In this second part of our two part series on procurement fraud, we are taking a look at the prevention and detection of procurement fraud.
The foundation of any fraud prevention program is the ‘tone at the top’, the message that management is conveying to guide how business is to be conducted. If staff see management abusing authority or promoting unethical activities, the flood gates are forced wide open for all staff to demonstrate the same abuse.
Communication of behaviour expectations should be formalised in a code of conduct that addresses such matters as avoiding potential conflicts of interest and reporting suspected fraudulent activity.
Formalising the documentation alone is insufficient. It must be ingrained in the way business is conducted in a clear and unambiguous manner through active enforcement of its principles.
Fraud awareness training can also be an effective tool in empowering frontline personnel to minimise inappropriate behaviour. However, it also sends the message to potential fraudsters that ‘detection’ is a priority and there are many eyes watching to minimise fraud opportunities.
Finally, invest the appropriate time and due diligence in performing a detailed fraud risk assessment surrounding the procurement process. In your business and industry today, what are the risks that pose the most significant threats?
The answer to this question is ever evolving and requires regular evaluation. Focusing the efforts of procurement personnel on the key controls to mitigate these fraud risks is critical. Making staff accountable for the performance of these controls is also fundamental in ensuring their effectiveness.
Conducting regular reviews of the compliance with the fraud prevention control program through audits is a good approach.
At a very practical level, one of the weaknesses common to many of the most basic (and easily preventable) schemes is control over a company’s vendor listing. Adding vendors or changing vendor information needs to be tightly controlled. When activity with a vendor is dormant for a set period of time, the vendor should be deleted from the approved vendor list. Other internal controls related to common procurement processes, approval and monitoring should be reviewed to ensure that they are appropriate and sufficient to minimise risk in this area.
Perpetrating these types of frauds often involves the ‘side stepping’ or overriding of controls that are designed to detect inappropriate spending. In these scenarios, it is important to be aware of the red flags that may raise suspicion before too much loss is suffered.
In efforts to identify fraud earlier, an awareness of potential red flags and an establishment of reporting mechanisms to detect these indicators will be beneficial.
Many business information systems contain the facts that can point a finger at impropriety, if the right lens is applied to the data. Data analytics tools can be used to focus detection efforts.
Whether analysing spending trends, irregular transactions, or potential buyer and supplier relationship indicators, these tools have the capacity to filter large volumes of information.
Efforts to implement a continuous monitoring programme with these tools, or response to a suspected fraud are two avenues for leveraging the vast capabilities of data analytics.
The procurement cycle is fundamental to the profitability of an organisation, especially in times when top line growth is challenged. Increasing focus on this cost centre, controls and financial results can help avoid unnecessary cash flow leakage from fraud.
While the cost of obtaining this business intelligence may seem to outweigh the probability of losses from such a theft, consider for a moment the other repercussions of such a breach of trust: loss of public trust, legal fines or sanctions, or damaged share price.
This article represents the views of the author only, and does not necessarily represent the views or professional advice of KPMG in the UK.