Sound, consistently applied internal controls remain the best anti-fraud mechanism
22 Apr 2019
One of my mentors used to boast that he guarantees he will find fraud in any organisation. He was so confident that he used to say that the organisation did not even have to pay him until he found it! When I asked him how he would accomplish this, he simply said that he would go straight to the procurement department, because ‘there is no such thing as an honest buyer’. While this may seem an unnecessarily harsh generalisation, I have to concur that ‘procurement-related’ fraud is the most common type of fraud that I have had to deal with in my career. Procurement activities are, due to their close association with payments, highly susceptible to frauds and the clandestine nature of such frauds makes them less simple to detect and prove than, for example, an absent asset. There are however well-established techniques by which to prevent, detect and prove procurement-related frauds.
Goods and services may be procured by a variety of organisational functions. Procurement frauds occur when procurement officers make use of ‘front’ companies, have corrupt relations with suppliers (kick-backs, bribery, cronyism, etc) and/or embark on bid rigging, bid rotation and tender frauds.
Whether proactively looking for fraud, conducting fraud vulnerability analyses to bolster controls, or gathering evidence, you may wish to compare actual procurement behaviour to policies and procedures and good practice (three-quote system, supplier vetting, conflict of interest declarations, tender requirements, gift register, etc). Procurement officers frequently try to convince you that certain suppliers are ‘different’ in order to justify procedural deviations.
Also compare anti-competition, anti-bribery and responsible procurement laws and regulations to actual procurement behaviours and understand deviations. Review contracts to identify absent or unusually favourable clauses (contract duration, pricing, credit terms, post-contract requirements, etc). Interview procurement staff, accounts payable staff, the users of the goods and services and other role-players to obtain their view of the sufficiency of processes followed, conflicts, terms and conditions, supplier qualification (good standing, size, expertise etc), general market availability (product and experience), pricing, quality, and service.
Conduct data analyses of procurement prices and volumes over time per supplier, in relation to each other and in relation to other data (production volumes, stock levels, sales, purchases, profit, etc) and investigate unexpected trends. Analyse tender information to identify bid rotation, supplier selection patterns, pricing, and submission information similarities (to each other or company budgets) as well as winning bid submission dates and times.
Obtain independent quotes for goods and services as a ‘man-in-the-street’ (no big-company volume discounts) without mentioning the organisation you represent. Compare these to the actual prices paid and terms secured.
Conduct lifestyle audits of subjects and suppliers to identify financial pressures, undeclared conflicts, and their general good standing, using information in public domain databases (eg credit applications, directorships, properties owned, etc), obtained in interviews and from social media (Google searches, Facebook profiles, etc). Validate bank account details with banks, suppliers and against payroll data. Perform keyword email reviews of correspondence between suppliers and procurement staff members. Where appropriate, mirror electronic devices (from which to secure evidence and conduct searches) and conduct physical workplace checks (work records, photos on desks, etc).
Craig Bristow is the Head of Group Internal Audit – Africa for AP Moller Maersk and the author of Juta’s Practical Insights for Fraud Professionals: Lifting the Veil on the Dark Art (Juta 2018).(This article is provided for informational purposes only and not for the purpose of providing legal advice. For more information on the topic, please contact the author/s or the relevant provider.)