasing decisions may be biased towards that entity to the detriment of your organization.Vendor kickbacks and bribery – almost innocently, vendors may send gifts to procurement personnel because of long-term relationships. This can create a conflict where a personal relationship between the buyer and vendor is established that may put pressure on the buyer's efforts to act in the company's best interest. Less innocently, vendors may collude with procurement staff in order to 'work around' established procurement controls and fraudulently withdraw money from your organization. Suppliers may bribe a buyer in your organization to purchase from them despite above-market rates or poor product quality. In another scenario, bribes or kickbacks may be offered to procurement personnel to approve fictitious charges.Bid rigging – through collusion between procurement personnel involved in the vendor selection process and outside vendors, or between outside vendors participating in the bidding process, inflated rates may be contracted for projects.

The foundation of any fraud prevention program is the 'tone at the top', the message that management is conveying to guide how business is to be conducted. If staff see management abusing authority or promoting unethical activities, the flood gates are forced wide open for all staff to demonstrate the same abuse. Communication of behavior expectations should be formalized in a code of conduct that addresses such matters as avoiding potential conflicts of interest and reporting suspected fraudulent activity. Formalizing the documentation alone is insufficient. It must be ingrained in the way business is conducted in a clear and unambiguous manner through active enforcement of its principles.

Fraud awareness training is also an effective tool in empowering frontline personnel to minimize inappropriate behavior; but, it also sends the message to potential fraudsters that 'detection' is a priority and there are many eyes watching to minimize fraud opportunities.

Perpetrating these types of frauds often involves the 'side stepping' or overriding of controls that are designed to detect inappropriate spending. In these scenarios, it is important to be aware of the red flags that may raise suspicion before too much loss is suffered.

Many business information systems contain the facts that can point a finger at impropriety if the right lens is applied to the data. Data analytics tools can be used to focus detection efforts. Whether analyzing spending trends, irregular transactions, or potential buyer and supplier relationship indicators, these tools have the capacity to filter large volumes of information. Efforts to implement a continuous monitoring program with these tools, or response to a suspected fraud are two avenues for leveraging the vast capabilities of data analytics.

Round value invoices Lack of control around the bidding process including poor

documentation, absence of appropriate competition Poor documentation of expenditures or failure to complete a match of

invoices to receiving and order documentation Consistent use of a vendor who is delivering poor quality goods,

particularly where this issue is concentrated with one buyer Duplicate invoice payments Excessive entertaining of procurement staff by suppliers Vendors with a post office box as the sole address Absence of a legitimate company registration number Off-hour transactions Out-of-sequence invoice numbers for a particular vendor Payments to inactive vendors Low initial bids followed by excessive change orders Poor cash management practices (i.e., paying invoices right away despite

the accepted practice of 30 to 60 day payment terms in a particular industry)

Cheques set aside for pick-up

Irregular Transactions Duplicate invoices Unusual invoice sequencing Inactive vendors receiving payments Off-hour transactions Transactions exceeding approval authority or invoice splitting to bypass

authority Vendors with fake registration numbers Invoices received after payments are madeTrends & Summary Reporting

Top vendors by payment type Top vendors with quality issues (e.g., returns)Top vendors with the highest short shipment ratRelationship Indicators

Vendor address or phone numbers vs. payroll records Vendor directors vs. procurement personnel Multiple vendors with same contact coordinates (address, phone numbers,

PO boxes, etc.)

The procurement cycle is fundamental to the profitability of an organization, especially in times when top line growth is challenged. Increasing focus on this cost centre, controls and financial results can help avoid unnecessary cash flow leakage from fraud. While the cost of obtaining this business intelligence may seem to outweigh the probability of losses from such a theft, consider for a moment the other repercussions of such a breach of trust: loss of public trust, legal fines or sanctions, or damaged share price