Procurement Frauds - Major Fraud Risk for organisations
Sankar Madhavan, M Com, CFE
Consultant - Accounting Shared Services | Certified Fraud Examiner| Investor| Loves to Travel| Applying AI Tools in Financial Investments | Writer
It is estimated that organizations lose 5% of their revenue due to fraud. (As per ACFE’s Report to the Nations 2020). Fraud Risk is also risk and needs to be mitigated like any other risk.
Procurement is one of the most vulnerable functions which is prone to Fraud. An organization’s majority of budget allocation goes into procurement. (For entities in the Manufacturing sector for eg) The procurement process itself has multiple stages and there is always room for Collusion between various parties.
The perpetrator cannot conduct a fraudulent operation in the silo. There is always more than one person involved in the Act. There are multiple fraud schemes identified in this space. Procurement fraud falls in the type “Corruption†in the Fraud categories. Corruption is the most common type of fraud globally.
We can explore some of them today.
As we know, usually companies get into long-duration contracts with suppliers for raw materials and other consumables needed for production to ensure that input costs to be stable and predictable.
We need to examine each stage of the whole procurement process to assess the risk of fraud involved. The stages in a normal procurement function are:
- Pre-solicitation phase – Identifying the needs, specifications, methods of procurement, and criteria for awarding the contract.
- Solicitation phase – Documentation and Issue to the prospective suppliers based on which they prepare and submit the bids and proposals.
- Bid evaluation and Award phase – Procuring employee evaluates the bids/proposals, conducts discussions and negotiations, and allows revising the proposals as required. Once procuring employee is happy with all aspects of the bid, they select the winning proposal.
- Post evaluation and Award phase – Once the contract is awarded both parties fulfil their duties through the performance of contractual obligations.
Each of the above stages has its own fraud risks. We can go through fraud risks where the collusion is between the supplier and procurement employees which is more familiar. We will examine the important ones as below.
Need recognition - The procurement employee convinces his employer that it needs excessive or unnecessary products. (Maybe he gets commission/kickbacks based on business from the supplier?)
Bid Tailoring – The procurement personnel draft the specification in such a way that gives an unfair advantage to a particular supplier (Collusion with supplier is suspected here)
Bid manipulation – The employee handling the bids can alter the bid documents, extend bid opening dates, or discard the bid documents, etc.
Leaking bid data – Employees can share the bid information with a bidder which gives that bidder an unfair advantage over other bidders.
Fraud Investigator or Internal Auditor’s Role
As internal auditors, we should look for red flags in all of the procurement tasks. We should always use professional scepticism. Mostly the procurement employee acts in collusion with other stakeholders to perpetrate fraud. Prepare a checklist where we suspect that there can be a risk of fraud. This will help the auditor with an idea as to where to look for red flags. It is good to check for control risks at first.
Main Red flags
- Weak controls over the bidding process
- Pieces of evidence were received to show that there were changes made after the bid was received
- Procurement employee accepts late bids
- A high number of competitive awards & Change orders only to one supplier (when you look at historical data)
- Requests for sole-source procurements when there is an available pool of contractors.
- A high number of sole source procurements to one supplier.
- Change order abuses.
These fraud risks can be mitigated by Internal controls, employee education, having strict Segregation of Duties (SOD), eg: vendor master file should not be handled by an Accounts payable employee - monitoring, vendor management such as background checks.
Case Study
As an example, we can examine one of the possible scenarios where fraud can happen in the Invoice payments team. The invoice is presented for payment in the AP team along with bank details. Due to a lapse in SOD definitions, the paying employee has also access to edit the vendor master which allows him to change the bank details in the ERP. This helps him to add his friend’s bank and money gets diverted to that account whenever that supplier is made by online banking.
This type of fraud can be mitigated by having strict controls on the AP function and proper Segregation of duties. The payment file needs to be verified for the party’s name, bank details, and amount. There are mulitple scenarios that can happen and we have many use cases to explore..
Senior Auditor- MBG Corporate Services (Risk Consulting)|| Ex. EY, RSM USI and Lulu Group || SOX Professional || ESG || GDPR Implementer || Advisory & Assurance || CIA/CFE (P)
2 å¹´Thanks for the knowledgeable source Sir!